System and method for regulating access to objects in a content repository
First Claim
1. A computer-implemented method for regulating access to content within a content management computing system, the content management system comprising a library server computer, a plurality of resource manager server computers operating independently from the library server computer, and a proxy cache server, the method comprising:
- storing content provided to the content management system on a resource manager server within the plurality of resource manager server computers;
storing content access control rules and metadata on the library server for the content provided to the content management system;
caching content provided to clients from the content management system using the proxy cache server, the proxy cache server operating independently from the library server and the resource manager server;
generating an access control token used for controlling access to one or more content items and metadata of the one or more content items within the content management system, wherein the access control token is generated exclusively by the library server using the content access control rules stored for the one or more content items;
providing the server-generated access control token to one or more authorized clients to enable the one or more authorized clients to access the one or more content items and the metadata of the one or more content items;
receiving a request for requested content from a client, the request including a client-provided access control token;
validating, using either of the resource manager server or the proxy cache, the client-provided access control token against the server-generated access control token; and
delivering the requested one or more content items directly from the proxy cache server to the client upon successful validation of the client-provided access control token.
4 Assignments
0 Petitions
Accused Products
Abstract
A content management system integrated with a web caching proxy that delivers content according to access control rules. An access control token is generated using a secret key when a user selects a desired object (to be provided only upon token validation, thus the object retrieval and delivery task can be delegated). However, tokens for other content and/or for other users could be generated by a rogue resource manager. If the desired object is already cached, the proxy asks the resource manager to validate the token and then selectively provides the desired object without contacting a library server. Alternately, the proxy itself performs the token validation, but must coordinate with the library server to ensure it has the latest secret key. Finally, the tokens may contain digital signatures generated with a private key and validated with a corresponding public key, so that private keys need not be distributed.
38 Citations
23 Claims
-
1. A computer-implemented method for regulating access to content within a content management computing system, the content management system comprising a library server computer, a plurality of resource manager server computers operating independently from the library server computer, and a proxy cache server, the method comprising:
-
storing content provided to the content management system on a resource manager server within the plurality of resource manager server computers; storing content access control rules and metadata on the library server for the content provided to the content management system; caching content provided to clients from the content management system using the proxy cache server, the proxy cache server operating independently from the library server and the resource manager server; generating an access control token used for controlling access to one or more content items and metadata of the one or more content items within the content management system, wherein the access control token is generated exclusively by the library server using the content access control rules stored for the one or more content items; providing the server-generated access control token to one or more authorized clients to enable the one or more authorized clients to access the one or more content items and the metadata of the one or more content items; receiving a request for requested content from a client, the request including a client-provided access control token; validating, using either of the resource manager server or the proxy cache, the client-provided access control token against the server-generated access control token; and delivering the requested one or more content items directly from the proxy cache server to the client upon successful validation of the client-provided access control token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A content management system, comprising:
-
a library server that stores content access control rules and metadata for the content provided to the content management system a plurality of resource manager servers that store content provided to the content management system; and a proxy cache server that caches content provided to clients from the content management system, the proxy cache server operating independently from the library server and the resource manager server; wherein access to content within the content management system is regulated by the content management system performing the steps of; generating an access control token used for controlling access to one or more content items and metadata of the one or more content items within the content management system, wherein the access control token is generated exclusively by the library server using the content access control rules stored for the one or more content items; providing the server-generated access control token to one or more authorized clients to enable the one or more authorized clients to access the one or more content items and the metadata of the one or more content items; receiving a request for requested content from a client, the request including a client-provided access control token; validating, using either of the resource manager server or the proxy cache, the client-provided access control token against the server-generated access control token; and delivering the requested one or more content items directly from the proxy cache server to the client upon successful validation of the client-provided access control token. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A content management system, comprising:
-
means for storing content access control rules and metadata for the content provided to the content management system; means for storing content provided to the content management system; and means for caching content provided to clients from the content management system, the means for caching content operating independently from the means for storing content access control rules and metadata and the means for storing content; wherein access to content within the content management system is regulated by the content management system performing the steps of; generating an access control token used for controlling access to one or more content items and metadata of the one or more content items within the content management system, wherein the access control token is generated exclusively by the means for storing content access control rules and metadata using the content access control rules stored for the one or more content items; providing the server-generated access control token to one or more authorized clients to enable the one or more authorized clients to access the one or more content items and the metadata of the one or more content items; receiving a request for requested content from a client, the request including a client-provided access control token; validating, using either of the means for storing content or the means for caching content, the client-provided access control token against the server-generated access control token; and delivering the requested one or more content items from the means for caching content to the client upon successful validation of the client-provided access control token.
-
-
22. A computer program product comprising a machine-readable medium having computer-executable program instructions thereon for content management, including:
-
a first code means for storing content provided to a content management system on a resource manager server within a plurality of resource manager servers; a second code means for storing content access control rules and metadata on a library server for the content provided to the content management system; a third code means for caching content provided to clients from the content management system using a proxy cache server, the proxy cache server operating independently from the library server and the resource manager server; a fourth code means for generating an access control token used for controlling access to one or more content items and metadata of the one or more content items within the content management system, wherein the access control token is generated exclusively by the library server using the content access control rules stored for the one or more content items; a fifth code means for providing the server-generated access control token to one or more authorized clients to enable the one or more authorized clients to access the one or more content items and the metadata of the one or more content items; a sixth code means for a request for requested content from a client, the request including a client-provided access control token; a seventh code means for validating, using either of the resource manager server or the proxy cache, the client-provided access control token against the server-generated access control token; and an eighth code means for delivering the requested one or more content items directly from the proxy cache server to the client upon successful validation of the client-provided access control token.
-
-
23. A computer-implemented business service method enabling enhanced content management and distribution in electronic commerce, comprising:
-
storing content provided to a content management system on a resource manager server within a plurality of resource manager server computers; storing content access control rules and metadata on a library server for the content provided to the content management system; caching content provided to clients from the content management system using a proxy cache server, the proxy cache server operating independently from the library server and the resource manager server; generating an access control token used for controlling access to one or more content items and metadata of the one or more content items within the content management system, wherein the access control token is generated exclusively by the library server using the content access control rules stored for the one or more content items; providing the server-generated access control token to one or more authorized clients to enable the one or more authorized clients to access the one or more content items and the metadata of the one or more content items; receiving a request for requested content from a client, the request including a client-provided access control token; validating, using either of the resource manager server or the proxy cache, the client-provided access control token against the server-generated access control token; and delivering the requested one or more content items directly from the proxy cache server to the client upon successful validation of the client-provided access control token.
-
Specification