METHODS AND SYSTEMS FOR SPECIFYING AND ENFORCING ACCESS CONTROL IN A DISTRIBUTED SYSTEM
First Claim
1. In a system having a plurality of servers providing, to one or more principals, access to protected objects, a method of specifying and facilitating the consistent enforcement of access control policies associated with the protected objects, the method comprising:
- (a) receiving a request from a principal to access a protected object, the protected object associated with an access control list comprising a time-invariant list of group identifiers;
(b) evaluating the transitive closure of the list of group identifiers comprising the access list associated with the protected object to identify at least one principal authorized to access the protected object; and
(c) determining that the requesting principal is represented in the closure of the access control list; and
(d) providing the requesting principal access to the protected object.
15 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for controlling access to objects of a distributed computing environment are described. In one configuration, a computing device receives a request from a principal to access a protected object and evaluating the transitive closure of the list of group identifiers. The protected object is associated with an access control list and has a time-invariant list of group identifiers. The list of group identifiers includes the access list is associated with the protected object to identify at least one principal authorized to access the protected object.
82 Citations
13 Claims
-
1. In a system having a plurality of servers providing, to one or more principals, access to protected objects, a method of specifying and facilitating the consistent enforcement of access control policies associated with the protected objects, the method comprising:
-
(a) receiving a request from a principal to access a protected object, the protected object associated with an access control list comprising a time-invariant list of group identifiers;
(b) evaluating the transitive closure of the list of group identifiers comprising the access list associated with the protected object to identify at least one principal authorized to access the protected object; and
(c) determining that the requesting principal is represented in the closure of the access control list; and
(d) providing the requesting principal access to the protected object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 10, 13)
-
-
9. A system having a plurality of servers providing protected objects to one or more principals, the system implementing consistent enforcement of access control policies associated with the protected objects, a server comprising:
-
means for receiving a request from a principal to access a protected object, the protected object associated with an access control list comprising a time-invariant list of group identifier;
means for evaluating the transitive closure of the access control list associated with the protected object to identify at least one principal authorized to access the protected object;
means for determining that the requesting principal is represented in the closure of the access control list; and
means for providing the requesting principal access to the protected objected. - View Dependent Claims (11, 12)
-
Specification