Method and apparatus for local access authorization of cached resources
First Claim
1. An apparatus, comprising:
- one or more processors;
one or more computer-readable volatile or non-volatile media operable to store a cache; and
one or more sequences of instructions which are stored in the one or more computer-readable volatile or non-volatile media and which, when executed by the one or more processors, cause the one or more processors to perform;
receiving a first request to perform an operation on a first object that is stored in the cache;
based on the first request, determining an entity identifier associated with an entity that sent the first request, an operation identifier associated with the operation, and an Access Control List (ACL) associated with the first object;
accessing a record that includes at least the operation identifier, the ACL, and an authorization indicator, wherein the authorization indicator indicates whether the entity has previously successfully performed the operation on any object that is different than the first object and that is also associated with the ACL; and
based on the authorization indicator included in the record, determining whether to authorize the entity to perform the operation on the first object without evaluating any permissions and access rights that are stored in the ACL.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus is disclosed for local access authorization of cached resources. A first request to perform an operation on a first object that is stored in a cache is received. An entity identifier associated with the entity that sent the first request, an operation identifier associated with the operation, and an Access Control List (ACL) associated with the first object are determined based on the first request. A record that includes at least the operation identifier, the ACL, and an authorization indicator is accessed. The authorization indicator indicates whether the entity has previously successfully performed the operation on any object in the cache that is associated with the ACL. Based on the authorization indicator included in the record, a determination is made whether to authorize the entity to perform the operation on the first object.
-
Citations
38 Claims
-
1. An apparatus, comprising:
-
one or more processors; one or more computer-readable volatile or non-volatile media operable to store a cache; and one or more sequences of instructions which are stored in the one or more computer-readable volatile or non-volatile media and which, when executed by the one or more processors, cause the one or more processors to perform; receiving a first request to perform an operation on a first object that is stored in the cache; based on the first request, determining an entity identifier associated with an entity that sent the first request, an operation identifier associated with the operation, and an Access Control List (ACL) associated with the first object; accessing a record that includes at least the operation identifier, the ACL, and an authorization indicator, wherein the authorization indicator indicates whether the entity has previously successfully performed the operation on any object that is different than the first object and that is also associated with the ACL; and based on the authorization indicator included in the record, determining whether to authorize the entity to perform the operation on the first object without evaluating any permissions and access rights that are stored in the ACL. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An apparatus for local access authorization of cached resources, comprising:
-
one or more processors; one or more computer-readable volatile or non-volatile media operable to store a cache, wherein the cache includes an authorization cache; and one or more sequences of instructions which are stored in the one or more computer-readable volatile or non-volatile media and which, when executed by the one or more processors, cause the one or more processors to perform; receiving, from an entity, a first request to perform an operation on a first object that is stored in the cache; performing the operation on the first object, wherein performing the operation comprises; sending an authorization request to a remote authorization server, wherein the remote authorization server is capable of authorizing the entity to perform the operation on the first object; and receiving a response from the remote authorization server, wherein the response indicates whether the remote authorization server authorizes the entity to perform the operation on the first object; generating an authorization indicator based at least on the response, wherein the authorization indicator indicates whether the operation was successfully performed on the first object; storing, in the authorization cache, a record that includes an entity identifier associated with the entity, an operation identifier associated with the operation, an Access Control List (ACL) associated with the first object, and the authorization indicator; receiving a second request from the entity to perform the operation on a second object that is stored in the cache, wherein the second object is also associated with the ACL and wherein the second object is different than the first object; determining the entity identifier, the operation identifier, and the ACL based on information included in the second request; based on the entity identifier, the operation identifier, and the ACL, locating the record in the authorization cache; and based on the authorization indicator stored in the record, determining whether to authorize the entity to perform the operation on the second object without evaluating any permissions and access rights that are stored in the ACL. - View Dependent Claims (15, 16)
-
-
17. An apparatus for local access authorization of cached resources, comprising:
-
means for receiving a first request to perform an operation on a first object that is stored in a cache; means for determining, based on the first request, an entity identifier associated with an entity that sent the first request, an operation identifier associated with the operation, and an Access Control List (ACL) associated with the first object; means for accessing a record that includes at least the operation identifier, the ACL, and an authorization indicator, wherein the authorization indicator indicates whether the entity has previously successfully performed the operation on any object that is different than the first object and that is also associated with the ACL; and means for determining, based on the authorization indicator included in the record, whether to authorize the entity to perform the operation on the first object without evaluating any permissions and access rights that are stored in the ACL. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A method of local access authorization of cached resources, the method comprising the computer-implemented steps of:
-
receiving a first request to perform an operation on a first object that is stored in a cache; based on the first request, determining an entity identifier associated with an entity that sent the first request, an operation identifier associated with the operation, and an Access Control List (ACL) associated with the first object; accessing a record that includes at least the operation identifier, the ACL, and an authorization indicator, wherein the authorization indicator indicates whether the entity has previously successfully performed the operation on any object that is different than the first object and that is also associated with the ACL; and based on the authorization indicator included in the record, determining whether to authorize the entity to perform the operation on the first object without evaluating any permissions and access rights that are stored in the ACL. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38)
-
Specification