Supporting role-based access control in component-based software systems

US 8,645,843 B2
Filed: 08/29/2008
Issued: 02/04/2014
Est. Priority Date: 08/29/2008
Status: Active Grant

First Claim

Patent Images

1. A method of supporting role-based access control in a collaborative environment, wherein a plurality of users work together in a collaborative process including a multitude of activities using a software system, the method comprising:

componentizing the software system into a multitude of software components;

assigning an associated set of the multitude of software components to each of a plurality of roles in the collaborative process;

assigning to each of the users one of said plurality of roles as a current role of the user, as defined by a run-time state of the collaborative process;

activating a set of the multitude of software components to perform one of said activities as a current activity in the collaborative process;

limiting access of the users to the software components by providing each of the users with access to only the software components that are common in both the set of the software components assigned to the current role assigned to said each user, and the set of the software components activated to perform the current activity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system and computer program product is disclosed for supporting role-based access control in a collaborative environment, wherein pluralities of users work together in a collaborative process using a software system. The method comprises componentizing the software system into a multitude of software components, and limiting access to specific software components to certain users based on roles assigned to the users as defined by a run-time state of the collaborative process. The set of components that a user can access is dynamic, that set can change based on the “context” or the step where the user is in a collaborative workflow/process. Thus, in comparison with traditional access control mechanisms, an embodiment of the invention combines three different elements: a) the set of components that comprise the application is partitioned in such a way as to make componentized role-based access control feasible, b) a method for specifying inter-component dependencies to enable role-based groups, and c) enabling the modification of the access privileges based on contextual information from a collaborative process.

Citations

19 Claims

1. A method of supporting role-based access control in a collaborative environment, wherein a plurality of users work together in a collaborative process including a multitude of activities using a software system, the method comprising:
- componentizing the software system into a multitude of software components;
  
  assigning an associated set of the multitude of software components to each of a plurality of roles in the collaborative process;
  
  assigning to each of the users one of said plurality of roles as a current role of the user, as defined by a run-time state of the collaborative process;
  
  activating a set of the multitude of software components to perform one of said activities as a current activity in the collaborative process;
  
  limiting access of the users to the software components by providing each of the users with access to only the software components that are common in both the set of the software components assigned to the current role assigned to said each user, and the set of the software components activated to perform the current activity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1, wherein during the collaborative process, the users have a plurality of different roles, and the componentizing the software system includescapturing the different roles and the collaborative process into a centralized model;
    - andusing said centralized model to divide the software system into role specific components sets and assigning the sets of components into role profiles.
  - 3. The method according to claim 2, wherein the roles login to the collaborative process, and the limiting access to specific components includes:
    - when one of the roles logins to the collaborative process, loading corresponding software components on the profile for the roles in the software system; and
      
      changing the components that certain roles can access according to the run-time context determined by the collaborative process.
  - 4. The method according to claim 3, further comprising providing a user interface to enable an administrator to manage and update the profiles.
  - 5. The method according to claim 4, wherein the capturing the different roles and the collaborative process into a centralized model includes describing the relationships among the components, the different roles, and the collaborative process in the centralized model, including the dependencies between components, the ownership between the roles and the components, and the ownership between activities in the collaborative process and the components.
  - 6. The method according to claim 5, wherein the using said centralized model to divide the software system into role specific components sets includes:
    - analyzing the relationships in the centralized model to generate different role profiles; and
      
      parsing the role profiles to load the components in the intersection between the ownership of the current role and the ownership of the current activity in the collaborative process.
  - 7. The method according to claim 6, wherein the using said centralized model to divide the software system into role specific components sets further includes monitoring a current runtime status of the collaborative process to dynamically change the accessible components for different roles.
  - 8. The method according to claim 1, wherein the limiting access of the users to the software components includes:
    - developing a profile for each of the roles listing the software components assigned to said each role.
  - 9. The method according to claim 8, wherein each profile identifies conditions for changing the set of the software components assigned to said each role based on the running states of the collaborative process.
  - 10. The method according to claim 1, further comprising;
    - using a computer system implementing a collaborative process program to perform the assigning an associated set of the multitude of software components to each of the roles, assigning to each of the users one of said roles, and limiting access of the users to the software components.

11. An access control system for supporting role-based access control in a collaborative environment, wherein a plurality of users work together in a collaborative process including a multitude of activities using a software system, the access control system comprising one or more processor units configured for:
- componentizing the software system into a multitude of software components;
  
  assigning an associated set of the multitude of software components to each of a plurality of roles in the collaborative process;
  
  assigning to each of the users one of said plurality of roles as a current role of the user, as defined by a run-time state of the collaborative process;
  
  activating a set of the multitude of software components to perform said one of said activities as a current activity in the collaborative process;
  
  limiting access of the users to the software components by providing each of the users with access to only the software components that are common in both the set of the software components assigned to the current role assigned to said each user, and the set of the software components activated to perform the current activity.
- View Dependent Claims (12, 13, 14)
- - 12. The access control system according to claim 11, wherein during the collaborative process, the users have a plurality of different roles, and the componentizing the software system includes:
    - capturing the different roles and the collaborative process into a centralized model; and
      
      using said centralized model to divide the software system into role specific components sets and assigning the sets of components into role profiles.
  - 13. The access control system according to claim 12, wherein the roles login to the collaborative process, and the limiting access to specific components includes:
    - when one of the roles logins to the collaborative process, loading corresponding software components on the profile for the roles in the software system; and
      
      changing the components that certain roles can access according to the run-time context determined by the collaborative process.
  - 14. The access control system according to claim 13, wherein the capturing the different roles and the collaborative process into a centralized model includes describing the relationships among the components, the different roles, and the collaborative process in the centralized model, including the dependencies between components, the ownership between the roles and the components, and the ownership between activities in the collaborative process and the components.

15. An article of manufacture comprising:
- at least one tangible computer usable device having computer readable program code logic tangibly embodied therein to execute a machine instruction in one or more processing units for supporting role-based access control in a collaborative environment, wherein a plurality of users work together in a collaborative process including a multitude of activities using a software system, the computer readable program code logic, when executing, performing the following;
  
  componentizing the software system into a multitude of software components;
  
  assigning an associated set of the multitude of software components to each of a plurality of roles in the collaborative process;
  
  assigning to each of the users one of said plurality of roles as a current role of the user, as defined by a run-time state of the collaborative process;
  
  activating a set of the multitude of software components to perform said one of said activities as a current activity in the collaborative process;
  
  limiting access of the users to the software components by providing each of the with access to only the software components that are common in both the set of the software components assigned to current role assigned to said each user, and the set of the software components activated to perform the current activity.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The article of manufacture according to claim 15, wherein during the collaborative process, the users have a plurality of different roles, and the componentizing the software system includes:
    - capturing the different roles and the collaborative process into a centralized model; and
      
      using said centralized model to divide the software system into role specific components sets and assigning the sets of components into role profiles.
  - 17. The article of manufacture according to claim 15, wherein the capturing the different roles and the collaborative process into a centralized model includes describing the relationships among the components, the different roles, and the collaborative process in the centralized model, including the dependencies between components, the ownership between the roles and the components, and the ownership between activities in the collaborative process and the components.
  - 18. The article of manufacture according to claim 17, wherein the using said centralized model to divide the software system into role specific components sets includes:
    - analyzing the relationships in the centralized model to generate different role profiles; and
      
      parsing the role profiles to load the components in the intersection between the ownership of a current role and the ownership of a current activity in the collaborative process.
  - 19. The article of manufacture according to claim 18, wherein the limiting access of the users to the software components includes:
    - developing a profile for each of the roles listing the software components assigned to said each role.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Chee, Yi-Min, Fang, Ru, Liu, Feng, Ma, Qian, Oppenheim, Daniel V., Ratakonda, Krishna, Zou, Zhi Le
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
LAKHIA, VIRAL S

Application Number

US12/201,060
Publication Number

US 20100058197A1
Time in Patent Office

1,985 Days
Field of Search

715/751, 726 2- 15, 709/223, 713/165
US Class Current

715/751
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06Q 10/10 Office automation; Time man...

Supporting role-based access control in component-based software systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Supporting role-based access control in component-based software systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links