Cross domain security information conversion

US 8,528,063 B2
Filed: 03/31/2004
Issued: 09/03/2013
Est. Priority Date: 03/31/2004
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for cross domain security information conversion, the computer comprising a computer processor and a computer memory operatively coupled to the computer processor, the computer memory having disposed within it computer program instructions that execute the method, the method comprising:

receiving from a system entity, in a security service, security information in a native format of a first security domain regarding a system entity having an identity in at least one security domain, wherein the system entity comprises automated computing machinery;

translating the security information to a canonical format for security information, wherein the canonical format is a data format for security information that is standardized for use in data transformations of security information;

transforming the security information in the canonical format using a predefined mapping from the first security domain to a second security domain;

translating the transformed security information in the canonical format to a native format of the second security domain; and

returning to the system entity the security information in the native format of the second security domain.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer program products are provided for cross domain security information conversion. Embodiments include receiving from a system entity, in a security service, security information in a native format of a first security domain regarding a system entity having an identity in at least one security domain; translating the security information to a canonical format for security information; transforming the security information in the canonical format using a predefined mapping from the first security domain to a second security domain; translating the transformed security information in the canonical format to a native format of the second security domain; and returning to the system entity the security information in the native format of the second security domain.

17 Citations

View as Search Results

28 Claims

1. A computer-implemented method for cross domain security information conversion, the computer comprising a computer processor and a computer memory operatively coupled to the computer processor, the computer memory having disposed within it computer program instructions that execute the method, the method comprising:
- receiving from a system entity, in a security service, security information in a native format of a first security domain regarding a system entity having an identity in at least one security domain, wherein the system entity comprises automated computing machinery;
  
  translating the security information to a canonical format for security information, wherein the canonical format is a data format for security information that is standardized for use in data transformations of security information;
  
  transforming the security information in the canonical format using a predefined mapping from the first security domain to a second security domain;
  
  translating the transformed security information in the canonical format to a native format of the second security domain; and
  
  returning to the system entity the security information in the native format of the second security domain.
- View Dependent Claims (2, 3, 4, 5, 7, 8, 9)
- - 2. The method of claim 1 wherein transforming the security information includes structure transformation and value transformation, including mapping a system entity'"'"'s identity in the first security domain to a another identity in the second security domain.
  - 3. The method of claim 1 wherein receiving security information further comprises receiving a request for security information for the second security domain, wherein the request encapsulates the security information in a native format of a first security domain.
  - 4. The method of claim 3 wherein the system entity comprises a system entity requesting access to a resource in the second security domain.
  - 5. The method of claim 3 wherein the system entity comprises a system entity providing access to a resource in the second security domain.
  - 7. The method of claim 1 wherein the native format of the first security domain is expressed in XML, the canonical format is expressed in XML, and translating the security information in a native format of a first security domain to a canonical format is carried out in dependence upon a mapping, expressed in XSL, from the native format of the first security domain to a canonical format.
  - 8. The method of claim 1 wherein the canonical format is expressed in XML and the predefined mapping from the first security domain to a second security domain is expressed in XSL.
  - 9. The method of claim 1 wherein the second native format is expressed in XML, the canonical format is expressed in XML, and translating the transformed security information in the canonical format to a native format of the second security domain is carried out in dependence upon a predefined mapping, expressed in XSL, from the canonical format to the native format of the second security domain.

6. The method of claim l wherein translating the security information in a native format of a first security domain to a canonical format is carried out through a procedural software function.

