System and method for administering security in a corporate portal

US 7,017,183 B1
Filed: 06/29/2001
Issued: 03/21/2006
Est. Priority Date: 06/29/2001
Status: Active Grant

First Claim

Patent Images

1. A method for administering portal security for an object, comprising:

extracting a native security setting comprising identities of external users or external groups, or both, from a native environment of the object;

mapping, according to a predetermined process that is executed according to information maintained in a portal database, the native security setting into a portal security setting associated with a portal that comprises a metadata object;

associating in the portal said portal security setting with the object according to a predetermined security relationship;

instantiating the predetermined security relationship between the metadata object and the corresponding native security setting;

granting viewing or exposure access to the object by a particular user or group, or combinations thereof, andwherein said information maintained in the portal database comprises;

portal user and portal group information including membership information relating the portal users to portal groups; and

one or more synchronization maps that maps external groups or domains, or both, to one or more intermediate sets of identifiers.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and computer program product for corporate portal security are provided, wherein security information corresponding to an external object imported into the corporate portal is automatically mapped from the object'"'"'s native security system into the corporate portal system. For each external object imported, the corporate portal maps external users and external groups identified by the native security into corresponding portal users and portal groups according to a predefined mapping process, and stores the results in a manner that associates the external object with those portal users and portal groups. A plurality of database tables and maps determines the outcome of the predefined mapping process. Advantageously, when new external users or groups are added, they are detected by a synchronization agent which then automatically updates the database tables and maps. When custom group security configurations are desired, or when new domains are added, the portal administrator may manipulate a subset of the database tables and maps to achieve the desired configuration. Advantageously, manually intensive operations such as object-by-object security stampings, and/or re-manipulation of individual security settings associated with re-instantiated crawls, are avoided.

143 Citations

18 Claims

1. A method for administering portal security for an object, comprising:
- extracting a native security setting comprising identities of external users or external groups, or both, from a native environment of the object;
  
  mapping, according to a predetermined process that is executed according to information maintained in a portal database, the native security setting into a portal security setting associated with a portal that comprises a metadata object;
  
  associating in the portal said portal security setting with the object according to a predetermined security relationship;
  
  instantiating the predetermined security relationship between the metadata object and the corresponding native security setting;
  
  granting viewing or exposure access to the object by a particular user or group, or combinations thereof, andwherein said information maintained in the portal database comprises;
  
  portal user and portal group information including membership information relating the portal users to portal groups; and
  
  one or more synchronization maps that maps external groups or domains, or both, to one or more intermediate sets of identifiers.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the native security setting comprises an identity of an entity external to the portal having a predetermined security relationship with the object in its native environment, and wherein the mapping comprises mapping the external entity into a corresponding portal entity.
  - 3. The method of claim 2, wherein said predetermined security relationship comprises viewing access.
  - 4. The method of claim 2, wherein the native security settings have the predetermined security relationship with the object in its native environment.
  - 5. The method of claim 1, wherein said one or more maps comprises:
    - a first synchronization map that maps external domains to an intermediate set of domain identifiers; and
      
      a second synchronization map that maps external groups to an intermediate set of group identifiers.
  - 6. The method of claim 5, wherein said portal users are identified by a concatenation of a portal domain identifier and a user name used by the external domain of the user, and wherein said portal groups are identified by a concatenation of a portal domain identifier and a group name used by the external domain of the group.
  - 7. The method of claim 6, said predetermined mapping process comprising the steps of:
    - forming a reflexive set of external users and external groups having access to the object, each member of the reflexive set being expressed as a concatenation of the external domain and the external user or external group;
      
      mapping each external domain indicated in each of the external users and external groups into to one or more portal domains using the first synchronization map;
      
      mapping each external group to one or more portal simple group names using the second synchronization map;
      
      forming a candidate set of all possible pairings between (i) all indicated external and portal domains, and (ii) all indicated external group and portal simple group names;
      
      comparing the candidate set to said portal user and portal group information; and
      
      deleting from the candidate set any member not appearing in said portal user and portal group information;
      
      wherein the remaining members of the candidate set represent the corresponding portal users and portal groups having access to the object.

