Issuing a digital rights management (DRM) license for content based on cross-forest directory information
First Claim
1. A method for determining whether a user from an organization is a member of a group pre-defined within the organization, wherein the group is identified in a signed rights label that delimits digital licenses that a license server has validated, each digital license specifying a set of rights, the signed rights label naming one or more groups and specifying a set of corresponding rights for each group, the organization maintaining a computer network comprising at least a forest A and a forest B, forest A having a directory A and a querying entity A directory A, forest B having a directory B and a querying entity B configured to query directory B, the group being native to either forest A or forest B, the method comprising:
- querying entity A receiving a request from the user within forest A for a digital license to render a corresponding piece of digital content within forest A, the request including an identification of the user and an identification of the group;
querying entity A querying directory A of forest A to return any object therein associated with the group, the group instead being native to forest B such that directory B of forest B has therein a record object corresponding to the group, the record object for the group in directory B including all direct members of the group, directory A of forest A having therein a pointer object corresponding to the group, the pointer object in directory A including an address of forest B;
querying entity A receiving in response from directory A the pointer object for the group, thus signifying that the group is not native to forest A;
querying entity A retrieving the address of forest B from the received pointer object;
querying entity A employing the address of forest B to query directory B of forest B for an address of querying entity B of forest B;
querying entity A receiving in response from directory B the address of querying entity B; and
querying entity A contacting querying entity B of forest B at the address of querying entity B and requesting querying entity B to query directory B whether the group currently exists, and if the group currently exists, whether the user is a member of the group in forest B, wherein if the group does not currently exist, the user is not a member of the group, and querying entity B queries directory B whether the user is a member of another of the one or more groups named in the signed rights label;
querying entity A receiving in response from querying entity B whether the user is in fact a member of the group in forest B; and
querying entity A granting the request within forest A from the user within forest A based at least in part on whether the user is a member of the group in forest B, wherein the querying entity A is a digital rights management (DRM) server.
2 Assignments
0 Petitions
Accused Products
Abstract
An organization maintains a computer network comprising at least a forest A and a forest B, where forest A has a directory A and a querying entity A capable of querying directory A, and forest B has a directory B and a querying entity B capable of querying directory B. Querying entity A receives a request from the user and decides whether to grant the request based at least in part on whether the user is a member of the group. Thus, querying entity A queries directory A to return information on the group, is directed to forest B, contacts querying entity B, requests querying entity B to query directory B whether the user is a member of the group, receives a response, and grants the request from the user based at least in part on whether the user is a member of the group.
-
Citations
13 Claims
-
1. A method for determining whether a user from an organization is a member of a group pre-defined within the organization, wherein the group is identified in a signed rights label that delimits digital licenses that a license server has validated, each digital license specifying a set of rights, the signed rights label naming one or more groups and specifying a set of corresponding rights for each group, the organization maintaining a computer network comprising at least a forest A and a forest B, forest A having a directory A and a querying entity A directory A, forest B having a directory B and a querying entity B configured to query directory B, the group being native to either forest A or forest B, the method comprising:
-
querying entity A receiving a request from the user within forest A for a digital license to render a corresponding piece of digital content within forest A, the request including an identification of the user and an identification of the group; querying entity A querying directory A of forest A to return any object therein associated with the group, the group instead being native to forest B such that directory B of forest B has therein a record object corresponding to the group, the record object for the group in directory B including all direct members of the group, directory A of forest A having therein a pointer object corresponding to the group, the pointer object in directory A including an address of forest B; querying entity A receiving in response from directory A the pointer object for the group, thus signifying that the group is not native to forest A; querying entity A retrieving the address of forest B from the received pointer object; querying entity A employing the address of forest B to query directory B of forest B for an address of querying entity B of forest B; querying entity A receiving in response from directory B the address of querying entity B; and querying entity A contacting querying entity B of forest B at the address of querying entity B and requesting querying entity B to query directory B whether the group currently exists, and if the group currently exists, whether the user is a member of the group in forest B, wherein if the group does not currently exist, the user is not a member of the group, and querying entity B queries directory B whether the user is a member of another of the one or more groups named in the signed rights label; querying entity A receiving in response from querying entity B whether the user is in fact a member of the group in forest B; and querying entity A granting the request within forest A from the user within forest A based at least in part on whether the user is a member of the group in forest B, wherein the querying entity A is a digital rights management (DRM) server. - View Dependent Claims (2, 3, 4, 5, 11)
-
-
