Method and system for session based authorization and access control for networked application objects
First Claim
1. An ingress-session-based authorization and access control method in a data processing system to control access from an initiator-host to objects on a target host comprising the steps of:
- (i) receiving an access-request originally coming from the initiator-host, that references an object on the target host to access,(ii) assigning the access-request to an ingress-session and selecting a session context belonging to that ingress-session,(iii) checking whether the access to the referenced object is authorized in the selected session-context or not,(iv) denying the access to the referenced object if the access to said object on the target host is not authorized in the selected session context,(v) granting the access to the referenced object if the access to said object on the target host is allowed in the selected session context,(vi) handing over references to objects on the target host to the initiator-host as a response to a granted access-request, and(vii) authorizing the handed over reference for access in that session-context.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to an ingress-session-based authorization and access control method and system to control access from an initiator-host (IH) to objects (Target 1, Target 2) on a target host (TH) by receiving an access-request, preferably a request-message (M1), originally coming from the initiator-host (IH), that references an object (Target 1, Target 2) on the target host (TH) to access, assigning the access-request (M1) to an ingress-session and selecting a session-context (SC-U, SC-W, SC-Y) belonging to that ingress-session, checking whether the access to the referenced object (Target 1, Target 2) is authorized in the selected session-context (SC-U, SC-W, SC-Y)or not wherein references to objects (Target 1, Target 2) on the target host (TH) were handed over to the initiator-host (IH) as a response to an access-request already granted and wherein the object the reference is handed over for is authorized for access under the handed over reference in that session-context (SC-U, SC-W, SC-Y)the already granted access-request is assigned to.
-
Citations
21 Claims
-
1. An ingress-session-based authorization and access control method in a data processing system to control access from an initiator-host to objects on a target host comprising the steps of:
-
(i) receiving an access-request originally coming from the initiator-host, that references an object on the target host to access, (ii) assigning the access-request to an ingress-session and selecting a session context belonging to that ingress-session, (iii) checking whether the access to the referenced object is authorized in the selected session-context or not, (iv) denying the access to the referenced object if the access to said object on the target host is not authorized in the selected session context, (v) granting the access to the referenced object if the access to said object on the target host is allowed in the selected session context, (vi) handing over references to objects on the target host to the initiator-host as a response to a granted access-request, and (vii) authorizing the handed over reference for access in that session-context. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An ingress-session-based authorization and access control data processing system to control access from an initiator-host to objects on a target host comprising:
-
means to receive an access-request originally coming from the initiator-host, that references an object on the target host to access, means to assign the access-request to an ingress-session and selecting a session-context belonging to that ingress-session, means to check whether the access to the referenced object is authorized in the selected session-context or not, that deny the access to the referenced object if the access to said object on the target host is not authorized in the selected session-context and that grants the access to the referenced object if the access to said object on the target host is allowed in the selected session-context, means that hand over references to objects on the target host to the initiator-host as a response to a granted access-request, and means that authorize objects the reference is handed over for, for access under the handed over reference in that session-context the already granted access request is assigned to. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer-readable storage medium having stored thereon instructions to cause a processor to execute an ingress-session-based authorization and access control method in a data processing system to control access from an initiator-host to objects on a target host, the method comprising:
-
(i) receiving an access-request originally coming from the initiator-host, that references an object on the target host to access, (ii) assigning the access-request to an ingress-session and selecting a session-context belonging to that ingress-session, (iii) checking whether the access to the referenced object is authorized in the selected session-context or not, (iv) denying the access to the referenced object if the access to said object on the target host is not authorized in the selected session-context, (v) granting the access to the referenced object if the access to said object on the target host is allowed in the selected session-context, (vi) handing over references to objects on the target host to the initiator host as a response to a granted access-request, and (vii) authorizing the handed over references for access in that session-context. - View Dependent Claims (17, 18, 19, 20, 21)
-
Specification