Method and system for authorization and access to protected resources
First Claim
1. A method for enhancing the capabilities of a CORBA Resource Access Decision Facility comprising:
- populating a cache only with permissive resource access decisions obtained from the CORBA Resource Access Decision Facility;
when a permissive resource access decision is present in the cache, retrieving the permissive access decision from the cache and not requesting an access decision from the CORBA Resource Access Decision Facility; and
requesting a permissive resource access decision from the CORBA Resource Access Decision Facility only when the access decision is not present in the cache;
wherein the action of requesting an access decision from the CORBA Resource Access Decision Facility comprises;
requesting a permissive access decision from the CORBA Resource Access Decision Facility only when the permissive access decision is not present in the cache; and
requesting an access decision which comprises restraints or overrides from the CORBA Resource Access Decision Facility without first checking the cache.
3 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure addresses an enhancement to a resource access decision facility, preferably a CORBA RAD, that allows additional query capabilities and faster resource access. Resource access decisions obtained from RAD are placed in a cache. An application can retrieve access decisions directly from the cache rather than requesting the decisions from RAD. If an access decision is not available in the cache, the access decision is requested from RAD. The preferred embodiments of the present disclosure allow the retrieval of lists of roles that have access to a particular resource and resources to which a particular role has access. The cache can be populated either prior to or during the mainstream execution of a program. In another embodiment, a backup version of the data in the cache can be stored in a storage medium external to the cache for near immediate restart after a crash or shutdown.
-
Citations
21 Claims
-
1. A method for enhancing the capabilities of a CORBA Resource Access Decision Facility comprising:
-
populating a cache only with permissive resource access decisions obtained from the CORBA Resource Access Decision Facility; when a permissive resource access decision is present in the cache, retrieving the permissive access decision from the cache and not requesting an access decision from the CORBA Resource Access Decision Facility; and requesting a permissive resource access decision from the CORBA Resource Access Decision Facility only when the access decision is not present in the cache; wherein the action of requesting an access decision from the CORBA Resource Access Decision Facility comprises; requesting a permissive access decision from the CORBA Resource Access Decision Facility only when the permissive access decision is not present in the cache; and requesting an access decision which comprises restraints or overrides from the CORBA Resource Access Decision Facility without first checking the cache. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program for enhancing the capabilities of the CORBA Resource Access Decision Facility comprising:
-
computer code that populates a cache only with permissive resource access decisions obtained from the CORBA Resource Access Decision Facility; when a permissive access decision is present in the cache, computer code that retrieves the access decision from the cache without and does not request an access decision from the CORBA Resource Access Decision Facility; computer code that requests a permissive resource access decision from the CORBA Resource Access Decision Facility only when the access decision is not present in the cache; and wherein the computer code that requests an access decision from the CORBA Resource Access Decision Facility comprises; computer code that requests a permissive access decision from the CORBA Resource Access Decision Facility only when the permissive access decision is not present in the cache; and computer code that request an access decision which comprises restraints or overrides from the CORBA Resource Access Decision Facility without first checking the cache. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer system comprising:
-
a cache populated only with permissive resource access decisions obtained from a CORBA Resource Access Decision Facility; and computer code that retrieves a permissive access decision from the cache when the access decision is present in the cache and only requests an access decision from the CORBA Resource Access Decision Facility when the access decision is not present in the cache; wherein the computer code that retrieves an access decision from the cache when the access decision is present in the cache and only requests an access decision from the CORBA Resource Access Decision Facility when the access decision is not present in the cache comprises; computer code that evaluates whether an access decision is a permissive access decision or whether the access decision comprises constraints or overrides; computer code that retrieves a permissive access decision from the cache and requests a permissive access decision from the CORBA Resource Access Decision Facility when the permissive access decision is not present in the cache; and computer code that requests an access decision which comprises restraints or overrides from the CORBA Resource Access Decision Facility without first checking the cache. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification