Method and system to integrate existing user and group definitions in a database server with heterogeneous application servers

US 7,039,804 B2
Filed: 06/29/2001
Issued: 05/02/2006
Est. Priority Date: 06/29/2001
Status: Active Grant

First Claim

Patent Images

1. A method for sharing registry information among a plurality of heterogeneous servers, comprising the steps of:

creating a database registry such that registry information is separated into first registry information that is common to a plurality of applications running on said plurality of heterogeneous servers and second registry information that is specific to ones of said plurality of applications, wherein said first registry information is stored in a common registry and said second registry information is stored in respective second registries associated with respective applications;

responsive to receiving a request to authenticate a user in said database registry, constructing a credential of the user; and

selectively allowing access to a resource based on the credential of the user and a protection policy applied to the resource in an object name space associated with a first server of said plurality of users.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for sharing existing user and group registry information between heterogeneous application servers is provided. The method and system make use of an adapter that communicates with each registry associated with each application server through a registry communication mechanism. In a preferred embodiment, the present invention provides an additional application-specific database to protect application-specific data that is required for each application server'"'"'s operation but is not part of an existing database registry. Both the application-specific databases and existing user and group definitions in a user and group registry form a new registry abstraction which is required for each application server. As a result, each application server automatically shares user and group definitions with the existing database server. Furthermore, both the database server and each application server maintain a centralized user and group management model across different application domains.

15 Citations

View as Search Results

26 Claims

1. A method for sharing registry information among a plurality of heterogeneous servers, comprising the steps of:
- creating a database registry such that registry information is separated into first registry information that is common to a plurality of applications running on said plurality of heterogeneous servers and second registry information that is specific to ones of said plurality of applications, wherein said first registry information is stored in a common registry and said second registry information is stored in respective second registries associated with respective applications;
  
  responsive to receiving a request to authenticate a user in said database registry, constructing a credential of the user; and
  
  selectively allowing access to a resource based on the credential of the user and a protection policy applied to the resource in an object name space associated with a first server of said plurality of users.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method as recited in claim 1, wherein the said credential of the user is constructed using a user identifier and a user password.
  - 3. The method as recited in claim 1, wherein registry information in said database registry includes at least one of user registry information and group registry information.
  - 4. The method as recited in claim 1, wherein access to the database registry must go through an adapter.
  - 5. The method as recited in claim 4, wherein the adapter is a user registry adapter.
  - 6. The method as recited in claim 1, further comprising:
    - storing a definition of the user in said database registry.
  - 7. The method as recited in claim 1, further comprising the step of protecting application specific data from unauthorized users.
  - 8. The method as recited in claim 1, wherein said respective second database is a meta-data database.
  - 9. The method as recited in claim 1, wherein the resource is a Web resource.
  - 10. The method as recited in claim 1, further comprising:
    - responsive to a request to disable a user from accessing a given resource, receiving the disable request at an adapter integrating the plurality of servers; and
      
      removing a definition associated with the user from a database associated with the second server.
  - 11. The method as recited in claim 1, further comprising:
    - responsive to a request to disqualify a user from accessing a given resource, receiving the disqualification request at an adapter integrating the plurality of servers;
      
      removing a definition associated with the user from a first database associated with the second server; and
      
      removing a definition associated with the user from a second database mandated with the second server.
  - 12. The method as recited in claim 11, wherein the first database is a registry database and the second database is a meta-data database.

13. A system, comprising:
- a bus system;
  
  a memory, including a set of instructions, connected to the bus system; and
  
  a processing unit, connected to said memory and to a database registry constructed such that registry information is separated into first registry information that is common to a plurality of applications running on said plurality of heterogeneous servers and second registry information that is specific to ones of said plurality of applications, wherein said first registry information is stored in a common registry and said second registry information is stored in respective second registries associated with respective applications;
  
  responsive to receiving a request to authenticate a user in said database registry, constructing a credential of the user; and
  
  selectively allowing access to a resource based on the credential of the user and a protection policy applied to the resource in an object name space associated with a first server of said plurality of servers.

14. A system for integrating a plurality of servers, comprising:
- a database registry constructed such that registry information is separated into first registry information that is common to a plurality of applications running on said plurality of heterogeneous servers and second registry information that is specific to ones of said plurality of applications, wherein said first registry information is stored in a common registry and said second registry information is stored in respective second registries associated with respective applications;
  
  constructing means, responsive to receiving a request to authenticate a user in said database registry, for constructing a credential of the user; and
  
  accessing means for selectively allowing access to a resource based on the credential of the user and a protection policy applied to the resource in an object name space associated with a first server if said plurality of servers.

15. A computer program product stored in a computer-readable medium for sharing registry information among a plurality of heterogeneous servers, comprising:
- instructions for creating a database registry such that registry information is separated into first registry information that is common to a plurality of applications running on said plurality of heterogeneous servers and second registry information that is specific to ones of said plurality of applications, wherein said first registry information is stored in a common registry and said second registry information is stored in respective second registries associated with respective applications;
  
  instructions, responsive to receiving a request to authenticate a user in said database registry, for constructing a credential of the user; and
  
  instructions for selectively allowing access to a resource based on the credential of the user and a protection policy applied to the resource in an object name space associated with a first server of said plurality of users.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 16. The computer program product as recited in claim 15, wherein the said credential of the user is constructed using a user identifier and a user password.
  - 17. The computer program product as recited in claim 15, wherein registry information in said database registry includes at least one of user registry information and group registry information.
  - 18. The computer program product as recited in claim 15, access to the database registry must go through an adapter.
  - 19. The computer program product as recited in claim 18, wherein the adapter is a user registry adapter.
  - 20. The computer program product as recited in claim 15, further comprising:
    - instructions for storing a definition of the user in said database registry.
  - 21. The computer program product as recited in claim 15, further comprising:
    - instructions for protecting application specific data from unauthorized users.
  - 22. The computer program product as recited in claim 15, wherein said respective second database is a meta-data database.
  - 23. The computer program product as recited in claim 15, wherein the resource is a Web resource.
  - 24. The computer program product as recited in claim 15, further comprising:
    - instructions, responsive to a request to disable a user from accessing a given resource, for receiving the disable request at an adapter integrating the plurality of servers; and
      
      instructions for removing a definition associated with the user from a database associated with the second server.
  - 25. The computer program product as recited in claim 15, further comprising:
    - instructions, responsive to a request to disqualify a user from accessing a given resource, for receiving the disqualification request at an adapter integrating the plurality of servers;
      
      instructions for removing a definition associated with the user from a first database associated with the second server; and
      
      instructions for removing a definition associated with the user from a second database associated with the second server.
  - 26. The computer program product as recited in claim 25, wherein the first database is a registry database and the second database is a meta-data database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
X Corp. (f/k/a Twitter, Inc.) (X Holdings Corp.)
Original Assignee
International Business Machines Corporation
Inventors
Lin, Dah-Haur, Fichtner, Larry George
Primary Examiner(s)
JUNG, DAVID YIUK

Application Number

US09/895,230
Publication Number

US 20030005297A1
Time in Patent Office

1,768 Days
Field of Search

713/168, 713/200, 713/201, 713/202, 713/189, 713/150, 713/169, 709/203
US Class Current

713/169
CPC Class Codes

G06F 21/6236   between heterogeneous systems

H04L 63/0815   providing single-sign-on or...

H04L 63/101   Access control lists [ACL]

Method and system to integrate existing user and group definitions in a database server with heterogeneous application servers

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system to integrate existing user and group definitions in a database server with heterogeneous application servers

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links