Flexibly assigning security configurations to applications

US 8,230,478 B2
Filed: 08/27/2009
Issued: 07/24/2012
Est. Priority Date: 08/27/2009
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for assigning a security configuration to an application, the computer implemented method comprising:

determining, forming a first determination, whether a first identifier identifying the application is mapped to the security configuration, the application executing in a data processing system using a processor and a memory;

determining, forming a second determination, whether the application participates in a group by determining whether a second identifier identifying the group is mapped to the security configuration;

creating a set of maps, a map in the set of maps including a combination of (i) mapping of an application identifier to a first security configuration from a plurality of security configurations, (ii) mapping of a group identifier to a second security configuration in the plurality of security configurations, and (iii) default mapping to a third security configuration in the plurality of security configurations;

using a map from the plurality of maps in making the first and the second determinations, the security configuration being a member of the plurality of security configurations;

assigning, forming a first assignment, the security configuration to the application responsive to either of the first and the second determinations being true, data of the first assignment being recorded in a data storage associated with the data processing system; and

assigning, forming a second assignment, the security configuration to the application using a determination by a first policy responsive to the first and the second determinations being false, data of the second assignment being recorded in the data storage associated with the data processing system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and computer usable program product for flexibly assigning security configurations to applications are provided in the illustrative embodiments. An embodiment determines, forming a first determination, whether a first identifier identifying the application is mapped to the security configuration. The embodiment determines, forming a second determination, whether the application participates in a group by determining whether a second identifier identifying the group is mapped to the security configuration. The embodiment assigns, forming a first assignment, the security configuration to the application if either of the first and the second determinations is true. The embodiment assigns, forming a second assignment, the security configuration to the application using a determination by a first policy if the first and the second determinations are false.

33 Citations

View as Search Results

18 Claims

1. A computer implemented method for assigning a security configuration to an application, the computer implemented method comprising:
- determining, forming a first determination, whether a first identifier identifying the application is mapped to the security configuration, the application executing in a data processing system using a processor and a memory;
  
  determining, forming a second determination, whether the application participates in a group by determining whether a second identifier identifying the group is mapped to the security configuration;
  
  creating a set of maps, a map in the set of maps including a combination of (i) mapping of an application identifier to a first security configuration from a plurality of security configurations, (ii) mapping of a group identifier to a second security configuration in the plurality of security configurations, and (iii) default mapping to a third security configuration in the plurality of security configurations;
  
  using a map from the plurality of maps in making the first and the second determinations, the security configuration being a member of the plurality of security configurations;
  
  assigning, forming a first assignment, the security configuration to the application responsive to either of the first and the second determinations being true, data of the first assignment being recorded in a data storage associated with the data processing system; and
  
  assigning, forming a second assignment, the security configuration to the application using a determination by a first policy responsive to the first and the second determinations being false, data of the second assignment being recorded in the data storage associated with the data processing system.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer implemented method of claim 1, wherein the application is an instance of a server application and the group is a server group, wherein the first determination is a determination of a specific mapping and the second determination is a determination of a derivative mapping.
  - 3. The computer implemented method of claim 2, wherein the specific mapping takes precedence over the derivative mapping.
  - 4. The computer implemented method of claim 1, wherein the application is one of (i) a served application, (ii) a data source, and (iii) a resource, the computer implemented method further comprising:
    - determining, forming a third determination, whether a third identifier identifying a server instance associated with the application is mapped to the security configuration;
      
      determining, if the server instance participates in a server group, forming a fourth determination, whether a fourth identifier identifying the server group is mapped to the security configuration; and
      
      assigning the security configuration to the application if either of the first, second, third, and fourth determinations is true.
  - 5. The computer implemented method of claim 4, further comprising:
    - assigning the security configuration to the application using a determination by a second policy if the first, second, third, and fourth determinations are false.
  - 6. The computer implemented method of claim 4, further comprising:
    - assigning, using a third policy, a second security configuration instead of the security configuration to the application according to a default mapping even if one of the first, second, third, and fourth determination is true.
  - 7. The computer implemented method of claim 1, further comprising:
    - identifying one of a characteristic and a processing associated with a request received at the application;
      
      selecting, using the one of the characteristic and the processing, a security configuration from a plurality of security configurations associated with the application; and
      
      generating a result by applying the selected security configuration to the request.