6. A computer-readable storage medium having stored thereon computer-executable instructions for performing a method for determining whether a user from an organization is a member of a group pre-defined within the organization, wherein the group is identified in a signed rights label that delimits digital licenses that a license server has validated, each digital license specifying a set of rights, the signed rights label naming one or more groups and specifying a set of corresponding rights for each group, the organization maintaining a computer network comprising at least a forest A and a forest B, forest A having a directory A and a querying entity A configured to query directory A, forest B having a directory B and a querying entity B configured to query directory B, the group being native to either forest A or forest B, the method comprising:
-
Querying entity A receiving a request from the user within forest A for a digital license to render a corresponding piece of digital content within forest A, the request including an identification of the user and an identification of the group; querying entity A querying directory A of forest A to return any object therein associated with the group, the group instead being native to forest B such that directory B of forest B has therein a record object corresponding to the group, the record object for the group in directory B including all direct members of the group, directory A of forest A having therein a pointer object corresponding to the group, the pointer object in directory A including an address of forest B; querying entity A receiving in response from directory A the pointer object for the group, thus signifying that the group is not native to forest A; querying entity A retrieving the address of forest B from the received pointer object; querying entity A employing the address of forest B to querying directory B of forest B for an address of querying entity B of forest B; querying entity A receiving in response from directory B the address of querying entity B; and querying entity A contacting querying entity B of forest B at the address of querying entity B and requesting querying entity B to query directory B whether the group currently exists, and if the group currently exists, whether the user is a member of the group in forest B, wherein if the group does not currently exist, the user is not a member of the group, and querying entity B queries directory B whether the user is a member of another of the one or more groups named in the signed rights label; querying entity A receiving in response from querying entity B whether the user is in fact a member of the group in forest B; and querying entity A granting the request within forest A from the user within forest A based at least in part on whether the user is a member of the group in forest B, wherein the querying entity A is a digital rights management (DRM) server. - View Dependent Claims (7, 8, 9, 10, 12)
-
-
13. A method for determining whether a user from an organization is a member of a group pre-defined within the organization, wherein the group is identified in a signed rights label naming one or more groups and specifying a set of corresponding rights for each group, the organization maintaining a computer network comprising at least a forest A and a forest B, forest A having a directory A and a querying entity A configured to query directory A, forest B having a directory B and a querying entity B configured to query directory B, the group being native to either forest A or forest B, querying entity A and querying entity B both being digital rights management (DRM) servers, the method comprising:
-
querying entity A receiving a request from the user within forest A for a digital license to render a corresponding piece of digital content within forest A, the request including an identification of the user and an identification of the group; querying entity A querying directory A of forest A to request any object therein associated with the group, the group instead being native to forest B, the directory B of forest B having therein a record object corresponding to the group, the record object for the group in directory B including all direct members of the group, directory A of forest A having therein a pointer object corresponding to the group, the pointed object in directory A including an address of forest B; querying entity A receiving in response to the request to directory A the pointed object containing the address of forest B, such pointer object thereby signifying that the group is not native to forest A but is instead native to forest B; querying entity A retrieving the address of forest B from the received pointer object; querying entity A employing the address of forest B to query directory B of forest B for an address of querying entity B of forest B; querying entity A receiving in response from directory B the address of querying entity B; querying entity A contacting querying entity B at the address of querying entity B, and requesting querying entity B to query directory B whether the group currently exists, and if the group currently exists, whether the user is a member of the group in forest B, wherein if the group does not currently exist, the user is not a member of the group, the request from querying entity A to querying entity B including an identification of querying entity A as being a DRM server; querying entity B determining based on the identification of querying entity A that querying entity A is entitled to be informed whether the user is a member of the group; querying entity B querying directory B of forest B to return any object therein for the group; querying entity B receiving in response from directory B the record object in directory B for the group; querying entity B reviewing the direct members of the group as set forth in the record object to determine whether the user is a direct member of the group, wherein the user is determined to not be a direct member of the group; querying entity B querying directory B to return any object for the user and proceeding to determine whether the user is an indirect member of the group by attempting within directory B to find a membership path from the user to the group, whereby the membership path found from the user to the group establishes that the user is in fact a member of the group; querying entity B reporting to querying entity A that the user within forest A is in fact a member of the group based on the membership path being found; and querying entity A granting the request within forest A from the user within forest A based at least in part on whether the user is a member of the group in forest B.
-
Specification