Access control policy in a weakly-coherent distributed collection
First Claim
1. A computer-readable storage medium not consisting of a modulated data signal for programming a processor to perform a method of implementing an access control policy on a weakly-coherent distributed collection, the method comprising the steps of:
- (a) generating one or more certificates creating one or more access control rights with respect to one or more replicas and items in the weakly-coherent distributed collection, said step (a) of generating one or more certificates including the step of creating one or more namespaces to subdivide the rights associated with different replicas;
(b) revoking a certificate of the one or more certificates by a collection manager and/or one or more replicas granted authority to revoke the one or more certificates;
(c) preventing conflicting policies within the weakly-coherent distributed collection by preventing modification of the one or more certificates by the collection manager and one or more replicas granted authority to revoke the one or more certificates; and
(d) creating a new replica upon revocation of the certificate in said step (b), and recreating the certificate revoked in said step (b) in the new replica, the new replica implementing policy to replace the policy of the revoked certificate.
2 Assignments
0 Petitions
Accused Products
Abstract
A system is disclosed for creating and implementing an access control policy framework in a weakly coherent distributed collection. A collection manager may sign certificates forming equivalence classes of replicas that share a specific authority. The collection manager and/or certain privileged replicas may issue certificates that delegate authority for control of item policy and replica policy. Further certificates may be signed that create one or more items, set policy for these one or more items, and define a set of operations authorized on the one or more items. The certificates issued according to the present system for creating and implementing a control policy framework cannot be modified or simply overridden. Once a policy certificate is issued, it may only be revoked by the collection manager or by a replica having revocation authority.
-
Citations
10 Claims
-
1. A computer-readable storage medium not consisting of a modulated data signal for programming a processor to perform a method of implementing an access control policy on a weakly-coherent distributed collection, the method comprising the steps of:
-
(a) generating one or more certificates creating one or more access control rights with respect to one or more replicas and items in the weakly-coherent distributed collection, said step (a) of generating one or more certificates including the step of creating one or more namespaces to subdivide the rights associated with different replicas; (b) revoking a certificate of the one or more certificates by a collection manager and/or one or more replicas granted authority to revoke the one or more certificates; (c) preventing conflicting policies within the weakly-coherent distributed collection by preventing modification of the one or more certificates by the collection manager and one or more replicas granted authority to revoke the one or more certificates; and (d) creating a new replica upon revocation of the certificate in said step (b), and recreating the certificate revoked in said step (b) in the new replica, the new replica implementing policy to replace the policy of the revoked certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification