Distributed environment controlled access facility
First Claim
Patent Images
1. A method for controlling access to an application in a distributed computer networked environment, the networked environment comprising an application area and a distributed access control facility, comprising the steps of:
- submitting a user request for access to an application;
issuing through the application the request to the distributed access control facility along with pertinent user information;
performing a separation of duties check based on a separation of duties matrix which is defined prior to entitlements being made available for access requests so that separation of duty check can be automatically performed and involved in checking cross-entitlements to identify a conflict before the separation of duties matrix can be used for an entitlement request approval process;
determining the type of user;
seeking separation of duties approval based on type of user; and
providing for an override of the separation of duties check if the user failed the separation of duties check.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer implemented web based access control facility for a distributed environment, which allows users to request for access, take the request through appropriate approval work flow and finally make it available to the users and applications. This program also performs an automatic task of verifying the health of data, access control data as well as the entitlements, to avoid malicious user access. The system also provides an active interface to setup a backup, to delegate the duty in absence. Thus this system provides a comprehensive facility to grant, re-certify and control the entitlements and users in a distributed environment.
24 Citations
12 Claims
-
1. A method for controlling access to an application in a distributed computer networked environment, the networked environment comprising an application area and a distributed access control facility, comprising the steps of:
-
submitting a user request for access to an application; issuing through the application the request to the distributed access control facility along with pertinent user information; performing a separation of duties check based on a separation of duties matrix which is defined prior to entitlements being made available for access requests so that separation of duty check can be automatically performed and involved in checking cross-entitlements to identify a conflict before the separation of duties matrix can be used for an entitlement request approval process; determining the type of user; seeking separation of duties approval based on type of user; and providing for an override of the separation of duties check if the user failed the separation of duties check. - View Dependent Claims (2, 3, 4)
-
-
5. A method for controlling access to an application in a distributed computer networked environment, the networked environment comprising an application area and a distributed access control facility, comprising the steps of:
-
attempting through a user to access the application in the application area; requesting through the application area information regarding the user; sending through the application area an authorization request; comparing the information received from the application area and the application to information created in the distributed access control facility in an access repository, wherein said comparing includes a separation of duties check using a separation of duties matrix which is defined prior to entitlements being made available for access requests so that separation of duty check can be automatically performed and involved in checking cross-entitlements to identify a conflict before the separation of duties matrix can be used for an entitlement request approval process; sending the results of such comparison to the application; and having the application grant access to the application based on the results of such comparison. - View Dependent Claims (6, 7, 8)
-
-
9. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for controlling access to an application in a distributed computer networked environment, the networked environment comprising an application area and a distributed access control facility, the method comprising the steps of:
-
attempting through a user to access the application in the application area; requesting through the application area information regarding the user; sending through the application area an authorization request; comparing the information received from the application area and the application to information created in the distributed access control facility in an access repository, wherein said comparing includes a separation of duties check using a separation of duties matrix; sending the results of such comparison to the application which is defined prior to entitlements being made available for access requests so that separation of duty check can be automatically performed and involved in checking cross-entitlements to identify a conflict before the separation of duties matrix can be used for an entitlement request approval process; and having the application grant access to the application based on the results of such comparison. - View Dependent Claims (10, 11, 12)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsJindani, Rahul, Krishnamurthy, Jay, Peachey-Kountz, Penny J., Kannoth, Vinod, Kanwar, Deepak, McKee, Gregory L., Mehta, Sandeep, Ravipati, Ravi K., Kanwar, Rinku
-
Primary Examiner(s)Chai; Longbit
-
Application NumberUS10/249,623Publication NumberTime in Patent Office2,056 DaysField of Search726/4US Class Current726/4CPC Class CodesH04L 63/102 Entity profiles
