User context component in environment services patterns

US 6,954,220 B1
Filed: 08/31/1999
Issued: 10/11/2005
Est. Priority Date: 08/31/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for maintaining a security profile throughout nested service invocations on a distributed, component-based system, comprising the steps of:

(a) providing interconnections between distributed components each having nested service invocations;

(b) identifying a user;

(c) associating the user with roles;

(d) creating a user context instance upon successful identification of the user, wherein the user context instance includes information about the user including the roles and a unique user identifier;

(e) receiving a request from the user to invoke a first service on a first component, wherein the first component invokes a second service of a second component such that the user context instance is passed as a parameter from the first component to the second component, and wherein completion of the second service is necessary to complete the first service;

(f) querying the user context instance for the unique user identifier;

(g) comparing the unique user identifier in the user context instance with an access control list for verifying that the user has access to the first component; and

(h) comparing the unique user identifier in the user context instance with an access control list for verifying that the user has access to the second service of the second component.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are provided for maintaining a security profile throughout nested service invocations on a distributed component-based system. Interconnections are provided between distributed components each having nested service invocations. A user context instance is created upon successful identification of the user. A request is received from the user to invoke a first service on a first component, wherein the first component invokes a second service of a second component, and wherein completion of the second service is necessary to complete the first service. The user context is queried for a unique user identifier. The unique user identifier is compared with an access control list for verifying that the user has access to the first component. The unique user identifier is also compared with an access control list for verifying that the user has access to the second service of the second component.

190 Citations

15 Claims

1. A method for maintaining a security profile throughout nested service invocations on a distributed, component-based system, comprising the steps of:
- (a) providing interconnections between distributed components each having nested service invocations;
  
  (b) identifying a user;
  
  (c) associating the user with roles;
  
  (d) creating a user context instance upon successful identification of the user, wherein the user context instance includes information about the user including the roles and a unique user identifier;
  
  (e) receiving a request from the user to invoke a first service on a first component, wherein the first component invokes a second service of a second component such that the user context instance is passed as a parameter from the first component to the second component, and wherein completion of the second service is necessary to complete the first service;
  
  (f) querying the user context instance for the unique user identifier;
  
  (g) comparing the unique user identifier in the user context instance with an access control list for verifying that the user has access to the first component; and
  
  (h) comparing the unique user identifier in the user context instance with an access control list for verifying that the user has access to the second service of the second component.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A method as recited in claim 1, further comprising the step of logging all user interactions.
  - 3. A method as recited in claim 1, further comprising the step of modifying a user interface to provide access to actions that can be performed by the user based on the unique user identifier and the roles associated with the user.
  - 4. A method as recited in claim 1, wherein the first service invoked associates any objects created, updated, or deleted as a result of the invocation of the first service with the user context instance.
  - 5. A method as recited in claim 1, wherein the user context instance encapsulates security certificates of the user.

6. A computer program embodied on a computer readable medium for maintaining a security profile throughout nested service invocations on a distributed, component-based system, comprising:
- (a) a code segment that provides interconnections between distributed components each having nested service invocations;
  
  (b) a code segment that identifies a user;
  
  (c) a code segment that associates the user with roles;
  
  (d) a code segment that creates a user context instance upon successful identification of the user, wherein the user context instance includes information about the user including the roles and a unique user identifier;
  
  (e) a codc segment that receives a request from the user to invoke a first service on a first component, wherein the first component invokes a second service of a second component such that the user context instance is passed as a parameter from the first component to the second component, and wherein completion of the second service is necessary to complete the first service;
  
  (f) a code segment that queries the user context instance for the unique user identifier;
  
  (g) a code segment that compares the unique user identifier in the user context instance with an access control list for verifying that the user has access to the first component; and
  
  (h) a code segment that compares the unique user identifier in the user context instance with an access control list for verifying that the user has access to the second service of the second component.
- View Dependent Claims (7, 8, 9, 10)
- - 7. A computer program as recited in claim 6, further comprising a code segment that logs all user interactions.
  - 8. A computer program as recited in claim 6, further comprising a code segment that modifies a user interface to provide access to actions that can be performed by the user based on the unique user identifier and the roles associated with the user.
  - 9. A computer program as recited in claim 6, wherein the first service invoked associates any objects created, updated, or deleted as a result of the invocation of the first service with the user context instance.
  - 10. A computer program as recited in claim 6, wherein the user context instance encapsulates security certificates of the user.

11. A system for maintaining a security profile throughout nested service invocations on a distributed, component-based system, comprising:
- (a) logic that provides interconnections between distributed components each having nested service invocations;
  
  (b) logic that identifies a user;
  
  (c) logic that associates the user with roles;
  
  (d) logic that creates a user context instance upon successful identification of the user, wherein the user context instance includes information about the user including the roles and a unique user identifier;
  
  (e) logic that receives a request from the user to invoke a first service on a first component, wherein the first component invokes a second service of a second component such that the user context instance is passed as a parameter from the first component to the second component, and wherein completion of the second service is necessary to complete the first service;
  
  (f) logic that queries the user context instance for the unique user identifier;
  
  (g) logic that compares the unique user identifier in the user context instance with an access control list for verifying that the user has access to the first component; and
  
  (h) logic that compares the unique user identifier in the user context instance with an access control list for verifying that the user has access to the second service of the second component.
- View Dependent Claims (12, 13, 14, 15)
- - 12. A system as recited in claim 11, further comprising logic that logs all user interactions.
  - 13. A system as recited in claim 11, further comprising logic that modifies a user interface to provide access to actions that can be performed by the user based on the unique user identifier and the roles associated with the user.
  - 14. A system as recited in claim 11, wherein the first service invoked associates any objects created, updated, or deleted as a result of the invocation of the first service with the user context instance.
  - 15. A system as recited in claim 11, wherein the user context instance encapsulates security certificates of the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Accenture Global Services Limited (Accenture PLC)
Original Assignee
Accenture LLP (Accenture PLC)
Inventors
Bowman-Amuah, Michel K.
Primary Examiner(s)
Bayeri, Raymond J.
Assistant Examiner(s)
BAUTISTA, XIOMARA L

Application Number

US09/386,989
Time in Patent Office

2,233 Days
Field of Search

345/733, 345/738, 345/739, 345/740, 345743-747, 345/811, 707 9- 10, 709/217, 709/225, 709/229
US Class Current

715/741
CPC Class Codes

G06F 16/972   Access to data in other rep...

G06F 21/6218   to a system of files or obj...

Y10S 707/99939   Privileged access

User context component in environment services patterns

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

190 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

User context component in environment services patterns

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

190 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others