System and method for propagating security information in a web portal system

US 7,752,651 B2
Filed: 09/26/2005
Issued: 07/06/2010
Est. Priority Date: 09/26/2005
Status: Active Grant

First Claim

Patent Images

1. A method for propagating security information for an application between a first environment and a second environment, the method comprising:

receiving a first snap shot of security information from a first version of the application on the first environment;

determining a set of changes to be made to security information on a second version of the application on the second environment includingstoring the first snap shot of security information in an archive,storing a second snap shot of security information in the archive,comparing the first snap shot of security information in the first version of the application on the first environment to the second snap shot of security information in the second version of the application on the second environment to determine a set of differences between the security information in the first version of the application and security information in the second version of the application,viewing the set of differences through a change election user interface which provides a graphical listing of the set of differences, andusing the change election user interface to select the set of changes to send to the second version of the application based on the set of differences;

sending the set of changes from a first security adapter residing on the first environment to a second security adapter residing on the second environment;

receiving the set of changes in the second environment, wherein the set of changes indicates modification made to security parameters of the first version of the application; and

applying the set of changes to the second version of the application in the second environment to match the first version of the application on the first environment, wherein applying the set of changes includestracking which changes in the set of changes which are accepted at the application in the second environment, and for the changes not accepted, applying a suggested ordering of the application changes to be made.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with embodiments, there are provided mechanisms and methods for propagating security information for an application between a first environment and a second environment. These mechanisms and methods can enable embodiments to propagate changes to security information from a first application instance in a first environment to a second application instance in a second environment. For example, an embodiment can receive security information from an adapter associated with a test version of an application, and then propagate the security information to a production version of the application residing in a production environment. The ability of embodiments to propagate security information between adapters associated with application versions can enable propagation of changes to security information, i.e., information about changes to permissions, rules, policies and so forth relating to security, between a first environment and a second environment without necessitating taking the production version of the application off line.

43 Citations

View as Search Results

20 Claims

1. A method for propagating security information for an application between a first environment and a second environment, the method comprising:
- receiving a first snap shot of security information from a first version of the application on the first environment;
  
  determining a set of changes to be made to security information on a second version of the application on the second environment includingstoring the first snap shot of security information in an archive,storing a second snap shot of security information in the archive,comparing the first snap shot of security information in the first version of the application on the first environment to the second snap shot of security information in the second version of the application on the second environment to determine a set of differences between the security information in the first version of the application and security information in the second version of the application,viewing the set of differences through a change election user interface which provides a graphical listing of the set of differences, andusing the change election user interface to select the set of changes to send to the second version of the application based on the set of differences;
  
  sending the set of changes from a first security adapter residing on the first environment to a second security adapter residing on the second environment;
  
  receiving the set of changes in the second environment, wherein the set of changes indicates modification made to security parameters of the first version of the application; and
  
  applying the set of changes to the second version of the application in the second environment to match the first version of the application on the first environment, wherein applying the set of changes includestracking which changes in the set of changes which are accepted at the application in the second environment, and for the changes not accepted, applying a suggested ordering of the application changes to be made.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising;
    - receiving a set of changes made to the first version of the application, the set of changes received from a security adapter associated with the first version of the application, the security adapter configured to translate security parameters from data structures specific to the first version of the application into an extended markup language (XML) format.
  - 3. The method of claim 1, further comprising:
    - applying the set of changes to the second version of the application, the set of changes written to a security adapter associated with the second version of the application, the security adapter configured to translate security parameters from a extended markup language (XML) format into data structures specific to the second version of the application.
  - 4. The method of claim 1 wherein one or more rules are applied to derive the suggested ordering.
  - 5. The method of claim 1, wherein the security information includes one of a policy for defining a role and security, security provider configuration information, attributes used in defining user roles such as user profile attributes, request, and session attributes.
  - 6. The method of claim 1, wherein a propagation tool enables propagation of the set of differences for the application between the first environment and the second environment.
  - 7. The method of claim 6, wherein the propagation tool copies the entire application from the first environment to the second environment.
  - 8. The method of claim 1, wherein the suggested ordering of the set of changes is provided by comparing the set of differences between the security information in the first version of the application and the security information in the second version of the application with a configuration stored as a tree.
  - 9. The method of claim 8, wherein the suggested ordering is one of a suggested ordering from an administrator, heuristics, and randomized selection mechanisms.
  - 10. The method of claim 1 including a backup tool configured to generate backups of the application.
  - 11. The method of claim 10, wherein when restoring from a backup, the backup tool performs a reverse function to modify those aspects of an existing backup that differ from a current application.

