Employing wrapper profiles
First Claim
1. A method of controlling profile access, comprising the steps of:
- identifying a first and second profile each including multiple objects and attribute sets, the first and second profiles each configured to identify an entity in a directory server, wherein each of the attribute sets describing at least one trait of each entity, and wherein each attribute set is included in each of the multiple objects;
identifying a template for each attribute set including configuration information other than schema information for at least one attribute in each attribute set;
configuring the first and second profiles by configuring each attribute set, based at least in part on the configuration information, wherein each attribute set includes at least a first attribute of a first type and a second attribute of a second type, and wherein the first attribute of the first profile is set to a first value and the first attribute of the second profile is set to a second value;
creating a wrapper profile for the first profile, wherein;
said wrapper profile is stored as a profile in the directory server separately from said first profile,said wrapper profile controls access to said first profile,said wrapper profile comprises the attribute sets which further include a locking status attribute,said locking status attribute identifying the accessibility of said first profile corresponding to said wrapper profile,said wrapper profile is created as part of a first workflow,said first workflow defines an approval process for performing one or more tasks to said first profile, andsaid first workflow defines multiple actions of the approval process and defines multiple users that receive notifications corresponding to actions of the first workflow;
setting a locking state of said locking status attribute of said wrapper profile for said first profile by a first entity, wherein when said locking status attribute of said wrapper profile is locked, said first profile is locked and not accessible by another entity for writing or modifying, and wherein when said locking status attribute of said wrapper profile is locked, said first profile is accessible for viewing by the first entity or a second entity;
performing a task related to said first profile after said setting step is performed, which setting step causes said first profile to be not locked and accessible by another entity, shared and accessible by a plurality of entities, or locked and not accessible by another entity;
enabling provisioning of said first profile using a provisioning system, said provisioning system receiving a request from a provisioning bridge server to grant or remove access to an external resource, and said provisioning bridge server being coupled to said directory server, wherein said provisioning bridge server uses said wrapper profile to ensure that said first profile is not being locked by said second entity;
determining said wrapper profile is no longer needed for the first workflow; and
in response to determining said wrapper profile is no longer needed for the first workflow, deleting said wrapper profile.
5 Assignments
0 Petitions
Accused Products
Abstract
Technology is disclosed for controlling access to data store information among multiple entities. A corresponding wrapper is created for information that may be subject to simultaneous access attempts. The wrapper includes an attribute that identifies the accessibility of the information—indicating whether the information is locked from further access, shareable among multiple entities, or not restricted at all. Before accessing information in the data store, an entity looks at the wrapper associated with the information to determine the type of access allowed, if any. An Identity, Access, or integrated Identity/Access System may maintain the wrappers as objects in the data store, with each wrapper object controlling another object containing information. Wrappers can be utilized when multiple provisioning applications are employed to provision resources. Each user and their corresponding resources are represented as objects with corresponding wrappers. Each provisioning application employs the wrappers to ensure that it has exclusive ownership of selected user and resource objects when provisioning resources to the selected user.
-
Citations
82 Claims
-
1. A method of controlling profile access, comprising the steps of:
-
identifying a first and second profile each including multiple objects and attribute sets, the first and second profiles each configured to identify an entity in a directory server, wherein each of the attribute sets describing at least one trait of each entity, and wherein each attribute set is included in each of the multiple objects; identifying a template for each attribute set including configuration information other than schema information for at least one attribute in each attribute set; configuring the first and second profiles by configuring each attribute set, based at least in part on the configuration information, wherein each attribute set includes at least a first attribute of a first type and a second attribute of a second type, and wherein the first attribute of the first profile is set to a first value and the first attribute of the second profile is set to a second value; creating a wrapper profile for the first profile, wherein; said wrapper profile is stored as a profile in the directory server separately from said first profile, said wrapper profile controls access to said first profile, said wrapper profile comprises the attribute sets which further include a locking status attribute, said locking status attribute identifying the accessibility of said first profile corresponding to said wrapper profile, said wrapper profile is created as part of a first workflow, said first workflow defines an approval process for performing one or more tasks to said first profile, and said first workflow defines multiple actions of the approval process and defines multiple users that receive notifications corresponding to actions of the first workflow; setting a locking state of said locking status attribute of said wrapper profile for said first profile by a first entity, wherein when said locking status attribute of said wrapper profile is locked, said first profile is locked and not accessible by another entity for writing or modifying, and wherein when said locking status attribute of said wrapper profile is locked, said first profile is accessible for viewing by the first entity or a second entity; performing a task related to said first profile after said setting step is performed, which setting step causes said first profile to be not locked and accessible by another entity, shared and accessible by a plurality of entities, or locked and not accessible by another entity; enabling provisioning of said first profile using a provisioning system, said provisioning system receiving a request from a provisioning bridge server to grant or remove access to an external resource, and said provisioning bridge server being coupled to said directory server, wherein said provisioning bridge server uses said wrapper profile to ensure that said first profile is not being locked by said second entity; determining said wrapper profile is no longer needed for the first workflow; and in response to determining said wrapper profile is no longer needed for the first workflow, deleting said wrapper profile. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. One or more processor readable storage devices having processor readable code embodied on said one or more processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
