Application server object-level security for distributed computing domains

US 7,810,132 B2
Filed: 05/20/2008
Issued: 10/05/2010
Est. Priority Date: 09/19/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A computer readable memory device encoded with software for use in a distributed computing domain, the software performing steps comprising:

distributing administrative objects and user objects to one or more application servers;

allowing a user to declare in a list which objects residing on each application server are to be protected;

reading the list by an interceptor;

responsive to exportation of a Common Object Request Broker Architecture (“

CORBA”

) compliant Interoperable Object Reference (“

IOR”

) for a listed object, associating by the interceptor one or more application server security flags with interfaces to the listed objects by tagging components of the IOR with one or more security flags; and

performing one or more security operations by an application server according to the security flags tagged to the IOR when a client accesses an application server-stored object, the security operations including an operation besides establishing secure communications between the client process and the server-stored object.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Objects on application servers are distributed to one or more application servers; a user is allowed to declare in a list which objects residing on each application server are to be protected; the list is read by an interceptor; responsive to exportation of a Common Object Request Broker Architecture (“CORBA”) compliant Interoperable Object Reference (“IOR”) for a listed object, the interceptor associates one or more application server security flags with interfaces to the listed objects by tagging components of the IOR with one or more security flags; and one or more security operations are performed by an application server according to the security flags tagged to the IOR when a client accesses an application server-stored object, the security operations including an operation besides establishing secure communications between the client process and the server-stored object.

25 Citations

View as Search Results

18 Claims

1. A computer readable memory device encoded with software for use in a distributed computing domain, the software performing steps comprising:
- distributing administrative objects and user objects to one or more application servers;
  
  allowing a user to declare in a list which objects residing on each application server are to be protected;
  
  reading the list by an interceptor;
  
  responsive to exportation of a Common Object Request Broker Architecture (“
  
  CORBA”
  
  ) compliant Interoperable Object Reference (“
  
  IOR”
  
  ) for a listed object, associating by the interceptor one or more application server security flags with interfaces to the listed objects by tagging components of the IOR with one or more security flags; and
  
  performing one or more security operations by an application server according to the security flags tagged to the IOR when a client accesses an application server-stored object, the security operations including an operation besides establishing secure communications between the client process and the server-stored object.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer readable memory device as set forth in claim 1 wherein the software for performing security operations comprises software for providing separate security operations for administrative objects and user objects.
  - 3. The computer readable memory device as set forth in claim 1 comprising a WebSphere compliant application server.
  - 4. The computer readable memory device as set forth in claim 1 comprising an Enterprise Java Bean compliant client process.
  - 5. The computer readable memory device as set forth in claim 1 comprising Enterprise Java Beans compliant user object.
  - 6. The computer readable memory device as set forth in claim 1 comprising an Mbean compliant administrative object.
  - 7. The computer readable memory device as set forth in claim 1 comprising software for performing a security operation selected from the group of authentication and authorization.
  - 8. The computer readable memory device as set forth in claim 1 comprising software for employing a security protocol selected from the group of Simple Object Access Protocol and Inter-ORB Protocol.
  - 9. The computer readable memory device as set forth in claim 1 comprising software for employing a service description model selected from the group of IDL and Web Services Definition Language with Web Service Endpoint Language (“
    - WSEL”
      
      ) and Interface Definition Language.

10. An object-level security system in a distributed computing domain comprising:
- one or more administrative objects and one or more user objects distributed among one or more computer readable memory devices of one or more application server computers;
  
  a user-declared list of objects residing in computer readable memory devices of each of the application server computers which are to be protected;
  
  an interceptor portion of a computing platform configured to read the list, and to, responsive to exportation of a Common Object Request Broker Architecture (“
  
  CORBA”
  
  ) compliant Interoperable Object Reference (“
  
  IOR”
  
  ) for a list object, to associate one or more application server security flags associated with interfaces to the listed objects by tagging components of the IOR with one or more security flags; and
  
  one or more security operations performed by an application server computer in cooperation with a client process responsive to access by the client process of an object having a tagged IOR, said security operations including an operation besides establishing secure communications between the client process and the server-stored object.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system as set forth in claim 10 wherein the security operation comprises separate security operations for administrative objects and user objects.
  - 12. The system as set forth in claim 10 comprising a WebSphere compliant application server.
  - 13. The system as set forth in claim 10 comprising an Enterprise Java Bean compliant client process.
  - 14. The system as set forth in claim 10 comprising an Enterprise Java Bean compliant user object.
  - 15. The system as set forth in claim 10 comprising an MBean compliant administrative object.
  - 16. The system as set forth in claim 10 comprising a security operation selected from the group of authentication and authorization.
  - 17. The system as set forth in claim 10 comprising a security protocol selected from the group of Simple Object Access Protocol and Inter-ORB Protocol.
  - 18. The system as set forth in claim 10 comprising a service description model selected from the group of IDL and Web Services Definition Language with Web Service Endpoint Language and Interface Definition Language.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Reddy, Ajaykumar Karkala, Mason, Carlton Keith, Venkataramappa, Vishwanath, Chao, Ching-Yun, Birk, Peter Daniel, Chung, Hyen Vui
Primary Examiner(s)
Korzuch; William R
Assistant Examiner(s)
AVERY, JEREMIAH L

Application Number

US12/123,693
Publication Number

US 20080222697A1
Time in Patent Office

868 Days
Field of Search

726/1, 719/316
US Class Current

726/1
CPC Class Codes

G06F 21/31 User authentication

Application server object-level security for distributed computing domains

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Application server object-level security for distributed computing domains

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links