Secure search performance improvement
First Claim
1. A method of improving performance for a secure search, the method comprising:
- generating indexing information for a document of a plurality of documents, wherein the document includes a set of document authorization attributes which include an access control list and the access control list includes one or more access control list entries, wherein the indexing information comprises information about content of the document and information about security access requirements for accessing the document;
storing, in an index, the indexing information generated for the document;
receiving a set of user identity attributes and a query on behalf of a user, the query including a set of search keywords, wherein an identity management system is used to determine the set of user identity attributes based on the set of document authorization attributes and the access control list entities, wherein the set of document authorization attributes comprises zero or more attributes, each attribute corresponding to one or more attribute values, and an attribute value corresponding to at least one attribute of the set of document authorization attributes specifies at least one of a group, role, or project associated with the user and an attribute of the set of document authorization attributes is one of a grant or a deny attribute, and an attribute value comprises a global universal identifier (GUID);
in response to the query, using the index to identify a set of identified documents; and
returning search results based on the set of identified documents.
0 Assignments
0 Petitions
Accused Products
Abstract
A flexible and extensible architecture allows for secure searching across an enterprise. Such an architecture can provide a simple Internet-like search experience to users searching secure content inside (and outside) the enterprise. The architecture allows for the crawling and searching of a variety or of sources across an enterprise, regardless of whether any of these sources conform to a conventional user role model. The architecture further allows for security attributes to be submitted at query time, for example, in order to provide real-time secure access to enterprise resources. The user query also can be transformed to provide for dynamic querying that provides for a more current result list than can be obtained for static queries.
224 Citations
12 Claims
-
1. A method of improving performance for a secure search, the method comprising:
-
generating indexing information for a document of a plurality of documents, wherein the document includes a set of document authorization attributes which include an access control list and the access control list includes one or more access control list entries, wherein the indexing information comprises information about content of the document and information about security access requirements for accessing the document; storing, in an index, the indexing information generated for the document; receiving a set of user identity attributes and a query on behalf of a user, the query including a set of search keywords, wherein an identity management system is used to determine the set of user identity attributes based on the set of document authorization attributes and the access control list entities, wherein the set of document authorization attributes comprises zero or more attributes, each attribute corresponding to one or more attribute values, and an attribute value corresponding to at least one attribute of the set of document authorization attributes specifies at least one of a group, role, or project associated with the user and an attribute of the set of document authorization attributes is one of a grant or a deny attribute, and an attribute value comprises a global universal identifier (GUID); in response to the query, using the index to identify a set of identified documents; and returning search results based on the set of identified documents. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer readable storage medium having sets of instructions stored thereon which, when executed by a computer, cause the computer to:
-
generate indexing information for a document of a plurality of documents, wherein the document includes a set of document authorization attributes which include an access control list and the access control list includes one or more access control list entries, wherein the indexing information comprises information about content of the document and information about security access requirements for accessing the document; store, in an index, the indexing information generated for the document; receive a set of user identity attributes and a query on behalf of a user, the query including a set of search keywords, wherein an identity management system is used to determine the set of user identity attributes based on the set of document authorization attributes and the access control list entities, wherein the set of document authorization attributes comprises zero or more attributes, each attribute corresponding to one or more attribute values, and an attribute value corresponding to at least one attribute of the set of document authorization attributes specifies at least one of a group, role, or project associated with the user and an attribute of the set of document authorization attributes is one of a grant or a deny attribute, and an attribute value comprises a global universal identifier (GUID); in response to the query, use the index to identify a set of identified documents; and return search results based on the set of identified documents. - View Dependent Claims (9, 10)
-
-
11. A system for improving performance for a secure search, the system comprising:
-
a memory device; and a processor in communication with the memory device, wherein the memory device has sets of instructions stored thereon which, when executed by the processor, cause the processor to; generate indexing information for a document of a plurality of documents, wherein the document includes a set of document authorization attributes which include an access control list and the access control list includes one or more access control list entries, wherein the indexing information comprises information about content of the document and information about security access requirements for accessing the document; store, in an index, the indexing information generated for the document; receive a set of user identity attributes and a query on behalf of a user, the query including a set of search keywords, wherein an identity management system is used to determine the set of user identity attributes based on the set of document authorization attributes and the access control list entities, wherein the set of document authorization attributes comprises zero or more attributes, each attribute corresponding to one or more attribute values, and an attribute value corresponding to at least one attribute of the set of document authorization attributes specifies at least one of a group, role, or project associated with the user and an attribute of the set of document authorization attributes is one of a grant or a deny attribute, and an attribute value comprises a global universal identifier (GUID); in response to the query, use the index to identify a set of identified documents; and return search results based on the set of identified documents. - View Dependent Claims (12)
-
Specification