-
identifying a first and second profile each including multiple objects and attribute sets, the first and second profiles each configured to identify an entity in a directory server, wherein each of the attribute sets describing at least one trait of each entity, and wherein each attribute set is included in each of the multiple objects; identifying a template for each attribute set including configuration information other than schema information for at least one attribute in each attribute set; configuring the first and second profiles by configuring each attribute set, based at least in part on the configuration information, wherein each attribute set includes at least a first attribute of a first type and a second attribute of a second type, and wherein the first attribute of the first profile is set to a first value and the first attribute of the second profile is set to a second value; creating a wrapper profile for the first profile, wherein; said wrapper profile is stored as a profile in the directory server separately from said first profile, said wrapper profile controls access to said first profile, said wrapper profile comprises the attribute sets which further include a locking status attribute, said locking status attribute identifying the accessibility of said first profile corresponding to said wrapper profile, a first workflow defines an approval process for performing one or more tasks to said first profile; said first workflow defines multiple actions of the approval process of the first workflow; setting a locking state of said locking status attribute of said wrapper profile for said first profile by a first entity, wherein when said locking status attribute of said wrapper profile is locked, said first profile is locked and not accessible by another entity for writing or modifying, and wherein when said locking status attribute of said wrapper profile is locked, said first profile is accessible for viewing by the first entity or the second entity; performing a task related to said first profile after said setting step is performed, which setting step causes said first profile to be not locked and accessible by another entity, shared and accessible by a plurality of entities, or locked and not accessible by another entity; enabling provisioning of said first profile using a provisioning system, said provisioning system receiving a request from a provisioning bridge server to grant or remove access to an external resource, and said provisioning bridge server being coupled to said directory server, wherein said provisioning bridge server uses said wrapper profile to ensure that said first profile is not being locked by said second entity; determining said wrapper profile is no longer needed for the first workflow; and in response to determining said wrapper profile is no longer needed for said first workflow, deleting said wrapper profile. - View Dependent Claims (14, 15, 16, 17)
-
-
18. An apparatus, comprising:
-
one or more storage devices; and one or more processors in communication with said one or more storage devices, said one or more processors to perform a method comprising the steps of; identifying a first and second profile each including multiple objects and attribute sets, the first and second profiles each configured to identify an entity in a directory server, wherein each of the attribute sets describing at least one trait of each entity, and wherein each attribute set is included in each of the multiple objects; identifying a template for each attribute set including configuration information other than schema information for at least one attribute in each attribute set; configuring the first and second profiles by configuring each attribute set, based at least in part on the configuration information, wherein each attribute set includes at least a first attribute of a first type and a second attribute of a second type, and wherein the first attribute of the first profile is set to a first value and the first attribute of the second profile is set to a second value; creating a wrapper profile for the first profile wherein; said wrapper profile is stored as a profile in the directory server separately from said first profile, said wrapper profile controls access to said first profile, said wrapper profile comprises the attribute sets which further include a locking status attribute, said locking status attribute identifying the accessibility of said first profile corresponding to said wrapper profile, said wrapper profile is created as part of a first workflow; said first workflow defines an approval process for performing one or more tasks to said first profile, and said first workflow defines multiple actions of the approval process; setting a locking state of said locking status attribute of said wrapper profile for said first profile by a first entity, wherein when said locking status attribute of said wrapper profile is locked, said first profile is locked and not accessible by another entity for writing or modifying, and wherein when said locking status attribute of said wrapper profile is locked, said first profile is accessible for viewing by the first entity or a second entity; performing a task related to said first profile after said setting step is performed, which setting step causes said first profile to be not locked and accessible by another entity, shared and accessible by a plurality of entities, or locked and not accessible by another entity; enabling provisioning of said first profile using a provisioning system, said provisioning system receiving a request from a provisioning bridge server to grant or remove access to an external resource, and said provisioning bridge server being coupled to said directory server, wherein said provisioning bridge server uses said wrapper profile to ensure that said first profile is not being locked by said second entity; performing a task related to said first profile after said setting step is performed; determining said wrapper profile is no longer needed for the first workflow; and in response to determining said wrapper profile is no longer needed for the first workflow, deleting said wrapper profile.
-
-
19. One or more processor readable storage devices having processor readable code embodied on said one or more processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
-
identifying a first and second profile each including multiple objects and attribute sets, the first and second profiles each configured to identify an entity in a directory server, wherein each of the attribute sets describing at least one trait of each entity, and wherein each attribute set is included in each of the multiple objects; identifying a template for each attribute set including configuration information other than schema information for at least one attribute in each attribute set; configuring the first and second profiles by configuring each attribute set, based at least in part on the configuration information, wherein each attribute set includes at least a first attribute of a first type and a second attribute of a second type, and wherein the first attribute of the first profile is set to a first value and the first attribute of the second profile is set to a second value; creating the first profile and a wrapper profile corresponding to said first profile, wherein; said wrapper profile is stored as a profile in the directory server separately from said first profile and the attribute sets which further include a locking status attribute, said locking status attribute identifying the accessibility of said first profile corresponding to said wrapper profile, said wrapper profile is created as part of a first workflow, said first workflow defines an approval process for performing one or more tasks to said first profile, and said first workflow defines multiple actions of the approval process of the first workflow; setting a locking state of said locking status attribute of said wrapper profile for said first profile by a first entity, wherein when said locking status attribute of said wrapper profile is locked, said first profile is locked and not accessible by another entity for writing or modifying, and wherein when said locking status attribute of said wrapper profile is locked, said first profile is accessible for viewing by the first entity or a second entity; performing a task related to said first profile after said setting step is performed, which setting step causes said first profile to be not locked and accessible by another entity, shared and accessible by a plurality of entities, or locked and not accessible by another entity; enabling provisioning of said first profile using a provisioning system, said provisioning system receiving a request from a provisioning bridge server to grant or remove access to an external resource, and said provisioning bridge server being coupled to said directory server, wherein said provisioning bridge server uses said wrapper profile to ensure that said first profile is not being locked by said second entity; locking said first profile; determining said wrapper profile is no longer needed for the first workflow; and in response to determining said wrapper profile is no longer needed for the first workflow, deleting said wrapper profile. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A method of controlling profile access, comprising the steps of:
-
identifying a first and second profile each including multiple objects and attribute sets, the first and second profiles each configured to identify an entity in a directory server, wherein each of the attribute sets describing at least one trait of each entity, and wherein each attribute set is included in each of the multiple objects; identifying a template for each attribute set including configuration information other than schema information for at least one attribute in each attribute set; configuring the first and second profiles by configuring each attribute set, based at least in part on the configuration information, wherein each attribute set includes at least a first attribute of a first type and a second attribute of a second type, and wherein the first attribute of the first profile is set to a first value and the first attribute of the second profile is set to a second value; selecting a task request corresponding to the first profile; accessing a wrapper profile corresponding to said first profile to determine if said first profile is locked, wherein; said wrapper profile is stored as a profile in the directory server separately from said first profile and the attribute sets which further include a locking status attribute, said locking status attribute identifies the accessibility of said first profile corresponding to said wrapper profile, said wrapper profile is created as part of a first workflow, said first workflow defines an approval process for performing one or more tasks to said first profile, and said first workflow defines multiple actions of the approval process of the first workflow; enabling provisioning of said first profile using a provisioning system, said provisioning system receiving a request from a provisioning bridge server to grant or remove access to an external resource, and said provisioning bridge server being coupled to said directory server, wherein said provisioning bridge server uses said wrapper profile to ensure that said first profile is not being locked by a second entity; and setting a locking state of said locking status attribute of said wrapper profile to lock said first profile by a first entity, if it is determined in said accessing step that said wrapper profile is not locked, wherein when said locking status attribute of said wrapper profile is locked, said first profile is locked and not accessible by another entity for writing or modifying, and wherein when said locking status attribute of said wrapper profile is locked, said first profile is accessible for viewing by the first entity or said second entity; performing a task related to said first profile after said setting step is performed, which setting step causes said first profile to be not locked and accessible by another entity, shared and accessible by a plurality of entities, or locked and not accessible by another entity; and determining said wrapper profile is no longer needed for the first workflow; and in response to determining said wrapper profile is no longer needed for the first workflow, deleting said wrapper profile. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. One or more processor readable storage devices having processor readable code embodied on said one or more processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
-
identifying a first and second profile each including multiple objects and attribute sets, the first and second profiles each configured to identify an entity in a directory server, wherein each of the attribute sets describing at least one trait of each entity, and wherein each attribute set is included in each of the multiple objects; identifying a template for each attribute set including configuration information other than schema information for at least one attribute in each attribute set; configuring the first and second profiles by configuring each attribute set, based at least in part on the configuration information, wherein each attribute set includes at least a first attribute of a first type and a second attribute of a second type, and wherein the first attribute of the first profile is set to a first value and the first attribute of the second profile is set to a second value; selecting a task request corresponding to the first profile; accessing a wrapper profile corresponding to said first profile to determine if said first profile is locked, wherein; said wrapper profile is stored as a profile in the directory server separately from said first profile and the attribute sets which further include a locking status attribute, said locking status attribute identifying the accessibility of said first profile corresponding to said wrapper profile, said wrapper profile is created as part of a first workflow, said first workflow defines an approval process for performing one or more tasks to said first profile, and said first workflow defines multiple actions of the approval process and defines multiple users that receive notifications corresponding to actions of the first workflow; enabling provisioning of said first profile using a provisioning system, said provisioning system receiving a request from a provisioning bridge server to grant or remove access to an external resource, and said provisioning bridge server being coupled to said directory server, wherein said provisioning bridge server uses said wrapper profile to ensure that said first profile is not being locked by a second entity; and setting a locking state of said locking status attribute of said wrapper profile to lock said first profile by a first entity, if it is determined in said accessing step that said wrapper profile is not locked, wherein when said locking status attribute of said wrapper profile is locked, said first profile is locked and not accessible by another entity for writing or modifying, and wherein when said locking status attribute of said wrapper profile is locked, said first profile is accessible for viewing by the first entity or said second entity; performing a task related to said first profile after said setting step is performed, which setting step causes said first profile to be not locked and accessible by another entity, shared and accessible by a plurality of entities, or locked and not accessible by another entity; determining said wrapper profile is no longer needed for the first workflow; and in response to determining said wrapper profile is no longer needed for the first workflow, deleting said wrapper profile. - View Dependent Claims (38, 39, 40, 41, 42, 43)
-
-
44. A method of controlling profile access, comprising the steps of:
-
identifying a first and second profile each including multiple objects and attribute sets, the first and second profiles each configured to identify an entity in a directory server, wherein each of the attribute sets describing at least one trait of each entity, and wherein each attribute set is included in each of the multiple objects; identifying a template for each attribute set including configuration information other than schema information for at least one attribute in each attribute set; configuring the first and second profiles by configuring each attribute set, based at least in part on the configuration information, wherein each attribute set includes at least a first attribute of a first type and a second attribute of a second type, and wherein the first attribute of the first profile is set to a first value and the first attribute of the second profile is set to a second value; identifying at least one wrapper profile satisfying criteria, wherein; said criteria calls for said at least one wrapper profile to have a locking status of locked and said locking status to have been in place for at least a threshold period of time, said at least one wrapper profile is stored as a profile in the directory server separately from said first profile and the attribute sets which further include a locking status attribute, said wrapper profile is created as part of a first workflow, and said first workflow defines an approval process for performing one or more tasks to said first profile; setting a locking state of said locking status attribute of said wrapper profile for said first profile by a first entity, wherein when said locking status attribute of said wrapper profile is locked, said first profile is locked and not accessible by another entity for writing or modifying, and wherein when said locking status attribute of said wrapper profile is locked, said first profile is accessible for viewing by the first entity or a second entity; performing a task related to said first profile after said setting step is performed, which setting step causes said first profile to be not locked and accessible by another entity, shared and accessible by a plurality of entities, or locked and not accessible by another entity; enabling provisioning of said first profile using a provisioning system, said provisioning system receiving a request from a provisioning bridge server to grant or remove access to an external resource, and said provisioning bridge server being coupled to said directory server, wherein said provisioning bridge server uses said wrapper profile to ensure that said first profile is not being locked by said second entity; for each wrapper profile identified in said identifying step, setting a current time stamp; determining said wrapper profile is no longer needed for the first workflow; and in response to determining said wrapper profile is no longer needed for the first workflow, deleting said wrapper profile. - View Dependent Claims (45, 46, 47, 48)
-
-
49. One or more processor readable storage devices having processor readable code embodied on said one or more processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
