Localized access

US 7,080,077 B2
Filed: 02/26/2001
Issued: 07/18/2006
Est. Priority Date: 07/10/2000
Status: Expired due to Term

First Claim

Patent Images

1. A computer-implemented method of providing access for an identity system, comprising:

creating a set of locales in a set of identity profiles, said creating a set of locales includes choosing a subset of one or more attributes of said identity profiles that can store any one of multiple values, each locale includes a subset of said identity profiles that each have one or more matching values for said chosen subset of one or more attributes;

allowing entities associated with identity profiles in a particular locale to access other identity profiles in said particular locale; and

denying access to a first identity profile for entities associated with identity profiles that are not in any locale with said first identity profile.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An identity management system manages identity profiles that store information about various entities. A localized access feature for an identity management system allows for a set of identity profiles to be grouped together in order to define a locale. Users outside the locale can be restricted from accessing identity profiles inside the locale. Alternatively, users outside the locale can be restricted from accessing certain attributes of identity profiles inside the locale.

Citations

21 Claims

1. A computer-implemented method of providing access for an identity system, comprising:
- creating a set of locales in a set of identity profiles, said creating a set of locales includes choosing a subset of one or more attributes of said identity profiles that can store any one of multiple values, each locale includes a subset of said identity profiles that each have one or more matching values for said chosen subset of one or more attributes;
  
  allowing entities associated with identity profiles in a particular locale to access other identity profiles in said particular locale; and
  
  denying access to a first identity profile for entities associated with identity profiles that are not in any locale with said first identity profile.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A method according to claim 1, wherein:
    - said subset of one or more attributes consists of a first attribute storing a company name; and
      
      said first attribute can store an identification of a first company or an identification of a second company.
  - 3. A method according to claim 1, wherein:
    - each locale comprises a group of identity profiles corresponding to one organization.
  - 4. A method according to claim 1, further comprising:
    - determining that a localized access parameter is set.
  - 5. A method according to claim 1, wherein:
    - said particular locale includes identity profiles that are a contiguous portion of a logical representation of a data structure.

6. One or more processor readable storage devices having processor readable code embodied on said processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising:
- receiving a choice of a subset of one or more attributes that can store any one of multiple values;
  
  creating subsets of identity profiles from a set of identity profiles, each subset includes identity profiles that each have one or more matching values for said subset of one or more attributes;
  
  allowing entities associated with identity profiles in a particular subset to access other identity profiles in said particular subset; and
  
  denying access to a first identity profile for entities associated with identity profiles that are not in any subset with said first identity profile.
- View Dependent Claims (7)
- - 7. One or more processor readable storage devices according to claim 6, wherein:
    - each subset of identity profiles are a contiguous portion of a logical representation of a data structure.

8. An apparatus that provides for localized access, comprising:
- a communication interface;
  
  one or more storage devices; and
  
  one or more processors in communication with said one or more storage devices and said communication interface, said one or more processors perform a method comprising;
  
  creating a set of locales in a set of identity profiles, said creating a set of locales includes choosing a subset of one or more attributes of said identity profiles that can store any one of multiple values, each locale includes a subset of said identity profiles that each have one or more matching values for said chosen subset of one or more attributes,allowing entities associated with identity profiles in a particular locale to access other identity profiles in said particular locale, anddenying access to a first identity profile for entities associated with identity profiles that are not in any locale with said first identity profile.
- View Dependent Claims (9, 10)
- - 9. An apparatus according to claim 8, wherein:
    - at least a portion of said one or more storage devices and said one or more processors implement an integrated access and identity system.
  - 10. An apparatus according to claim 8, wherein:
    - said particular locale includes identity profiles that are a contiguous portion of a logical representation of a data structure.

