Method and system for server support of pluggable authorization systems
First Claim
Patent Images
1. A computer program product in a computer readable medium executable by a data processing system for authorizing access to a protected resource, the computer program product comprising:
- instructions for intercepting a remote procedure call for a remote routine of a Distributed Computing Environment (DCE) authorization service by an authorization plug-in associated with a second authorization service, wherein the authorization plug-in exports remote procedure call endpoints for the remote routines of the DCE authorization service, and wherein the second authorization service supports a standard-compliant authorization application programming interface;
instructions for processing the authorization request in the authorization plug-in by calling application programming interfaces of the second authorization service;
instructions for recompiling or reliniking a target application representing one or more protected resources to include program instructions from the authorization plug-in;
instructions for directing calls within the target application to application programming interfaces of the DCE authorization service to be executed by the program instructions from the authorization plug-in;
instructions for accepting a call in the authorization plug-in to a “
dce_acl_is_client_authorized”
application programming interface;
instructions for authenticating the authorization credentials passed by the initiator to the target application;
instructions for retrieving the privilege attribute certificate from the DCE EPAC structure;
instructions for mapping a DCE Access Control List (ACL) manager Universally Unique Identifier (UUID) from the DCE EPAC structure to a resource manager in the second authorization service;
instructions for mapping DCE ACL UUID from the DCE EPAC structure to a resource managed by the second authorization service;
instructions for mapping the DCE permission set from the DCE EPAC structure to a permission set of the second authorization service;
instructions for calling an application programming interface of the second authorization service to make an authorization decision based on the permission set of the second authorization service, the privilege attribute certificate, the resource, and the resource manager; and
instructions for returning an indication of the authorization decision to the target application.
3 Assignments
0 Petitions
Accused Products
Abstract
A method, system, apparatus, and computer program product is presented for plugging in a standard authorization system in a manner such that legacy applications can use the authorization APIs and backend remote interfaces of a legacy authorization system. When a legacy application makes a call intended for a routine within the legacy authorization system, the call is redirected to make the appropriate calls to the APIs of the standard authorization system.
41 Citations
4 Claims
-
1. A computer program product in a computer readable medium executable by a data processing system for authorizing access to a protected resource, the computer program product comprising:
-
instructions for intercepting a remote procedure call for a remote routine of a Distributed Computing Environment (DCE) authorization service by an authorization plug-in associated with a second authorization service, wherein the authorization plug-in exports remote procedure call endpoints for the remote routines of the DCE authorization service, and wherein the second authorization service supports a standard-compliant authorization application programming interface; instructions for processing the authorization request in the authorization plug-in by calling application programming interfaces of the second authorization service; instructions for recompiling or reliniking a target application representing one or more protected resources to include program instructions from the authorization plug-in; instructions for directing calls within the target application to application programming interfaces of the DCE authorization service to be executed by the program instructions from the authorization plug-in; instructions for accepting a call in the authorization plug-in to a “
dce_acl_is_client_authorized”
application programming interface;instructions for authenticating the authorization credentials passed by the initiator to the target application; instructions for retrieving the privilege attribute certificate from the DCE EPAC structure; instructions for mapping a DCE Access Control List (ACL) manager Universally Unique Identifier (UUID) from the DCE EPAC structure to a resource manager in the second authorization service; instructions for mapping DCE ACL UUID from the DCE EPAC structure to a resource managed by the second authorization service; instructions for mapping the DCE permission set from the DCE EPAC structure to a permission set of the second authorization service; instructions for calling an application programming interface of the second authorization service to make an authorization decision based on the permission set of the second authorization service, the privilege attribute certificate, the resource, and the resource manager; and instructions for returning an indication of the authorization decision to the target application. - View Dependent Claims (2, 3, 4)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeServiceNow Incorporated
-
Original AssigneeInternational Business Machines Corporation
-
InventorsHemsath, David Kurt, Skibbie, Donna E.
-
Primary Examiner(s)Vu; Kimyen
-
Assistant Examiner(s)GYORFI, THOMAS A
-
Application NumberUS11/930,509Publication NumberTime in Patent Office979 DaysField of Search726/4, 726/17, 726/21US Class Current726/21CPC Class CodesG06F 21/604 Tools and structures for ma...G06F 21/6218 to a system of files or obj...
