Method and system for authorization and access control delegation in an on demand grid environment

US 8,935,417 B2
Filed: 04/01/2008
Issued: 01/13/2015
Est. Priority Date: 06/15/2006
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for dynamic delegation of control in a grid computing environment comprising:

granting authority of a grid node, by a computing device, to a moderator by a superauthority, wherein said superauthority grants a specific credentialed authorization certificate to said moderator;

admitting, by said computing device, said moderator to said grid node based on said grid node checking that said specific credentialed authorization certification of said moderator is valid and signed by said superauthority;

modifying, by said computing device, an access control list of said grid node by said moderator; and

inviting, by said grid node, other entities listed on said access control list to access said grid node,wherein said moderator controls said inviting of said other entities by modifying said access control list without contact with said superauthority,wherein said grid node enables real time collaboration between different entities in said grid computing environment that virtualizes geographically distributed heterogeneous computing resources as a unified whole.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The method of the invention provides for dynamic on-demand delegation of control and access in a grid computing environment comprising granting authority of a grid node to a first moderator by a superauthority; admitting the first moderator to the grid node; modifying the access control list of the grid node by the first moderator; inviting other entities listed on the access control list to access the grid node; and issuing a unique authorization certificate to each of the other entities, wherein the first moderator controls the inviting of the other entities without contact with or accessing to the superauthority for certification.

Citations

15 Claims

1. A computer-implemented method for dynamic delegation of control in a grid computing environment comprising:
- granting authority of a grid node, by a computing device, to a moderator by a superauthority, wherein said superauthority grants a specific credentialed authorization certificate to said moderator;
  
  admitting, by said computing device, said moderator to said grid node based on said grid node checking that said specific credentialed authorization certification of said moderator is valid and signed by said superauthority;
  
  modifying, by said computing device, an access control list of said grid node by said moderator; and
  
  inviting, by said grid node, other entities listed on said access control list to access said grid node,wherein said moderator controls said inviting of said other entities by modifying said access control list without contact with said superauthority,wherein said grid node enables real time collaboration between different entities in said grid computing environment that virtualizes geographically distributed heterogeneous computing resources as a unified whole.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein said modifying comprising adding or deleting said other entities on said access control list.
  - 3. The method of claim 1, further comprising issuing a unique authorization certificate to each of said other entities.
  - 4. The method of claim 1, further comprising delegating privileged users by said moderator, wherein said moderator controls said delegating privileged users without contact with said superauthority.
  - 5. The method of claim 4, wherein said modifying of said access control list is performed by either said moderator or said privileged users.
  - 6. The method of claim 4, wherein said delegating of said privileged users is performed by said moderator or privileged users.

7. A computer-implemented method for dynamic delegation of control in a grid computing environment comprising:
- granting authority of a grid node, by a computing device, to a moderator by a superauthority, wherein said superauthority grants a specific credentialed authorization certificate to said moderator;
  
  admitting, by said computing device, said moderator to said grid node based on said grid node checking that said specific credentialed authorization certification of said moderator is valid and signed by said superauthority;
  
  modifying, by said computing device, an access control list of said grid node by said moderator;
  
  inviting, by said grid node, other entities listed on said access control list to access said grid node; and
  
  issuing, by said computing device, a unique authorization certificate to each of said other entities that is authenticated by said grid node,wherein said moderator controls said inviting of said other entities by modifying said access control list without contact with said superauthority,wherein said grid node enables real time collaboration between different entities in said grid computing environment that virtualizes geographically distributed heterogeneous computing resources as a unified whole.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7, wherein said modifying comprising adding or deleting said other entities on said access control list.
  - 9. The method of claim 7, further comprising delegating privileged users by said moderator, wherein said moderator controls said delegating privileged users without contact with said superauthority.
  - 10. The method of claim 9, wherein said modifying of said access control list is performed by either said moderator or said privileged users.
  - 11. The method of claim 9, wherein said delegating of said privileged users is performed by said moderator or said privileged users.

12. A non-transitory computer program product readable by machine, tangibly embodying a program of instructions executable by said machine to perform a method for dynamic delegation of control in a grid computing environment, said method comprising:
- granting authority of a grid node to a moderator by a superauthority, wherein said superauthority grants a specific credentialed authorization certificate to said moderator;
  
  admitting said moderator to said grid node based on said grid node checking that said specific credentialed authorization certification of said moderator is valid and signed by said superauthority;
  
  modifying an access control list of said grid node by said moderator wherein said modifying comprises one of adding and deleting other entities on said access control list;
  
  inviting, by said grid node, said other entities listed on said access control list to access said grid node; and
  
  issuing a unique authorization certificate to each of said other entities that are authenticated by said grid node,wherein said moderator controls said inviting of said other entities by modifying said access control list without contact with said superauthority,wherein said grid node enables real time collaboration between different entities in said grid computing environment that virtualizes geographically distributed heterogeneous computing resources as a unified whole.
- View Dependent Claims (13, 14, 15)
- - 13. The non-transitory computer program product of claim 12, further comprising delegating privileged users by said moderator, wherein said moderator controls said delegating privileged users without contact with said superauthority.
  - 14. The non-transitory computer program product of claim 13, wherein said modifying of said access control list is performed by either said moderator or said privileged users.
  - 15. The non-transitory computer program product of claim 13, wherein said delegating of said privileged users is performed by said moderator or said privileged users.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Boutboul, Irwin
Primary Examiner(s)
SHINGLES, KRISTIE D

Application Number

US12/060,299
Publication Number

US 20080183872A1
Time in Patent Office

2,478 Days
Field of Search

709/217, 709/225, 709/226, 709/229, 709/223
US Class Current

709/229
CPC Class Codes

H04L 41/044   comprising hierarchical man...

H04L 41/28   Restricting access to netwo...

H04L 63/0823   using certificates cryptogr...

H04L 63/101   Access control lists [ACL]

Method and system for authorization and access control delegation in an on demand grid environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for authorization and access control delegation in an on demand grid environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links