-
identifying a first and second profile each including multiple objects and attribute sets, the first and second profiles each configured to identify an entity in a directory server, wherein each of the attribute sets describing at least one trait of each entity, and wherein each attribute set is included in each of the multiple objects; identifying a template for each attribute set including configuration information other than schema information for at least one attribute in each attribute set; configuring the first and second profiles by configuring each attribute set, based at least in part on the configuration information, wherein each attribute set includes at least a first attribute of a first type and a second attribute of a second type, and wherein the first attribute of the first profile is set to a first value and the first attribute of the second profile is set to a second value; identifying at least one wrapper profile satisfying criteria, wherein; said criteria calls for said at least one wrapper profile to have a locking status of locked and said locking status to have been in place for at least a threshold period of time, said at least one wrapper profile is stored as a profile in the directory server separately from said first profile and the attribute sets which further include a locking status attribute, a workflow defines an approval process for performing one or more tasks to said first profile, and said workflow defines multiple actions of the approval process of the first workflow; setting a locking state of said locking status attribute of said wrapper profile for said first profile by a first entity, wherein when said locking status attribute of said wrapper profile is locked, said first profile is locked and not accessible by another entity for writing or modifying, and wherein when said locking status attribute of said wrapper profile is locked, said first profile is accessible for viewing by the first entity or a second entity; performing a task related to said first profile after said setting step is performed, which setting step causes said first profile to be not locked and accessible by another entity, shared and accessible by a plurality of entities, or locked and not accessible by another entity; enabling provisioning of said first profile using a provisioning system, said provisioning system receiving a request from a provisioning bridge server to grant or remove access to an external resource, and said provisioning bridge server being coupled to said directory server, wherein said provisioning bridge server uses said wrapper profile to ensure that said first profile is not being locked by said second entity; for each wrapper profile identified in said identifying step, setting a current time stamp; and determining said wrapper profile is no longer needed for the workflow; and in response to determining said wrapper profile is no longer needed for the first workflow, deleting said wrapper profile. - View Dependent Claims (50, 51)
-
-
52. A method of controlling profile access, comprising the step of:
-
identifying a first and second profile each including multiple objects and attribute sets, the first and second profiles each configured to identify an entity in a directory server, wherein each of the attribute sets describing at least one trait of each entity, and wherein each attribute set is included in each of the multiple objects; identifying a template for each attribute set including configuration information other than schema information for at least one attribute in each attribute set; configuring the first and second profiles by configuring each attribute set, based at least in part on the configuration information, wherein each attribute set includes at least a first attribute of a first type and a second attribute of a second type, and wherein the first attribute of the first profile is set to a first value and the first attribute of the second profile is set to a second value; identifying at least one wrapper profile corresponding to a criteria, wherein; said at least one wrapper profile corresponds to at least one profile and said criteria calls for said at least one wrapper profile to have a locking status corresponding to a profile being accessible, said at least one wrapper profile is stored as a profile in the directory server separately from said first profile and the attribute sets which further include a locking status attribute; a workflow defines an approval process for performing one or more tasks to said first profile, and said first workflow defines multiple actions of the approval process and defines multiple users that receive notifications corresponding to actions of the first workflow; setting a locking state of said locking status attribute of said wrapper profile for said first profile by a first entity, wherein when said locking status attribute of said wrapper profile is locked, said first profile is locked and not accessible by another entity for writing or modifying, and wherein when said locking status attribute of said wrapper profile is locked, said first profile is accessible for viewing by the first entity or a second entity; performing a task related to said first profile after said setting step is performed, which setting step causes said first profile to be not locked and accessible by another entity, shared and accessible by a plurality of entities, or locked and not accessible by another entity; enabling provisioning of said first profile using a provisioning system, said provisioning system receiving a request from a provisioning bridge server to grant or remove access to an external resource, and said provisioning bridge server being coupled to said directory server, wherein said provisioning bridge server uses said wrapper profile to ensure that said first profile is not being locked by said second entity; for each wrapper profile identified in said identifying step that has a locking status of not locked, setting a locking state; determining said wrapper profile is no longer needed for the first workflow; and in response to determining said wrapper profile is no longer needed for the first workflow, deleting said wrapper profile. - View Dependent Claims (53, 54, 55, 56, 57)
-
-
58. One or more processor readable storage devices having processor readable code embodied on said one or more processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
-
identifying a first and second profile each including multiple objects and attribute sets, the first and second profiles each configured to identify an entity in a directory server, wherein each of the attribute sets describing at least one trait of each entity, and wherein each attribute set is included in each of the multiple objects; identifying a template for each attribute set including configuration information other than schema information for at least one attribute in each attribute set; configuring the first and second profiles by configuring each attribute set, based at least in part on the configuration information, wherein each attribute set includes at least a first attribute of a first type and a second attribute of a second type, and wherein the first attribute of the first profile is set to a first value and the first attribute of the second profile is set to a second value; identifying at least one wrapper profile corresponding to a criteria, wherein; said at least one wrapper profile corresponds to at least one profile and said criteria calls for said at least one wrapper profile to have a locking status corresponding to a profile being accessible, said at least one wrapper profile is stored as a profile in the directory server separately from said first profile and the attribute sets which further include a locking status attribute, a first workflow defines an approval process for performing one or more tasks to said first profile, and said first workflow defines multiple actions of the approval process of the first workflow; setting a locking state of said locking status attribute of said wrapper profile for said first profile by a first entity, wherein when said locking status attribute of said wrapper profile is locked, said first profile is locked and not accessible by another entity for writing or modifying, and wherein when said locking status attribute of said wrapper profile is locked, said first profile is accessible for viewing by the first entity or a second entity; performing a task related to said first profile after said setting step is performed, which setting step causes said first profile to be not locked and accessible by another entity, shared and accessible by a plurality of entities, or locked and not accessible by another entity; enabling provisioning of said first profile using a provisioning system, said provisioning system receiving a request from a provisioning bridge server to grant or remove access to an external resource, and said provisioning bridge server being coupled to said directory server, wherein said provisioning bridge server uses said wrapper profile to ensure that said first profile is not being locked by said second entity; for each wrapper profile identified in said identifying step that has a locking status of not locked, setting a locking state; and determining said wrapper profile is no longer needed for the first workflow; and in response to determining said wrapper profile is no longer needed for the first workflow, deleting said wrapper profile. - View Dependent Claims (59, 60)
-
-
61. A method of controlling profile access, comprising the steps of:
-
identifying a first and second profile each including multiple objects and attribute sets, the first and second profiles each configured to identify an entity in a directory server, wherein each of the attribute sets describing at least one trait of each entity, and wherein each attribute set is included in each of the multiple objects; identifying a template for each attribute set including configuration information other than schema information for at least one attribute in each attribute set; configuring the first and second profiles by configuring each attribute set, based at least in part on the configuration information, wherein each attribute set includes at least a first attribute of a first type and a second attribute of a second type, and wherein the first attribute of the first profile is set to a first value and the first attribute of the second profile is set to a second value; identifying at least one wrapper profile corresponding to a criteria, wherein; said at least one wrapper profile corresponds to at least one profile and said criteria calls for said at least one wrapper profile to have a locking status of not locked, said at least one wrapper profile is stored as a profile in the directory server separately from said first profile and the attribute sets which further include a locking status attribute, a workflow defines an approval process for performing one or more tasks to said first profile, and said workflow defines multiple actions of the approval process of the first workflow; setting a locking state of said locking status attribute of said wrapper profile for said first profile by a first entity, wherein when said locking status attribute of said wrapper profile is locked, said first profile is locked and not accessible by another entity for writing or modifying, and wherein when said locking status attribute of said wrapper profile is locked, said first profile is accessible for viewing by the first entity or a second entity; performing a task related to said first profile after said setting step is performed, which setting step causes said first profile to be not locked and accessible by another entity, shared and accessible by a plurality of entities, or locked and not accessible by another entity; enabling provisioning of said first profile using a provisioning system, said provisioning system receiving a request from a provisioning bridge server to grant or remove access to an external resource, and said provisioning bridge server being coupled to said directory server, wherein said provisioning bridge server uses said wrapper profile to ensure that said first profile is not being locked by said second entity; for each wrapper profile identified in said identifying step, setting a locking status of said locking status attribute; determining said wrapper profile is no longer needed for the first workflow; and in response to determining said wrapper profile is no longer needed for the first workflow, deleting said wrapper profile. - View Dependent Claims (62, 63, 64)
-
-
65. One or more processor readable storage devices having processor readable code embodied on said one or more processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
-
identifying a first and second profile each including multiple objects and attribute sets, the first and second profiles each configured to identify an entity in a directory server, wherein each of the attribute sets describing at least one trait of each entity, and wherein each attribute set is included in each of the multiple objects; identifying a template for each attribute set including configuration information other than schema information for at least one attribute in each attribute set; configuring the first and second profiles by configuring each attribute set, based at least in part on the configuration information, wherein each attribute set includes at least a first attribute of a first type and a second attribute of a second type, and wherein the first attribute of the first profile is set to a first value and the first attribute of the second profile is set to a second value; identifying at least one wrapper profile corresponding to a criteria, wherein; said at least one wrapper profile corresponds to at least one profile and said criteria calls for said at least one wrapper profile to have a locking status of not locked, said at least one wrapper profile is stored as a profile in the directory server separately from said first profile and the attribute sets which further include a locking status attribute, a first workflow defines an approval process for performing one or more tasks to said first profile, and said first workflow defines multiple actions of the approval process and defines multiple users that receive notifications corresponding to actions of the first workflow; setting a locking state of said locking status attribute of said wrapper profile for said first profile by a first entity, wherein when said locking status attribute of said wrapper profile is locked, said first profile is locked and not accessible by another entity for writing or modifying, and wherein when said locking status attribute of said wrapper profile is locked, said first profile is accessible for viewing by the first entity or a second entity; performing a task related to said first profile after said setting step is performed, which setting step causes said first profile to be not locked and accessible by another entity, shared and accessible by a plurality of entities, or locked and not accessible by another entity; enabling provisioning of said first profile using a provisioning system, said provisioning system receiving a request from a provisioning bridge server to grant or remove access to an external resource, and said provisioning bridge server being coupled to said directory server, wherein said provisioning bridge server uses said wrapper profile to ensure that said first profile is not being locked by said second entity; for each wrapper profile identified in said identifying step, setting a locking status of said locking status attribute; and determining said wrapper profile is no longer needed for the first workflow; and in response to determining said wrapper profile is no longer needed for the first workflow, deleting said wrapper profile. - View Dependent Claims (66)
-
-
67. A method of controlling profile access, comprising the steps of:
-
identifying a first and second profile each including multiple objects and attribute sets, the first and second profiles each configured to identify an entity in a directory server, wherein each of the attribute sets describing at least one trait of each entity, and wherein each attribute set is included in each of the multiple objects; identifying a template for each attribute set including configuration information other than schema information for at least one attribute in each attribute set; configuring the first and second profiles by configuring each attribute set, based at least in part on the configuration information, wherein each attribute set includes at least a first attribute of a first type and a second attribute of a second type, and wherein the first attribute of the first profile is set to a first value and the first attribute of the second profile is set to a second value; creating a user profile; creating a first wrapper profile for said user profile, wherein said wrapper profile is created as part of a first workflow, said first workflow defines an approval process for performing one or more tasks to said first profile, and said first workflow defines multiple actions of the approval process of the first workflow; creating at least one resource profile corresponding to said user profile; creating a wrapper profile for each resource profile in said at least one resource profile, wherein said wrapper profile is stored as a profile in the directory server separately from said first profile and the attribute sets which further include a locking status attribute; and setting a locking state of said locking status attribute of said wrapper profile for said first profile by a first entity, wherein when said locking status attribute of said wrapper profile is locked, said first profile is locked and not accessible by another entity for writing or modifying, and wherein when said locking status attribute of said wrapper profile is locked, said first profile is accessible for viewing by the first entity or a second entity; performing a task related to said first profile after said setting step is performed, which setting step causes said first profile to be not locked and accessible by another entity, shared and accessible by a plurality of entities, or locked and not accessible by another entity; enabling provisioning of said first profile using a provisioning system, provisioning system receiving a request from a provisioning bridge server to grant or remove access to an external resource, and said provisioning bridge server being coupled to said directory server, wherein said provisioning bridge server uses said wrapper profile to ensure that said first profile is not being locked by said second entity; determining the wrapper profile is no longer needed for the first workflow; and in response to determining the wrapper profile is no longer needed for the first workflow, deleting said wrapper profile. - View Dependent Claims (68, 69, 70, 71, 72, 73, 74, 75)
-
-
76. One or more processor readable storage devices having processor readable code embodied on said one or more processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
-
