Method, apparatus and system for principle mapping within an application container

US 7,606,917 B1
Filed: 04/30/2004
Issued: 10/20/2009
Est. Priority Date: 04/30/2004
Status: Active Grant

First Claim

Patent Images

1. A computing system comprising:

a first server to exchange communications with a first user manager and with a second user manager, the first server including a container having stored thereina first user store associated with the first user manager;

a second user store associated with the second user manager;

an application in communication with the first user store and with the second user store, the application to access a first resource and a second resource for a client of the first server; and

a principle map separate from the application, the principle map including;

a default principle sent to the first server from a default user manager in response to the default user manager authenticating the client for an access to the application,a first principle stored by the first user store, the first principle sent to the first server from the first user manager in response to an authentication of the application for access to the first user manager, anda second principle stored by the second user store, the second principle sent to the first server from the second user manager in response to an authentication of the application for access to the second user manager,wherein the principle map to map the first principle and the second principle to the default principle,wherein the first user store to receive a first user manager command sent from the application in a first format, the received first user manager command including the default principle to indicate that an accessing of the first resource via the first user manager is on behalf of the client, the first user store to respond to the receiving the first user manager command, includingaccessing the principle map with the default principle from the first user manager command to retrieve the first principle,translating the first user manager command from the first format to a second format, the translated first user command including the retrieved first principle, andsending the translated first user manager command from the first server to the first user manager, andwherein the second user store to receive a second user manager command sent from the application in the first format, the received second user manager command including the default principle to indicate that an accessing of the second resource via the second user manager is on behalf of the client, the second user store to respond to the receiving the second user manager command, includingaccessing the principle map with the default principle from the second user manager command to retrieve the second principle,translating the second user manager command from the first format to a third format, the translated second user command including the retrieved second principle, andsending the translated second user manager command from the first server to the second user manager.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one aspect of the invention, a computing system capable of communicating with first and second user managers, the first user manager to perform authentication and authorization services for a first resource and the second user manager to perform authentication and authorization services for a second resource, is provided. The computing system comprises a container having an application, a first user store associated with the first user manager, and a second user store associated with the second user manager stored therein, the application to send a first user manager command to the first user store in a first format and a second user manager command to the second user store in the first format, the first user store to translate the first format into a second format and send the second format to the first user manager, the second user store to translate the second format into a third format and send the third format to the second user manager.

Citations

23 Claims

1. A computing system comprising:
- a first server to exchange communications with a first user manager and with a second user manager, the first server including a container having stored thereina first user store associated with the first user manager;
  
  a second user store associated with the second user manager;
  
  an application in communication with the first user store and with the second user store, the application to access a first resource and a second resource for a client of the first server; and
  
  a principle map separate from the application, the principle map including;
  
  a default principle sent to the first server from a default user manager in response to the default user manager authenticating the client for an access to the application,a first principle stored by the first user store, the first principle sent to the first server from the first user manager in response to an authentication of the application for access to the first user manager, anda second principle stored by the second user store, the second principle sent to the first server from the second user manager in response to an authentication of the application for access to the second user manager,wherein the principle map to map the first principle and the second principle to the default principle,wherein the first user store to receive a first user manager command sent from the application in a first format, the received first user manager command including the default principle to indicate that an accessing of the first resource via the first user manager is on behalf of the client, the first user store to respond to the receiving the first user manager command, includingaccessing the principle map with the default principle from the first user manager command to retrieve the first principle,translating the first user manager command from the first format to a second format, the translated first user command including the retrieved first principle, andsending the translated first user manager command from the first server to the first user manager, andwherein the second user store to receive a second user manager command sent from the application in the first format, the received second user manager command including the default principle to indicate that an accessing of the second resource via the second user manager is on behalf of the client, the second user store to respond to the receiving the second user manager command, includingaccessing the principle map with the default principle from the second user manager command to retrieve the second principle,translating the second user manager command from the first format to a third format, the translated second user command including the retrieved second principle, andsending the translated second user manager command from the first server to the second user manager.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The computing system of claim 1, wherein the application is connected to the user stores through a common application programming interface.
  - 3. The computing system of claim 2, wherein the common application programming interface interconnects the principle map and the application.
  - 4. The computing system of claim 3, further comprising the client to attempt to access the application and the first and second resources.
  - 5. The computing system of claim 4, wherein the first and second user managers are to authenticate and authorize the client to access the first and second resources.
  - 6. The computing system of claim 5, wherein the default user manager is to authorize the client for access to the container.
  - 7. The computing system of claim 6, wherein the container further comprises a default user store associated with the default user manager.
  - 8. The computing system of claim 7, wherein the first and second user stores contain translations of the first format into respective ones of the second and third formats.
  - 9. The computing system of claim 8, wherein the first and second user stores comprise a single user module, a group user module, an authentication module, and a configuration module, the single user module including translations for single user commands, the group module including translations for group user commands, and the authentication module including translations for authentication commands.
  - 10. The computing system of claim 9, wherein the single user commands are to perform at least one of:
    - obtaining information from a user account;
      
