×

Method and system for server support for pluggable authorization systems

  • US 7,320,141 B2
  • Filed: 03/21/2001
  • Issued: 01/15/2008
  • Est. Priority Date: 03/21/2001
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method for authorizing access to a protected resource within a data processing system, the method comprising:

  • intercepting a remote procedure call for a remote routine of a Distributed Computing Environment (DCE) authorization service by an authorization plug-in associated with a second authorization service, wherein the authorization plug-in exports remote procedure call endpoints for the remote routines of the DCE authorization service, and wherein the second authorization service supports a standard-compliant authorization application programming interface;

    processing the authorization request in the authorization plug-in by calling application programming interfaces of the second authorization service;

    recompiling or relinking a target application representing one or more protected resources to include program instructions from the authorization plug-in;

    directing calls within the target application to application programming interfaces of the DCE authorization service to be executed by the program instructions from the authorization plug-in;

    accepting a call in the authorization plug-in to a “

    dce_acl_is_client_authorized”

    application programming interface;

    authenticating the authorization credentials passed by the initiator to the target application;

    retrieving the privilege attribute certificate from the DCE EPAC structure;

    mapping a DCE Access Control List (ACL) manager Universally Unique Identifier (UUID) from the DCE EPAC structure to a resource manager in the second authorization service;

    mapping DCE ACL UUID from the DCE EPAC structure to a resource managed by the second authorization service;

    mapping the DCE permission set from the DCE EPAC structure to a permission set of the second authorization service;

    calling an application programming interface of the second authorization service to make an authorization decision based on the permission set of the second authorization service, the privilege attribute certificate, the resource, and the resource manager; and

    returning an indication of the authorization decision to the target application.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×