Dynamic control of authorization to access internet services
First Claim
1. A method of managing authorization to access a service by a remote user who has established a session with a server, comprising the steps of:
- retrieving, by the server, a profile of the user from a directory service that is directly connected to the server;
after said retrieving the profile of the user, creating a session object that identifies N services selected by the user in the past, wherein said creating is performed by the server using information included in the retrieved profile of the user, wherein the session object is configured to identify the user, characteristics of the user, and privileges of the user to the server and to an application program, wherein N is a positive integer, and wherein the server comprises the session object;
receiving, by the server from the user via a communication network after said creating the session object, a request for the service to be provided to the user by execution of the application program by the server, wherein the server comprises the application program;
after said receiving the request, ascertaining by the server that the session object does not include a condition of authorization for the user to have access to the requested service;
responsive to said ascertaining that the session object does not include the condition of authorization, determining by the server from consultation with the directory service that the user has authorization for accessing the requested service;
responsive to said determining that the user has authorization for accessing the requested service, receiving the condition of authorization from the directory service followed by incorporating the received condition of authorization into the session object;
after said incorporating the condition of authorization into the session object, determining by the server that the authorization for the user to access the service is conditional with respect to satisfaction of dynamic temporal conditions;
responsive to said determining by the server that the authorization for the user to access the service is conditional with respect to satisfaction of dynamic temporal conditions, creating a listener object within the session object;
after said creating the listener object, registering the listener object with a broadcast object, wherein the server comprises the broadcast object, and wherein said registering is performed by the listener object;
receiving, by the listener object after said registering the listener object, information sent by the broadcast object;
determining, by the listener object from the information received from the broadcast object, that the condition of authorization is satisfied, followed by initiating execution of the application program by the server to provide the service to the user;
after said initiating execution of the application program, receiving, by the listener object from the broadcast object, condition information relating to the condition of authorization;
analyzing, by the listener object, the received condition information to determine whether the condition of authorization is satisfied; and
if said analyzing determines that the condition of authorization is satisfied then continuing said execution of the application program, otherwise ending said execution of the application program.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for managing authorization to access Internet services. A session object is created when a user logs onto a web site. The session object includes authorization-privilege information for N services. The user selects the service desired from the web site, at which point the server checks the session object. If the session object does not include authorization to access the selected service, the server consults a directory service. If the user is authorized according to the directory service, authorization-to-access information is incorporated into the session object. When authorization is conditional, a listener object is created within the session object. The listener object registers with a broadcast object and receives information germane to conditions of authorization. The listener object analyzes the information according to conditions of authorization, and terminates access to the selected service when conditions of authorization are not satisfied.
-
Citations
3 Claims
-
1. A method of managing authorization to access a service by a remote user who has established a session with a server, comprising the steps of:
-
retrieving, by the server, a profile of the user from a directory service that is directly connected to the server; after said retrieving the profile of the user, creating a session object that identifies N services selected by the user in the past, wherein said creating is performed by the server using information included in the retrieved profile of the user, wherein the session object is configured to identify the user, characteristics of the user, and privileges of the user to the server and to an application program, wherein N is a positive integer, and wherein the server comprises the session object; receiving, by the server from the user via a communication network after said creating the session object, a request for the service to be provided to the user by execution of the application program by the server, wherein the server comprises the application program; after said receiving the request, ascertaining by the server that the session object does not include a condition of authorization for the user to have access to the requested service; responsive to said ascertaining that the session object does not include the condition of authorization, determining by the server from consultation with the directory service that the user has authorization for accessing the requested service; responsive to said determining that the user has authorization for accessing the requested service, receiving the condition of authorization from the directory service followed by incorporating the received condition of authorization into the session object; after said incorporating the condition of authorization into the session object, determining by the server that the authorization for the user to access the service is conditional with respect to satisfaction of dynamic temporal conditions; responsive to said determining by the server that the authorization for the user to access the service is conditional with respect to satisfaction of dynamic temporal conditions, creating a listener object within the session object; after said creating the listener object, registering the listener object with a broadcast object, wherein the server comprises the broadcast object, and wherein said registering is performed by the listener object; receiving, by the listener object after said registering the listener object, information sent by the broadcast object; determining, by the listener object from the information received from the broadcast object, that the condition of authorization is satisfied, followed by initiating execution of the application program by the server to provide the service to the user; after said initiating execution of the application program, receiving, by the listener object from the broadcast object, condition information relating to the condition of authorization; analyzing, by the listener object, the received condition information to determine whether the condition of authorization is satisfied; and if said analyzing determines that the condition of authorization is satisfied then continuing said execution of the application program, otherwise ending said execution of the application program. - View Dependent Claims (2, 3)
-
Specification