      creating a user account;
      
      deleting a user account; and
      
      modifying a user account.
  - 11. The computing system of claim 9, wherein the group user commands are to perform at least one of:
    - defining a group;
      
      modifying a group;
      
      deleting a group;
      
      adding a user to a group;
      
      removing a user from a group; and
      
      adding a group to a group.
  - 12. The computing system of claim 9, wherein the authentication commands are to perform at least one of:
    - logging in;
      
      logging out;
      
      aborting; and
      
      committing.
  - 13. The computing system of claim 9, wherein the first and second resources are selected from the group consisting of:
    - a Lightweight Directory Access Protocol server;
      
      a Database Management Software based server; and
      
      a file system server.
  - 14. The computing system of claim 13, wherein the first and second user managers utilize an authentication service selected from the group consisting of:
    - Keberos;
      
      Unix;
      
      Windows NT; and
      
      Biometric authentication.

15. A method comprising:
- receiving at a server a default principle sent from a default user manager in response to the default user manager authenticating a client of the server for access to an application within a container of the server;
  
  receiving at a first user store in the container a first principle sent to the server from a first user manager in response to an authentication of the application for access to the first user manager;
  
  receiving at a second user store in the container a second principle sent to the server from the second user manager in response to an authentication of the application for access to the second user manager;
  
  the first user store storing the received first principle in a principle map within the container and separate from the application;
  
  the second user store storing the received second principle in the principle map;
  
  with the principle map, mapping the received default principle to the received first principle and the received second principle;
  
  receiving at the first user store a first user manager command sent from the application in a first format, the received first user manager command including the default principle to indicate that an accessing of a first resource via the first user manager is on behalf of the client;
  
  the first user store responding to the receiving the first user manager command, includingaccessing the principle map with the default principle from the first user manager command to retrieve the first principle,translating the first user manager command into a second format, the translated first user command including the retrieved first principle, andsending the translated first user manager command to the first user manager, andreceiving at the second user store a second user manager command sent from the application in the first format, the received second user manager command including the default principle to indicate that an accessing of a second resource via the second user manager is on behalf of the client;
  
  the second user store responding to the receiving the second user manager command, includingaccessing the principle map with the default principle from the second user manager command to retrieve the second principle,translating the second user manager command into a third format, the translated second user command including the retrieved second principle, andsending the translated second user manager command to the second user manager.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15, wherein the first user store and the second user store are connected to the application through the common application programming interface.
  - 17. The method of claim 16, the principle map connected to the application through the common application programming interface.

