Simplifying determination of the groups to which users belong when using dynamic groups

US 8,150,876 B2
Filed: 02/11/2009
Issued: 04/03/2012
Est. Priority Date: 02/11/2009
Status: Active Grant

First Claim

Patent Images

1. A computing system comprising:

an identity management server to process membership requests related to a plurality of dynamic groups based on a user data and a plurality of rules;

a collaboration system to execute an application requiring a set of dynamic groups to which a user belongs, wherein said set of dynamic groups is contained in said plurality of dynamic groups; and

a search tool operable to;

receive a plurality of rules and a user data, said user data containing a set of attributes and corresponding values related to each of a plurality of users, each of said plurality of rules specifying a corresponding criteria to be used to include each user as a member of a corresponding dynamic group,said criteria specifying at least one attribute and a corresponding condition with respect to the condition to be satisfied for a user to be included in the corresponding dynamic group;

maintain a cache data indicating which of a plurality of users are members of which of said plurality of dynamic groups, wherein the members of each group are determined by checking whether the value of an attribute for the corresponding user in said user data satisfies the condition contained in the criteria for being included in the corresponding dynamic group;

receive a membership request from said application, said membership request requesting said set of dynamic groups to which said user belongs,said membership request including an identifier of said user to indicate that the set of dynamic groups to which said user belongs, is being requested;

examine said cache data to determine said set of dynamic groups to which said user belongs; and

send a response to said application indicating that said user belongs to said set of dynamic groups,wherein said cache data is maintained before said search tool receives said membership request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A search tool provided according to an aspect of the present invention maintains a cache data indicating which users are members of which dynamic groups. When a membership request is received requesting a set of dynamic groups to which a user belongs, the search tool examines the cache data to determine the set of dynamic groups to which the user belongs and sends the determined groups as a response to the membership request. According to another aspect of the present invention, the search tool may store an include list and an exclude list, respectively indicating the users to be included and excluded from each dynamic group. The lists are inspected in forming the set of dynamic groups to which the user belongs.

15 Citations

View as Search Results

21 Claims

1. A computing system comprising:
- an identity management server to process membership requests related to a plurality of dynamic groups based on a user data and a plurality of rules;
  
  a collaboration system to execute an application requiring a set of dynamic groups to which a user belongs, wherein said set of dynamic groups is contained in said plurality of dynamic groups; and
  
  a search tool operable to;
  
  receive a plurality of rules and a user data, said user data containing a set of attributes and corresponding values related to each of a plurality of users, each of said plurality of rules specifying a corresponding criteria to be used to include each user as a member of a corresponding dynamic group,said criteria specifying at least one attribute and a corresponding condition with respect to the condition to be satisfied for a user to be included in the corresponding dynamic group;
  
  maintain a cache data indicating which of a plurality of users are members of which of said plurality of dynamic groups, wherein the members of each group are determined by checking whether the value of an attribute for the corresponding user in said user data satisfies the condition contained in the criteria for being included in the corresponding dynamic group;
  
  receive a membership request from said application, said membership request requesting said set of dynamic groups to which said user belongs,said membership request including an identifier of said user to indicate that the set of dynamic groups to which said user belongs, is being requested;
  
  examine said cache data to determine said set of dynamic groups to which said user belongs; and
  
  send a response to said application indicating that said user belongs to said set of dynamic groups,wherein said cache data is maintained before said search tool receives said membership request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computing system of claim 1, wherein said search tool maintains said cache data as tables in a database server,to perform said examine, said search tool being operable to form and execute a structured query language (SQL) query on said database server to determine said set of dynamic groups to which said user belongs.
  - 3. The computing system of claim 2, wherein said cache data is stored in a table containing respective columns for the identifier of a dynamic group and the identifier of a user, wherein each row of said table indicates the dynamic group to which the user belongs,wherein said SQL query is of the formSELECT GroupFROM MemberListWHERE MemberName=‘
    - UserName’
      
      wherein Group and MemberName are names of said respective columns, MemberList is the name of said table, and UserName is a place holder for the identifier of said user.
  - 4. The computing system of claim 1, said search tool is further operable to:
    - store an include list and an exclude list, respectively indicating a corresponding set of users to be included and excluded for each dynamic group; and
      
      inspect said include list and said exclude list to determine whether any dynamic groups are to be respectively included in and excluded from said set of dynamic groups for said user.
  - 5. The computing system of claim 4, wherein said search tool performs said inspect after said examine.
  - 6. The computing system of claim 4, wherein said examine and said inspect are performed using a single SQL query.
  - 7. The computing system of claim 1, wherein to perform said maintain, said search tool is operable to:
    - receive a notification from said identity management server upon any change to said user data or said plurality of rules; and
      
      update said cache data according to the change indicated in said notification,wherein said update is also performed prior to receiving membership requests such that each membership request is processed based on the cache data maintained prior to receiving of the corresponding membership request.
  - 8. The computing system of claim 7, wherein said search tool is provided within said identity management server.
  - 9. The computing system of claim 1, wherein said search tool receives said user data and said plurality of rules from a directory server, whereby said user data and said plurality of rules are present as respective data prior to said receive and said maintain.