11. A method of providing access for an identity system, comprising:
- receiving a selection of a subset of one or more attributes that can store any one of multiple values;
  
  creating a locale of identity profiles from a set of identity profiles, each identity profile of said locale has one or more matching values for said subset of one or more attributes;
  
  allowing entities associated with each of said identity profiles in said locale to potentially access other identity profiles in said locale;
  
  denying access to a particular identity profile in said locale for entities associated with identity profiles that are not in any locale in common with said particular identity profile; and
  
  allowing entities associated with each of said identity profiles in said locale to access one or more attributes within one or more of said plurality of profiles in said locale based on a localized access filter for each of the one or more attributes.
- View Dependent Claims (12)
- - 12. A method according to claim 11, wherein:
    - said locale includes identity profiles that are a contiguous portion of a logical representation of a data structure.

13. A method of providing localized access in an identity management system, the method comprising:
- receiving from a source a request to access an attribute of an identity profile of a target;
  
  determining whether the source is in a locale indicated by a class attribute of an identity profile of the target, wherein the class attribute of the identity profile of the target has an associated filter and determining whether the source is in the locale indicated by the class attribute of the identity profile of the target comprises comparing an attribute of an identity profile of the source to the filter associated with the class attribute of the identity profile of the target;
  
  in response to determining the source is in the locale indicated by the class attribute of the target, allowing the source to access the identity profile of the target.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The method of claim 13, further comprising:
    - determining whether the source is in a locale indicated by a localized access filter of the requested attribute of the identity profile of the target by comparing an attribute of the identity profile of the source to the localized access filter of the requested attribute of the identity profile of the target; and
      
      in response to determining the source is in the locale indicated by the localized access filter of the requested attribute of the identity profile of the target, allowing the source to access the requested attribute of the identity profile of the target.
  - 15. The method of claim 13, further comprising, prior to determining whether the source is in a locale indicated by a class attribute of an identity profile of the target, determining whether a localized access function is turned on.
  - 16. The method of claim 15, wherein determining whether a localized access function is turned on is based on a localized access parameter for the identity management system.
  - 17. The method of claim 13, wherein the filter associated with the class attribute of the identity profile of the target comprises a Lightweight Directory Access Protocol (LDAP) rule.
  - 18. The method of claim 14, wherein the localized access filter of the requested attribute of the identity profile of the target comprises a Lightweight Directory Access Protocol (LDAP) rule.
  - 19. The method of claim 14, wherein the localized access filter of the requested attribute of the identity profile of the target comprises an absolute test of an attribute of the identity profile of the source.
  - 20. The method of claim 14, wherein the localized access filter of the requested attribute of the identity profile of the target identifies a domain attribute of the identity profile of the source and wherein determining whether the source is in the locale indicated by the localized access filter of the requested attribute of the identity profile of the target comprises determining whether the domain attribute of the identity profile of the source identified by the localized access filter of the requested attribute of the identity profile of the target matches a corresponding attribute of the identity profile of the target.
  - 21. The method of claim 14, wherein the localized access filter of the requested attribute of the identity profile of the target identifies a plurality of domain attributes of the identity profile of the source and wherein determining whether the source is in the locale indicated by the localized access filter of the requested attribute of the identity profile of the target comprises determining whether each of the plurality of domain attributes of the identity profile of the source identified by the localized access filter of the requested attribute of the identity profile of the target matches corresponding attributes of the identity profile of the target.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Teng, Joan C., Ramamurthy, Srinivasagopalan
Primary Examiner(s)
Kindred, Alford W.

Application Number

US09/793,354
Publication Number

US 20020091745A1
Time in Patent Office

1,968 Days
Field of Search

707/9, 707 1- 2, 707/7, 707/100, 707/104.1, 707/200, 707/203, 707/205, 707/201, 705 65- 67, 705 75- 76, 705/78, 705/1, 709/200, 709/223, 709/225
US Class Current

707/754
CPC Class Codes

G06F 16/9535   Search customisation based ...

G06F 16/955   using information identifie...

G06F 21/62   Protecting access to data v...

H04L 2463/102   applying security measure f...

H04L 61/4523   using lightweight directory...

H04L 63/0823   using certificates cryptogr...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 67/02   based on web technology, e....

H04L 67/306   User profiles

H04L 69/22   Parsing or analysis of headers

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Y10S 707/99931   Database or file accessing

Y10S 707/99939   Privileged access

Localized access

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Localized access

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links