18. An article of manufacture including program code which, when executed by a machine, causes the machine to perform a method, the method comprising:
- receiving at a server a default principle sent from a default user manager in response to the default user manager authenticating a client of the server for access to an application within a container of the server;
  
  receiving at a first user store in the container a first principle sent to the server from a first user manager in response to an authentication of the application for access to the first user manager;
  
  receiving at a second user store in the container a second principle sent to the server from the second user manager in response to an authentication of the application for access to the second user manager;
  
  the first user store storing the received first principle in a principle map within the container and separate from the application;
  
  the second user store storing the received second principle in the principle map;
  
  with the principle map, mapping the received default principle to the received first principle and the received second principle;
  
  receiving at the first user store a first user manager command sent from the application in a first format, the received first user manager command including the default principle to indicate that an accessing of a first resource via the first user manager is on behalf of the client;
  
  the first user store responding to the receiving the first user manager command, includingaccessing the principle map with the default principle from the first user manager command to retrieve the first principle,translating the first user manager command into a second format, the translated first user command including the retrieved first principle, andsending the translated first user manager command to the first user manager, andreceiving at the second user store a second user manager command sent from the application in the first format, the received second user manager command including the default principle to indicate that an accessing of a second resource via the second user manager is on behalf of the client;
  
  the second user store responding to the receiving the second user manager command, includingaccessing the principle map with the default principle from the second user manager command to retrieve the second principle,translating the second user manager command into a third format, the translated second user command including the retrieved second principle, andsending the translated second user manager command to the second user manager.
- View Dependent Claims (19, 20)
- - 19. The article of manufacture of claim 18, wherein the first user store and the second user store are connected to the application through the common application programming interface.
  - 20. The article of manufacture of claim 19, the principle map connected to the application through the common application programming interface.

21. A computing system comprising instructions disposed on a computer readable medium, said instructions capable of being executed by said computing system to perform a method, said method comprising:
- receiving at a server a default principle sent from a default user manager in response to the default user manager authenticating a client of the server for access to an application within a container of the server;
  
  receiving at a first user store in the container a first principle sent to the server from a first user manager in response to an authentication of the application for access to the first user manager;
  
  receiving at a second user store in the container a second principle sent to the server from the second user manager in response to an authentication of the application for access to the second user manager;
  
  the first user store storing the received first principle in a principle map within the container and separate from the application;
  
  the second user store storing the received second principle in the principle map;
  
  with the principle map, mapping the received default principle to the received first principle and the received second principle;
  
  receiving at the first user store a first user manager command sent from the application in a first format, the received first user manager command including the default principle to indicate that an accessing of a first resource via the first user manager is on behalf of the client;
  
  the first user store responding to the receiving the first user manager command, includingaccessing the principle map with the default principle from the first user manager command to retrieve the first principle,translating the first user manager command into a second format, the translated first user command including the retrieved first principle, andsending the translated first user manager command to the first user manager, andreceiving at the second user store a second user manager command sent from the application in the first format, the received second user manager command including the default principle to indicate that an accessing of a second resource via the second user manager is on behalf of the client;
  
  the second user store responding to the receiving the second user manager command, includingaccessing the principle map with the default principle from the second user manager command to retrieve the second principle,translating the second user manager command into a third format, the translated second user command including the retrieved second principle, andsending the translated second user manager command to the second user manager.
- View Dependent Claims (22, 23)
- - 22. The computing system of claim 21, wherein the first user store and the second user store are connected to the application through the common application programming interface.
  - 23. The computing system of claim 22, the principle map connected to the application through the common application programming interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Koeberle, Boris, Blagoev, Jako, Zheleva, Ekaterina, Zlatarev, Stephan H.
Primary Examiner(s)
Pwu; Jeffrey
Assistant Examiner(s)
Ali; Farhad

Application Number

US10/837,134
Time in Patent Office

1,999 Days
Field of Search

709/225, 709/227, 709/229
US Class Current

709/229
CPC Class Codes

G06F 21/6236   between heterogeneous systems

G06F 9/468   Specific access rights for ...

H04L 63/08   for authentication of entit...

Method, apparatus and system for principle mapping within an application container

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method, apparatus and system for principle mapping within an application container

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links