Determining group membership
First Claim
1. A method for identifying members of a group, comprising the steps of:
- determining dynamic members of a first user group based on a rule that defines dynamic membership for said first user group, wherein said rule is stored in a dynamic rule attribute of an identity profile of said first user group and wherein said first user group includes one or more static members and an identification of each of said static members is stored in a static member attribute for said identity profile of said first user group;
storing an identification of each of said dynamic members of said first user group wherein said identification of each of said dynamic members is stored in said static member attribute for said identity profile of said first user group;
determining nested members of said first user group;
storing an identification of each of said nested members of said first user group;
receiving a request to report members of said first user group, said request is received subsequent to said step of storing; and
reporting said dynamic members and said nested members of said first user group in response to said request, said reporting of said dynamic members is performed based on said stored identification of said dynamic members and said reporting of said nested members is performed based on said stored identification of said nested members.
5 Assignments
0 Petitions
Accused Products
Abstract
The present invention is directed to technology for determining the members of groups. A group can have static members, dynamic members and/or nested members. An entity is a nested member of a first group if that entity is a member of a second group and the second group is a member of the first group. There can be multiple levels of nesting. For example, an entity can be a nested member of a first group if that entity is a member of a second group, which is a member of a third group, which is a member of a fourth group, . . . , which is a member of the first group. The present invention can determine the membership of a group, including the static members, dynamic members and/or nested members. Furthermore, the present invention can be used to expand one or more groups so that future requests to view the membership of a group can be performed in a more efficient manner.
-
Citations
22 Claims
-
1. A method for identifying members of a group, comprising the steps of:
-
determining dynamic members of a first user group based on a rule that defines dynamic membership for said first user group, wherein said rule is stored in a dynamic rule attribute of an identity profile of said first user group and wherein said first user group includes one or more static members and an identification of each of said static members is stored in a static member attribute for said identity profile of said first user group; storing an identification of each of said dynamic members of said first user group wherein said identification of each of said dynamic members is stored in said static member attribute for said identity profile of said first user group; determining nested members of said first user group; storing an identification of each of said nested members of said first user group; receiving a request to report members of said first user group, said request is received subsequent to said step of storing; and reporting said dynamic members and said nested members of said first user group in response to said request, said reporting of said dynamic members is performed based on said stored identification of said dynamic members and said reporting of said nested members is performed based on said stored identification of said nested members. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. One or more processor readable storage devices having processor readable code embodied on said processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
-
determining dynamic members of a first user group based on a rule that defines dynamic membership for said first user group, wherein said rule is stored in a dynamic rule attribute of an identity profile of said first user group and wherein said first user group includes one or more static members and an identification of each of said static members is stored in a static member attribute for said identity profile of said first user group; storing an identification of each of said dynamic members of said first user group wherein said identification of each of said dynamic members is stored in said static member attribute for said identity profile of said first user group; determining nested members of said first user group, said nested members include members of multiple levels of nested groups; storing an identification of each of said nested members of said first user group; receiving a request to report members of said first user group, said request is received subsequent to said step of storing; and reporting said dynamic members and said nested members of said first user group in response to said request, said reporting of said dynamic members is performed based on said stored identification of said dynamic members and said reporting of said nested members is performed based on said stored identification of said nested members. - View Dependent Claims (14, 15, 16)
-
-
17. An apparatus that can determine members of a group, comprising:
-
a communication interface; and one or more processors in communication with said communication interface, said one or more processors perform a method comprising the steps of; determining dynamic members of a first user group based on a rule that defines dynamic membership for said first user group, wherein said rule is stored in a dynamic rule attribute of an identity profile of said first user group and wherein said first user group includes one or more static members and an identification of each of said static members is stored in a static member attribute for said identity profile of said first user group, storing an identification of each of said dynamic members of said first user group wherein said identification of each of said dynamic members is stored in said static member attribute for said identity profile of said first user group, determining nested members of said first user group, said nested members include members of multiple levels of nested groups; storing an identification of each of said nested members of said first user group; receiving a request to report members of said first user group, said request is received subsequent to said step of storing, and reporting said static members, said dynamic members, and said nested members of said first user group in response to said request, said reporting of said dynamic members is performed based on said stored identification of said dynamic members and said reporting of said nested members is performed based on said stored identification of said nested members. - View Dependent Claims (18, 19)
-
-
20. An integrated identity and access system comprising:
-
an identity system adapted to determine dynamic members of a first user group based on a rule that defines dynamic membership for said first user group, wherein said rule is stored in a dynamic rule attribute of an identity profile of said first user group and wherein said first user group includes one or more static members and an identification of each of said static members is stored in a static member attribute for said identity profile of said first user group, store an identification of each of said dynamic members of said first user group wherein said identification of each of said dynamic members is stored in said static member attribute for said identity profile of said first user group, determine nested members of said first user group, store an identification of each of said nested members of said first user group, receive a request to report members of said first user group, said request is received subsequent to said step of storing, and report said dynamic members and said nested members of said first user group in response to said request, said reporting of said dynamic members is performed based on said stored identification of said dynamic members and said reporting of said nested members is performed based on said stored identification of said nested members; and an access system adapted to perform authentication services based on membership in said first user group. - View Dependent Claims (21, 22)
-
Specification