System, server, and program for access right management
First Claim
1. A system comprising an access right management device, which is provided in each domain, for creating a resource-sharing policy for sharing computer equipment resources, and performing resource-sharing policy negotiation between a plurality of domain administrators, whereinthe access right management device comprises a computer and performs:
- for each policy unit to be negotiated of the resource-sharing policy, separately identifying an access right management device which is a negotiating partner about each policy unit to be negotiated;
generating negotiation information including an identification name of the identified access right management device and the policy unit to be negotiated; and
transmitting the negotiation information to the identified access right management device, wherein each policy unit comprises an access subject, an access object, and an access action; and
setting the resource-sharing policy on shared resource when having received an instruction to agree on every policy unit from the identified access right management device to which the negotiation information was sent,wherein, when a first domain administrator has agreed on a policy unit with a second domain administrator, the first domain administrator affixes its own digital signature to the policy unit,wherein the instruction to agree on the policy unit is verified by digital signatures of both the first domain administrator and the second domain administrator affixed to the policy unit.
1 Assignment
0 Petitions
Accused Products
Abstract
Each domain is provided with an access right management device which creates a resource-sharing policy and performs processing for resource-sharing policy negotiation between a plurality of domain administrators. An access right management device that has created a resource-sharing policy identifies, for each policy unit included in the resource-sharing policy, an access right management device that is a negotiating partner to negotiate with about the policy unit in question. The access right management device generates negotiation information including an identification name of the identified negotiating-partner access right management device and the policy unit in question and sends the negotiation information to the negotiating-partner access right management device. Only when all policy units are agreed on by respective identified negotiating-partner access right management devices, the resource-sharing policy is set on shared resources.
56 Citations
25 Claims
-
1. A system comprising an access right management device, which is provided in each domain, for creating a resource-sharing policy for sharing computer equipment resources, and performing resource-sharing policy negotiation between a plurality of domain administrators, wherein
the access right management device comprises a computer and performs: -
for each policy unit to be negotiated of the resource-sharing policy, separately identifying an access right management device which is a negotiating partner about each policy unit to be negotiated;
generating negotiation information including an identification name of the identified access right management device and the policy unit to be negotiated; and
transmitting the negotiation information to the identified access right management device, wherein each policy unit comprises an access subject, an access object, and an access action; andsetting the resource-sharing policy on shared resource when having received an instruction to agree on every policy unit from the identified access right management device to which the negotiation information was sent, wherein, when a first domain administrator has agreed on a policy unit with a second domain administrator, the first domain administrator affixes its own digital signature to the policy unit, wherein the instruction to agree on the policy unit is verified by digital signatures of both the first domain administrator and the second domain administrator affixed to the policy unit. - View Dependent Claims (2, 3, 4, 5, 6, 8)
-
-
7. A system comprising:
-
an access right management server provided in each domain, which, for each policy unit to be negotiated of a generated resource-sharing policy for sharing computer equipment resources, separately identifies a negotiating partner about the policy unit;
generates negotiation information including an identification name of the identified negotiating partner and the policy unit to be negotiated; and
transmits the negotiation information to the identified negotiating partner; and
when having received an instruction to agree on every policy unit from the identified negotiating partner to which the negotiation information was sent, sets the resource-sharing policy on shared resource, wherein each policy unit comprises an access subject, an access object, and an access; anda client terminal which connects to the access right management server to allow a domain administrator to instruct editing, negotiation and forcedly setting of the resource-sharing policy, wherein, when the access right management server has agreed on a policy unit with the identified negotiating partner, the access right management server affixes its own digital signature to the policy unit, wherein the instruction to agree on the policy unit is verified by digital signatures of both the access right management server and the identified negotiating partner affixed to the policy unit. - View Dependent Claims (9)
-
-
10. A server, which is provided in each domain, for creating a resource-sharing policy for sharing computer equipment resources, and performing resource-sharing policy negotiation between a plurality of domain administrators, wherein the server performs:
-
for each policy unit to be negotiated of the resource-sharing policy, separately identifying a server which is a negotiating partner about each policy unit to be negotiated;
generating negotiation information including an identification name of the identified server and the policy unit to be negotiated; and
transmitting the negotiation information to the identified server, wherein each policy unit comprises an access subject, an access object, and an access action; andsetting the resource-sharing policy on shared resource when having received an instruction to agree on every policy unit from the identified server to which the negotiation information was sent, wherein, when the server has agreed on a policy unit with the identified server, the server affixes its own digital signature to the policy unit, wherein the instruction to agree on the policy unit is verified by digital signatures of both the server and the identified server affixed to the policy unit. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable medium storing an access right management program which runs on an access right management server provided in each domain, for creating a resource-sharing policy for sharing computer equipment resources, and performing resource-sharing policy negotiation between a plurality of domain administrators, wherein the program instructs the access right management server to perform:
-
a function of, for each policy unit to be negotiate d of the resource-sharing policy, separately identifying an access right management server which is a negotiating partner about each policy unit to be negotiated;
generating negotiation information including an identification name of the identified access right management server and the policy unit to be negotiated; and
transmitting the negotiation information to the identified access right management server, wherein each policy unit comprises an access subject, an access object, and an access action; anda function of setting the resource-sharing policy on shared resource when having received an instruction to agree on every policy unit from the identified access right management server to which the negotiation information was sent, wherein, when the access right management server has agreed on a policy unit with the identified access right management, the access right management server affixes its own digital signature to the policy unit, wherein the instruction to agree on the policy unit is verified by digital signatures of both the access right management server and the identified access right management server affixed to the policy unit. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A method for creating a resource-sharing policy for sharing computer equipment resources, and performing resource-sharing policy negotiation between a plurality of domain administrators in an access right management server provided in each domain, comprising:
-
for each policy unit to be negotiated of the resource-sharing policy, separately identifying an access right management server which is a negotiating partner about each policy unit to be negotiated;
generating negotiation information including an identification name of the identified access right management server and the policy unit to be negotiated; and
transmitting the negotiation information to the identified access right management server, wherein each policy unit comprises an access subject, an access object, and an access action; andsetting the resource-sharing policy on shared resource when having received an instruction to agree on every policy unit from the identified access right management server to which the negotiation information was sent, wherein, when the access right management server has agreed on a policy unit with the identified access right management server, the access right management server affixes its own digital signature to the policy unit, wherein the instruction to agree on the policy unit is verified by digital signatures of both the access right management server and the identified access right management server affixed to the policy unit. - View Dependent Claims (23, 24, 25)
-
Specification