Security provider development model
First Claim
Patent Images
1. A method for providing a security provider, said method comprising:
- providing an enterprise system that includes a plurality of components wherein the components are distributed in the enterprise system;
providing an administration server that provides policy and configuration information;
providing a plurality of security service modules (SSMs), wherein each SSM includesan adaptation layer which includes an application program interface,a framework layer which is below the adaptation layer,a services layer, below the framework layer;
wherein the plurality of SSMs run on a plurality of computers distributed throughout an enterprise and each SSM is integrated with and provides security for a component, from the plurality of components, running on the same computer with that SSM and wherein each SSM receives provisioning information relevant to that SSM;
providing a framework program interface (FPI) that is included in the framework layer and wherein the adaptation layer uses the FPI to invoke services of the framework layer;
providing a service provider interface (SPI) that is included in the framework layer, wherein the framework layer uses the SPI to invoke one or more dynamically configurable security services on the services layer and exposes the one or more dynamically configurable security services to the application program interface;
providing the one or more dynamically configurable security services wherein each of the one or more dynamically configurable security services provides one authentication, authorization, auditing, role mapping and credential mapping service;
providing at least one security provider which is a set of the one or more dynamically configurable security services and wherein the at least one security provider can be dynamically integrated into each of the plurality of SSMs;
providing a plurality of security control managers (SCMs) each executing on a different computer with at least one SSM;
wherein each SCM receives the policy and configuration information from the administration server and provisions the policy and configuration information only to SSMs executing on the same computer with that SCM; and
wherein each SCM includes an extensible framework including one or more service providers wherein one of the service providers is a provisioning service provider that provisions the policy and configuration information to the SSMs.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for providing a security provider for a client comprises providing a service provider interface, that is compatible with a security framework layer, and one or more services. The one or more services include at least one of, authentication, authorization, auditing, role mapping and credential mapping. The one or more services can be exposed through the service provider interface and the framework layer can expose the one or more services to an application program interface.
-
Citations
23 Claims
-
1. A method for providing a security provider, said method comprising:
-
providing an enterprise system that includes a plurality of components wherein the components are distributed in the enterprise system; providing an administration server that provides policy and configuration information; providing a plurality of security service modules (SSMs), wherein each SSM includes an adaptation layer which includes an application program interface, a framework layer which is below the adaptation layer, a services layer, below the framework layer; wherein the plurality of SSMs run on a plurality of computers distributed throughout an enterprise and each SSM is integrated with and provides security for a component, from the plurality of components, running on the same computer with that SSM and wherein each SSM receives provisioning information relevant to that SSM; providing a framework program interface (FPI) that is included in the framework layer and wherein the adaptation layer uses the FPI to invoke services of the framework layer; providing a service provider interface (SPI) that is included in the framework layer, wherein the framework layer uses the SPI to invoke one or more dynamically configurable security services on the services layer and exposes the one or more dynamically configurable security services to the application program interface; providing the one or more dynamically configurable security services wherein each of the one or more dynamically configurable security services provides one authentication, authorization, auditing, role mapping and credential mapping service; providing at least one security provider which is a set of the one or more dynamically configurable security services and wherein the at least one security provider can be dynamically integrated into each of the plurality of SSMs; providing a plurality of security control managers (SCMs) each executing on a different computer with at least one SSM; wherein each SCM receives the policy and configuration information from the administration server and provisions the policy and configuration information only to SSMs executing on the same computer with that SCM; and wherein each SCM includes an extensible framework including one or more service providers wherein one of the service providers is a provisioning service provider that provisions the policy and configuration information to the SSMs. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer readable medium having instructions stored thereon to cause a system to:
-
provide an enterprise system that includes a plurality of components wherein the components are distributed in the enterprise system; provide an administration server that provides policy and configuration information; provide a plurality of security service modules (SSMs), wherein each SSM includes an adaptation layer which includes an application program interface, a framework layer which is below the adaptation layer, a services layer, below the framework layer; wherein the plurality of SSMs run on a plurality of computers distributed throughout an enterprise and each SSM is integrated with and provides security for a component, from the plurality of components, running on the same computer with that SSM and wherein each SSM receives provisioning information relevant to that SSM; provide a framework program interface (FPI) that is included in the framework layer and wherein the adaptation layer uses the FPI to invoke services of the framework layer; provide a service provider interface (SPI) that is included in the framework layer, wherein the framework layer uses the SPI to invoke one or more dynamically configurable security services on the services layer and exposes the one or more dynamically configurable security services to the application program interface; provide the one or more dynamically configurable security services wherein each of the one or more dynamically configurable security services provides one authentication, authorization, auditing, role mapping and credential mapping service; provide at least one security provider which is a set of the one or more dynamically configurable security services and wherein the at least one security provider can be dynamically integrated into each of the plurality of SSMs; provide a plurality of security control managers (SCMs) each executing on a different computer with at least one SSM; wherein each SCM receives the policy and configuration information from the administration server and provisions the policy and configuration information only to SSMs executing on the same computer with that SCM; and wherein each SCM includes an extensible framework including one or more service providers wherein one of the service providers is a provisioning service provider that provisions the policy and configuration information to the SSMs. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A distributed security system comprising:
-
an enterprise system that includes a plurality of components wherein the components are distributed in the enterprise system; a plurality of computers, each with a processor operating thereon; an administration server that provides policy and configuration information; a plurality of security service modules (SSMs), executing on the plurality of computers distributed throughout an enterprise, wherein each SSM includes an adaptation layer, a framework layer, and a services layer; a framework program interface (FPI) included in the framework layer, wherein the adaptation layer uses the FPI to invoke services of the framework layer; a service provider interface (SPI) that is included in the framework layer; a plurality of security providers, wherein each security provider includes a plurality of related security services, and wherein each SSM includes at least one security provider; wherein each SSM provides security services to a component, from the plurality of components, executing on a computer with that SSM and wherein the provided security services include any security services included in the at least one security provider included with that SSM; a plurality of security control managers (SCMs) each executing on a different computer with at least one SSM; wherein each SCM receives the policy and configuration information from the administration server and provisions the policy and configuration information only to SSMs executing on the same computer with that SCM; and wherein each SCM includes an extensible framework including one or more service providers wherein one of the service providers is a provisioning service provider that provisions the policy and configuration information to the SSMs. - View Dependent Claims (21, 22, 23)
-
Specification