8. A corporate portal apparatus, comprising one or more processor readable storage devices having processor readable code embodied thereon for programming a one or more processors to perform a method of administering portal security for an object, said processor readable code comprising component modules including:
- a crawler for accessing external objects in external domains;
  
  a security extraction utility for extracting native security information, comprising identities of external users or external groups, or both, corresponding to the external objects from one or more security systems of the external domains; and
  
  a database comprising information for mapping, according to a predetermined process that is executed according to information maintained in a portal database, the extracted native security information into a security system of the corporate portal that comprises a metadata object; and
  
  wherein the apparatus comprises said one or more processors for performing said method which further includes instantiating the predetermined security relationship between the metadata object and the corresponding native security setting, andwherein said information maintained in the portal database comprises;
  
  portal user and portal group information including membership information relating the portal users to portal groups; and
  
  one or more synchronization maps that maps external groups or domains, or both, to one or more intermediate sets of identifiers, andwherein the security system of the corporate portal regulates exposure of portal metadata objects corresponding to the external objects based on the mapped security information.
- View Dependent Claims (9, 10, 11)
- - 9. The corporate portal apparatus of claim 8, further comprising a synchronization agent for accessing external user and external group information from the external domains, wherein said database comprises information derived at least in part from said external user and external group information.
  - 10. The corporate portal apparatus of claim 9, further comprising an administrative user interface for assisting a portal administrator in populating said database using information that includes said external user information and said external group information.
  - 11. The corporate portal apparatus of claim 10, wherein said synchronization agent is adapted and configured to extract user and group information from external domains.

12. One or more computer readable media encoded with a processor-readable computer program product for implementing a method of administering portal security for an object, the method comprising:
- extracting a native security setting comprising identities of external users or external groups, or both, from a native environment of the object;
  
  mapping, according to a predetermined process that is executed according to information maintained in a portal database, the native security setting into a portal security setting associated with a portal that comprises a metadata object;
  
  associating in the portal said portal security setting with the object according to a predetermined security relationship;
  
  instantiating the predetermined security relationship between the metadata object and the corresponding native security setting; and
  
  granting viewing or exposure access to the object by a particular user or group, or combinations thereof, andwherein said information maintained in the portal database comprises;
  
  portal user and portal group information including membership information relating the portal users to portal groups; and
  
  one or more synchronization maps that maps external groups or domains, or both, to one or more intermediate sets of identifiers.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The one or more computer readable media of claim 12, wherein the native security setting comprises an identity of an entity external to the portal having a predetermined security relationship with the object in its native environment, and wherein the mapping comprises mapping the external entity into a corresponding portal entity.
  - 14. The one or more computer readable media of claim 13, wherein said predetermined security relationship comprises viewing access.
  - 15. The one or more computer readable media of claim 13, wherein the native security settings have the predetermined security relationship with the object in its native environment.
  - 16. The one or more computer readable media of claim 12, wherein said one or more maps comprises:
    - a first synchronization map that maps external domains to an intermediate set of domain identifiers; and
      
      a second synchronization map that maps external groups to an intermediate set of group identifiers.
  - 17. The one or more computer readable media of claim 16, wherein said portal users are identified by a concatenation of a portal domain identifier and a user name used by the external domain of the user, and wherein said portal groups are identified by a concatenation of a portal domain identifier and a group name used by the external domain of the group.
  - 18. The one or more computer readable media of claim 17, said computer code for mapping the external users and external groups into corresponding portal users and groups according to a predetermined mapping process comprising:
    - computer code for forming a reflexive set of external users and external groups having access to the object, each member of the reflexive set being expressed as a concatenation of the external domain and the external user or external group;
      
      computer code for mapping each external domain indicated in each of the external users and external groups into to one or more portal domains using the first synchronization map;
      
      computer code for mapping each external group to one or more portal simple group names using the second synchronization map;
      
      computer code for forming a candidate set of all possible pairings between (i) all indicated external and portal domains, and (ii) all indicated external group and portal simple group names;
      
      computer code for comparing the candidate set to said portal user and portal group information; and
      
      computer code for deleting from the candidate set any member not appearing in said portal user and portal group information, wherein the remaining members of the candidate set represent the corresponding portal users and portal groups having access to the object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Plumtree Software, Inc. (Oracle Corporation)
Inventors
Frey, Bridget J., Smedberg, Michael E., Markoff, Matthew S.
Primary Examiner(s)
Darrow, Justin T.

Application Number

US09/896,039
Time in Patent Office

1,726 Days
Field of Search

713/164, 713/165, 713/166, 713/167, 713/200, 713/201, 707/9, 707/10, 707/100, 709/223, 709/224, 709/225, 709/226, 726/5, 726/9, 726/17
US Class Current

726/5
CPC Class Codes

G06F 21/6236   between heterogeneous systems

G06F 2221/2141   Access rights, e.g. capabil...

Y10S 707/99939   Privileged access

System and method for administering security in a corporate portal

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

143 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for administering security in a corporate portal

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

143 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links