Delegated administration for a distributed security system
First Claim
Patent Images
1. A method comprising the steps of:
- delegating a capability from a first user to a second user;
propagating from a provisioning service provider configuration information that includes evidence of the delegation to a plurality of security service modules executing on one of a plurality of computers distributed throughout an enterprise, wherein each one of the plurality of security service modules is integrated with a different process, including applications, application servers, and web servers, executing on the computer and wherein each security service module is capable of protecting one or more resources;
providing the evidence to a first security service module belonging to the plurality of security service modules;
enforcing the delegation when the second user attempts to access a resource in the one or more resources wherein the resource is protected by the first security service module; and
wherein the enforcement is carried out by the first security service module and wherein each security service module can dynamically load security providers based on the configuration information.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method comprising the steps of, delegating a capability from a first user to a second user, propagating information that includes evidence of the delegation to a plurality of security service modules, wherein each one of the plurality of security service modules is capable of protecting one or more resources, providing the evidence to a first security service module belonging to the plurality of security service modules, enforcing the delegation when the second user attempts to access a resource in the one or more resources wherein the resource is protected by the first security service module, and wherein the enforcement is carried out by the first security service module.
-
Citations
33 Claims
-
1. A method comprising the steps of:
-
delegating a capability from a first user to a second user; propagating from a provisioning service provider configuration information that includes evidence of the delegation to a plurality of security service modules executing on one of a plurality of computers distributed throughout an enterprise, wherein each one of the plurality of security service modules is integrated with a different process, including applications, application servers, and web servers, executing on the computer and wherein each security service module is capable of protecting one or more resources; providing the evidence to a first security service module belonging to the plurality of security service modules; enforcing the delegation when the second user attempts to access a resource in the one or more resources wherein the resource is protected by the first security service module; and wherein the enforcement is carried out by the first security service module and wherein each security service module can dynamically load security providers based on the configuration information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system comprising:
-
a plurality of computers distributed throughout an enterprise; a provisioning service provider executing on a first computer capable of propagating configuration information to a plurality of security service modules, executing on the first computer, wherein the information includes evidence of a delegation from a first user to a second user; wherein each security service module is integrated with a different process, including applications, application servers, and web servers, executing on the first computer and wherein each security service module is capable of protecting one or more resources; a first security service module belonging to a first process of the plurality of processes, wherein the evidence of delegation is provided to the first security service module; wherein the delegation is enforced when the second user attempts to access a resource of the one or more resources wherein the resource is protected by the first process; and wherein the enforcement is carried out by the first security service module and wherein each security service module can dynamically load security providers based on the configuration information. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer readable storage medium having instructions stored thereon to cause a system to:
-
delegate a capability from a first user to a second user; propagate from a provisioning service provider configuration information that includes evidence of the delegation to a plurality of security service modules executing on one of a plurality of computers distributed throughout an enterprise, wherein each one of the plurality of security service modules is integrated with a different process, including applications, application servers, and web servers, executing on the computer and wherein each security service module is capable of protecting one or more resources; provide the evidence to a first security service module belonging to the plurality of security service modules; enforce the delegation when the second user attempts to access a resource in the one or more resources wherein the resource is protected by the first security service module; and wherein the enforcement is carried out by the first security service module and wherein each security service module can dynamically load security providers based on the configuration information. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification