System and method for providing security in a communities framework
First Claim
1. A system for providing security in a collaborative computing environment, comprising:
- a server that provides a portal to a plurality of computing devices, said portal accessed from each computing device using a graphical user interface, wherein the portal provides access to a community that maintains user membership in the collaborative computing environment, said community comprised of members;
a repository stored in storage memory on the server, said repository being accessed via the portal and containing resources accessed by the members, wherein data for the resources is stored as one or more data nodes in the repository, and wherein the one or more data nodes have a visibility associated therewith;
a configuration file stored in the repository that defines a membership capability assigned to the members, wherein the membership capability groups a subset of the members such that each member in the subset has the same access rights to the resources in the repository, and wherein the membership capability is included in a template and the subset of the members is one of an owner, creator, leader, contributor and member;
a functional capability mapped to the membership capability, wherein the functional capability defines operations in the repository that the members assigned to the membership capability are allowed to perform and is organized in a hierarchy having child functional capability associated with a parent functional capability, and wherein a security control provides a default mapping between the functional capability and the membership capability and is used to override the default mappings to define and create new mappings, and wherein the hierarchy is used to enable inheritance of the child functional capabilities when the membership capability is mapped to the parent functional capability;
an entitlement associated with the one or more data nodes in the repository, wherein the entitlement controls access to the resource associated with the one or more data nodes by granting access to the one or more data nodes to the members in a specified community; and
wherein upon receiving a request to access a resource;
a first level of security is applied by determining whether said user is assigned to the membership capability mapped to the functional capability that allows access to said resource at the community level and, if the first level of security is not satisfied, the user is prevented from accessing the repository, otherwise if said first level of security is satisfied,then a second level of security is applied within the repository upon requesting an operation on one of the one or more data nodes associated with the resource, wherein the second level of security evaluates the entitlement associated with the data node and the visibility of the data node to determine whether the user has access to the data node based on the visibility of the data node; and
grant access to the data node when the user is a member of the specified community and the data node is visible to the user.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are disclosed for providing security for a communities framework in a collaborative computing environment. A community can be provided for maintaining user membership during collaboration. The community can contain various collaboration resources, community services and members having access to the resources and services. A first layer of security can be implemented via membership and functional capabilities. Members can be assigned to various membership capabilities and these membership capabilities can be mapped to functional capabilities in order to control access to the resources by the various members. A second layer of security can be implemented via entitlements and security policies applied to the content repository. Entitlements can be applied at a node level of a content repository. Each node can be evaluated when operations are requested for it.
220 Citations
29 Claims
-
1. A system for providing security in a collaborative computing environment, comprising:
-
a server that provides a portal to a plurality of computing devices, said portal accessed from each computing device using a graphical user interface, wherein the portal provides access to a community that maintains user membership in the collaborative computing environment, said community comprised of members; a repository stored in storage memory on the server, said repository being accessed via the portal and containing resources accessed by the members, wherein data for the resources is stored as one or more data nodes in the repository, and wherein the one or more data nodes have a visibility associated therewith; a configuration file stored in the repository that defines a membership capability assigned to the members, wherein the membership capability groups a subset of the members such that each member in the subset has the same access rights to the resources in the repository, and wherein the membership capability is included in a template and the subset of the members is one of an owner, creator, leader, contributor and member; a functional capability mapped to the membership capability, wherein the functional capability defines operations in the repository that the members assigned to the membership capability are allowed to perform and is organized in a hierarchy having child functional capability associated with a parent functional capability, and wherein a security control provides a default mapping between the functional capability and the membership capability and is used to override the default mappings to define and create new mappings, and wherein the hierarchy is used to enable inheritance of the child functional capabilities when the membership capability is mapped to the parent functional capability; an entitlement associated with the one or more data nodes in the repository, wherein the entitlement controls access to the resource associated with the one or more data nodes by granting access to the one or more data nodes to the members in a specified community; and wherein upon receiving a request to access a resource; a first level of security is applied by determining whether said user is assigned to the membership capability mapped to the functional capability that allows access to said resource at the community level and, if the first level of security is not satisfied, the user is prevented from accessing the repository, otherwise if said first level of security is satisfied, then a second level of security is applied within the repository upon requesting an operation on one of the one or more data nodes associated with the resource, wherein the second level of security evaluates the entitlement associated with the data node and the visibility of the data node to determine whether the user has access to the data node based on the visibility of the data node; and grant access to the data node when the user is a member of the specified community and the data node is visible to the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for providing two levels of security for a communities framework, comprising:
-
a computer, including a computer readable medium and processor; a community that maintains user membership in the collaborative computing environment, said community comprising members; a repository, executing on the computer, containing resources that are accessed by the members, wherein data for the resources is stored as one or more data nodes in the repository, and wherein the one or more data nodes have a visibility associated therewith; a first level of security, comprising; a membership capability stored on a configuration file on physical memory of a computing device, said membership capability being assigned to the members, wherein the membership capability groups a subset of the members of the community such that the subset has the same access rights to the resources in the repository, and wherein the membership capability is included in a template and the subset of the members is one of an owner, creator, leader, contributor and member; a functional capability mapped to the membership capability for controlling access to a repository, the repository including at least one resource, wherein the functional capability is organized in a hierarchy having child functional capability associated with a parent functional capability, and wherein a security control provides a default mapping between the functional capability and the membership capability and is used to override the default mappings to define and create new mappings, and wherein the hierarchy is used to enable inheritance of the child functional capabilities when the membership capability is mapped to the parent functional capability; a second level of security, comprising; an entitlement associated with the resource for providing user access to the resource associated with the one or more data nodes and a specified community; wherein upon receiving a request to access a resource; the first level of security is applied by determining whether said user is assigned to the membership capability mapped to the functional capability that allows access to said resource at the community level and, if the first level of security is not satisfied, the user is prevented from accessing the repository, otherwise if said first level of security is satisfied, then a second level of security is applied within the repository upon requesting an operation on a data node associated with the resource, wherein the second level of security evaluates the entitlement associated with the data node and the visibility of the data node to determine whether the user has access to the data node based on the visibility of the data node; and grant access to the data node when the user is a member of the specified community and the data node is visible to the user. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A method of providing security for a collaborative computing environment, comprising:
-
providing a community for maintaining user membership, said community comprising members; maintaining resources in a repository stored in physical storage memory of a computing device, wherein said resources are accessible by the members, and wherein data for each of the resources is stored as a node in the repository, wherein said node is wrapped by a wrapper object that specifies a type of resource that the node contains data for, and wherein the node has a visibility associated therewith; assigning the members to a membership capability stored in a configuration file, wherein the membership capability groups a subset of the members of the community, such that the subset has the same access rights to the resources in the repository, and wherein the membership capability is included in a template and the subset of the members is one of an owner, creator, leader, contributor and member; mapping the membership capability to a functional capability for controlling access to a repository, wherein the functional capability defines operations in the repository that the members assigned to the membership capability are allowed to perform and is organized in a hierarchy having child functional capability associated with a parent functional capability, and wherein a security control provides a default mapping between the functional capability and the membership capability and is used to override the default mappings to define and create new mappings, and wherein the hierarchy is used to enable inheritance of the child functional capabilities when the membership capability is mapped to the parent functional capability; associating the node with an entitlement, wherein the entitlement controls access to the resource associated the node and a specified community; receiving a request from a user to access a resource in the repository;
wherein upon receiving a request to access a resource;a first level of security is applied by determining whether said user is assigned to the membership capability mapped to the functional capability that allows access to said resource at the community level and, if the first level of security is not satisfied, the user is prevented from accessing the repository, otherwise if said first level of security is satisfied, then a second level of security is applied within the repository upon requesting an operation on the data node associated with the resource, wherein the second level of security evaluates the entitlement associated with the data node and the visibility of the data node to determine whether the user has access to the data node based on the visibility of the data node; and grant access to the data node when the user is a member of the specified community and the data node is visible to the user. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A non-transitory computer readable storage medium having instructions stored thereon for programming one or more computers, wherein said instructions when executed by the one or more computers cause the one or more computers to:
-
provide a community for maintaining user membership, said community comprising members; maintain resources that have a visibility associated therewith in a repository stored in physical storage memory of a computing device, wherein said resources are accessible by the members, and wherein data for each of the resources is stored as a node in the repository, wherein said node is wrapped by a wrapper object that specifies a type of resource that the node contains data for; assign the members to a membership capability stored in a configuration file, wherein the membership capability groups a subset of the members of the community, such that the subset has the same access rights to the resources in the repository, and wherein the membership capability is included in a template and the subset of the members is one of an owner, creator, leader, contributor and member; map the membership capability to a functional capability for controlling access to a repository, wherein the functional capability defines operations in the repository that the members assigned to the membership capability are allowed to perform and is organized in a hierarchy having child functional capability associated with a parent functional capability, and wherein a security control provides a default mapping between the functional capability and the membership capability and is used to override the default mappings to define and create new mappings, and wherein the hierarchy is used to enable inheritance of the child functional capabilities when the membership capability is mapped to the parent functional capability; associate the data nodes with an entitlement, wherein the entitlement controls access to the resource associated the data nodes and a specified community; receive a request from a user to access a resource in the repository;
wherein upon receiving a request to access a resource;a first level of security is applied by determining whether said user is assigned to the membership capability mapped to the functional capability that allows access to said resource at the community level and, if the first level of security is not satisfied, the user is prevented from accessing the repository, otherwise if said first level of security is satisfied, then a second level of security is applied within the repository upon requesting an operation on a data node associated with the resource, wherein the second level of security evaluates the entitlement associated with the data node and the visibility of the data node to determine whether the user has access to the data node based on the visibility of the data node; and grant access to the data node when the user is a member of the specified community and the data node is visible to the user.
-
Specification