Distributed administration of access to information and interface for same
First Claim
1. A graphical user interface for an An access control system that controls access by users to information resources according to an access policy that is defined using definitions of user subsets of the users made explicitly for access control, definitions of information subsets of the information resources made explicitly for access control, and explicit access policy definitions indicating which user subsets may access which information subsets, the graphical user interface system comprising:
- a processor;
a computing device configured to display upon which is displayed a graphical user interface via a display device, the graphical user interface comprising;
a list of previously-defined user subsets, a list of previously-defined information subsets, and a list of previously-defined access policies, and at least an indication of a create status of the previously-defined access policy operation policies, the indication visually indicating whether the policies are currently active; and
a selection device for selecting a user subset from the list thereof, an information subset from the list thereof, and the indication at least one of the create previously-defined access policy operation policies, the access control system responding to the selection of the user subset, the information subset, and the indication of the create access at least one policy operation by defining applying the at least one policy to at least one of the previously-defined access policies to define a new access policy for the selected user subset and the selected information subset.
12 Assignments
0 Petitions
Accused Products
Abstract
A scalable access filter that is used together with others like it in a virtual private network to control access by users at clients in the network to information resources provided by servers in the network. Each access filter use a local copy of an access control data base to determine whether an access request made by a user. Changes made by administrators in the local copies are propagated to all of the other local copies. Each user belongs to one or more user groups and each information resource belongs to one or more information sets. Access is permitted or denied according to of access policies which define access in terms of the user groups and information sets. The rights of administrators are similarly determined by administrative policies. Access is further permitted only if the trust levels of a mode of identification of the user and of the path in the network by which the access is made are sufficient for the sensitivity level of the information resource. If necessary, the access filter automatically encrypts the request with an encryption method whose trust level is sufficient. The first access filter in the path performs the access check and encrypts and authenticates the request; the other access filters in the path do not repeat the access check.
186 Citations
16 Claims
-
1. A graphical user interface for an An access control system that controls access by users to information resources according to an access policy that is defined using definitions of user subsets of the users made explicitly for access control, definitions of information subsets of the information resources made explicitly for access control, and explicit access policy definitions indicating which user subsets may access which information subsets, the graphical user interface system comprising:
-
a processor;
a computing device configured to display upon which is displayed a graphical user interface via a display device, the graphical user interface comprising;
a list of previously-defined user subsets, a list of previously-defined information subsets, and a list of previously-defined access policies, and at least an indication of a create status of the previously-defined access policy operation policies, the indication visually indicating whether the policies are currently active; and a selection device for selecting a user subset from the list thereof, an information subset from the list thereof, and the indication at least one of the create previously-defined access policy operation policies, the access control system responding to the selection of the user subset, the information subset, and the indication of the create access at least one policy operation by defining applying the at least one policy to at least one of the previously-defined access policies to define a new access policy for the selected user subset and the selected information subset. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14, 15, 16)
-
-
11. A graphical user interface for an An administrative access control system that permits a user who belongs to an administrative subset of users to administer a set of objects according to an administrative policy that is defined using an explicit definition of the set of objects and an explicit definition of the administrative subset,
the graphical user interface system comprising: -
a processor;
a display upon which is displayed device configured to present a graphical user interface comprising;
a list which indicates the set of objects that may be administered by the user according to the administrative policy and an indication of an a status of a previously-defined administration operation, the indication visually indicating; a type of the previously-defined administration operation, and whether the policy is currently active; and a selection device for selecting an object from the list thereof and the indication of the status of the previously-defined administration operation, the administrative access control system responding to the selection of the object and the indication of the status of the previously-defined administration operation by performing the administration operation with regard to the object.
-
Specification