identifying a first and second profile each including multiple objects and attribute sets, the first and second profiles each configured to identify an entity in a directory server, wherein each of the attribute sets describing at least one trait of each entity, and wherein each attribute set is included in each of the multiple objects; identifying a template for each attribute set including configuration information other than schema information for at least one attribute in each attribute set; configuring the first and second profiles by configuring each attribute set, based at least in part on the configuration information, wherein each attribute set includes at least a first attribute of a first type and a second attribute of a second type, and wherein the first attribute of the first profile is set to a first value and the first attribute of the second profile is set to a second value; creating a user profile; creating a first wrapper profile for said user profile, wherein said first wrapper profile is created as part of a first workflow, said first workflow defines an approval process for performing one or more tasks to said first profile, and said first workflow defines multiple actions of the approval process and defines multiple users that receive notifications corresponding to actions of the first workflow; creating at least one resource profile corresponding to said user profile; creating a wrapper profile for each resource profile in said at least one resource profile, wherein said wrapper profile is stored as a profile in the directory server separately from said first profile and the attribute sets which further include a locking status attribute; and setting a locking state of said locking status attribute of said wrapper profile for said first profile by a first entity, wherein when said locking status attribute of said wrapper profile is locked, said first profile is locked and not accessible by another entity for writing or modifying, and wherein when said locking status attribute of said wrapper profile is locked, said first profile is accessible for viewing by the first entity or a second entity; performing a task related to said first profile after said setting step is performed, which setting step causes said first profile to be not locked and accessible by another entity, shared and accessible by a plurality of entities, or locked and not accessible by another entity; enabling provisioning of said first profile using a provisioning system, said provisioning system receiving a request from a provisioning bridge server to grant or remove access to an external resource, and said provisioning bridge server being coupled to said directory server, wherein said provisioning bridge server uses said wrapper profile to ensure that said first profile is not being locked by said second entity; determining the first wrapper profile is no longer needed for the first workflow; and in response to determining the first wrapper profile is no longer needed for the first workflow, deleting said first wrapper profile. - View Dependent Claims (77, 78, 79, 80)
-
-
81. An apparatus, comprising:
-
one or more storage devices; and one or more processors in communication with said one or more storage devices, said one or more processors perform a method comprising the steps of; identifying a first and second profile each including multiple objects and attribute sets, the first and second profiles each configured to identify an entity in a directory server, wherein each of the attribute sets describing at least one trait of each entity, and wherein each attribute set is included in each of the multiple objects; identifying a template for each attribute set including configuration information other than schema information for at least one attribute in each attribute set; configuring the first and second profiles by configuring each attribute set, based at least in part on the configuration information, wherein each attribute set includes at least a first attribute of a first type and a second attribute of a second type, and wherein the first attribute of the first profile is set to a first value and the first attribute of the second profile is set to a second value; creating a user profile; creating a first wrapper profile for said user profile, wherein; said first wrapper profile is stored as a profile in the directory server separately from said first profile and the attribute sets which further include a locking status attribute, said wrapper profile is created as part of a first workflow, said first workflow defines an approval process for performing one or more tasks to said first profile, and said first workflow defines multiple actions of the approval process of the first workflow; creating at least one resource profile corresponding to said user profile; creating a wrapper profile for each resource profile in said at least one resource profile; submitting a provisioning request; selecting said provisioning request; accessing said first wrapper profile to determine if said user profile is locked; enabling provisioning of said first profile using a provisioning system, said provisioning system receiving a request from a provisioning bridge server to grant or remove access to an external resource, and said provisioning bridge server being coupled to said directory server; setting a locking state of said locking status attribute of said wrapper profile for said first profile by a first entity, wherein when said locking status attribute of said wrapper profile is locked, said first profile is locked and not accessible by another entity for writing or modifying, and wherein when said locking status attribute of said wrapper profile is locked, said first profile is accessible for viewing by the first entity or a second entity; performing a task related to said first profile after said setting step is performed, which setting step causes said first profile to be not locked and accessible by another entity, shared and accessible by a plurality of entities, or locked and not accessible by another entity; setting a locking state of said locking status attribute of said first wrapper profile to lock said user profile, if it is determined in said accessing step that said user profile is not locked, wherein said provisioning bridge server uses said wrapper profile to ensure that said first profile is not being locked by said second entity; and determining said wrapper profile is no longer needed for the first workflow; and in response to determining said wrapper profile is no longer needed for the first workflow, deleting said wrapper profile. - View Dependent Claims (82)
-
Specification