Transaction-aware caching for access control metadata

US 8,745,017 B2
Filed: 03/14/2008
Issued: 06/03/2014
Est. Priority Date: 05/12/2000
Status: Active Grant

First Claim

Patent Images

1. A method for determining authorization to operate on a file, the method comprising computer-implemented steps of:

receiving a request, associated with a session, for an operation on the file;

looking in one or more session caches that are associated with said session for an entry that contains permissions metadata for said file;

wherein said one or more session caches store a first set of permissions metadata that has been modified within said session but has not yet been committed for a transaction to a repository;

wherein said permissions metadata for said file includes information that specifies which users can perform which operations on said file;

wherein one or more sets of permissions metadata in said one or more session caches are posted to one or more shared caches in response to committing said one or more sets of permissions metadata, said one or more shared caches having entries that are accessible to multiple sessions;

if said entry is not in said one or more session caches, then performing the steps of;

looking for said entry in said one or more shared caches;

wherein said one or more shared caches store a second set of permissions metadata that has been committed to the repository; and

if said entry is not in said one or more shared caches, then obtaining said permissions metadata for said file from the repository that is different than said one or more session caches and said one or more shared caches; and

using said permissions metadata for said file to determine whether said operation may be performed on said file;

wherein the steps of the method are performed by one or more computer systems.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are provided for performing transaction-aware caching of metadata in an electronic file system. A mechanism is described for providing transaction-aware caching that uses a cache hierarchy, where the cache hierarchy includes uncommitted caches associated with sessions in an application and a committed cache that is shared among the sessions in that application. Techniques are described for caching document metadata, access control metadata and folder path metadata. Also described is a technique for using negative cache entries to avoid unnecessary communications with a server when applications repeatedly request non-existent data.

Citations

30 Claims

1. A method for determining authorization to operate on a file, the method comprising computer-implemented steps of:
- receiving a request, associated with a session, for an operation on the file;
  
  looking in one or more session caches that are associated with said session for an entry that contains permissions metadata for said file;
  
  wherein said one or more session caches store a first set of permissions metadata that has been modified within said session but has not yet been committed for a transaction to a repository;
  
  wherein said permissions metadata for said file includes information that specifies which users can perform which operations on said file;
  
  wherein one or more sets of permissions metadata in said one or more session caches are posted to one or more shared caches in response to committing said one or more sets of permissions metadata, said one or more shared caches having entries that are accessible to multiple sessions;
  
  if said entry is not in said one or more session caches, then performing the steps of;
  
  looking for said entry in said one or more shared caches;
  
  wherein said one or more shared caches store a second set of permissions metadata that has been committed to the repository; and
  
  if said entry is not in said one or more shared caches, then obtaining said permissions metadata for said file from the repository that is different than said one or more session caches and said one or more shared caches; and
  
  using said permissions metadata for said file to determine whether said operation may be performed on said file;
  
  wherein the steps of the method are performed by one or more computer systems.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1 wherein said permissions metadata is modified directly.
  - 3. The method of claim 1 wherein said permissions metadata is modified indirectly.
  - 4. The method of claim 1 wherein said permissions metadata is for one or more users and said one or more users are associated with one or more groups.
  - 5. The method of claim 1, wherein said permissions metadata is for one or more users and said one or more users are associated with one or more groups, wherein a particular user of said one or more users is associated with more than one group, and wherein the method further comprises computer-implemented step of:
    - merging together all permissions metadata for said particular user from said more than one group.
  - 6. The method of claim 1 wherein said entry for said one or more shared caches is populated when said permissions metadata is referenced.
  - 7. The method of claim 1 wherein said entry has an ID column identifying said file and a metadata column containing said permissions metadata.
  - 8. The method of claim 7 wherein said metadata column of said entry in said one or more session caches is populated with modified permissions metadata that was modified by said session.
  - 9. The method of claim 7 wherein said ID column for said one or more session caches is populated when said permissions metadata is modified.
  - 10. The method of claim 7 wherein said ID column for said one or more session caches is populated when said file is modified.
  - 11. The method of claim 7 wherein said metadata column for said one or more session caches is populated when said file is referenced subsequent to said file being modified.
  - 12. The method of claim 7 wherein said metadata column for said one or more session caches is populated when said permissions metadata is referenced subsequent to said permissions metadata being modified.
  - 13. The method of claim 7 wherein said metadata column for said one or more session caches is populated when said file is referenced subsequent to said permissions metadata being modified.
  - 14. The method of claim 7 wherein said metadata column for said one or more session caches is populated when said permissions metadata is referenced subsequent to said file being modified.
  - 15. The method of claim 1, wherein said session is associated with a transaction, and wherein the method further comprises computer-implemented step of:
    - invalidating said entries in said one or more shared caches when said transaction successfully terminates wherein said entries in said one or more shared caches are duplicates of entries in said one or more session caches.

