Method and system for utilizing a cache for path-level access control to structured documents stored in a database
First Claim
1. A method for performing path-level access control evaluation for a structured document, wherein the structured document comprises a plurality of nodes and each of the plurality of nodes is described by a path, the method comprising the steps of:
- (a) storing an access control statement in a cache entry for a path associated with a node of the plurality of nodes;
(b) receiving a query, wherein the query comprises a request to access the node;
(c) checking the cache entry for the path associated with the node; and
(d) granting or denying access to the node based on the access control statement in the cache entry for the path associated with the node.
2 Assignments
0 Petitions
Accused Products
Abstract
An improved method and system for performing path-level access control evaluation for a structured document in a collection, where the structured document includes a plurality of nodes and each of the nodes is described by a path, is disclosed. The method comprises providing a cache for temporarily storing a cache entry for a path associated with a node of the plurality of nodes, receiving a query that includes a request to access the node, checking the cache entry for the path associated with the node, and determining whether to grant access to the node based on the cache entry.
-
Citations
31 Claims
-
1. A method for performing path-level access control evaluation for a structured document, wherein the structured document comprises a plurality of nodes and each of the plurality of nodes is described by a path, the method comprising the steps of:
-
(a) storing an access control statement in a cache entry for a path associated with a node of the plurality of nodes; (b) receiving a query, wherein the query comprises a request to access the node; (c) checking the cache entry for the path associated with the node; and (d) granting or denying access to the node based on the access control statement in the cache entry for the path associated with the node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer readable medium containing a computer program for performing path-level access control evaluation for a structured document, wherein the structured document comprises a plurality of nodes and each of the plurality of nodes is described by a path, the computer program comprising programming instructions for:
-
(a) storing an access control statement in a cache entry for a path associated with a node of the plurality of nodes; (b) receiving a query, wherein the query comprises a request to access the node; (c) checking the cache entry for the path associated with the node; and (d) granting or denying access to the node based on the access control statement in the cache entry for the path associated with the node. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for performing path-level access control evaluation for a structured document, wherein the structured document comprises a plurality of nodes and each of the plurality of nodes is described by a path, the method comprising the steps of:
-
(a) storing an access control statement in a cache entry for a path associated with a node of the plurality of nodes, wherein the access control statement is one of a grant statement, a deny statement, an unknown statement, and a data-dependent statement; (b) receiving a query, wherein the query comprises a request to access the node; (c) checking the cache entry for the path associated with the node; (d) granting access to the node responsive to the access control statement being a grant statement; (e) denying access to the node responsive to the access control statement being a deny statement; and (f) evaluating a value expression for the path associated with the node to produce a result in response to the access control statement being an unknown statement or a data-dependent statement, wherein the value expression is an executable statement based on an access control policy affecting the path and indicates who has access to the node. - View Dependent Claims (22, 23)
-
-
24. A computer readable medium containing a computer program for performing path-level access control evaluation for a structured document, wherein the structured document comprises a plurality of nodes and each of the plurality of nodes is described by a path, the computer program comprising programming instructions for:
-
(a) storing an access control statement in a cache entry for a path associated with a node of the plurality of nodes, wherein the access control statement is one of a grant statement, a deny statement, an unknown statement, and a data-dependent statement; (b) receiving a query, wherein the query comprises a request to access the node; (c) checking the cache entry for the path associated with the node; (d) granting access to the node responsive to the access control statement being a grant statement; (e) denying access to the node responsive to the access control statement being a deny statement; and (f) evaluating a value expression for the path associated with the node to produce a result in response to the access control statement being an unknown statement or a data-dependent statement, wherein the value expression is an executable statement based on an access control policy affecting the path and indicates who has access to the node. - View Dependent Claims (25, 26)
-
-
27. A system for performing path-level access control evaluation for a structured document, wherein the structured document comprises a plurality of nodes and each of the plurality of nodes is described by a path, the system comprising:
-
a database management system operable to receive a query, wherein the query comprises a request to access a node of the plurality of nodes; and a cache coupled to the database management system, the cache being operable to store an access control statement in a cache entry for a path associated with the node, wherein the database management system is further operable to check the cache entry for the path associated with the node and to grant or deny access to the node based on the access control statement in the cache entry for the path associated with the node. - View Dependent Claims (28, 29, 30, 31)
-
Specification