Access control system and methods
First Claim
1. An access control system, for exercising access control upon receipt of a request to access an object that is an information resource, comprising:
- an access request determination unit for, in accordance with said access request, employing an access control rule defining an access right for said object to determine whether or not access to said object should be permitted;
an object storage unit for storing said access control rule for said object; and
an object manager configured to extract from the object storage unit an access control tagged object that represents the access control rule for the object;
wherein, upon receipt of a request to access an access control rule, said access request determination unit determines whether or not access to said access control rule should be permitted.
5 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides access control methods, apparatus and systems that employ an access control rule and that does not distinguish between data and the access control rule, so that the same flexible access control that is available for the data can also be provided for the access control rule. In an example embodiment, an access control system comprises: an access controller for, in accordance with the access request, employing an access control rule defining an access right for the object to determine whether or not access to the object should be permitted; and an object storage unit for storing a set of access control rules as objects equivalent to common data objects, wherein, upon the receipt of a request to access an access control rule, the access controller determines whether or not access to the access control rule should be permitted.
12 Citations
23 Claims
-
1. An access control system, for exercising access control upon receipt of a request to access an object that is an information resource, comprising:
-
an access request determination unit for, in accordance with said access request, employing an access control rule defining an access right for said object to determine whether or not access to said object should be permitted; an object storage unit for storing said access control rule for said object; and an object manager configured to extract from the object storage unit an access control tagged object that represents the access control rule for the object; wherein, upon receipt of a request to access an access control rule, said access request determination unit determines whether or not access to said access control rule should be permitted. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An access control system, for exercising access control upon the receipt of a request to access a specific information resource, comprising:
-
storage means, for storing an access control rule that defines an access right for said specific information resource and a higher level control rule that defines an access right for said access control rule; and determination means, for employing said higher level control rule, in accordance with a request to access said access control rule, to determine whether access to said access control rule should be permitted, wherein a higher level control rule for controlling access to another access control rule is included as said access control rule stored in said storage means; and an object manager means configured to extract from the object storage unit an access control tagged object that represents the access control rule for the object. - View Dependent Claims (8, 9, 10)
-
-
11. An access control system, for receiving a tagged object, having a tag that represents control information for data elements, and for exercising access control for said tagged object, comprising:
-
access control rule storage means, for storing a set of access control rules each for defining an access right for said tagged object; and an access request determination means, for employing one of said access control rules to determine, in accordance with said access request, whether access to said tagged object should be permitted, wherein said access control rules stored in said access control rule storage means are written as tagged objects, for which said tags each represent control information for controlling the elements of said access control rule, and wherein said access request determination means, in accordance with said access request for said access control rule, determines whether access to said access control rule, which is said tagged object, should be permitted. - View Dependent Claims (12, 13, 14)
-
-
15. A server for receiving an access request from a client and for, in accordance with said access request, processing an object that is a target of said access request comprising:
-
an access request determination unit, for determining, based on an access control rule defining an access right for said object, whether the accessing of said object should be permitted; and an object processor, for performing corresponding processing for said object in accordance with access permission granted by said access request determination unit; and an object storage unit for storing, as an object, said access control rule for said object, and an object manager configured to extract from the object storage unit an access control tagged object that represents the access control rule for the object; wherein said access request determination unit, in accordance with an access request for said access control rule, determines whether the accessing of said access control rule should be permitted. - View Dependent Claims (16, 17)
-
-
18. An access control method, for exercising access control upon the receipt of an access request for an object that is an information resource, comprising the steps of:
-
sorting general data objects into tagged objects and untagged objects; receiving an access request for an access control rule that is an object; obtaining an access control rule defining an access right for said object targeted by said access request; determining, based on said access control rule, whether the accessing of said object should be permitted; and determining, in accordance with said access request for said access control rule, whether access to said access control rule should be permitted. - View Dependent Claims (19, 20)
-
-
21. An access control method, for exercising access control upon the receipt of an access request for a tagged object, which has a tag that represents information for controlling elements of data, comprising the steps of:
-
holding information for an access control rule for said tagged object upon said receipt of an access request for said tagged object; obtaining, upon the receipt of an access request for an un-tagged object, which accompanies said tagged object, said access control rule for said tagged object based on said information that is held at said step of holding said information concerning said access control rule; and employing said access control rule to determine whether the accessing of said un-tagged object should be permitted; and determining, in accordance with said access request for said access control rule, whether access to said access control rule should be permitted.
-
-
22. A storage medium on which is stored on a computer-readable program, which permits said computer to perform processes comprising:
-
a process for sorting general data objects into tagged objects and untagged objects; a process for receiving an access request for an access control rule that is an object; a process for obtaining an access control rule defining an access right for said object targeted by said access request; a process for determining, based on said access control rule, whether the accessing of said object should be permitted; and a process for determining, in accordance with said access request for said access control rule, whether access to said access control rule should be permitted.
-
-
23. A program transmission apparatus comprising:
-
storage means for storing a computer-readable program, which permits said computer to perform processes comprising; a process for sorting general data objects into tagged objects and untagged objects; a process for receiving an access request for an access control rule that is an object, a process for obtaining an access control rule defining an access right for said object targeted by said access request, a process for determining, based on said access control rule, whether the accessing of said object should be permitted; transmission means for reading said program from said storage means and for transmitting said program; and a process for determining, in accordance with said access request for said access control rule, whether access to said access control rule should be permitted.
-
Specification