Method and Apparatus for Creating Custom Access Control Hierarchies

US 20080168530A1
Filed: 01/05/2007
Published: 07/10/2008
Est. Priority Date: 01/05/2007
Status: Active Grant

First Claim

Patent Images

1. A computer implemented process, responsive to an entity attempting to access a resource in a data repository, initiates a view processor component of IBM'"'"'s WEBSPHERE Virtual Member Manager, wherein the view processor performs steps comprising:

retrieving a delegated administration path describing the location of a resource in a custom organizational hierarchy;

identifying a security policy for the resource;

identifying a security policy for an entity attempting to access the resource;

applying the security policy of the entity to the delegated administration path and security policy of the resource; and

sending the delegated administration path with the applied security policies to an authorization engine, so that access to the resource can be granted or denied.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The Custom Access Controller adds a custom security hierarchy to the organizational data in the View Processor of WEBSPHERE Virtual Member Manager. Whenever an entity or application attempts to access a resources the access control engine starts the View Processor to identify the organizational data and assigned security policy for the resource. The assigned security policy is applied to a delegated administration path which is part of the delegated administration hierarchy but includes the appropriate path and security policy for the resource. The delegated administration path is sent to an access control engine that grants or denies access to the resource. A View Processor Interface allows network administrators to create and modify custom security hierarchies.

88 Citations

View as Search Results

18 Claims

1. A computer implemented process, responsive to an entity attempting to access a resource in a data repository, initiates a view processor component of IBM'"'"'s WEBSPHERE Virtual Member Manager, wherein the view processor performs steps comprising:
- retrieving a delegated administration path describing the location of a resource in a custom organizational hierarchy;
  
  identifying a security policy for the resource;
  
  identifying a security policy for an entity attempting to access the resource;
  
  applying the security policy of the entity to the delegated administration path and security policy of the resource; and
  
  sending the delegated administration path with the applied security policies to an authorization engine, so that access to the resource can be granted or denied.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer implemented process of claim 1 further comprising a view processor interface component of IBM'"'"'s WEBSPHERE Virtual Member Manager, wherein the view processor interface performs steps comprising:
    - displaying the delegated administration path with the security policy of the resource graphically;
      
      responsive to a user input, changing the security policy for resource; and
      
      responsive to a user input, creating a custom security policy for the resource.
  - 3. The computer implemented process of claim 1 wherein the organizational hierarchy data and security policy are obtained from more than one data repository.
  - 4. The computer implemented process of claim 1 wherein a first resource in a data repository can have a different delegated administration path than a second resource in the same data repository.
  - 5. The computer implemented process of claim 1 wherein a resource can have more than one delegated administration path.
  - 6. The computer implemented process of claim 5 wherein an application can specify which delegated administration path is sent to the authorization engine for making authorization decisions.

7. An apparatus for responding to an entity attempting to access a resource, the apparatus comprising:
- a processor;
  
  a memory connected to the processor;
  
  an view processor component of IBM'"'"'s WEBSPHERE Virtual Member Manager running in the memory;
  
  a data repository in the memory;
  
  a resource in the data repository;
  
  a custom access controller program in the memory operable to;
  
  retrieve a delegated administration path describing the location of a resource in a custom organizational hierarchy;
  
  identify a security policy for the resource;
  
  identify a security policy for an entity attempting to access the resource;
  
  apply the security policy of the entity to the delegated administration path and security policy of the resource; and
  
  send the delegated administration path with the applied security policies to an authorization engine, so that access to the resource can be granted or denied.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The apparatus of claim 7 further comprising a view processor interface program component of IBM'"'"'s WEB SPHERE Virtual Member Manager in the memory operable to:
    - display the delegated administration path with the security policy of a resource graphically;
      
      responsive to a user input, change the security policy for resource; and
      
      responsive to a user input, create a custom security policy for the resource.
  - 9. The apparatus of claim 7 wherein the organizational hierarchy data and security policy are obtained from more than one data repository.
  - 10. The apparatus of claim 7 wherein a first resource in the data repository can have a different delegated administration path than a second resource in the data repository.
  - 11. The apparatus of claim 7 wherein a resource can have more than one delegated administration path.
  - 12. The apparatus of claim 11 wherein an application can specify which delegated administration path is sent to the authorization engine for making authorization decisions.

13. A computer readable memory containing a plurality of instructions to cause a computer respond to an entity attempting to access a resource using a view processor component of IBM'"'"'s WEBSPHERE Virtual Member Manager, the plurality of instructions comprising:
- a first instruction to retrieve a delegated administration path describing the location of a resource in the organizational hierarchy;
  
  a second instruction to identify a security policy for the resource;
  
  a third instruction to identify a security policy for an entity attempting to access the resource;
  
  a fourth instruction to apply the security policy of the entity to the delegated administration path and security policy of the resource; and
  
  a fifth instruction to send the delegated administration path with the applied security policies to an authorization engine, so that access to the resource can be granted or denied.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer readable memory of claim 13 with a plurality of instructions further comprising:
    - a sixth instruction to display the delegated administration path with security policy for the resource graphically;
      
      a seventh instruction to, responsive to a user input, change the security policy for resource; and
      
      an eighth instruction to, responsive to a user input, create a custom security policy for the resource.
  - 15. The computer readable memory of claim 13 wherein the organizational hierarchy data and security policy are obtained from more than one data repository.
  - 16. The computer readable memory of claim 13 wherein a first resource in the data repository can have a different delegated administration path than a second resource in the data repository.
  - 17. The computer readable memory of claim 13 wherein a resource can have more than one delegated administration path.
  - 18. The computer readable memory of claim 17 wherein an application can specify which delegated administration path is sent to the authorization engine for making authorization decisions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
HCL Technologies Limited
Original Assignee
International Business Machines Corporation
Inventors
Sampathkumar, Govindaraj, Kuehr-McLaren, David G., Mireku, Kwabena, Wong, Janette S.

Granted Patent

US 9,124,602 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/6236   between heterogeneous systems

H04L 63/105   Multiple levels of security

Method and Apparatus for Creating Custom Access Control Hierarchies

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

88 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and Apparatus for Creating Custom Access Control Hierarchies

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

88 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links