10. A system for cross domain security information conversion, the system comprising a computer processor operatively coupled to a computer memory. the computer memory having disposed within it computer program instructions for:
- receiving from a system entity, in a security service, security information in a native format of a first security domain regarding a system entity having an identity in at least one security domain;
  
  translating the security information to a canonical format for security information;
  
  transforming the security information in the canonical format using a predefined mapping from the first security domain to a second security domain;
  
  translating the transformed security information in the canonical format to a native format of the second security domain; and
  
  returning to the system entity the security information in the native format of the second security domain.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10 wherein transforming the security information includes structure transformation and value transformation, including mapping a system entity'"'"'s identity in the first security domain to a another identity in the second security domain.
  - 12. The system of claim 10 wherein receiving security information further comprises receiving a request for security information for the second security domain, wherein the request encapsulates the security information in a native format of a first security domain.
  - 13. The system of claim 12 wherein the system entity comprises a system entity requesting access to a resource in the second security domain.
  - 14. The system of claim 12 wherein the system entity comprises a system entity providing access to a resource in the second security domain.
  - 15. The system of claim 10 wherein translating the security information in a native format of a first security domain to a canonical format comprises a procedural software function.
  - 16. The system of claim 10 wherein translating the security information in a native format of a first security domain to a canonical format comprises a mapping, expressed in XSL, from the native format of the first security domain to a canonical format.
  - 17. The system of claim 10 wherein the canonical format is expressed in XML and the predefined mapping from the first security domain to a second security domain is expressed in XSL.
  - 18. The system of claim 10 wherein the second native format is expressed in XML, the canonical format is expressed in XML, and translating the transformed security information in the canonical format to a native format of the second security domain comprises a predefined mapping, expressed in XSL, from the canonical format to the native format of the second security domain.

19. A computer program product for cross domain security information conversion, the computer program product embodied on a recordable computer-readable medium, the computer program product comprising computer program instructions which when installed and executed on a data processing system, are capable causing the data processing system to carry out the steps of:
- receiving from system entity, in a security service, security information in a native format of a first security domain regarding a system entity having an identity in at least one security domain, wherein the system entity comprises automated computing machinerytranslating the security information to a canonical format for security information;
  
  transforming the security information in the canonical format using a predefined mapping from the first security domain to a second security domain;
  
  translating the transformed security information in the canonical format to a native format of the second security domain; and
  
  returning to the system entity the security information in the native format of the second security domain.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 20. The computer program product of claim 19 wherein computerprogram instructions for transforming the security information includes computerprogram instructions for structure transformation and value transformation, including computer program instructions for mapping a system entity'"'"'s identity in the first security domain to another identity in the second security domain.
  - 21. The computer program product of claim 19 wherein computer program instructions for receiving security information further comprises computer program instructions for receiving a request for security information for the second security domain, wherein the request encapsulates the security information in a native format of a first security domain.
  - 22. The computer program product of claim 21 wherein the system entity comprises a system entity requesting access to a resource in the second security domain.
  - 23. The computer program product of claim 21 wherein the system entity comprises a system entity providing access to a resource in the second security domain.
  - 24. The computer program product of claim 19 wherein computer program instructions for translating the security information in a native format of a first security domain to a canonical format comprises a procedural software function.
  - 25. The computer program product of claim 19 wherein computer program instructions for translating the security information in a native format of a first security domain to a canonical format comprises a mapping, expressed in XSL, from the native format of the first security domain to a canonical format.
  - 26. The computer program product of claim 19 wherein the canonical format is expressed in XML and the predefined mapping from the first security domain to a second security domain is expressed in XSL.
  - 27. The computer program product of claim 19 wherein computer program instructions for translating the transformed security information in the canonical format to a native format of the second security domain comprises a procedural software function.
  - 28. The computer program product of claim 19 wherein the second native format is expressed in XML, the canonical format is expressed in XML, and computer program instructions for translating the transformed security information in the canonical format to a native format of the second security domain comprises a predefined mapping, expressed in XSL, from the canonical format to the native format of the second security domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Duggan, Matthew Paul, Falola, Dolapo Martin, Wardrop, Patrick Ryan
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US10/815,213
Publication Number

US 20050223413A1
Time in Patent Office

3,443 Days
Field of Search

726/6, 726/8, 726/9
US Class Current

726/8
CPC Class Codes

G06F 21/6236   between heterogeneous systems

H04L 63/105   Multiple levels of security

H04W 4/00   Services specially adapted ...

Cross domain security information conversion

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Cross domain security information conversion

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links