8. A computer usable program product comprising a computer usable storage device including computer usable code for assigning a security configuration to an application, the computer usable program product comprising:
- computer usable code for determining, forming a first determination, whether a first identifier identifying the application is mapped to the security configuration, the application executing in a data processing system;
  
  computer usable code for creating a set of maps, a map in the set of maps including a combination of (i) mapping of an application identifier to a first security configuration from a plurality of security configurations, (ii) mapping of a group identifier to a second security configuration in the plurality of security configurations, and (iii) default mapping to a third security configuration in the plurality of security configurations;
  
  computer usable code for using a map from the plurality of maps in making the first and the second determinations, the security configuration being a member of the plurality of security configurations;
  
  computer usable code for assigning, forming a first assignment, the security configuration to the application when the first determination is true, data of the first assignment being recorded in a data storage associated with the data processing system; and
  
  computer usable code for assigning, forming a second assignment, the security configuration to the application using a determination by a first policy when the first determination is false, data of the second assignment being recorded in the data storage associated with the data processing system.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 9. The computer usable program product of claim 8, wherein the application is an instance of a server application and the group is a server group, wherein the first determination is a determination of a specific mapping and the second determination is a determination of a derivative mapping.
  - 10. The computer usable program product of claim 9, wherein the specific mapping takes precedence over the derivative mapping.
  - 11. The computer usable program product of claim 8, wherein the application is one of (i) a served application, (ii) a data source, and (iii) a resource, the computer usable program product further comprising:
    - computer usable code for determining, forming a third determination, whether a third identifier identifying a server instance associated with the application is mapped to the security configuration;
      
      computer usable code for determining, if the server instance participates in a server group, forming a fourth determination, whether a fourth identifier identifying the server group is mapped to the security configuration; and
      
      computer usable code for assigning the security configuration to the application if either of the first, second, third, and fourth determinations is true.
  - 12. The computer usable program product of claim 11, further comprising:
    - computer usable code for assigning the security configuration to the application using a determination by a second policy if the first, second, third, and fourth determinations are false.
  - 13. The computer usable program product of claim 11, further comprising:
    - computer usable code for assigning, using a third policy, a second security configuration instead of the security configuration to the application according to a default mapping even if one of the first, second, third, and fourth determination is true.
  - 14. The computer usable program product of claim 8, further comprising:
    - computer usable code for identifying one of a characteristic and a processing associated with a request received at the application;
      
      computer usable code for selecting, using the one of the characteristic and the processing, a security configuration from a plurality of security configurations associated with the application; and
      
      computer usable code for generating a result by applying the selected security configuration to the request.
  - 15. The computer usable program product of claim 8, further comprising:
    - computer usable code for determining, forming a second determination, whether the application participates in a group by determining whether a second identifier identifying the group is mapped to the security configuration, wherein the first assignment assigns the security configuration to the application if either of the first and the second determinations is true, and wherein the second assignment assigns the security configuration to the application using a determination by a first policy if the first and the second determinations are false.
  - 16. The computer usable program product of claim 8, wherein the computer usable code is stored in a computer readable storage medium in a data processing system, and wherein the computer usable code is transferred over a network from a remote data processing system.
  - 17. The computer usable program product of claim 8, wherein the computer usable code is stored in a computer readable storage medium in a server data processing system, and wherein the computer usable code is downloaded over a network to a remote data processing system for use in a computer readable storage medium associated with the remote data processing system.

18. A data processing system for assigning a security configuration to an application, the data processing system comprising:
- a storage device including a storage medium, wherein the storage device stores computer usable program code; and
  
  a processor, wherein the processor executes the computer usable program code, and wherein the computer usable program code comprises;
  
  computer usable code for determining, forming a first determination, whether a first identifier identifying the application is mapped to the security configuration, the application executing in a data processing system;
  
  computer usable code for determining, forming a second determination, whether the application participates in a group by determining whether a second identifier identifying the group is mapped to the security configuration;
  
  computer usable code for creating a set of maps, a map in the set of maps including a combination of (i) mapping of an application identifier to a first security configuration from a plurality of security configurations, (ii) mapping of a group identifier to a second security configuration in the plurality of security configurations, and (iii) default mapping to a third security configuration in the plurality of security configurations;
  
  computer usable code for using a map from the plurality of maps in making the first and the second determinations, the security configuration being a member of the plurality of security configurations;
  
  computer usable code for assigning, forming a first assignment, the security configuration to the application responsive to either of the first and the second determinations being true, data of the first assignment being recorded in a data storage associated with the data processing system; and
  
  computer usable code for assigning, forming a second assignment, the security configuration to the application using a determination by a first policy responsive to the first and the second determinations being false, data of the second assignment being recorded in the data storage associated with the data processing system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Bennett, Paul W., Ferracane, Elisa, Morris, Daniel E., Thompson, Michael C.
Primary Examiner(s)
Song, Hosuk

Application Number

US12/548,767
Publication Number

US 20110055926A1
Time in Patent Office

1,062 Days
Field of Search

726 1- 6, 726 26- 30, 713/1, 713164-167
US Class Current

726/1
CPC Class Codes

G06F 21/335 for accessing specific reso...

H04L 63/104 Grouping of entities

Flexibly assigning security configurations to applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

33 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Flexibly assigning security configurations to applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links