10. A method of determining dynamic groups to which users belong, said method comprising:
- receiving a plurality of rules and a user data, said user data containing a set of attributes and corresponding values related to each of a plurality of users, each of said plurality of rules specifying a corresponding criteria to be used to include each user as a member of a corresponding dynamic group,said criteria specifying at least one attribute and a corresponding condition with respect to the condition to be satisfied for a user to be included in the corresponding dynamic group;
  
  maintaining a cache data indicating which of a plurality of users are members of which of a plurality of dynamic groups, wherein the members of each group are determined by checking whether the value of an attribute for the corresponding user in said user data satisfies the condition contained in the criteria for being included in the corresponding dynamic group;
  
  receiving a membership request requesting a set of dynamic groups to which a user belongs,said membership request including an identifier of said user to indicate that the set of dynamic groups to which said user belongs, is being requested;
  
  examining said cache data to determine said set of dynamic groups to which said user belongs; and
  
  sending a response to said membership request indicating that said user belongs to said set of dynamic groups,wherein said maintaining is performed prior to receiving said membership request.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of claim 10, wherein said maintaining maintains said cache data as tables in a database server,wherein said examining comprises forming and executing an structured query language (SQL) query on said database server to determine said set of dynamic groups to which said user belongs.
  - 12. The method of claim 10, further comprising:
    - storing an include list and an exclude list, respectively indicating a corresponding set of users to be included and excluded for each dynamic group; and
      
      inspecting said include list and said exclude list to determine whether any dynamic groups are to be respectively included in and excluded from said set of dynamic groups for said user.
  - 13. The method of claim 12 wherein said examining and said inspecting are performed using a single SQL query.
  - 14. The method of claim 10, wherein said maintaining is performed in a search tool external to said identity management server, said maintaining further comprising:
    - receiving a notification from said identity management server upon any change to said user data or said plurality of rules; and
      
      updating said cache data in said search tool according to the change indicated in said notification,wherein said update is also performed prior to receiving membership requests such that each membership request is processed based on the cache data maintained prior to receiving of the corresponding membership request.
  - 15. The method of claim 10, wherein said search tool receives said user data and said plurality of rules from a directory server, whereby said user data and said plurality of rules are present as respective data prior to said receive and said maintain.

16. A machine readable medium carrying one or more sequences of instructions for causing a system to determine dynamic groups to which users belong, wherein execution of said one or more sequences of instructions by one or more processors contained in said system causes said system to perform the actions of:
- receiving a plurality of rules and a user data, said user data containing a set of attributes and corresponding values related to each of a plurality of users, each of said plurality of rules specifying a corresponding criteria to be used to include each user as a member of a corresponding dynamic group,said criteria specifying at least one attribute and a corresponding condition with respect to the condition to be satisfied for a user to be included in the corresponding dynamic group;
  
  maintaining a cache data indicating which of a plurality of users are members of which of a plurality of dynamic groups, wherein the members of each group are determined by checking whether the value of an attribute for the corresponding user in said user data satisfies the condition contained in the criteria for being included in the corresponding dynamic group;
  
  receiving a membership request requesting a set of dynamic groups to which a user belongs,said membership request including an identifier of said user to indicate that the set of dynamic groups to which said user belongs, is being requested;
  
  examining said cache data to determine said set of dynamic groups to which said user belongs; and
  
  sending a response to said membership request indicating that said user belongs to said set of dynamic groups,wherein said maintaining is performed prior to receiving said membership request.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The machine readable medium of claim 16, wherein said maintaining maintains said cache data as tables in a database server,wherein said examining comprises one or more instructions for forming and executing an structured query language (SQL) query on said database server to determine said set of dynamic groups to which said user belongs.
  - 18. The machine readable medium of claim 17, further comprising one or more instructions for:
    - storing an include list and an exclude list, respectively indicating a corresponding set of users to be included and excluded for each dynamic group; and
      
      inspecting said include list and said exclude list to determine whether any dynamic groups are to be respectively included in and excluded from said set of dynamic groups for said user.
  - 19. The machine readable medium of claim 18, further comprising one or more instructions for:
    - storing a user data and a plurality of rules in a identity management server, wherein said user data contains attributes and corresponding values related to a plurality of users and each of said plurality of rules specifies a criteria to be used to include each user as a member of a corresponding dynamic group;
      
      receiveing a second membership request in said identity management server, said second membership request requesting groups to which a second user belongs;
      
      determining a corresponding list of members for each of said plurality of dynamic groups using said user data and the corresponding rule;
      
      checking which of said lists of members includes said second user to identify a second set of dynamic groups to which said second user belongs; and
      
      sending a second response indicating that said second user belongs to said second set of dynamic groups.
  - 20. The machine readable medium of claim 19, wherein said system is external to said identity management server, said maintaining further comprising one or more instructions for:
    - receiving a notification from said identity management server upon any change to said user data or said plurality of rules; and
      
      updating said cache data in said system according to the change indicated in said notification.
  - 21. The machine readable medium of claim 16, wherein said search tool receives said user data and said plurality of rules from a directory server, whereby said user data and said plurality of rules are present as respective data prior to said receive and said maintain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Krishna, Jai
Primary Examiner(s)
Breene, John E
Assistant Examiner(s)
MYINT, DENNIS Y

Application Number

US12/369,732
Publication Number

US 20100205193A1
Time in Patent Office

1,147 Days
Field of Search

707/694, 707/769, 707/783
US Class Current

707/783
CPC Class Codes

G06F 16/24575 using context

Simplifying determination of the groups to which users belong when using dynamic groups

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Simplifying determination of the groups to which users belong when using dynamic groups

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links