Method and system for displaying and managing security information
First Claim
1. A method in a computer system for displaying allowed-to-authenticate information, the method comprising:
- a. receiving a selection of a security object that is an entity;
b. retrieving allowed-to-authenticate information for the selected security object, the information identifying the entity, a resource, and an action wherein when the entity attempts to authenticate to the resource the action indicates whether to allow or deny the attempt to authenticate to the resource; and
c. displaying an indication of the selected security object along with the retrieved allowed-to-authenticate information;
d. wherein the allowed-to-authenticate information is retrieved from an auxiliary security store that is used when providing a user interface for viewing the allowed-to-authenticate information and that is separate from a main security store used by a security mechanism when an entity attempts to authenticate to a resource, the auxiliary security store and the master security store having different data organizations that are adapted for accessing the allowed-to authenticate information, the auxiliary security store adapted for accessing allowed-to authenticate information for an entity and the master security store adapted for accessing allowed-to authenticate information for a resource.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for managing security information for a domain of computer systems is provided. The security system displays security information for a selected security object, such as a user or a computer system. The security system initially retrieves security information that includes security specifications that each has the identification of an entity, a resource, and an access right for the selected security object. The security system then displays an identification of the entity and the resource along with the access right for each security specification. When the security information is stored in a security store (i.e., the main security store) by resource and, for each resource, the entities that have access rights to that resource, the security system may use an auxiliary security store to facilitate the retrieval of the security information.
3 Citations
31 Claims
-
1. A method in a computer system for displaying allowed-to-authenticate information, the method comprising:
-
a. receiving a selection of a security object that is an entity; b. retrieving allowed-to-authenticate information for the selected security object, the information identifying the entity, a resource, and an action wherein when the entity attempts to authenticate to the resource the action indicates whether to allow or deny the attempt to authenticate to the resource; and c. displaying an indication of the selected security object along with the retrieved allowed-to-authenticate information; d. wherein the allowed-to-authenticate information is retrieved from an auxiliary security store that is used when providing a user interface for viewing the allowed-to-authenticate information and that is separate from a main security store used by a security mechanism when an entity attempts to authenticate to a resource, the auxiliary security store and the master security store having different data organizations that are adapted for accessing the allowed-to authenticate information, the auxiliary security store adapted for accessing allowed-to authenticate information for an entity and the master security store adapted for accessing allowed-to authenticate information for a resource. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method in a computer system for maintaining security information, the method comprising:
-
e. providing a main security store for a domain, the main security store containing entries for resources of the domain, each entry for a resource identifying entities and an access right of each entity to the resource; f. providing an auxiliary security store for the domain, the auxiliary security store containing entries for entities, each entry for an entity identifying a resource and access right of the entity to the resource; g. receiving from a user a selection of a security object; h. retrieving from the auxiliary security store entries relating to the selected security object; and i. displaying the entities, resources, and access rights of the retrieved entries j. wherein the provided main security store is used when verifying access rights of an entity to a resource and k. wherein the auxiliary security store and the main security store have different data organizations that are adapted for accessing the security information, the auxiliary security store adapted for accessing security information for an entity and the main security store adapted for accessing security information for a resource. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer system for displaying security information, comprising:
-
l. a component that receives a selection of a security object that is a source; m. a component that retrieves security information for the selected security object, the security information identifying the source, a destination, and an access right wherein when the source attempts to access to the destination, the access right is used to control access to the destination; and n. a component that displays an indication of the source, destination, and access right of the retrieved security information; o. wherein the security information is retrieved from an auxiliary security store that is used when providing a user interface for viewing the security information and that is separate from a main security store used by a security mechanism when a source attempts to authenticate to a destination, the auxiliary security store and the master security store having different data organizations that are adapted for accessing the security information, the auxiliary security store being adapted for accessing security information for a source and the main security store being adapted for accessing security information for a destination. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A computer system for maintaining security information, comprising:
-
p. a main security store for a domain, the main security store containing entries for resources of the domain, each entry for a resource identifying entities and an access right of each entity to the resource; q. an auxiliary security store for the domain, the auxiliary security store containing entries for entities of the domain, each entry for an entity having security specifications that each identify an access right of the entity to a resource; r. a component that displays entities, resources, and access rights retrieved from the auxiliary security store; and s. a component that uses the main security store to verify access rights when an entity attempts to access a resource t. wherein the auxiliary security store and the main security store have different data organizations that are adapted for accessing the security information, the auxiliary security store adapted for accessing security information for an entity and the main security store adapted for accessing security information for a resource. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31)
-
Specification