Directory service for a computer network

US 7,577,092 B2
Filed: 08/04/2004
Issued: 08/18/2009
Est. Priority Date: 06/07/1995
Status: Expired due to Fees

First Claim

Patent Images

1. In a computer network in which different users have different access rights with respect to different content entities, a method of providing users with a filtered directory of content entities, comprising the steps of:

(a) storing a plurality of content nodes within a hierarchical directory structure on at least one server, each of said content nodes comprising a respective list of properties to provide users with a navigable view of said hierarchical directory structure comprising representations of content nodes, said content nodes representing said content entities;

(b) receiving one or more requests at said server for one or more of said content nodes, said requests generated on a client computer of a user of said network in response to selection of a node at a higher level in said hierarchical directory structure than said content nodes;

(c) for each content node requested in step (b), doing each of(i) determining access rights of said user,(ii) determining whether said user is authorized to access said content node according to said access rights of said user,(iii) filtering properties of said content node according to said access rights of said user, and(iv) returning properties of said content node to said client computer if and only if said user is authorized to access said content node; and

(d) using said properties returned in step (c) to construct a filtered view of said hierarchical directory structure on a screen of said client computer to show said user representations of only those requested content nodes of said hierarchical directory structure representing content entities to which said user has at least some access rights and to hide from said user those requested content nodes of said hierarchical directory structure representing content entities to which said user has no access rights.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A distributed directory service for an on-line services network comprises multiple, separate services, referred to as “Directory Service Providers,” running on respective groups of application servers. Each Directory Service Provider stores and provides access to a respective hierarchical directory structure, with nodes of the directory structures representing the various on-line services and other content entities which may be accessed by end users of the network. Junction point nodes are used to provide user-transparent links between the different directory structures, so that the directory structures appear to end users as a single, hierarchical directory. A common application program interface (API) is implemented by all Directory Service Providers, allowing client applications running on computers of end users to access the different directory structures using a common set of software methods. Data items that are shared by multiple nodes, such as icon bitmaps and sound files, are optionally stored by the Directory Service Providers within a shared database (separately from the nodes), and are accessed via special API methods. Various forms of node filtering, including language-based filtering and access rights filtering, are performed by the Directory Service Providers to determine which nodes to show to end users.

Citations

20 Claims

1. In a computer network in which different users have different access rights with respect to different content entities, a method of providing users with a filtered directory of content entities, comprising the steps of:
- (a) storing a plurality of content nodes within a hierarchical directory structure on at least one server, each of said content nodes comprising a respective list of properties to provide users with a navigable view of said hierarchical directory structure comprising representations of content nodes, said content nodes representing said content entities;
  
  (b) receiving one or more requests at said server for one or more of said content nodes, said requests generated on a client computer of a user of said network in response to selection of a node at a higher level in said hierarchical directory structure than said content nodes;
  
  (c) for each content node requested in step (b), doing each of(i) determining access rights of said user,(ii) determining whether said user is authorized to access said content node according to said access rights of said user,(iii) filtering properties of said content node according to said access rights of said user, and(iv) returning properties of said content node to said client computer if and only if said user is authorized to access said content node; and
  
  (d) using said properties returned in step (c) to construct a filtered view of said hierarchical directory structure on a screen of said client computer to show said user representations of only those requested content nodes of said hierarchical directory structure representing content entities to which said user has at least some access rights and to hide from said user those requested content nodes of said hierarchical directory structure representing content entities to which said user has no access rights.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method according to claim 1, wherein said step of determining comprises reading a security property of said content node, said security property identifying a content category of which said content node is a member.
  - 3. The method according to claim 2, wherein said step of determining further comprises using an account identifier of said user to determine whether said user is authorized to access said content category.
  - 4. The method according to claim 1, wherein said requests for said content nodes comprise requests for all children nodes of a current node.
  - 5. The method according to claim 2, wherein said security property is included in said list of properties for said content node.
  - 6. The method according to claim 3, further comprising using said security property and said account identifier to generate a user-specific query of an access rights database storing access rights of users.
  - 7. The method according to claim 6, further comprising locally storing user-specific access rights obtained from said access rights database in an access rights cache on said server.
  - 8. The method according to claim 4, further comprising filtering properties of said children nodes according to said access rights of said user, and constructing a filtered view of said hierarchical directory structure comprising representations of only those children nodes representing content entities to which said user has at least some access rights.
  - 9. The method according to claim 1, said access rights allowing said user to view limited properties of said content node.
  - 10. The method according to claim 1, said access rights allowing said user to open a service of said content node.
  - 11. The method according to claim 1, said access rights allowing said user to edit properties of said content node.
  - 12. The method according to claim 1, said access rights allowing said user to add a node to said hierarchical directory structure.
  - 13. The method according to claim 1, said access rights allowing said user to delete a node from said hierarchical directory structure.
  - 14. The method according to claim 1, wherein said representations of content nodes comprise icons.
  - 15. The method according to claim 1, wherein said representations of content nodes comprise textual names.
  - 16. The method according to claim 1, wherein said content node comprises a folder node.
  - 17. The method according to claim 1, wherein said content node comprises a leaf node.
  - 18. The method according to claim 1, wherein said content node comprises a junction node.
  - 19. The method according to claim 1, wherein said content node comprises a target node.

20. A computer-readable storage medium containing computer-executable instructions for performing a method of providing users with a filtered directory of content entities in a computer network in which different users have different access rights with respect to different content entities, the method comprising:
- (a) storing a plurality of content nodes within a hierarchical directory structure on at least one server, each of said content nodes comprising a respective list of properties to provide users with a navigable view of said hierarchical directory structure comprising representations of content nodes, said content nodes representing said content entities;
  
  (b) receiving one or more requests at said server for one or more of said content nodes, said requests generated on a client computer of a user of said network in response to selection of a node at a higher level in said hierarchical directory structure than said content nodes;
  
  (c) for each content node requested in step (b), doing each of(i) determining access rights of said user,(ii) determining whether said user is authorized to access said content node according to said access rights of said user,(iii) filtering properties of said content node according to said access rights of said user, and(iv) returning properties of said content node to said client computer if and only if said user is authorized to access said content node; and
  
  (d) using said properties returned in step (c) to construct a filtered view of said hierarchical directory structure on a screen of said client computer to show said user representations of only those requested content nodes of said hierarchical directory structure representing content entities to which said user has at least some access rights and to hide from said user those requested content nodes of said hierarchical directory structure representing content entities to which said user has no access rights.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Nolan, Sean P., Sanderman, David S., San Andres, Ramon J.
Primary Examiner(s)
Yao; Kwang B
Assistant Examiner(s)
NGUYEN, ANH NGOC M

Application Number

US10/911,056
Publication Number

US 20050027797A1
Time in Patent Office

1,840 Days
Field of Search

709/203, 709/220, 709/217, 709/201, 370/901, 370/903, 370/908, 370/389, 370/392, 370/401, 370/229, 370/230, 370/235, 370/254, 370/395.7, 370/395.71, 370/400, 370/408, 707/1, 707/100
US Class Current

370/230
CPC Class Codes

G06F 11/201   between storage system comp...

H04L 63/029   Firewall traversal, e.g. tu...

H04L 67/51   Discovery or management the...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Y10S 707/99931   Database or file accessing

Directory service for a computer network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Directory service for a computer network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links