Trust model for a database management system supporting multiple authorization domains
First Claim
Patent Images
1. A system that employs a certificate to authenticate access to resources in a multi-domain database management system comprising at least one processor coupled to computer-readable memory, the system further comprising:
- executable code in a first domain that determines whether the first domain trusts a certificate;
a first component of the first domain that determines whether one or more instructions executing in a second domain are signed by the certificate that is determined to be trusted by the first domain; and
a second component of the first domain that provides the executing instructions with access to a resource of the first domain when the executing instructions are signed by the certificate that is determined to be trusted by the first domain.
2 Assignments
0 Petitions
Accused Products
Abstract
A database management system that supports multiple databases in an instance with controlled sharing between the databases. The invention can also support execution of procedures and other modules in the context of any principal possibly different from that of the caller. Trusted certificates can be employed to permit access to procedures (or other modules). The security context of the invention can enable the building blocks of building a pure trusted sub-system model of authorization.
-
Citations
18 Claims
-
1. A system that employs a certificate to authenticate access to resources in a multi-domain database management system comprising at least one processor coupled to computer-readable memory, the system further comprising:
-
executable code in a first domain that determines whether the first domain trusts a certificate; a first component of the first domain that determines whether one or more instructions executing in a second domain are signed by the certificate that is determined to be trusted by the first domain; and a second component of the first domain that provides the executing instructions with access to a resource of the first domain when the executing instructions are signed by the certificate that is determined to be trusted by the first domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer readable storage medium having stored thereon computer-executable instructions comprising:
-
executable code in a first domain that determines whether the first domain trusts a certificate; a first component of the first domain that determines whether one or more instructions executing in a second domain are signed by the certificate that is determined to be trusted by the first domain; and a second component of the first domain that provides the executing instructions with access to a resource of the first domain when the executing instructions are signed by the certificate that is determined to be trusted by the first domain.
-
-
12. A method for establishing a secure context between databases in a server instance with digital certificates, comprising:
-
acquiring a digital certificate to access a resource in a first database; a first domain determining that it trusts the digital certificate; a second domain signing a named code segment in a second database with the certificates, the named code segment being executable code within a stored procedure in the first domain; and executing the named code segment to access the resource in the first database. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
Specification