16. A non-transitory computer-readable storage medium storing one or more sequences of instructions for determining authorization to operate on a file, which instructions, when executed by one or more processors, cause the one or more processors to perform:
- receiving a request, associated with a session, for an operation on the file;
  
  looking in one or more session caches that are associated with said session for an entry that contains permissions metadata for said file;
  
  wherein said one or more session caches store a first set of permissions metadata that has been modified within said session but has not yet been committed for a transaction to a repository;
  
  wherein said permissions metadata for said file includes information that specifies which users can perform which operations on said file;
  
  wherein one or more sets of permissions metadata in said one or more session caches are posted to one or more shared caches in response to committing said one or more sets of permissions metadata, said one or more shared caches having entries that are accessible to multiple sessions;
  
  if said entry is not in said one or more session caches, then performing the steps of;
  
  looking for said entry in said one or more shared caches;
  
  wherein said one or more shared caches store a second set of permissions metadata that has been committed to the repository; and
  
  if said entry is not in said one or more shared caches, then obtaining said permissions metadata for said file from the repository that is different than said one or more session caches and said one or more shared caches; and
  
  using said permissions metadata for said file to determine whether said operation may be performed on said file.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 17. The non-transitory computer-readable storage medium of claim 16 wherein said permissions metadata is modified directly.
  - 18. The non-transitory computer-readable storage medium of claim 16 wherein said permissions metadata is modified indirectly.
  - 19. The non-transitory computer-readable storage medium of claim 16 wherein said permissions metadata is for one or more users and said one or more users are associated with one or more groups.
  - 20. The non-transitory computer-readable storage medium of claim 16, wherein said permissions metadata is for one or more users and said one or more users are associated with one or more groups, wherein a particular user of said one or more users is associated with more than one group, and wherein the one or more sequences of instructions further comprise instructions which, when executed by the one or more processors, cause the one or more processors to perform the step of:
    - merging together all permissions metadata for said particular user from said more than one group.
  - 21. The non-transitory computer-readable storage medium of claim 16 wherein said entry for said one or more shared caches is populated when said permissions metadata is referenced.
  - 22. The non-transitory computer-readable storage medium of claim 16 wherein said entry has an ID column identifying said file and a metadata column containing said permissions metadata.
  - 23. The non-transitory computer-readable storage medium of claim 22 wherein said metadata column of said entry in said one or more session caches is populated with modified permissions metadata that was modified by said session.
  - 24. The non-transitory computer-readable storage medium of claim 22 wherein said ID column for said one or more session caches is populated when said permissions metadata is modified.
  - 25. The non-transitory computer-readable storage medium of claim 22 wherein said ID column for said one or more session caches is populated when said file is modified.
  - 26. The non-transitory computer-readable storage medium of claim 22 wherein said metadata column for said one or more session caches is populated when said file is referenced subsequent to said file being modified.
  - 27. The non-transitory computer-readable storage medium of claim 22 wherein said metadata column for said one or more session caches is populated when said permissions metadata is referenced subsequent to said permissions metadata being modified.
  - 28. The non-transitory computer-readable storage medium of claim 22 wherein said metadata column for said one or more session caches is populated when said file is referenced subsequent to said permissions metadata being modified.
  - 29. The non-transitory computer-readable storage medium of claim 22 wherein said metadata column for said one or more session caches is populated when said permissions metadata is referenced subsequent to said file being modified.
  - 30. The non-transitory computer-readable storage medium of claim 16, wherein said session is associated with a transaction, and wherein the one or more sequences of instructions further comprise instructions which, when executed by the one or more processors, cause the one or more processors to perform the step of:
    - invalidating said entries in said one or more shared caches when said transaction successfully terminates wherein said entries in said one or more shared caches are duplicates of entries in said one or more session caches.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Long, David J., Pitfield, David B.
Primary Examiner(s)
Alam, Hosain
Assistant Examiner(s)
HARPER, ELIYAH STONE

Application Number

US12/049,212
Publication Number

US 20080162485A1
Time in Patent Office

2,272 Days
Field of Search

707/999.002, 707/999.003, 707/999.004, 707/999.101, 707/999.102, 707/705
US Class Current

707/705
CPC Class Codes

H04L 63/10   for controlling access to d...

H04L 67/06   specially adapted for file ...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Y10S 707/99952   Coherency, e.g. same view t...

Y10S 707/99953   Recoverability

Transaction-aware caching for access control metadata

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Transaction-aware caching for access control metadata

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links