Variable domain resource data security for data processing systems
DCFirst Claim
1. A method of providing controlled, electronic access to variable domain data stored in a data processing system, the method comprising:
- performing using a computer system;
receiving information from a principal that includes information identifying the principal;
performing one or more logical relationship operations on a data security model and a variable domain data model using security attributes of the data security model to determine a level of resource data access to be granted to the principal, wherein the variable domain model comprises a product configuration model, and performing the one or more logical operations comprises executing a configuration engine to perform an intersection between configuration spaces defined by a data security model and a product configuration model, wherein data included in any overlap of the configuration spaces is used to determine a level of resource data access to be granted to the principal; and
granting the principal access to the resource data in accordance with the determined level of resource data access to be granted to the principal, wherein the principal comprises an entity that has controlled access to the resource data.
2 Assignments
Litigations
0 Petitions
Accused Products
Abstract
The variable domain data access control system and method described herein use the same variable domain to describe a data security model and a variable domain data model, such as a product configuration model. A variable domain is a set of resource data that can be described using a logical relationship data structure. The variable domain utilizes logical relationship expressions, such as a Boolean logic language, to define resource data in terms of parts, rules and/or attributes, and any other property that can be accessed for viewing, manipulation, or other purposes. The data security model represents an access control list (ACL) that includes security attributes as resource data and uses the same data structure and logical relationship expressions as an associated variable domain data model. An application, such as a configuration engine, can be used to create controlled access to the variable domain data model using the data security model.
120 Citations
25 Claims
-
1. A method of providing controlled, electronic access to variable domain data stored in a data processing system, the method comprising:
performing using a computer system; receiving information from a principal that includes information identifying the principal; performing one or more logical relationship operations on a data security model and a variable domain data model using security attributes of the data security model to determine a level of resource data access to be granted to the principal, wherein the variable domain model comprises a product configuration model, and performing the one or more logical operations comprises executing a configuration engine to perform an intersection between configuration spaces defined by a data security model and a product configuration model, wherein data included in any overlap of the configuration spaces is used to determine a level of resource data access to be granted to the principal; and granting the principal access to the resource data in accordance with the determined level of resource data access to be granted to the principal, wherein the principal comprises an entity that has controlled access to the resource data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A data processing system to provide controlled, electronic access to variable domain data stored in a data processing system, the data processing system comprises:
-
a processor; and a storage medium coupled to the processor and having data encoded therein, the data comprising processor executable code for; receiving information from a principal that includes information identifying the principal; performing one or more logical relationship operations on a data security model and a variable domain data model using security attributes of the data security model to determine a level of resource data access to be granted to the principal, wherein variable domain model comprises a product configuration model, and performing the one or more logical operations comprises executing a configuration engine to perform an intersection between configuration spaces defined by a data security model and a product configuration model, wherein data included in any overlap of the configuration spaces is used to determine a level of resource data access to be granted to the principal; and granting the principal access to the resource data in accordance with the determined level of resource data access to be granted to the principal, wherein the principal comprises an entity that has controlled access to the resource data. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer storage device comprising data embedded therein to cause a computer system to provide controlled, electronic access to variable domain data stored in a data processing system, wherein the embedded data comprises processor executable code for:
-
receiving information from a principal that includes information identifying the principal; performing one or more logical relationship operations on a data security model and a variable domain data model using security attributes of the data security model to determine a level of resource data access to be granted to the principal, wherein the variable domain model comprises a product configuration model, and performing the one or more logical operations comprises executing a configuration engine to perform an intersection between configuration spaces defined by a data security model and a product configuration model, wherein data included in any overlap of the configuration spaces is used to determine a level of resource data access to be granted to the principal; and granting the principal access to the resource data in accordance with the determined level of resource data access to be granted to the principal, wherein the principal comprises an entity that has controlled access to the resource data. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. A computer system to provide controlled, electronic access to variable domain data stored in a data processing system, the system comprising:
-
means for receiving information from a principal that includes information identifying the principal; means for performing one or more logical relationship operations on a data security model and a variable domain data model using security attributes of the data security model to determine a level of resource data access to be granted to the principal, wherein the variable domain model comprises a product configuration model, and performing the one or more logical operations comprises executing a configuration engine to perform an intersection between configuration spaces defined by a data security model and a product configuration model, wherein data included in any overlap of the configuration spaces is used to determine a level of resource data access to be granted to the principal; and means for granting the principal access to the resource data in accordance with the determined level of resource data access to be granted to the principal, wherein the principal comprises an entity that has controlled access to the resource data.
-
Specification