Method and computing system for controlling access
First Claim
Patent Images
1. A method of controlling access by a user to a computing resource located in a destination domain in a hierarchy of domains, comprising:
- storing, in a memory, said hierarchy of domains;
determining, by a processor, a path from a source domain to said destination domain, based on said hierarchy, wherein said source domain precedes said destination domain in said path;
identifying, by said processor, one or more intermediate domains between said source domain and said destination domain in said path;
determining, by said processor, for at least one domain preceding said destination domain in said path whether traversal to a successive domain in said path is permitted based on said at least one domain in said path, said successive domain, and a role of said user; and
providing to said user access to said computing resource if traversal from said source domain to said destination domain along said path is permittedwherein said processor is configured to selectively deny access by said user to a computer resource located in one or more of said intermediate domains while permitting traversal to said intermediate domains where access has been denied.
8 Assignments
0 Petitions
Accused Products
Abstract
A method and computing system for controlling access by a user to a computing resource located in respective source and destination domains in a hierarchy of domains. The method comprises establishing a path of domains in the hierarchy from the source domain to the destination domain, specifying for at least one domain in the path preceding the destination domain whether traversal to a successive domain in the path is permitted, and providing to the user access to the computing resource if traversal from the source domain to the destination domain along the path is permitted.
12 Citations
11 Claims
-
1. A method of controlling access by a user to a computing resource located in a destination domain in a hierarchy of domains, comprising:
-
storing, in a memory, said hierarchy of domains; determining, by a processor, a path from a source domain to said destination domain, based on said hierarchy, wherein said source domain precedes said destination domain in said path; identifying, by said processor, one or more intermediate domains between said source domain and said destination domain in said path; determining, by said processor, for at least one domain preceding said destination domain in said path whether traversal to a successive domain in said path is permitted based on said at least one domain in said path, said successive domain, and a role of said user; and providing to said user access to said computing resource if traversal from said source domain to said destination domain along said path is permitted wherein said processor is configured to selectively deny access by said user to a computer resource located in one or more of said intermediate domains while permitting traversal to said intermediate domains where access has been denied. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computing system configured to control access by a user to a desired computing resource located in respective source and destination domains in a hierarchy of domains, comprising:
-
a processor; and one or more computing resources including desired computing resource, said computing resources being associated with respective domains; wherein said computing system is configured to respond to a request by said user for access to said desired computing resource by; determining, by said processor, a path from said source domain to said destination domain, based on said hierarchy, wherein said source domain precedes said destination domain in said path; identifying, by said processor one or more intermediate domains between said source domain and said destination domain in said path; determining, by said processor, for at least one domain preceding said destination domain in said path whether traversal to a successive domain in said path is permitted based on said at least one domain in said path, said successive domain, and a role of said user; and providing to said user access to said desired computing resource if traversal from said source domain to said destination domain along said path is permitted; wherein said processor is configured to selectively deny access by the user to a computer resource located in one or more of said intermediate domains while permitting traversal to said intermediate domains where access has been denied. - View Dependent Claims (7, 8)
-
-
9. A method for controlling access by a user to computing resources located in respective domains in a hierarchy of domains, comprising:
-
storing, in a memory, a plurality of three dimensional access matrices, each of the plurality comprising a source domain element, a destination domain element and a user role element; storing, in said memory, a permission element associated with each of the plurality of three dimensional access matrices, said permission element specifying whether traversal from said source domain element to said destination domain element for a given user role element is permitted; at least partially populating said matrix with data indicative of whether, for a respective element of said matrix, traversal is permitted from said source domain to said destination domain according to said specification; wherein said permission element specifies, for at least one of the plurality of three dimensional access matrices, that traversal from said source domain element to said destination domain element for a given user role element is permitted, but denies access to one or more intermediate domains between said source domain and said destination domain. - View Dependent Claims (10)
-
-
11. A non-transitory computer readable medium encoded with a computer program which, when executed by a processor, causes the processor to:
-
store, in a memory, a hierarchy of domains; determine a path from a source domain to a destination domain, based on said hierarchy, wherein said source domain precedes said destination domain in said path; identify one or more intermediate domains between said source domain and said destination domain in said path; determine for at least one domain preceding said destination domain in said path whether traversal to a successive domain in said path is permitted based on said at least one domain in said path, said successive domain, and a role of a user; provide to said user access to said computing resource if traversal from said source domain to said destination domain along said path is permitted; and selectively deny access by said user to a computer resource located in one or more of said intermediate domains while permitting traversal to said intermediate domains where access has been denied.
-
Specification