12. A computer readable medium, including instructions stored thereon for propagating security information for an application between a first environment and a second environment, which when executed by one or more processors, cause the one or more processors to perform the steps of:
- receiving a first snap shot of security information from a first version of the application on the first environment;
  
  determining a set of changes to be made to security information on a second version of the application on the second environment includingstoring the first snap shot of security information in an archive,storing a second snap shot of security information in the archive,comparing the first snap shot of security information in the first version of the application on the first environment to the second snap shot of security information in the second version of the application on the second environment to determine a set of differences between the security information in the first version of the application and the security information in the second version of the application,viewing the set of differences through a change election user interface which provides a graphical listing of the set of differences, andusing the change election user interface to select the set of changes to send to the second version of the application based on the set of differences;
  
  sending the set of changes from a first security adapter residing on the first environment to a second security adapter residing on the second environment;
  
  receiving the set of changes in the second environment, wherein the set of changes indicates modifications made to security parameters of the first version of the application; and
  
  applying the set of changes to the second version of the application in the second environment to match the first version of the application on the first environment, wherein applying the set of changes includestracking which changes in the set of changes which are accepted at the application in the second environment, and for the changes not accepted, applying a suggested ordering of the application changes to be made.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The computer readable medium of claim 12, further comprising instructions to perform the step of:
    - receiving a set of changes made to the first version of the application, the set of changes received from a security adapter associated with the first version of the application, the security adapter configured to translate security parameters from data structures specific to the first version of the application into an extended markup language (XML) format.
  - 14. The computer readable medium of claim 12, further comprising instructions to perform the step of:
    - applying the set of changes to the second version of the application, the set of changes written to a security adapter associated with the second version of the application, the security adapter configured to translate security parameters from a extended markup language (XML) format into data structures specific to the second version of the application.
  - 15. The computer readable medium of claim 12, wherein, wherein a propagation tool enables propagation of the set of differences for the application between the first environment and the second environment.
  - 16. The computer readable medium of claim 12, wherein, wherein the suggested ordering of the set of changes is provided by comparing the set of differences between the security information in the first version of the application and the security information in the second version of the application with a configuration stored as a tree.
  - 17. The computer readable medium of claim 12, wherein the suggested ordering is one of a suggested ordering from an administrator, heuristics, and randomized selection mechanisms.
  - 18. The computer readable medium of claim 12, wherein, wherein the security information includes one of a policy for defining a role and security, security provider configuration information, attributes used in defining user roles such as user profile attributes, request, and session attributes.
  - 19. The computer readable medium of claim 18, wherein the propagation tool copies the entire application from the first environment to the second environment.

20. A system for managing applications, the system comprising:
- a processor; and
  
  one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
  
  receiving a first snap shot of security information from a first version of the application on the first environment;
  
  determining a set of changes to be made to security information on a second version of the application on the second environment includingstoring the first snap shot of security information in an archive,storing a second snap shot of security information in the archive,comparing the first snap shot of security information in the first version of the application on the first environment to the second snap shot of security information in the second version of the application on the second environment to determine a set of differences between the security information in the first version of the application and the security information in the second version of the application,viewing the set of differences through a change election user interface which provides a graphical listing of the set of differences, andusing the change election user interface to select the set of changes to send to the second version of the application based on the set of differences;
  
  sending the set of changes from a first security adapter residing on the first environment to a second security adapter residing on the second environment;
  
  receiving the set of changes in the second environment, wherein the set of changes indicates modifications made to the security parameters of the first version of the application; and
  
  applying the set of changes to the second version of the application in the second environment to match the first version of the application on the first environment, wherein applying the set of changes includestracking which changes in the set of changes which are accepted at the application in the second environment, and for the changes not accepted, applying a suggested ordering of the application changes to be made.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
BEA Systems Incorporated (Oracle Corporation)
Inventors
Devgan, Manish, Laird, Peter
Primary Examiner(s)
Lipman; Jacob

Application Number

US11/236,698
Publication Number

US 20070073786A1
Time in Patent Office

1,744 Days
Field of Search

726/1
US Class Current

726/1
CPC Class Codes

G06F 21/604 Tools and structures for ma...

G06F 21/606 by securing the transmissio...

System and method for propagating security information in a web portal system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for propagating security information in a web portal system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links