Mechanism and apparatus for security of newly spawned repository spaces in a distributed computing environment
First Claim
1. A method comprising:
- accessing a first space, wherein the first space comprises a first network-addressable storage location, wherein information usable to access the first space is provided in an advertisement for the first space, wherein the advertisement for the first space comprises a first schema, and wherein the first schema specifies one or more messages usable to invoke functions of the first space;
a requesting client requesting creation of a second space by sending to the first space one of the messages specified by the first schema;
creating the second space in response to the requesting client requesting creation of the second space, wherein the second space is initially configured to permit access only to the requesting client, wherein the second space comprises a second network-addressable storage location, wherein information usable to access the second space is provided in an advertisement for the second space, wherein the advertisement for the second space comprises a second schema, and wherein the second schema specifies one or more messages usable to invoke functions of the second space; and
the requesting client accessing the second space by sending to the second space one of the messages specified by the second schema.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for providing security for newly spawned spaces in a distributed computing environment. A client may access a first space service. The creation of a second space may be requested, such as by the client sending an appropriate request to an interface of the first space. In one embodiment, the first space and second space may share a common storage model, storage facility, and/or XML schema. The second space may initially be configured to permit access only to the requesting client. In one embodiment, a root authentication token is created for the second space. An authentication service associated with the second space may be initialized, whereby the second space is configured to permit access only to a client holding the root authentication token. The root authentication token may be sent to the requesting client or service. The requesting client may send the root authentication token to a second client. The second client may then access the second space by sending to the second space at least one of the messages specified in the second schema along with the root authentication token. The requesting client may also modify the initially configured security policy of the second space such that the second space is configured to permit access to other clients.
-
Citations
33 Claims
-
1. A method comprising:
-
accessing a first space, wherein the first space comprises a first network-addressable storage location, wherein information usable to access the first space is provided in an advertisement for the first space, wherein the advertisement for the first space comprises a first schema, and wherein the first schema specifies one or more messages usable to invoke functions of the first space; a requesting client requesting creation of a second space by sending to the first space one of the messages specified by the first schema; creating the second space in response to the requesting client requesting creation of the second space, wherein the second space is initially configured to permit access only to the requesting client, wherein the second space comprises a second network-addressable storage location, wherein information usable to access the second space is provided in an advertisement for the second space, wherein the advertisement for the second space comprises a second schema, and wherein the second schema specifies one or more messages usable to invoke functions of the second space; and the requesting client accessing the second space by sending to the second space one of the messages specified by the second schema. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system comprising:
-
a first client; a first space which is communicatively coupled to the client, wherein the first space comprises a first network-addressable storage location, wherein information usable to access the first space is provided in an advertisement for the first space, wherein the advertisement for the first space comprises a first schema, and wherein the first schema specifies one or more messages usable to invoke functions of the first space; wherein the first client is operable to; access the first space; request creation of a second space by sending to the first space one of the messages specified by the first schema, wherein the second space is initially configured to permit access only to the first client, wherein the second space comprises a second network-addressable storage location, wherein information usable to access the second space is provided in an advertisement for the second space, wherein the advertisement for the second space comprises a second schema, and wherein the second schema specifies one or more messages usable to invoke functions of the second space; and access the second space by sending to the second space one of the messages specified by the second schema. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A carrier medium comprising program instructions which are computer-executable to implement:
-
accessing a first space, wherein the first space comprises a first network-addressable storage location, wherein information usable to access the first space is provided in an advertisement for the first space, wherein the advertisement for the first space comprises a first schema, and wherein the first schema specifies one or more messages usable to invoke functions of the first space; a requesting client requesting creation of a second space by sending to the first space one of the messages specified by the first schema; creating the second space in response to the requesting client requesting creation of the second space, wherein the second space is initially configured to permit access only to the requesting client, wherein the second space comprises a second network-addressable storage location, wherein information usable to access the second space is provided in an advertisement for the second space, wherein the advertisement for the second space comprises a second schema, and wherein the second schema specifies one or more messages usable to invoke functions of the second space; and the requesting client accessing the second space by sending to the second space one of the messages specified by the second schema. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification