CN1842785A - 用于基于分层角色的权限的系统和方法 - Google Patents
用于基于分层角色的权限的系统和方法 Download PDFInfo
- Publication number
- CN1842785A CN1842785A CNA2004800098678A CN200480009867A CN1842785A CN 1842785 A CN1842785 A CN 1842785A CN A2004800098678 A CNA2004800098678 A CN A2004800098678A CN 200480009867 A CN200480009867 A CN 200480009867A CN 1842785 A CN1842785 A CN 1842785A
- Authority
- CN
- China
- Prior art keywords
- role
- litigant
- resource
- strategy
- item
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2145—Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
一种用于自适应地控制对资源的访问的授权系统和方法,包括步骤:提供当事人到至少一个角色的映射,其中所述至少一个角色与资源在分层上相关;基于所述至少一个角色提供对策略的评估;和基于对策略的评估,提供是否授权当事人访问资源的确定。
Description
版权声明
本专利文档的部分公开包含受到版权保护的资料。当专利文档或专利公开中的任一个出现在专利和商标局专利文件或记录中时,版权所有者不反对对其进行传真复制,否则保留所有版权权利。
相关申请的交叉引用
本申请涉及下面的同时待审决的申请,其全部内容援引于此以供参考:2003年2月14日提交的、发明人为Philip B.Griffin等的、美国申请序列号为第10/367,462号的“METHOD FOR ROLE AND RESOURCE POLICYMANAGEMENT”;2003年2月14日提交的、发明人为Philip B.Griffin等的、美国申请序列号为第10/367,190号的“METHOD FOR DELEGATEDADMINISTRATION”;和2003年2月14日提交的、发明人为Philip B.Griffin等的、美国申请序列号为第10/366,778号的“METHOD FOR ROLE ANDRESOURCE POLICY MANAGEMENT OPTIMIZATION”。
技术领域
本发明公开涉及在企业应用中对资源的授权和控制。
背景技术
企业应用可以提高货物和服务对于机构内外的客户的可利用性。伴随着企业应用的运用而来的一个问题是授权或访问控制。客户和系统管理员都需要被给予特权,以便执行特定的操作(例如,修改客户帐户)或者获得对特定内容的访问。典型的授权系统可能实施和维护起来复杂且费时,尤其是如果它们与企业应用中的商业逻辑紧密结合时。
附图说明
图1说明根据本发明的一个实施例的示范性资源分层。
图2是进一步说明角色和安全策略的、图1的示范性分层。
图3是根据本发明的一个实施例的授权系统的图。
图4说明根据本发明的一个实施例的委托角色分层。
图5说明本发明的一个实施例中的示范性委托安全策略。
具体实施方式
通过示例的方式而非限制的方式在附图中说明本发明,其中附图中相同的附图标记指示相同的元件。应当注意的是,在本公开中,“一个(“an”或“one”)”实施例不一定指的是同一实施例,并且这样的引用意指至少一个。
在一个实施例中,企业应用包括有助于执行商业、科学或其他功能和任务的一个或多个资源。在另一实施例中,企业应用可以是将Web Application(万维网应用)、Enterprise JavaTM Bean(企业JavaTM豆)和Resource Adaptor(资源适配器)一起捆绑成单个可运用单元(deployable unit)的JavaTM2企业版本(J2EE)运用单元。JavaTM编程语言及其运行程序库(run-time library)和环境可以从加利福尼亚圣克拉拉的Sun Microsystems,Inc.得到。企业应用可以包括软件、固件和硬件元件。软件、固件和硬件可以任意组合或被分成单独的逻辑部件。此外,本领域技术人员应当清楚,不管这些部件如何组合或划分,它们都可以在同样的计算机上执行或者可以任意分布在通过一个或多个网络连接的不同计算机中。
在一个实施例中,资源可以对应于任何人、地点或事物,包括对象或实体(例如,网络、计算机、计算机用户、银行帐户、电子邮件消息、诸如虚拟内存、线程和文件存储的计算机操作系统的方面等)、方法或过程(例如,结算支票簿、安装设备驱动器、分配虚拟内存、删除文件等)、事件的发生或未发生(例如,用户尝试登录到计算机上、状态改变等)和资源的组织或关联(例如,列表、树、映射、分层等)。
在一个实施例中,可以将资源分类为分层的分类(hierarchical taxonomy)(其自身可以是资源)。作为非限制性的示例,在企业应用中,可能需要查阅诸如目录单(booklet)之类的特定资源。为了查阅目录单,需要知道它在哪个网页上,网页属于哪个入口,哪个万维网应用拥有该网页,以及该万维网应用属于哪个域。这些组成部分的每个都被认为是资源,并且可以被描述为资源路径(例如,由斜线分开的组成部分的序列):
domain/web_app/portal/desktop/page/booklet
第一资源是位于资源分层的“顶部”的domain(域)。沿着分层向下,下一组成部分是web_app(万维网应用)。web_app是domain的“孩子”或“后代”,而domain是web_app的“父母”。domain高于web_app,而web_app低于domain。类似地,portal(入口)是web_app的孩子、desktop(桌面)的父母。page(页面)是desktop的孩子,而booklet(目录单)是page的孩子。资源的深度是其路径中的组成部分的数量。例如,booklet的深度是6(假设我们从1开始计数),而portal的深度是3。在一个实施例中,资源的深度可以是无限的。在一个实施例中,资源可以具有属性或能力。作为非限制性的示例,目录单资源可以具有由最终用户定制的能力。该能力可以如下被附加到分层:
domain/web_app/portal/desktop/page/booket.customize
图1说明根据本发明的一个实施例的示范性资源分层。作为非限制性的示例,该分层可以表示企业应用内的资源。Web App 1和Web App 2是万维网应用。万维网应用资源是可在万维网(world wide web)上访问的企业应用的一部分。Portal 1和Portal 2是入口资源并且是Web App 1的孩子。Portal 3是Web App 2的孩子。在一个实施例中,Web App 1和Web App 2可以是一个或多个企业应用(未示出)的孩子,所述企业应用可以是一个或多个域(未示出)的孩子。入口是对数据和应用的访问点,其提供了信息和资源的统一的且潜在个性化的视图(view)。典型地,入口被实施为网站上的一个或多个页面(Page 1、Page 2、Page A、Page B、Page X和Page Y)。入口页面可以集成许多元素,例如应用、现场数据送入、静态信息和多媒体展示。
Desktop A、Desktop B和Desktop C包含为特定用户或用户组定制的入口的一个或多个视图。每个桌面内的页面可以包括小入口程序(portlet)(PortletA、Portlet B和Portlet C)和目录单(Booklet 1和Booklet 2)。小入口程序是在入口页面上自己提供的独立应用。在一个实施例中,目录单是一个或多个页面或目录单的集合。资源Web App 1/Portal 1/Desktop A/Page 2/Booklet1/Page A具有能力Cap 3。类似地,Web App 1/Portal 1/Desktop A/Page 2/Booklet1/Booklet 2具有能力Cap 4,而Web App 1/Portal 1/Desktop A/Page 2/Booklet1/Booklet 2/Page Y/Portlet A具有能力Cap 1和Cap 2。
企业应用可以通过使用权限来控制对它们的资源和/或能力的访问。在一个实施例中,权限的评估包括:通过动态地将一个或多个角色(role)与当事人(principal)相关联来确定安全策略。在一个实施例中,角色可以基于考虑到如下信息的规则,该信息包括关于当事人的知识、关于通信会话的知识、系统的当前状态和/或任何其他相关信息。
在一个实施例中,用户表示使用企业应用的人。组可以是用户的任意集合。在一个实施例中,组的成员分享共同的特性,诸如职别等。过程可以是软件或固件计算机程序或其任何粒度的部分(例如,任务、线程、低权进程、分布式对象、企业JavaTM豆或任何其他计算操作)。可以认为用户、组和过程是主体。可以根据提供足够证据(例如,密码、社会安全号等)给鉴别系统来鉴别主体。一旦被鉴别,可以认为主体是用于评估权限目的的当事人。当事人是作为鉴别结果分配给用户、组或过程的身份。当事人也可以表示匿名用户、组或过程(例如,未被鉴别的主体)。
在一个实施例中,角色定义包含一个或多个表达式,当在给定的上下文(context)中对给定的当事人进行评估时,评估表达式为真或假。在另一实施例中,表达式可以评估对资源的访问应被授权的确定性的程度。表达式可以相互嵌套,并且可以包含函数、算数或逻辑运算符等。在一个实施例中,(例如,使用诸如“与”、“或”和“非”之类的布尔运算符)合并表达式形成布尔表达式来评估真或假。如果角色评估为真,则认为所讨论的当事人满足该角色。
可以动态评估尝试访问给定的上下文中的资源的当事人的角色表达式。上下文可以包括与确定当事人是否应归入一个角色有关的任何信息。作为非限制性的示例,上下文可以包括当事人的任何属性(例如,姓名、年龄、地址等)和/或关于通信会话的信息。在另一实施例中,上下文可以包括来自超文本传输协议(“HTTP”)或超文本传输协议(安全)(HTTPS)请求的信息。该信息可以是关于字符编码、远程用户、授权方案、内容长度、服务器端口、上下文路径、请求URL、请求方法、方案、小服务程序(servlet)路径、内容类型、远程主机、请求协议、场所、服务器名、远程地址、查询串、路径信息等。本领域技术人员将明白:上下文可以包括与评估表达式相关的任何信息。
在一个实施例中,表达式可以包括谓项(predicate)。这里公开的本发明不限于当前讨论的谓项。如果所讨论的当事人是作为自变量(argument)提供给谓项的当事人,则user谓项评估为真。如果所讨论的当事人是指定组的成员,则group谓项评估为真。
角色 | 表达式 |
匿名 | 所有当事人都满足 |
银行经理 | (User=Donna) |
客户服务 | (User=Michael或Peter)或(Group=BankTellers) |
信贷员 | (Group=Associate)与(Group=TrainingLevel2)与非(User=Bob) |
银行经理 | (User=Donna)与((10/14/02<=currentDate<=10/25/02)或(11/14/02<=currentDate<=11/25/02)) |
软件 | (Segment=JavaDeveloper) |
系统管理员 | ((User=Donna)与((10/14/02<=currentDate<=10/25/02)或(11/14/02<=currentDate<=11/25/02)))或(Segment=systemAdministrator) |
表1:示范性角色
表1示出了7个示范性角色及其伴随的表达式。在一个实施例中,角色“匿名”(Anonymous)是总是被满足的一个特殊角色。在另一实施例中,未经鉴别的当事人满足角色“匿名”。被鉴别为用户“Donna”的当事人满足角色“银行经理”。被鉴别为“Michael”或“Peter”、或者属于“BankTellers”组的当事人满足“客户服务”的角色。是“Associate”组和“TrainingLevel2”组这两个组的成员并且不是“Bob”的当事人满足“信贷员”的角色。角色也可以是动态的。作为非限制性的示例,角色可以依赖于日期和/或时间。在一个实施例中,可以使用“currentData”谓项指定时间段。“Donna”只能在2002年10月14日到2002年10月25日之间或2002年11月14日到2002年11月25日之间,满足“银行经理”的角色。本领域技术人员将理解可能有许多这样的日期或时间谓项(例如,基于日期和时间的谓项或仅基于时间的谓项等)。
除了上面讨论的谓项,在角色定义中还可以包括segment(段)谓项(下面称为“段”)。如果所讨论的当事人满足段的标准,则段评估为真。可以根据一个或多个表达式或条件来定义段,其中表达式或条件可以相互嵌套,并且包括逻辑运算符、数学运算符、方法调用、外部系统调用、函数调用等。
在另一实施例中,可以以明语来指定段。作为非限制性的示例:
When all of these conditions apply,the principal is a
JavaDeveloper:
Developer is equal to True
Skill level is equal to‘High’
Preferred language is equal to‘Java’
在这个例子中,所描述的段是“ExperiencedJavaDeveloper(有经验的Java开发者)”。当上下文中包含的或通过上下文引用的信息指示所讨论的当事人是一个机构的软件开发部门中的用户时,条件“Developer is equal to True(开发者等于真)”评估为真。同样,可以使用来自上下文或通过上下文引用的信息类似地评估其他条件(“Skill level is equal to‘High’(技能等级等于‘高’)”,“Preferred language is equal to‘Java’(首选语言等于‘Java’)”)。在另一实施例中,条件可能与关于通信会话的信息有关。本领域技术人员应当明白,条件可以是基于任何信息,而不管该信息是否与特定当事人有关。如果段作为整体评估为真,则称当事人满足了段。在表1中,作为非限制性的示例,满足“JavaDeveloper”段的当事人满足“软件”的角色。
作为又一个非限制性的示例:
When all of these conditions apply,the principal is a
SystemAdministrator:
TimeofDay is between 12:00am and 7:00am
SystemLoad is‘Low’
AdminSkillLevel is at least 5
在本例中,两个条件(“TimeofDay is between 12:00am and 7:00am”(时间在12:00am和7:00am之间),以及“SystemLoad is‘Low’”(系统负载为‘低’))是基于与特定当事人无关的信息。如果时间是半夜、系统不忙并且当事人具有5级的管理技能,则对于所讨论的当事人,该段评估为真。在表1中,作为非限制性的示例,只有在2002年10月14日到2002年10月25日之间或2002年11月14日到2002年11月25日之间的“Donna”、或者满足“SystemAdministrator”段的当事人满足“系统管理员”的角色。
在一个实施例中,段可以使用可扩展标记语言(XML)。XML是用于表示结构化的文档的、与平台无关的语言。由于包含XML文档的文本必须被解析,因此检索存储在XML文档中的信息可能是费时的。为了节省时间,在另一实施例中,一旦表示段的XML文档被解析,从那里提取出的信息被高速缓存以免需要再次解析文件。
图2是进一步说明角色和安全策略的、图1的示范性分层。角色用字母‘R’后跟着一个或多个角色的插入列表来指定。同样,策略用字母‘P’后跟着包括一角色集和对其应用策略的可选能力的插入列表来指定。如果不存在能力,则策略应用到整个资源。在一个实施例中,角色的范围可以被认为是全局的,或者与特定的资源相关。全局角色被认为在任何资源的范围内。在一个实施例中,与资源相关的角色在该资源的范围内。在另一实施例中,该角色在该资源及其所有后代的范围内。在再一个实施例中,该角色在该资源及其所有后代的范围内,除非具有相同名称的角色与一后代相关。这样,“更局部”(more local)的角色屏蔽了该名称的“更不局部”(less local)的角色。
在图2中,角色“Anonymous”与资源Web App 1相关联。在一个实施例中,“Anonymous”在Web App 1和在分层中位于其下的所有资源的范围内。角色G与资源Desktop A相关联,因此它在Desktop A及其后代的范围内。角色S与资源Page A相关联。由于Page A没有孩子(即,属性Cap 3不计作孩子),因此角色S的范围限制于Page A。资源Booklet 2与角色T和U相关联。在一个实施例中,角色T在Booklet 2及其所有后代的范围内,但对角色U,这不为真。由于Booklet 2的后代(即,Page Y)与相同名称的另一角色相关联,因此与Booklet 2相关联的角色U仅仅在Booklet 2和Page X的范围内。然而,在一个实施例中,与Page Y相关联的角色U在Page Y的所有后代(即,Portlet A、Portlet B和Portlet C)的范围内。角色V和W在Portlet A的范围内。
在一个实施例中,安全策略(下面称为“策略”)是资源、一角色集和可选能力之间的关联。一般而言,对于其该组角色评估为真的所有当事人,策略授权访问资源。在一个实施例中,如果对于给定的当事人,其任何角色评估为真,则满足策略。在另一实施例中,如果对于给定的当事人,其所有角色评估为真,则满足策略。在另一实施例中,安全策略集成系统可以防止移除或删除具有依赖于角色的策略的角色。尽管本领域技术人员将认识到:存在许多方式来实施这样的系统,但一个途径是通过使用参考计数来跟踪依赖于特定角色的策略的数量。只有当参考计数等于0时才可以将特定角色移除。
在再一个实施例中,策略的角色集可以是包括布尔运算符、集合运算符以及用于操作数的角色的表达式。策略可以表示为元组<resource,roles,[capability]>,其中resource指定资源的名称,roles指定角色集,而capability是可选能力。策略以一个或多个角色为基础,同时角色以用户和组为基础。因此,本领域技术人员将理解:策略实质上以用户、组和/或段为基础。作为图解,图2中示出四种策略:
P1=<Web App 1,{Anonymous}>
P2=<Web App 1/Portal 1/Desktop A/Page 2,{G}>
P3=<Web App 1/…/Page Y/Portlet A,{W,T},Cap 1>
P4=<Web App 1/…/Page Y/Portlet A,{U,G,Anonymous},Cap 2>
作为非限制性的示例,假设当事人p试图访问资源Cap 1。为此,关于Cap 1的安全策略P3要求p满足角色W或T。在一个实施例中,为p确定Cap1范围内的所有角色(即,Anonymous,G,T,U,V,和W)。如果p满足的任何角色与W或T匹配,则同样满足P3,从而授权p访问Cap 1。
作为又一非限制性的示例,假设当事人p试图访问资源Portlet A的能力Cap 2。为此,关于Cap 2的安全策略P4要求p满足角色U、G或Anonymous之一。在一个实施例中,为p确定Portlet A范围内的所有角色(即Anonymous、G、T、U、V和W)。要注意的是,在一个实施例中,与资源Booklet 2相关联的角色U不在Portal A的范围内。相反,具有相同名称但与更“局部”的资源Page Y相关联的角色屏蔽了它。因此,如果p满足的任何角色与U、G或Anonymous匹配,则满足P4,从而授权p访问Cap 2。然而,由于在一个实施例中,每个当事人都满足角色Anonymous,因此总是满足P4。
作为又一非限制性的示例,假设p试图访问与资源Booklet 2相关的能力Cap 4。该资源没有策略。在一个实施例中,将拒绝访问。在另一实施例中,将授权访问。在再一个实施例中,如果p满足Booklet 2的父母资源中的策略,则授权反问。表2非限制性示出使用图2的资源分层的父母策略搜索。然而值得注意的是,具体的搜索顺序或搜索方法与该公开的目的无关。在再一个实施例中,没有显式策略的资源可以包含关于其父母策略的信息,从而避开了搜索的需要。
搜索步骤 | 当前资源 | 能力 | 找到策略? |
1 | Web App 1/Portal 1/Desktop | Cap 4 | 否 |
A/Page 2/Booklet 1/Booklet 2 | |||
2 | Web App 1/Portal 1/DesktopA/Page 2/Booklet 1/Booklet 2 | 否 | |
3 | Web App 1/Portal 1/DesktopA/Page 2/Booklet 1 | Cap 4 | 否 |
4 | Web App 1/Portal 1/DesktopA/Page 2/Booklet 1 | 否 | |
5 | Web App 1/Portal 1/DesktopA/Page 2 | Cap 4 | 否 |
6 | Web App 1/Portal 1/DesktopA/Page 2 | 是 |
表2:示范性策略搜索
在一个实施例中,策略搜索如下进行。搜索的起始点是具有当事人试图访问的能力(即,Cap 4)的资源(即,Booklet 2)。这是当前资源。如果对于指定能力,当前资源不存在策略,则在步骤2,我们确定是否存在仅仅关于资源自身的策略。如果没有发现策略,则在步骤3将当前资源设为等于其父母(即,Booklet 1)。如果对于Cap 4,当前资源没有策略,则我们确定是否有关于Booklet 1自身的策略。如果没有发现策略,则在步骤5将当前资源设为等于其父母(即,Page 2)。如果在当前资源没有找到用于Cap 4的策略,则我们在步骤6确定是否存在关于Page 2自身的策略。由于是这种情况,因此搜索在步骤6停止。Web App 1/Portal 1/Desktop A/Page 2具有策略P2。因此,如果p满足角色G,则授权p访问Cap 4。
在另一实施例中,能力与特定资源类型相关联。例如,目录单可以具有与其他资源类型(例如,页面或桌面)不兼容或其他资源类型没有的能力类型(例如,Cap 4)。因此,当如在表2中那样搜索策略时,如果能力与当前资源不兼容,则在搜索中可以忽略该资源。在再一个实施例中,如果对于给定的资源类型,没有找到策略,则可以查阅全局库来确定是否存在任何可应用的全局策略。
在另一个实施例中,除了主(primary)资源分层之外,角色和策略还可以位于它们自己的分层中。对于不需要将角色和/或策略与主分层中的资源相关联的应用,这种方式可以允许浅的角色和/或策略树,也许只有一级。搜索较小的分层可以潜在地减少查找范围内的所有角色以及定位策略所花费的时间。
图3是根据本发明的一个实施例的授权系统的方框图。尽管该图按照功能区别而描绘了对象,但这些描绘仅仅用于说明目的。本领域技术人员将明白图3中绘出的对象可以被任意组合或拆分成单独的软件、固件或元件组成部分。此外,本领域技术人员还应当明白的是,不管如何组合或拆分,这些组成部分都可以在同一计算机上执行或者可以任意分布在通过一个或多个网络连接的不同的计算机中。
在一个实施例中,安全框架300是具有公开的接口的模块化安全架构,该接口允许插入式组成部分。作为非限制性的示例,框架可以是库、接口集、分布式对象、或者软件、固件和/或硬件组成部分的任何其他部件以相互通信。一个或多个角色映射部分(mapper)组成部分(302-306)连接到框架。角色映射部分根据资源分层和上下文将当事人映射(例如,确定哪个角色是合适的)到一个或多个角色。在这点上,每个角色映射部分可以实现它自己特定的算法,并且使用框架提供的信息和资源之外的信息和资源。一个或多个授权部分(authorizer)(308-310)也连接到框架。授权部分负责根据当事人是否满足资源策略来确定是否可以授权访问资源。在这点上,每个授权部分可以实现它自己特定的算法,并且使用框架提供的信息和资源之外的信息和资源。最后,判决部分(adjudicator)314解决在授权模块之间结果的任何差异,并且返回最终结果(例如,“授权”、“拒绝”或“弃权”)。在一个实施例中,判决部分可以对最终结果采用逻辑“或”,这样如果任何一个结果是“授权”,则判决结果是“授权”。在另一实施例中,判决部分可以对最终结果采用逻辑“与”,这样如果任何一个结果是“拒绝”,则判决结果是“拒绝”。在再一个实施例中,判决部分可以使用加权平均值或其他统计方式来确定最终结果。
进程(process)可以以本领域技术人员明白的多种方式与框架交互。在一个实施例中,调用进程向框架300提供资源访问请求①。该请求可以包括关于当事人、请求访问的资源的信息以及任何上下文信息。在另一实施例中,该请求可以包含对该信息的引用。然后框架将该信息提供给一个或多个映射部分②。每个角色映射部分根据它们自己的标准确定那些角色适合该当事人。在另一实施例中,每个角色映射部分可以实施高速缓存以加快搜索角色的速度。每个角色映射部分可以根据包括所请求访问的资源和当事人的关键,缓存之前从资源树检索到的角色,而不用遍历资源树来找到范围内的所有角色。在对资源树进行初始检索之后,对于给定的资源-当事人组合,可以从高速缓存中直接得到随后的角色。
然后在③中将满足的角色集返回给框架。在④中框架可以提供来自①和③的信息给授权部分模块。授权模块根据该信息及其自己的标准,单独地确定是否满足策略。在另一实施例中,每个授权部分可以实施高速缓存以加快搜索策略的速度。每个授权部分可以根据包括所请求访问的资源和当事人的关键,缓存之前从资源树检索到的策略,而不用遍历资源树来找到范围内的策略。在对资源树进行初始检索之后,对于给定的资源-当事人组合,可以从高速缓存直接得到随后的策略。授权部分结果(例如,关于授权或拒绝决定)在⑤中被提供给框架,而在⑥中被提供给判决部分。判决部分做出最终决定,并在⑦中将其提供给框架。然后,在⑧中框架将该决定提供给调用进程。
随着企业应用变得庞大且复杂,管理任务的数量也变得繁多。一个减少系统管理员负责的任务数量的方法是在多个管理员之间分布任务。被委托的管理允许角色的分层来管理管理能力。作为非限制性的示例,管理能力可以包括管理客户帐户的能力、委托管理能力的能力、定制或个性化用户接口单元(例如,入口、目录单、桌面、小入口程序等)的能力、执行管理企业应用的能力等。在另一实施例中,可以委托任何能力或属性。在一个实施例中,委托是这样的行为:处于一个角色的当事人使得另一低层角色能够具有管理能力和/或进一步委托管理能力。在一个实施例中,委托角色与角色相同,并且因此可以使用谓项(例如,用户、组、当前日期、段等)来定义。
图4说明根据本发明一个实施例的委托角色分层。在一个实施例中,委托角色可以被组织成委托分层来控制委托的程度。在一个实施例中,委托角色可以与单个顶层资源(例如,企业应用)相关联,并且委托角色分层可以与资源分层分开维护。安全策略可以与企业应用相关联以便限制:允许那些当事人改变角色定义和单独维护的角色分层。在另一实施例中,可以使用镜像任意的委托角色分层的虚构资源分层,其中每个委托角色与对应于委托角色在分层中的适当位置的资源相关联。安全策略可以与每个资源相关联来控制哪个当事人可以修改相关的角色。在分层的根处的安全策略可以限制:允许哪些当事人修改虚构的分层自身。
再次参照图4,角色Admin_Role在委托角色分层的顶部。在一个实施例中,处于该角色的当事人的管理能力或委托权限没有限制。作为非限制性的示例,处于Admin_Role的当事人可以修改委托角色的定义和委托分层。在一个实施例中,处于一个委托角色中的当事人只可以将管理能力委托给在委托分层中位于其下的角色。Admin_Role有两个孩子,A_Role和B_Role。A_Role有一个孩子C_Role,C_Role有两个孩子:D_Role和E_Role。作为非限制性的示例,Admin_Role可以委托给在委托分层中位于其下的所有其他角色。同样,A_Role可以委托给C_Role、D_Role和E_Role。而C_Role只能委托给D_Role和E_Role。树的叶D_Role、E_Role和B_Role由于没有孩子,因此不能委托。在另一实施例中,分层中的一个节点可以与多于一个父母相关。这允许多于一个高层角色委托给低层角色。
在一个实施例中,可以用安全策略来表示委托。该策略与委托的资源/能力相关联,并且是基于资源/能力所委托给的角色。图5说明本发明一个实施例中的示范性委托安全策略。在该例中假设图4的委托分层成立。注意图5中的根资源Enterprise App 1与下面角色相关联:Admin_Role、A_Role、B_Role、C_Role、D_Role和E_Role。图5中绘出的分层可以包括其他资源、角色和策略,但是限于说明的目的。在一个实施例中,委托创建关于其能力被委托的资源的策略。例如,资源Web App 1具有Admin能力和相关的安全策略P(D_Role)。处于角色C_Role、A_Role或Admin_Role的当事人通过将Web App 1的Admin能力委托给D_Role来创建该策略。(本领域技术人员应当明白,可以委托任何能力;即不仅仅是Admin。)这样,满足D_Role的当事人可以执行Web App 1的管理。然而,由于Web App 1没有委托能力,因此满足D_Role的当事人无法进一步委托Web App 1的Admin能力。
资源Desktop A具有两个能力Admin和Delegate,其每一个都具有一个策略。附加到这两者的策略P(A_Role)指示处于角色Admin_Role的当事人将管理Desktop A以及进一步委托该能力的能力委托给Role_A。因此,处于Role_A的当事人可以进一步将Admin和Delegate能力委托给低层的委托角色(即,C_Role、D_Role和E_Rleo)。例如,资源Desktop B具有能力Admin,后者具有策略P(C_Role)。处于A_Role或Admin_Role角色的当事人将该策略置于适当的位置。处于角色C_Role的当事人将能够管理Desktop B,但将不能进一步委托该能力。
在一个实施例中,不允许对已经被处于高层委托角色的当事人委托的节点进行委托。参照图4和5,作为非限制性的示例,如果资源Portal 2具有策略P(A_Role),则处于角色C_Role的当事人将不能委托Portal 2,这是由于它已经被委托给比C_Role高的角色(即,A_Role)。
在另一实施例中,可以委托用户组管理的方面。作为非限制性的示例,可以通过将用户组看作企业应用资源的孩子来将它们组织成分层。可以委托的能力包括:用户简档管理、浏览组的成员的能力以及创建、更新和移除用户和组的能力。
可以使用根据本公开的教学编程的常规通用或专用数字计算机或微处理器来实施一个实施例,这对于计算机领域的技术人员应该是清楚的。熟练的程序员可以根据本公开的教学容易地准备好适当的软件编码,这对于软件领域的技术人员应该是清楚的。本发明还可以通过准备集成电路或者通过互连适当的常规部件电路的网络来实现,这对于本领域技术人员是容易明白的。
一个实施例包括计算机程序产品,它是具有存储于其上/其中的指令的存储介质,这些指令可以用于编程计算机来执行这里所述的任何特征。存储介质可以包括但不限于,任何类型的盘,包括:软盘、光盘、DVD、CD-ROM、微驱动器(microdrive)和磁光盘、ROM、RAM、EPROM、EEPROM、DRAM、VRAM、闪速存储设备、磁性或光学卡、纳米系统(包括分子存储器IC),或者任何适合存储指令和/或数据的介质或设备。
存储在任何一种计算机可读介质上的本发明包括软件,用于控制通用/专用计算机或微处理器的硬件,以及用于使得计算机或微处理器与人类用户或其他利用本发明结果的机制交互。该软件可以包括但不限于:设备驱动、操作系统、执行环境/容器以及用户应用等。
说明和描述的目的提供对本发明的优选实施例的上述描述。这并非旨在穷举本发明或将本发明限制为所公开的确切形式。许多修改和变型对于本领域专业技术人员是清楚的。选择并描述实施例以便最好地描述本发明的原理及其实践应用,从而使得本领域其他技术人员能够理解本发明、设想各种实施例以及适于特定用途的各种修改。本发明的范围意图由下面的权利要求书及其等效物来限定。
Claims (60)
1.一种用于自适应控制对资源的访问的授权方法,包括步骤:
提供当事人到至少一个角色的映射,其中所述至少一个角色与资源在分层上相关;
基于所述至少一个角色,提供对策略的评估;和
基于对策略的评估,提供对是否授权当事人访问资源的确定。
2.如权利要求1所述的方法,包括步骤:
允许当事人是经鉴别的用户、组或进程。
3.如权利要求1所述的方法,其中:
所述提供映射的步骤包括:确定当事人是否满足所述至少一个角色。
4.如权利要求1所述的方法,包括步骤:
确定在上下文中,所述至少一个角色对于当事人是真还是假。
5.如权利要求1所述的方法,其中:
所述至少一个角色是布尔表达式,其包括(1)另一布尔表达式和(2)谓项中的至少一个。
6.如权利要求5所述的方法,其中:
所述谓项是用户、组、时间和段之一。
7.如权利要求5所述的方法,其中:
根据当事人和上下文,评估所述谓项。
8.如权利要求5所述的方法,其中:
所述谓项是以明语指定的段。
9.如权利要求1所述的方法,其中:
所述策略是资源和角色集之间的关联。
10.如权利要求9所述的方法,包括步骤:
如果至少一个角色处于该角色集中,则授权访问资源。
11.一种用于自适应控制对资源的访问的授权方法,包括步骤:
基于可应用于试图访问资源的当事人的至少一个角色,提供对策略的评估;
基于评估提供对访问资源的授权;以及
其中资源、策略和所述至少一个角色在分层上相关。
12.如权利要求11所述的方法,包括步骤:
允许当事人是经鉴别的用户、组或进程。
13.如权利要求11所述的方法,其中:
如果当事人满足所述至少一个角色,则所述至少一个角色可应用于当事人。
14.如权利要求11所述的方法,包括步骤:
评估在上下文中所述至少一个角色对于当事人是真还是假。
15.如权利要求11所述的方法,其中:
所述至少一个角色是布尔表达式,其包括(1)另一布尔表达式和(2)谓项中的至少一个。
16.如权利要求15所述的方法,其中:
所述谓项是用户、组、时间和段之一。
17.如权利要求15所述的方法,包括步骤:
根据当事人和上下文,评估所述谓项。
18.如权利要求16所述的方法,其中:
所述段谓项以明语指定。
19.如权利要求11所述的方法,其中:
所述策略是资源和角色集之间的关联。
20.如权利要求19所述的方法,包括步骤:
如果至少一个角色处于该角色集中,则授权访问资源。
21.一种用于自适应控制对资源的访问的授权方法,包括步骤:
将关于当事人和资源的信息提供给安全框架;
使用安全框架,根据通过将至少一个角色与当事人相关联来评估至少一个安全策略,提供授权结果;以及
其中资源、安全策略和所述至少一个角色是在分层上相关的。
22.如权利要求21所述的方法,包括步骤:
允许当事人是经鉴别的用户、组或进程。
23.如权利要求21所述的方法,其中:
将至少一个角色与当事人相关联包括:确定当事人是否满足所述至少一个角色。
24.如权利要求21所述的方法,包括步骤:
评估在上下文中所述至少一个角色对于当事人是真还是假。
25.如权利要求21所述的方法,其中:
所述至少一个角色是布尔表达式,其包括(1)另一布尔表达式和(2)谓项中的至少一个。
26.如权利要求25所述的方法,其中:
所述谓项是用户、组、时间和段之一。
27.如权利要求25所述的方法,包括步骤:
根据当事人和上下文,评估所述谓项。
28.如权利要求25所述的方法,其中:
所述谓项是段,并且以明语指定所述谓项。
29.如权利要求21所述的方法,其中:
所述策略是资源和角色集之间的关联。
30.如权利要求29所述的方法,包括步骤:
如果至少一个角色处于该角色集中,则授权访问资源。
31.一种适用于控制对资源的访问的授权系统,包括:
至少一个角色映射部分,用于将当事人映射到至少一个角色,其中所述至少一个角色与资源在分层上相关;
至少一个授权部分,其与至少一个角色映射部分相连,所述至少一个授权部分基于所述至少一个角色,确定是否满足策略;和
与至少一个授权部分相连的判决部分,所述判决部分基于所述至少一个授权部分的确定,提供最终决定。
32.如权利要求31所述的系统,其中:
当事人是经鉴别的用户、组或进程。
33.如权利要求31所述的系统,其中:
所述映射包括:确定当事人是否满足所述至少一个角色。
34.如权利要求31所述的系统,其中:
在上下文中评估所述至少一个角色对于当事人是真还是假。
35.如权利要求31所述的系统,其中:
所述至少一个角色是布尔表达式,其包括另一布尔表达式和谓项中的至少一个。
36.如权利要求35所述的系统,其中:
所述谓项是用户、组、时间和段之一。
37.如权利要求35所述的系统,其中:
根据当事人和上下文,评估所述谓项。
38.如权利要求36所述的系统,其中:
段谓项以明语指定。
39.如权利要求31所述的系统,其中:
所述策略是资源和角色集之间的关联。
40.如权利要求39所述的系统,其中:
如果至少一个角色处于该角色集中,则授权访问资源。
41.一种其上存储有指令的机器可读介质,当处理器执行该指令时使得系统:
将当事人映射到至少一个角色,其中所述至少一个角色与资源在分层上相关;
基于所述至少一个角色评估策略;和
基于对策略的评估,确定是否授权访问资源。
42.如权利要求41所述的机器可读介质,还包括指令,当执行该指令时使得系统:
允许当事人是经鉴别的用户、组或进程。
43.如权利要求41所述的机器可读介质,其中:
所述映射包括:确定当事人是否满足所述至少一个角色。
44.如权利要求41所述的机器可读介质,还包括指令,当执行该指令时使得系统:
评估在上下文中所述至少一个角色对于当事人是真还是假。
45.如权利要求41所述的机器可读介质,其中:
所述至少一个角色是布尔表达式,其包括另一布尔表达式和谓项中的至少一个。
46.如权利要求45所述的机器可读介质,其中:
所述谓项是用户、组、时间和段之一。
47.如权利要求45所述的机器可读介质,其中:
根据当事人和上下文,评估所述谓项。
48.如权利要求46所述的机器可读介质,其中:
段谓项以明语指定。
49.如权利要求41所述的机器可读介质,其中:
所述策略是资源和角色集之间的关联。
50.如权利要求49所述的机器可读介质,还包括指令,当执行该指令时使得系统:
如果至少一个角色处于该角色集中,则授权访问资源。
51.一种用于在企业应用中自适应控制对资源的访问的授权方法,包括步骤:
提供当事人到至少一个角色的映射,其中所述至少一个角色与资源在分层上相关;
基于所述至少一个角色,提供对策略的评估;和
基于对策略的评估,提供对是否授权当事人访问资源的确定;并且
其中所述至少一个角色、策略和资源是企业应用的部分。
52.如权利要求51所述的方法,包括步骤:
允许当事人是经鉴别的用户、组或进程。
53.如权利要求51所述的方法,其中:
所述提供映射的步骤包括:确定当事人是否满足所述至少一个角色。
54.如权利要求51所述的方法,包括步骤:
确定在上下文中所述至少一个角色对于当事人是真还是假。
55.如权利要求51所述的方法,其中:
所述至少一个角色是布尔表达式,其包括(1)另一布尔表达式和(2)谓项中的至少一个。
56.如权利要求55所述的方法,其中:
所述谓项是用户、组、时间和段之一。
57.如权利要求55所述的方法,其中:
根据当事人和上下文,评估所述谓项。
58.如权利要求55所述的方法,其中:
所述谓项是以明语指定的段。
59.如权利要求51所述的方法,其中:
所述策略是资源和角色集之间的关联。
60.如权利要求59所述的方法,包括步骤:
如果至少一个角色处于该角色集中,则授权访问资源。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/367,177 | 2003-02-14 | ||
US10/367,177 US7591000B2 (en) | 2003-02-14 | 2003-02-14 | System and method for hierarchical role-based entitlements |
Publications (1)
Publication Number | Publication Date |
---|---|
CN1842785A true CN1842785A (zh) | 2006-10-04 |
Family
ID=32849917
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNA2004800098678A Pending CN1842785A (zh) | 2003-02-14 | 2004-02-12 | 用于基于分层角色的权限的系统和方法 |
Country Status (6)
Country | Link |
---|---|
US (2) | US7591000B2 (zh) |
EP (1) | EP1593024B1 (zh) |
JP (1) | JP4787149B2 (zh) |
CN (1) | CN1842785A (zh) |
AU (1) | AU2004214449A1 (zh) |
WO (1) | WO2004074993A2 (zh) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101951377A (zh) * | 2010-09-21 | 2011-01-19 | 用友软件股份有限公司 | 分层授权管理方法和装置 |
CN105051749A (zh) * | 2013-03-15 | 2015-11-11 | 瑞典爱立信有限公司 | 基于策略的数据保护 |
CN105224678A (zh) * | 2015-10-19 | 2016-01-06 | 浪潮软件集团有限公司 | 一种电子文档管理的方法及装置 |
CN106326760A (zh) * | 2016-08-31 | 2017-01-11 | 清华大学 | 一种用于数据分析的访问控制规则描述方法 |
CN106446666A (zh) * | 2016-09-18 | 2017-02-22 | 珠海格力电器股份有限公司 | 一种权限配置方法及装置 |
CN112036774A (zh) * | 2020-10-09 | 2020-12-04 | 北京嘀嘀无限科技发展有限公司 | 服务策略的评估方法、装置、设备及存储介质 |
Families Citing this family (71)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7325140B2 (en) | 2003-06-13 | 2008-01-29 | Engedi Technologies, Inc. | Secure management access control for computers, embedded and card embodiment |
US7496950B2 (en) * | 2002-06-13 | 2009-02-24 | Engedi Technologies, Inc. | Secure remote management appliance |
US7653930B2 (en) | 2003-02-14 | 2010-01-26 | Bea Systems, Inc. | Method for role and resource policy management optimization |
US6917975B2 (en) * | 2003-02-14 | 2005-07-12 | Bea Systems, Inc. | Method for role and resource policy management |
US8831966B2 (en) * | 2003-02-14 | 2014-09-09 | Oracle International Corporation | Method for delegated administration |
US7591000B2 (en) | 2003-02-14 | 2009-09-15 | Oracle International Corporation | System and method for hierarchical role-based entitlements |
US20040230679A1 (en) * | 2003-02-28 | 2004-11-18 | Bales Christopher E. | Systems and methods for portal and web server administration |
US7519826B2 (en) * | 2003-10-01 | 2009-04-14 | Engedi Technologies, Inc. | Near real-time multi-party task authorization access control |
US7644432B2 (en) * | 2003-10-10 | 2010-01-05 | Bea Systems, Inc. | Policy inheritance through nested groups |
US7594224B2 (en) * | 2003-10-10 | 2009-09-22 | Bea Systems, Inc. | Distributed enterprise security system |
US20050097353A1 (en) * | 2003-10-10 | 2005-05-05 | Bea Systems, Inc. | Policy analysis tool |
US20050251851A1 (en) * | 2003-10-10 | 2005-11-10 | Bea Systems, Inc. | Configuration of a distributed security system |
US20050097352A1 (en) * | 2003-10-10 | 2005-05-05 | Bea Systems, Inc. | Embeddable security service module |
US8417682B2 (en) * | 2003-12-12 | 2013-04-09 | International Business Machines Corporation | Visualization of attributes of workflow weblogs |
US8423394B2 (en) * | 2003-12-12 | 2013-04-16 | International Business Machines Corporation | Method for tracking the status of a workflow using weblogs |
US8140691B2 (en) * | 2003-12-12 | 2012-03-20 | International Business Machines Corporation | Role-based views access to a workflow weblog |
US9032076B2 (en) * | 2004-10-22 | 2015-05-12 | International Business Machines Corporation | Role-based access control system, method and computer program product |
CN1773413B (zh) * | 2004-11-10 | 2010-04-14 | 中国人民解放军国防科学技术大学 | 角色定权方法 |
US20070226031A1 (en) * | 2004-11-30 | 2007-09-27 | Manson Nicholas R | Methods and apparatuses for grouped option specification |
US7958161B2 (en) * | 2004-11-30 | 2011-06-07 | Siebel Systems, Inc. | Methods and apparatuses for providing hosted tailored vertical applications |
US8751328B2 (en) * | 2004-11-30 | 2014-06-10 | Siebel Systems, Inc. | Methods and apparatuses for providing provisioned access control for hosted tailored vertical applications |
US7841011B2 (en) * | 2004-11-30 | 2010-11-23 | Siebel Systems, Inc. | Methods and apparatuses for tiered option specification |
US20060218394A1 (en) * | 2005-03-28 | 2006-09-28 | Yang Dung C | Organizational role-based controlled access management system |
US8086615B2 (en) * | 2005-03-28 | 2011-12-27 | Oracle International Corporation | Security data redaction |
US20060236408A1 (en) * | 2005-04-14 | 2006-10-19 | International Business Machines Corporation | Method and apparatus for device dependent access control for device independent web content |
US7748027B2 (en) * | 2005-05-11 | 2010-06-29 | Bea Systems, Inc. | System and method for dynamic data redaction |
US20070044151A1 (en) * | 2005-08-22 | 2007-02-22 | International Business Machines Corporation | System integrity manager |
US7917537B2 (en) | 2005-09-26 | 2011-03-29 | Oracle International Corporation | System and method for providing link property types for content management |
US7818344B2 (en) | 2005-09-26 | 2010-10-19 | Bea Systems, Inc. | System and method for providing nested types for content management |
US7953734B2 (en) | 2005-09-26 | 2011-05-31 | Oracle International Corporation | System and method for providing SPI extensions for content management system |
US7752205B2 (en) | 2005-09-26 | 2010-07-06 | Bea Systems, Inc. | Method and system for interacting with a virtual content repository |
BRPI0705068A (pt) * | 2006-04-21 | 2008-04-29 | Pantech Co Ltd | método para gerenciar um domìnio de usuário |
US8769604B2 (en) | 2006-05-15 | 2014-07-01 | Oracle International Corporation | System and method for enforcing role membership removal requirements |
US7836489B2 (en) * | 2006-06-15 | 2010-11-16 | Microsoft Corporation | Selecting policy for compatible communication |
US8336078B2 (en) * | 2006-07-11 | 2012-12-18 | Fmr Corp. | Role-based access in a multi-customer computing environment |
US9112874B2 (en) | 2006-08-21 | 2015-08-18 | Pantech Co., Ltd. | Method for importing digital rights management data for user domain |
US8463852B2 (en) | 2006-10-06 | 2013-06-11 | Oracle International Corporation | Groupware portlets for integrating a portal with groupware systems |
US8452873B2 (en) * | 2006-11-01 | 2013-05-28 | International Business Machines Corporation | Provisioning of resources in a computer network |
US8032558B2 (en) * | 2007-01-10 | 2011-10-04 | Novell, Inc. | Role policy management |
US8156516B2 (en) * | 2007-03-29 | 2012-04-10 | Emc Corporation | Virtualized federated role provisioning |
US8719894B2 (en) * | 2007-03-29 | 2014-05-06 | Apple Inc. | Federated role provisioning |
US8635618B2 (en) * | 2007-11-20 | 2014-01-21 | International Business Machines Corporation | Method and system to identify conflicts in scheduling data center changes to assets utilizing task type plugin with conflict detection logic corresponding to the change request |
US8122484B2 (en) * | 2008-01-09 | 2012-02-21 | International Business Machines Corporation | Access control policy conversion |
US8296820B2 (en) * | 2008-01-18 | 2012-10-23 | International Business Machines Corporation | Applying security policies to multiple systems and controlling policy propagation |
US8805774B2 (en) * | 2008-02-19 | 2014-08-12 | International Business Machines Corporation | Method and system for role based situation aware software |
US20090235167A1 (en) * | 2008-03-12 | 2009-09-17 | International Business Machines Corporation | Method and system for context aware collaborative tagging |
US8645843B2 (en) * | 2008-08-29 | 2014-02-04 | International Business Machines Corporation | Supporting role-based access control in component-based software systems |
CN101673358B (zh) * | 2008-09-10 | 2012-01-25 | 中兴通讯股份有限公司 | 基于权限组件对工作流组件中的权限管理的方法及装置 |
US8676847B2 (en) * | 2009-04-07 | 2014-03-18 | International Business Machines Corporation | Visibility control of resources |
US8495703B2 (en) * | 2009-06-18 | 2013-07-23 | Oracle International Corporation | Security policy verification system |
US8489685B2 (en) | 2009-07-17 | 2013-07-16 | Aryaka Networks, Inc. | Application acceleration as a service system and method |
US8713056B1 (en) * | 2011-03-30 | 2014-04-29 | Open Text S.A. | System, method and computer program product for efficient caching of hierarchical items |
US8751405B2 (en) * | 2012-04-16 | 2014-06-10 | Wal-Mart Stores, Inc. | Processing online transactions |
US9607166B2 (en) | 2013-02-27 | 2017-03-28 | Microsoft Technology Licensing, Llc | Discretionary policy management in cloud-based environment |
US9507609B2 (en) | 2013-09-29 | 2016-11-29 | Taplytics Inc. | System and method for developing an application |
US10122717B1 (en) * | 2013-12-31 | 2018-11-06 | Open Text Corporation | Hierarchical case model access roles and permissions |
US10521601B2 (en) | 2014-04-30 | 2019-12-31 | Sailpoint Technologies, Israel Ltd. | System and method for data governance |
US9516504B2 (en) * | 2014-05-19 | 2016-12-06 | Verizon Patent And Licensing Inc. | Intelligent role based access control based on trustee approvals |
US9489532B2 (en) * | 2014-05-28 | 2016-11-08 | Siemens Product Lifecycle Management Software Inc. | Fast access rights checking of configured structure data |
US9405929B1 (en) | 2014-07-31 | 2016-08-02 | Emc Corporation | Hierarchical permissions model within a document |
CN105608366B (zh) * | 2014-11-18 | 2019-07-12 | 华为软件技术有限公司 | 用户权限控制方法和装置 |
US9680649B2 (en) * | 2015-03-19 | 2017-06-13 | Oracle International Corporation | Policy-based key sharing |
US10757128B2 (en) | 2017-06-29 | 2020-08-25 | Amazon Technologies, Inc. | Security policy analyzer service and satisfiability engine |
US10922423B1 (en) * | 2018-06-21 | 2021-02-16 | Amazon Technologies, Inc. | Request context generator for security policy validation service |
US11107022B2 (en) * | 2018-09-26 | 2021-08-31 | CBRE, Inc. | Role-based access control with building information data model for managing building resources |
CN109344569B (zh) * | 2018-09-28 | 2020-09-18 | 北京赛博贝斯数据科技有限责任公司 | 软件使用的授权方法及系统 |
US11483317B1 (en) * | 2018-11-30 | 2022-10-25 | Amazon Technologies, Inc. | Techniques for analyzing security in computing environments with privilege escalation |
US11461677B2 (en) | 2020-03-10 | 2022-10-04 | Sailpoint Technologies, Inc. | Systems and methods for data correlation and artifact matching in identity management artificial intelligence systems |
US11416574B2 (en) * | 2020-07-21 | 2022-08-16 | Content Square SAS | System and method for identifying and scoring in-page behavior |
CN112511569B (zh) * | 2021-02-07 | 2021-05-11 | 杭州筋斗腾云科技有限公司 | 网络资源访问请求的处理方法、系统及计算机设备 |
US11308186B1 (en) | 2021-03-19 | 2022-04-19 | Sailpoint Technologies, Inc. | Systems and methods for data correlation and artifact matching in identity management artificial intelligence systems |
Family Cites Families (323)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5335345A (en) | 1990-04-11 | 1994-08-02 | Bell Communications Research, Inc. | Dynamic query optimization using partial information |
AU639802B2 (en) | 1990-08-14 | 1993-08-05 | Oracle International Corporation | Methods and apparatus for providing dynamic invocation of applications in a distributed heterogeneous environment |
AU628264B2 (en) | 1990-08-14 | 1992-09-10 | Oracle International Corporation | Methods and apparatus for providing a client interface to an object-oriented invocation of an application |
US5173939A (en) * | 1990-09-28 | 1992-12-22 | Digital Equipment Corporation | Access control subsystem and method for distributed computer system using compound principals |
US5426747A (en) | 1991-03-22 | 1995-06-20 | Object Design, Inc. | Method and apparatus for virtual memory mapping and transaction management in an object-oriented database system |
US5237614A (en) | 1991-06-07 | 1993-08-17 | Security Dynamics Technologies, Inc. | Integrated network security system |
US5347653A (en) | 1991-06-28 | 1994-09-13 | Digital Equipment Corporation | System for reconstructing prior versions of indexes using records indicating changes between successive versions of the indexes |
US5355474A (en) | 1991-09-27 | 1994-10-11 | Thuraisngham Bhavani M | System for multilevel secure database management using a knowledge base with release-based and other security constraints for query, response and update modification |
US5481700A (en) | 1991-09-27 | 1996-01-02 | The Mitre Corporation | Apparatus for design of a multilevel secure database management system based on a multilevel logic programming system |
JPH05233549A (ja) * | 1992-02-14 | 1993-09-10 | Nec Corp | システムの利用者管理方式 |
US5557747A (en) | 1993-06-22 | 1996-09-17 | Rogers; Lawrence D. | Network policy implementation system for performing network control operations in response to changes in network state |
JPH0798669A (ja) | 1993-08-05 | 1995-04-11 | Hitachi Ltd | 分散データベース管理システム |
US5369702A (en) | 1993-10-18 | 1994-11-29 | Tecsec Incorporated | Distributed cryptographic object method |
US5544322A (en) | 1994-05-09 | 1996-08-06 | International Business Machines Corporation | System and method for policy-based inter-realm authentication within a distributed processing system |
EP0697662B1 (en) | 1994-08-15 | 2001-05-30 | International Business Machines Corporation | Method and system for advanced role-based access control in distributed and centralized computer systems |
US5627886A (en) | 1994-09-22 | 1997-05-06 | Electronic Data Systems Corporation | System and method for detecting fraudulent network usage patterns using real-time network monitoring |
US5864683A (en) | 1994-10-12 | 1999-01-26 | Secure Computing Corporartion | System for providing secure internetwork by connecting type enforcing secure computers to external network for limiting access to data based on user and process access rights |
CN100452071C (zh) * | 1995-02-13 | 2009-01-14 | 英特特拉斯特技术公司 | 用于安全交易管理和电子权利保护的系统和方法 |
US5872928A (en) | 1995-02-24 | 1999-02-16 | Cabletron Systems, Inc. | Method and apparatus for defining and enforcing policies for configuration management in communications networks |
US5889953A (en) | 1995-05-25 | 1999-03-30 | Cabletron Systems, Inc. | Policy management and conflict resolution in computer networks |
US5757669A (en) | 1995-05-31 | 1998-05-26 | Netscape Communications Corporation | Method and apparatus for workgroup information replication |
DE69601149T2 (de) * | 1995-07-03 | 1999-08-05 | Sun Microsystems Inc | Systen und Verfahren zum Implementieren einer hierarchischen Politik für die Administration eines Computersystems |
US6026368A (en) * | 1995-07-17 | 2000-02-15 | 24/7 Media, Inc. | On-line interactive system and method for providing content and advertising information to a targeted set of viewers |
US5941947A (en) | 1995-08-18 | 1999-08-24 | Microsoft Corporation | System and method for controlling access to data entities in a computer network |
US5825883A (en) | 1995-10-31 | 1998-10-20 | Interval Systems, Inc. | Method and apparatus that accounts for usage of digital applications |
JP3023949B2 (ja) | 1995-12-12 | 2000-03-21 | 株式会社村田製作所 | 誘電体フィルタ |
JPH09226933A (ja) * | 1996-02-27 | 1997-09-02 | Yazaki Corp | コネクタ供給方法およびその装置 |
US5826000A (en) | 1996-02-29 | 1998-10-20 | Sun Microsystems, Inc. | System and method for automatic configuration of home network computers |
JPH10105472A (ja) * | 1996-09-30 | 1998-04-24 | Toshiba Corp | メモリのアクセス管理方法 |
US5826268A (en) | 1996-04-12 | 1998-10-20 | Ontos, Inc. | Secure multilevel object oriented database management system |
US5848396A (en) | 1996-04-26 | 1998-12-08 | Freedom Of Information, Inc. | Method and apparatus for determining behavioral profile of a computer user |
US6216231B1 (en) | 1996-04-30 | 2001-04-10 | At & T Corp. | Specifying security protocols and policy constraints in distributed systems |
US5987469A (en) | 1996-05-14 | 1999-11-16 | Micro Logic Corp. | Method and apparatus for graphically representing information stored in electronic media |
US5918210A (en) * | 1996-06-07 | 1999-06-29 | Electronic Data Systems Corporation | Business query tool, using policy objects to provide query responses |
US5956400A (en) | 1996-07-19 | 1999-09-21 | Digicash Incorporated | Partitioned information storage systems with controlled retrieval |
US6055515A (en) | 1996-07-30 | 2000-04-25 | International Business Machines Corporation | Enhanced tree control system for navigating lattices data structures and displaying configurable lattice-node labels |
US5950195A (en) | 1996-09-18 | 1999-09-07 | Secure Computing Corporation | Generalized security policy management system and method |
US6055637A (en) | 1996-09-27 | 2000-04-25 | Electronic Data Systems Corporation | System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential |
US6029182A (en) | 1996-10-04 | 2000-02-22 | Canon Information Systems, Inc. | System for generating a custom formatted hypertext document by using a personal profile to retrieve hierarchical documents |
US6154844A (en) | 1996-11-08 | 2000-11-28 | Finjan Software, Ltd. | System and method for attaching a downloadable security profile to a downloadable |
US6058392A (en) | 1996-11-18 | 2000-05-02 | Wesley C. Sampson Revocable Trust | Method for the organizational indexing, storage, and retrieval of data according to data pattern signatures |
US6023765A (en) | 1996-12-06 | 2000-02-08 | The United States Of America As Represented By The Secretary Of Commerce | Implementation of role-based access control in multi-level secure systems |
US6292900B1 (en) | 1996-12-18 | 2001-09-18 | Sun Microsystems, Inc. | Multilevel security attribute passing methods, apparatuses, and computer program products in a stream |
US5987611A (en) | 1996-12-31 | 1999-11-16 | Zone Labs, Inc. | System and methodology for managing internet access on a per application basis for client computers connected to the internet |
US6241608B1 (en) | 1997-01-15 | 2001-06-05 | Lawrence J. Torango | Progressive wagering system |
US6466239B2 (en) | 1997-01-24 | 2002-10-15 | Sony Corporation | Method and apparatus for editing data used in creating a three-dimensional virtual reality environment |
US7272625B1 (en) | 1997-03-10 | 2007-09-18 | Sonicwall, Inc. | Generalized policy server |
US6408336B1 (en) | 1997-03-10 | 2002-06-18 | David S. Schneider | Distributed administration of access to information |
US6226745B1 (en) | 1997-03-21 | 2001-05-01 | Gio Wiederhold | Information sharing system and method with requester dependent sharing and security rules |
US5867667A (en) | 1997-03-24 | 1999-02-02 | Pfn, Inc. | Publication network control system using domain and client side communications resource locator lists for managing information communications between the domain server and publication servers |
US6275941B1 (en) | 1997-03-28 | 2001-08-14 | Hiatchi, Ltd. | Security management method for network system |
US5991877A (en) | 1997-04-03 | 1999-11-23 | Lockheed Martin Corporation | Object-oriented trusted application framework |
US6029196A (en) | 1997-06-18 | 2000-02-22 | Netscape Communications Corporation | Automatic client configuration system |
US6185587B1 (en) | 1997-06-19 | 2001-02-06 | International Business Machines Corporation | System and method for building a web site with automated help |
US6684369B1 (en) | 1997-06-19 | 2004-01-27 | International Business Machines, Corporation | Web site creator using templates |
US6434607B1 (en) | 1997-06-19 | 2002-08-13 | International Business Machines Corporation | Web server providing role-based multi-level security |
US6029144A (en) | 1997-08-29 | 2000-02-22 | International Business Machines Corporation | Compliance-to-policy detection method and system |
US6158007A (en) | 1997-09-17 | 2000-12-05 | Jahanshah Moreh | Security system for event based middleware |
US6005571A (en) | 1997-09-30 | 1999-12-21 | Softline, Inc. | Graphical user interface for managing security in a database system |
US6006194A (en) | 1997-10-01 | 1999-12-21 | Merel; Peter A. | Computer-implemented system for controlling resources and policies |
US5954798A (en) | 1997-10-06 | 1999-09-21 | Ncr Corporation | Mechanism for dependably managing web synchronization and tracking operations among multiple browsers |
US6317868B1 (en) | 1997-10-24 | 2001-11-13 | University Of Washington | Process for transparently enforcing protection domains and access control as well as auditing operations in software components |
US6014666A (en) | 1997-10-28 | 2000-01-11 | Microsoft Corporation | Declarative and programmatic access control of component-based server applications using roles |
US6157924A (en) | 1997-11-07 | 2000-12-05 | Bell & Howell Mail Processing Systems Company | Systems, methods, and computer program products for delivering information in a preferred medium |
US6202066B1 (en) | 1997-11-19 | 2001-03-13 | The United States Of America As Represented By The Secretary Of Commerce | Implementation of role/group permission association using object access type |
US6385627B1 (en) | 1997-11-24 | 2002-05-07 | International Business Machines Corporation | Method, apparatus and computer program product for providing document user role indication |
IL122314A (en) | 1997-11-27 | 2001-03-19 | Security 7 Software Ltd | Method and system for enforcing a communication security policy |
US6088679A (en) | 1997-12-01 | 2000-07-11 | The United States Of America As Represented By The Secretary Of Commerce | Workflow management employing role-based access control |
US6654747B1 (en) | 1997-12-02 | 2003-11-25 | International Business Machines Corporation | Modular scalable system for managing data in a heterogeneous environment with generic structure for control repository access transactions |
US5966707A (en) | 1997-12-02 | 1999-10-12 | International Business Machines Corporation | Method for managing a plurality of data processes residing in heterogeneous data repositories |
US6202157B1 (en) | 1997-12-08 | 2001-03-13 | Entrust Technologies Limited | Computer network security system and method having unilateral enforceable security policy provision |
US6035423A (en) | 1997-12-31 | 2000-03-07 | Network Associates, Inc. | Method and system for providing automated updating and upgrading of antivirus applications using a computer network |
US6360363B1 (en) | 1997-12-31 | 2002-03-19 | Eternal Systems, Inc. | Live upgrade process for object-oriented programs |
US6202207B1 (en) | 1998-01-28 | 2001-03-13 | International Business Machines Corporation | Method and a mechanism for synchronized updating of interoperating software |
JP3609599B2 (ja) | 1998-01-30 | 2005-01-12 | 富士通株式会社 | ノード代理システム、ノード監視システム、それらの方法、及び記録媒体 |
CA2228687A1 (en) | 1998-02-04 | 1999-08-04 | Brett Howard | Secured virtual private networks |
US6484261B1 (en) | 1998-02-17 | 2002-11-19 | Cisco Technology, Inc. | Graphical network security policy management |
US6108687A (en) | 1998-03-02 | 2000-08-22 | Hewlett Packard Company | System and method for providing a synchronized display to a plurality of computers over a global computer network |
US6304881B1 (en) | 1998-03-03 | 2001-10-16 | Pumatech, Inc. | Remote data access and synchronization |
US6141686A (en) | 1998-03-13 | 2000-10-31 | Deterministic Networks, Inc. | Client-side application-classifier gathering network-traffic statistics and application and user names using extensible-service provider plugin for policy-based network control |
US6321336B1 (en) | 1998-03-13 | 2001-11-20 | Secure Computing Corporation | System and method for redirecting network traffic to provide secure communication |
US6182226B1 (en) | 1998-03-18 | 2001-01-30 | Secure Computing Corporation | System and method for controlling interactions between networks |
US6073242A (en) | 1998-03-19 | 2000-06-06 | Agorics, Inc. | Electronic authority server |
US6618806B1 (en) | 1998-04-01 | 2003-09-09 | Saflink Corporation | System and method for authenticating users in a computer network |
US6285985B1 (en) | 1998-04-03 | 2001-09-04 | Preview Systems, Inc. | Advertising-subsidized and advertising-enabled software |
US6295607B1 (en) | 1998-04-06 | 2001-09-25 | Bindview Development Corporation | System and method for security control in a data processing system |
US6182277B1 (en) | 1998-04-15 | 2001-01-30 | Oracle Corporation | Methods and apparatus for declarative programming techniques in an object oriented environment |
US6965999B2 (en) | 1998-05-01 | 2005-11-15 | Microsoft Corporation | Intelligent trust management method and system |
US6339826B2 (en) | 1998-05-05 | 2002-01-15 | International Business Machines Corp. | Client-server system for maintaining a user desktop consistent with server application user access permissions |
US6148333A (en) | 1998-05-13 | 2000-11-14 | Mgi Software Corporation | Method and system for server access control and tracking |
US6122647A (en) | 1998-05-19 | 2000-09-19 | Perspecta, Inc. | Dynamic generation of contextual links in hypertext documents |
US6167407A (en) | 1998-06-03 | 2000-12-26 | Symantec Corporation | Backtracked incremental updating |
US6083276A (en) * | 1998-06-11 | 2000-07-04 | Corel, Inc. | Creating and configuring component-based applications using a text-based descriptive attribute grammar |
US6253321B1 (en) | 1998-06-19 | 2001-06-26 | Ssh Communications Security Ltd. | Method and arrangement for implementing IPSEC policy management using filter code |
US6735701B1 (en) | 1998-06-25 | 2004-05-11 | Macarthur Investments, Llc | Network policy management and effectiveness system |
US6285366B1 (en) | 1998-06-30 | 2001-09-04 | Sun Microsystems, Inc. | Hierarchy navigation system |
US6182142B1 (en) | 1998-07-10 | 2001-01-30 | Encommerce, Inc. | Distributed access management of information resources |
US6615218B2 (en) | 1998-07-17 | 2003-09-02 | Sun Microsystems, Inc. | Database for executing policies for controlling devices on a network |
US6170009B1 (en) | 1998-07-17 | 2001-01-02 | Kallol Mandal | Controlling devices on a network through policies |
US6141010A (en) | 1998-07-17 | 2000-10-31 | B. E. Technology, Llc | Computer interface method and apparatus with targeted advertising |
US6209101B1 (en) | 1998-07-17 | 2001-03-27 | Secure Computing Corporation | Adaptive security system having a hierarchy of security servers |
US6539375B2 (en) * | 1998-08-04 | 2003-03-25 | Microsoft Corporation | Method and system for generating and using a computer user's personal interest profile |
US6397222B1 (en) | 1998-08-07 | 2002-05-28 | Paul Zellweger | Method and apparatus for end-user management of a content menu on a network |
US6466932B1 (en) | 1998-08-14 | 2002-10-15 | Microsoft Corporation | System and method for implementing group policy |
US6473791B1 (en) | 1998-08-17 | 2002-10-29 | Microsoft Corporation | Object load balancing |
US6397231B1 (en) | 1998-08-31 | 2002-05-28 | Xerox Corporation | Virtual documents generated via combined documents or portions of documents retrieved from data repositories |
US20020062451A1 (en) | 1998-09-01 | 2002-05-23 | Scheidt Edward M. | System and method of providing communication security |
US6412070B1 (en) | 1998-09-21 | 2002-06-25 | Microsoft Corporation | Extensible security system and method for controlling access to objects in a computing environment |
US6377973B2 (en) | 1998-09-30 | 2002-04-23 | Emrys Technologies, Ltd. | Event management in a system with application and graphical user interface processing adapted to display predefined graphical elements resides separately on server and client machine |
US6341352B1 (en) | 1998-10-15 | 2002-01-22 | International Business Machines Corporation | Method for changing a security policy during processing of a transaction request |
US6477543B1 (en) | 1998-10-23 | 2002-11-05 | International Business Machines Corporation | Method, apparatus and program storage device for a client and adaptive synchronization and transformation server |
US6167445A (en) | 1998-10-26 | 2000-12-26 | Cisco Technology, Inc. | Method and apparatus for defining and implementing high-level quality of service policies in computer networks |
US7673323B1 (en) | 1998-10-28 | 2010-03-02 | Bea Systems, Inc. | System and method for maintaining security in a distributed computer network |
US6158010A (en) * | 1998-10-28 | 2000-12-05 | Crosslogix, Inc. | System and method for maintaining security in a distributed computer network |
US6460141B1 (en) | 1998-10-28 | 2002-10-01 | Rsa Security Inc. | Security and access management system for web-enabled and non-web-enabled applications and content on a computer network |
JP3856969B2 (ja) * | 1998-11-02 | 2006-12-13 | 株式会社日立製作所 | オブジェクト分析設計支援方法 |
US6530024B1 (en) | 1998-11-20 | 2003-03-04 | Centrax Corporation | Adaptive feedback security system and method |
US6574736B1 (en) * | 1998-11-30 | 2003-06-03 | Microsoft Corporation | Composable roles |
US6728748B1 (en) * | 1998-12-01 | 2004-04-27 | Network Appliance, Inc. | Method and apparatus for policy based class of service and adaptive service level management within the context of an internet and intranet |
US6301613B1 (en) | 1998-12-03 | 2001-10-09 | Cisco Technology, Inc. | Verifying that a network management policy used by a computer system can be satisfied and is feasible for use |
US6327618B1 (en) | 1998-12-03 | 2001-12-04 | Cisco Technology, Inc. | Recognizing and processing conflicts in network management policies |
AU2377200A (en) | 1998-12-21 | 2000-07-12 | Jj Mountain, Inc. | Methods and systems for providing personalized services to users in a network environment |
US6381579B1 (en) | 1998-12-23 | 2002-04-30 | International Business Machines Corporation | System and method to provide secure navigation to resources on the internet |
US6393474B1 (en) | 1998-12-31 | 2002-05-21 | 3Com Corporation | Dynamic policy management apparatus and method using active network devices |
US6668354B1 (en) * | 1999-01-05 | 2003-12-23 | International Business Machines Corporation | Automatic display script and style sheet generation |
US6510513B1 (en) * | 1999-01-13 | 2003-01-21 | Microsoft Corporation | Security services and policy enforcement for electronic data |
US6412077B1 (en) | 1999-01-14 | 2002-06-25 | Cisco Technology, Inc. | Disconnect policy for distributed computing systems |
US7111321B1 (en) | 1999-01-25 | 2006-09-19 | Dell Products L.P. | Portable computer system with hierarchical and token-based security policies |
US6327594B1 (en) | 1999-01-29 | 2001-12-04 | International Business Machines Corporation | Methods for shared data management in a pervasive computing environment |
US6542993B1 (en) | 1999-03-12 | 2003-04-01 | Lucent Technologies Inc. | Security management system and method |
US6308163B1 (en) | 1999-03-16 | 2001-10-23 | Hewlett-Packard Company | System and method for enterprise workflow resource management |
US6260050B1 (en) | 1999-03-23 | 2001-07-10 | Microstrategy, Inc. | System and method of adapting automatic output of service related OLAP reports to disparate output devices |
US6154766A (en) | 1999-03-23 | 2000-11-28 | Microstrategy, Inc. | System and method for automatic transmission of personalized OLAP report output |
US6715077B1 (en) * | 1999-03-23 | 2004-03-30 | International Business Machines Corporation | System and method to support varying maximum cryptographic strength for common data security architecture (CDSA) applications |
US6446200B1 (en) | 1999-03-25 | 2002-09-03 | Nortel Networks Limited | Service management |
US6757698B2 (en) * | 1999-04-14 | 2004-06-29 | Iomega Corporation | Method and apparatus for automatically synchronizing data from a host computer to two or more backup data storage locations |
US20030069874A1 (en) | 1999-05-05 | 2003-04-10 | Eyal Hertzog | Method and system to automate the updating of personal information within a personal information management application and to synchronize such updated personal information management applications |
GB9912494D0 (en) | 1999-05-28 | 1999-07-28 | Hewlett Packard Co | Configuring computer systems |
US7472349B1 (en) * | 1999-06-01 | 2008-12-30 | Oracle International Corporation | Dynamic services infrastructure for allowing programmatic access to internet and other resources |
US6961897B1 (en) | 1999-06-14 | 2005-11-01 | Lockheed Martin Corporation | System and method for interactive electronic media extraction for web page generation |
JP2001005727A (ja) * | 1999-06-22 | 2001-01-12 | Kyocera Communication Systems Co Ltd | アクセス管理装置 |
US6988138B1 (en) * | 1999-06-30 | 2006-01-17 | Blackboard Inc. | Internet-based education support system and methods |
GB2352370B (en) | 1999-07-21 | 2003-09-03 | Int Computers Ltd | Migration from in-clear to encrypted working over a communications link |
US6519647B1 (en) | 1999-07-23 | 2003-02-11 | Microsoft Corporation | Methods and apparatus for synchronizing access control in a web server |
US6769095B1 (en) | 1999-07-23 | 2004-07-27 | Codagen Technologies Corp. | Hierarchically structured control information editor |
US6581054B1 (en) * | 1999-07-30 | 2003-06-17 | Computer Associates Think, Inc. | Dynamic query model and method |
US6834284B2 (en) | 1999-08-12 | 2004-12-21 | International Business Machines Corporation | Process and system for providing name service scoping behavior in java object-oriented environment |
JP2004527805A (ja) | 1999-08-23 | 2004-09-09 | アセラ,インコーポレイティド | 部品の標準化されたセットから注文により構成可能なビジネスのアプリケーションを提供する方法および装置 |
US6339423B1 (en) | 1999-08-23 | 2002-01-15 | Entrust, Inc. | Multi-domain access control |
US6587876B1 (en) | 1999-08-24 | 2003-07-01 | Hewlett-Packard Development Company | Grouping targets of management policies |
US6934934B1 (en) | 1999-08-30 | 2005-08-23 | Empirix Inc. | Method and system for software object testing |
AU7990600A (en) | 1999-10-01 | 2001-05-10 | Infoglide Corporation | System and method for transforming a relational database to a hierarchical database |
US6789202B1 (en) | 1999-10-15 | 2004-09-07 | Networks Associates Technology, Inc. | Method and apparatus for providing a policy-driven intrusion detection system |
US6430556B1 (en) | 1999-11-01 | 2002-08-06 | Sun Microsystems, Inc. | System and method for providing a query object development environment |
US7124413B1 (en) | 1999-11-03 | 2006-10-17 | Accenture Llp | Framework for integrating existing and new information technology applications and systems |
US6865549B1 (en) | 1999-11-15 | 2005-03-08 | Sun Microsystems, Inc. | Method and apparatus for concurrency control in a policy-based management system |
JP3963417B2 (ja) * | 1999-11-19 | 2007-08-22 | 株式会社東芝 | データ同期処理のための通信方法および電子機器 |
US6721888B1 (en) | 1999-11-22 | 2004-04-13 | Sun Microsystems, Inc. | Mechanism for merging multiple policies |
US6792537B1 (en) | 1999-11-22 | 2004-09-14 | Sun Microsystems, Inc. | Mechanism for determining restrictions to impose on an implementation of a service |
US6487594B1 (en) | 1999-11-30 | 2002-11-26 | Mediaone Group, Inc. | Policy management method and system for internet service providers |
US6418448B1 (en) | 1999-12-06 | 2002-07-09 | Shyam Sundar Sarkar | Method and apparatus for processing markup language specifications for data and metadata used inside multiple related internet documents to navigate, query and manipulate information from a plurality of object relational databases over the web |
AU4717901A (en) | 1999-12-06 | 2001-06-25 | Warp Solutions, Inc. | System and method for dynamic content routing |
US6587849B1 (en) * | 1999-12-10 | 2003-07-01 | Art Technology Group, Inc. | Method and system for constructing personalized result sets |
JP3546787B2 (ja) * | 1999-12-16 | 2004-07-28 | インターナショナル・ビジネス・マシーンズ・コーポレーション | アクセス制御システム、アクセス制御方法、及び記憶媒体 |
WO2001045018A1 (en) * | 1999-12-17 | 2001-06-21 | Dorado Network Systems Corporation | Purpose-based adaptive rendering |
US7552069B2 (en) | 1999-12-23 | 2009-06-23 | Concept Shopping, Inc. | Techniques for optimizing promotion delivery |
US6584454B1 (en) | 1999-12-31 | 2003-06-24 | Ge Medical Technology Services, Inc. | Method and apparatus for community management in remote system servicing |
US6633855B1 (en) | 2000-01-06 | 2003-10-14 | International Business Machines Corporation | Method, system, and program for filtering content using neural networks |
US6484177B1 (en) | 2000-01-13 | 2002-11-19 | International Business Machines Corporation | Data management interoperability methods for heterogeneous directory structures |
EP1117220A1 (en) | 2000-01-14 | 2001-07-18 | Sun Microsystems, Inc. | Method and system for protocol conversion |
US6694336B1 (en) | 2000-01-25 | 2004-02-17 | Fusionone, Inc. | Data transfer and synchronization system |
US20040205473A1 (en) * | 2000-01-27 | 2004-10-14 | Gwyn Fisher | Method and system for implementing an enterprise information portal |
US7251666B2 (en) | 2000-02-01 | 2007-07-31 | Internet Business Information Group | Signature loop authorizing method and apparatus |
US20040230546A1 (en) | 2000-02-01 | 2004-11-18 | Rogers Russell A. | Personalization engine for rules and knowledge |
EP1252226B1 (en) | 2000-02-01 | 2007-02-07 | Ciba SC Holding AG | Method of content protection with durable uv absorbers |
US6735586B2 (en) * | 2000-02-08 | 2004-05-11 | Sybase, Inc. | System and method for dynamic content retrieval |
US7051071B2 (en) * | 2000-02-16 | 2006-05-23 | Bea Systems, Inc. | Workflow integration system for enterprise wide electronic collaboration |
US6901403B1 (en) * | 2000-03-02 | 2005-05-31 | Quovadx, Inc. | XML presentation of general-purpose data sources |
AU2001245406A1 (en) | 2000-03-03 | 2001-09-17 | Merinta, Inc. | Persistent portal for a browser |
US7013485B2 (en) | 2000-03-06 | 2006-03-14 | I2 Technologies U.S., Inc. | Computer security system |
CA2404014A1 (en) * | 2000-03-30 | 2001-10-11 | Cygent, Inc. | System and method for establishing electronic business systems for supporting communications services commerce |
US6880005B1 (en) | 2000-03-31 | 2005-04-12 | Intel Corporation | Managing policy rules in a network |
US6751659B1 (en) | 2000-03-31 | 2004-06-15 | Intel Corporation | Distributing policy information in a communication network |
US6681383B1 (en) | 2000-04-04 | 2004-01-20 | Sosy, Inc. | Automatic software production system |
US6735624B1 (en) * | 2000-04-07 | 2004-05-11 | Danger, Inc. | Method for configuring and authenticating newly delivered portal device |
US7278153B1 (en) | 2000-04-12 | 2007-10-02 | Seachange International | Content propagation in interactive television |
US6697805B1 (en) * | 2000-04-14 | 2004-02-24 | Microsoft Corporation | XML methods and systems for synchronizing multiple computing devices |
WO2001082071A1 (en) * | 2000-04-21 | 2001-11-01 | Togethersoft Corporation | Methods and systems for supporting and deploying distributed computing components |
AU2001261084A1 (en) * | 2000-04-27 | 2001-11-07 | Brio Technology, Inc. | Method and apparatus for processing jobs on an enterprise-wide computer system |
JP2001313718A (ja) * | 2000-04-27 | 2001-11-09 | Tamura Electric Works Ltd | 管理システム |
US20020103818A1 (en) * | 2000-05-04 | 2002-08-01 | Kirkfire, Inc. | Information repository system and method for an internet portal system |
JP2002041347A (ja) * | 2000-05-17 | 2002-02-08 | Hitachi Software Eng Co Ltd | 情報提供システムおよび装置 |
US6327628B1 (en) | 2000-05-19 | 2001-12-04 | Epicentric, Inc. | Portal server that provides a customizable user Interface for access to computer networks |
AU2001263341A1 (en) * | 2000-05-22 | 2001-12-03 | Sap Portals Inc. | Snippet selection |
US7089584B1 (en) | 2000-05-24 | 2006-08-08 | Sun Microsystems, Inc. | Security architecture for integration of enterprise information system with J2EE platform |
US6931549B1 (en) | 2000-05-25 | 2005-08-16 | Stamps.Com | Method and apparatus for secure data storage and retrieval |
US6757822B1 (en) | 2000-05-31 | 2004-06-29 | Networks Associates Technology, Inc. | System, method and computer program product for secure communications using a security service provider manager |
US7496637B2 (en) | 2000-05-31 | 2009-02-24 | Oracle International Corp. | Web service syndication system |
US20020019827A1 (en) * | 2000-06-05 | 2002-02-14 | Shiman Leon G. | Method and apparatus for managing documents in a centralized document repository system |
US6779002B1 (en) | 2000-06-13 | 2004-08-17 | Sprint Communications Company L.P. | Computer software framework and method for synchronizing data across multiple databases |
US20020194267A1 (en) | 2000-06-23 | 2002-12-19 | Daniel Flesner | Portal server that provides modification of user interfaces for access to computer networks |
US7185192B1 (en) * | 2000-07-07 | 2007-02-27 | Emc Corporation | Methods and apparatus for controlling access to a resource |
US7134137B2 (en) | 2000-07-10 | 2006-11-07 | Oracle International Corporation | Providing data to applications from an access system |
US7093261B1 (en) | 2000-07-28 | 2006-08-15 | Fair Isaac Corporation | Message integration framework for multi-application systems |
US7039176B2 (en) * | 2000-08-14 | 2006-05-02 | Telephony@Work | Call center administration manager with rules-based routing prioritization |
US7599851B2 (en) * | 2000-09-05 | 2009-10-06 | Renee Frengut | Method for providing customized user interface and targeted marketing forum |
US6581071B1 (en) * | 2000-09-12 | 2003-06-17 | Survivors Of The Shoah Visual History Foundation | Surveying system and method |
US6477575B1 (en) | 2000-09-12 | 2002-11-05 | Capital One Financial Corporation | System and method for performing dynamic Web marketing and advertising |
US6754672B1 (en) * | 2000-09-13 | 2004-06-22 | American Management Systems, Inc. | System and method for efficient integration of government administrative and program systems |
US7728838B2 (en) * | 2000-09-15 | 2010-06-01 | Invensys Systems, Inc. | Method and system for animating graphical user interface elements via a manufacturing/process control portal server |
US6856999B2 (en) * | 2000-10-02 | 2005-02-15 | Microsoft Corporation | Synchronizing a store with write generations |
US6912538B2 (en) * | 2000-10-20 | 2005-06-28 | Kevin Stapel | System and method for dynamic generation of structured documents |
AU2002241770A1 (en) | 2000-10-20 | 2002-06-11 | Accenture Services Limited | Method for implementing service desk capability |
US6970939B2 (en) * | 2000-10-26 | 2005-11-29 | Intel Corporation | Method and apparatus for large payload distribution in a network |
KR100398711B1 (ko) | 2000-11-08 | 2003-09-19 | 주식회사 와이즈엔진 | 동적 데이터를 포함한 멀티미디어 콘텐츠의 실시간 통합및 처리 기능을 갖는 콘텐츠 출판 시스템 및 그 방법 |
US7647387B2 (en) * | 2000-12-01 | 2010-01-12 | Oracle International Corporation | Methods and systems for rule-based distributed and personlized content delivery |
US6769118B2 (en) | 2000-12-19 | 2004-07-27 | International Business Machines Corporation | Dynamic, policy based management of administrative procedures within a distributed computing environment |
AUPR230700A0 (en) | 2000-12-22 | 2001-01-25 | Canon Kabushiki Kaisha | A method for facilitating access to multimedia content |
US6889222B1 (en) * | 2000-12-26 | 2005-05-03 | Aspect Communications Corporation | Method and an apparatus for providing personalized service |
US7467212B2 (en) | 2000-12-28 | 2008-12-16 | Intel Corporation | Control of access control lists based on social networks |
US6671689B2 (en) | 2001-01-19 | 2003-12-30 | Ncr Corporation | Data warehouse portal |
US6947989B2 (en) | 2001-01-29 | 2005-09-20 | International Business Machines Corporation | System and method for provisioning resources to users based on policies, roles, organizational information, and attributes |
JP4955903B2 (ja) | 2001-02-02 | 2012-06-20 | オープンティブイ・インコーポレーテッド | インタラクティブ・テレビ・システムの管理方法およびそのためのコンピュータ読み取り可能媒体 |
US20020107913A1 (en) * | 2001-02-08 | 2002-08-08 | Rivera Gustavo R. | System and method for rendering documents in a user-familiar format |
US7136912B2 (en) | 2001-02-08 | 2006-11-14 | Solid Information Technology Oy | Method and system for data management |
KR100393273B1 (ko) | 2001-02-12 | 2003-07-31 | (주)폴리픽스 | 사설통신망 상의 온라인정보 교환시스템 및 그 교환방법 |
US6985915B2 (en) * | 2001-02-28 | 2006-01-10 | Kiran Somalwar | Application independent write monitoring method for fast backup and synchronization of files |
JP3702800B2 (ja) * | 2001-03-12 | 2005-10-05 | 日本電気株式会社 | 組織ポータルシステム |
US20030032409A1 (en) * | 2001-03-16 | 2003-02-13 | Hutcheson Stewart Douglas | Method and system for distributing content over a wireless communications system |
US6904454B2 (en) | 2001-03-21 | 2005-06-07 | Nokia Corporation | Method and apparatus for content repository with versioning and data modeling |
US20020135617A1 (en) | 2001-03-23 | 2002-09-26 | Backweb Technologies Ltd. | Proactive desktop portal |
US7062490B2 (en) | 2001-03-26 | 2006-06-13 | Microsoft Corporation | Serverless distributed file system |
US20020173971A1 (en) | 2001-03-28 | 2002-11-21 | Stirpe Paul Alan | System, method and application of ontology driven inferencing-based personalization systems |
US7080000B1 (en) * | 2001-03-30 | 2006-07-18 | Mcafee, Inc. | Method and system for bi-directional updating of antivirus database |
US20020152279A1 (en) | 2001-04-12 | 2002-10-17 | Sollenberger Deborah A. | Personalized intranet portal |
US7007244B2 (en) | 2001-04-20 | 2006-02-28 | Microsoft Corporation | Method and system for displaying categorized information on a user interface |
US7003578B2 (en) | 2001-04-26 | 2006-02-21 | Hewlett-Packard Development Company, L.P. | Method and system for controlling a policy-based network |
US7047522B1 (en) * | 2001-04-30 | 2006-05-16 | General Electric Capital Corporation | Method and system for verifying a computer program |
US20020161903A1 (en) | 2001-04-30 | 2002-10-31 | Besaw Lawrence M. | System for secure access to information provided by a web application |
US6970876B2 (en) | 2001-05-08 | 2005-11-29 | Solid Information Technology | Method and arrangement for the management of database schemas |
US20020169893A1 (en) | 2001-05-09 | 2002-11-14 | Li-Han Chen | System and method for computer data synchronization |
US8141144B2 (en) | 2001-05-10 | 2012-03-20 | Hewlett-Packard Development Company, L.P. | Security policy management for network devices |
ATE260487T1 (de) | 2001-05-17 | 2004-03-15 | Peter Pressmar | Virtuelle datenbank heterogener datenstrukturen |
JP2002342143A (ja) * | 2001-05-21 | 2002-11-29 | Nippon Telegr & Teleph Corp <Ntt> | アクセス制御システム及びその処理プログラムと記録媒体 |
US20020178119A1 (en) | 2001-05-24 | 2002-11-28 | International Business Machines Corporation | Method and system for a role-based access control model with active roles |
US7099885B2 (en) | 2001-05-25 | 2006-08-29 | Unicorn Solutions | Method and system for collaborative ontology modeling |
EP1397818B1 (en) * | 2001-06-08 | 2007-01-24 | University of Maine | Gating grid for use in particle beam measurement device and method of manufacturing said grid |
US7392546B2 (en) * | 2001-06-11 | 2008-06-24 | Bea Systems, Inc. | System and method for server security and entitlement processing |
US6970445B2 (en) | 2001-06-14 | 2005-11-29 | Flarion Technologies, Inc. | Methods and apparatus for supporting session signaling and mobility management in a communications system |
US6879972B2 (en) * | 2001-06-15 | 2005-04-12 | International Business Machines Corporation | Method for designing a knowledge portal |
US7546629B2 (en) | 2002-03-06 | 2009-06-09 | Check Point Software Technologies, Inc. | System and methodology for security policy arbitration |
US20040107360A1 (en) * | 2002-12-02 | 2004-06-03 | Zone Labs, Inc. | System and Methodology for Policy Enforcement |
US6873988B2 (en) | 2001-07-06 | 2005-03-29 | Check Point Software Technologies, Inc. | System and methods providing anti-virus cooperative enforcement |
US20030014442A1 (en) * | 2001-07-16 | 2003-01-16 | Shiigi Clyde K. | Web site application development method using object model for managing web-based content |
US6957261B2 (en) | 2001-07-17 | 2005-10-18 | Intel Corporation | Resource policy management using a centralized policy data structure |
CA2354443A1 (en) | 2001-07-31 | 2003-01-31 | Ibm Canada Limited-Ibm Canada Limitee | Method and system for visually constructing xml schemas using an object-oriented model |
US20040030746A1 (en) | 2001-08-13 | 2004-02-12 | Sathyanarayanan Kavacheri | Hierarchical client detection in a wireless portal server |
US20030033356A1 (en) | 2001-08-13 | 2003-02-13 | Luu Tran | Extensible client aware detection in a wireless portal system |
US7124192B2 (en) * | 2001-08-30 | 2006-10-17 | International Business Machines Corporation | Role-permission model for security policy administration and enforcement |
US6922695B2 (en) | 2001-09-06 | 2005-07-26 | Initiate Systems, Inc. | System and method for dynamically securing dynamic-multi-sourced persisted EJBS |
US20030146937A1 (en) * | 2001-09-11 | 2003-08-07 | Lee Seung Woo | Multi-level data management system |
ES2276960T3 (es) | 2001-09-12 | 2007-07-01 | Opentv, Inc. | Un metodo y un equipo que proporcionan una sala de chat para telespectadores de television interactiva no registrados. |
US7035944B2 (en) * | 2001-09-19 | 2006-04-25 | International Business Machines Corporation | Programmatic management of software resources in a content framework environment |
AU2002334721B2 (en) | 2001-09-28 | 2008-10-23 | Oracle International Corporation | An index structure to access hierarchical data in a relational database system |
US7765484B2 (en) | 2001-09-28 | 2010-07-27 | Aol Inc. | Passive personalization of lists |
US7134076B2 (en) * | 2001-10-04 | 2006-11-07 | International Business Machines Corporation | Method and apparatus for portable universal resource locator and coding across runtime environments |
US6854035B2 (en) * | 2001-10-05 | 2005-02-08 | International Business Machines Corporation | Storage area network methods and apparatus for display and management of a hierarchical file system extension policy |
US7552203B2 (en) | 2001-10-17 | 2009-06-23 | The Boeing Company | Manufacturing method and software product for optimizing information flow |
US7496645B2 (en) | 2001-10-18 | 2009-02-24 | Hewlett-Packard Development Company, L.P. | Deployment of business logic software and data content onto network servers |
US20030115292A1 (en) * | 2001-10-24 | 2003-06-19 | Griffin Philip B. | System and method for delegated administration |
US6918088B2 (en) * | 2001-11-05 | 2005-07-12 | Sun Microsystems, Inc. | Service portal with application framework for facilitating application and feature development |
US20030126464A1 (en) * | 2001-12-04 | 2003-07-03 | Mcdaniel Patrick D. | Method and system for determining and enforcing security policy in a communication session |
US7219140B2 (en) | 2001-12-05 | 2007-05-15 | Dennis Craig Marl | Configuration and management systems for mobile and embedded devices |
US7054910B1 (en) * | 2001-12-20 | 2006-05-30 | Emc Corporation | Data replication facility for distributed computing environments |
WO2003056449A2 (en) * | 2001-12-21 | 2003-07-10 | Xmlcities, Inc. | Extensible stylesheet designs using meta-tag and/or associated meta-tag information |
US7062511B1 (en) * | 2001-12-31 | 2006-06-13 | Oracle International Corporation | Method and system for portal web site generation |
US7035857B2 (en) * | 2002-01-04 | 2006-04-25 | Hewlett-Packard Development Company, L.P. | Method and apparatus for increasing the functionality and ease of use of lights out management in a directory enabled environment |
US7565367B2 (en) | 2002-01-15 | 2009-07-21 | Iac Search & Media, Inc. | Enhanced popularity ranking |
US20030167315A1 (en) | 2002-02-01 | 2003-09-04 | Softwerc Technologies, Inc. | Fast creation of custom internet portals using thin clients |
US7093283B1 (en) | 2002-02-15 | 2006-08-15 | Cisco Technology, Inc. | Method and apparatus for deploying configuration instructions to security devices in order to implement a security policy on a network |
US7146307B2 (en) | 2002-03-22 | 2006-12-05 | Sun Microsystems, Inc. | System and method for testing telematics software |
US20030187956A1 (en) | 2002-04-01 | 2003-10-02 | Stephen Belt | Method and apparatus for providing access control and content management services |
US7039923B2 (en) | 2002-04-19 | 2006-05-02 | Sun Microsystems, Inc. | Class dependency graph-based class loading and reloading |
AU2003214943A1 (en) * | 2002-05-03 | 2003-11-17 | Manugistics, Inc. | System and method for sharing information relating to supply chain transactions in multiple environments |
US20030216938A1 (en) | 2002-05-16 | 2003-11-20 | Shimon Shour | Intelligent health care knowledge exchange platform |
US20030220963A1 (en) | 2002-05-21 | 2003-11-27 | Eugene Golovinsky | System and method for converting data structures |
CA2486851A1 (en) * | 2002-05-22 | 2003-12-04 | Commnav, Inc. | Method and system for multiple virtual portals |
US20030220913A1 (en) | 2002-05-24 | 2003-11-27 | International Business Machines Corporation | Techniques for personalized and adaptive search services |
US6950825B2 (en) | 2002-05-30 | 2005-09-27 | International Business Machines Corporation | Fine grained role-based access to system resources |
US20030229501A1 (en) | 2002-06-03 | 2003-12-11 | Copeland Bruce Wayne | Systems and methods for efficient policy distribution |
US7302488B2 (en) | 2002-06-28 | 2007-11-27 | Microsoft Corporation | Parental controls customization and notification |
DE60214993T2 (de) | 2002-07-12 | 2007-04-05 | Alcatel | Firewall zur dynamischen Zugangsgewährung und -verweigerung auf Netzwerkressoursen |
US7461158B2 (en) | 2002-08-07 | 2008-12-02 | Intelliden, Inc. | System and method for controlling access rights to network resources |
US8631142B2 (en) * | 2002-08-07 | 2014-01-14 | International Business Machines Corporation | Inserting targeted content into a portlet content stream |
DE10237875A1 (de) | 2002-08-19 | 2004-03-04 | Siemens Ag | Vorrichtung, insbesondere Automatisierungsgerät, mit in Datei gespeicherter Dateiverzeichnisstruktur |
US7085755B2 (en) | 2002-11-07 | 2006-08-01 | Thomson Global Resources Ag | Electronic document repository management and access system |
US7254581B2 (en) | 2002-11-13 | 2007-08-07 | Jerry Johnson | System and method for creation and maintenance of a rich content or content-centric electronic catalog |
US20040098467A1 (en) * | 2002-11-15 | 2004-05-20 | Humanizing Technologies, Inc. | Methods and systems for implementing a customized life portal |
US20040098606A1 (en) * | 2002-11-18 | 2004-05-20 | International Business Machines Corporation | System, method and program product for operating a grid of service providers based on a service policy |
US7035879B2 (en) * | 2002-12-26 | 2006-04-25 | Hon Hai Precision Ind. Co., Ltd. | System and method for synchronizing data of wireless devices |
US7591000B2 (en) | 2003-02-14 | 2009-09-15 | Oracle International Corporation | System and method for hierarchical role-based entitlements |
US7653930B2 (en) | 2003-02-14 | 2010-01-26 | Bea Systems, Inc. | Method for role and resource policy management optimization |
US7627891B2 (en) | 2003-02-14 | 2009-12-01 | Preventsys, Inc. | Network audit and policy assurance system |
US8831966B2 (en) | 2003-02-14 | 2014-09-09 | Oracle International Corporation | Method for delegated administration |
US6917975B2 (en) | 2003-02-14 | 2005-07-12 | Bea Systems, Inc. | Method for role and resource policy management |
US20040167880A1 (en) | 2003-02-20 | 2004-08-26 | Bea Systems, Inc. | System and method for searching a virtual repository content |
US7562298B2 (en) | 2003-02-20 | 2009-07-14 | Bea Systems, Inc. | Virtual content repository browser |
US20040215650A1 (en) | 2003-04-09 | 2004-10-28 | Ullattil Shaji | Interfaces and methods for group policy management |
US20060085412A1 (en) | 2003-04-15 | 2006-04-20 | Johnson Sean A | System for managing multiple disparate content repositories and workflow systems |
US20040236760A1 (en) | 2003-05-22 | 2004-11-25 | International Business Machines Corporation | Systems and methods for extending a management console across applications |
US20050021502A1 (en) * | 2003-05-23 | 2005-01-27 | Benjamin Chen | Data federation methods and system |
US7257835B2 (en) | 2003-05-28 | 2007-08-14 | Microsoft Corporation | Securely authorizing the performance of actions |
US7076735B2 (en) | 2003-07-21 | 2006-07-11 | Landmark Graphics Corporation | System and method for network transmission of graphical data through a distributed application |
US20050050184A1 (en) | 2003-08-29 | 2005-03-03 | International Business Machines Corporation | Method, system, and storage medium for providing life-cycle management of grid services |
US7552109B2 (en) * | 2003-10-15 | 2009-06-23 | International Business Machines Corporation | System, method, and service for collaborative focused crawling of documents on a network |
US20050188295A1 (en) | 2004-02-25 | 2005-08-25 | Loren Konkus | Systems and methods for an extensible administration tool |
US20050198617A1 (en) | 2004-03-04 | 2005-09-08 | Vivcom, Inc. | Graphically browsing schema documents described by XML schema |
JP4196293B2 (ja) * | 2004-08-02 | 2008-12-17 | Smc株式会社 | 真空調圧用バルブ |
US7512966B2 (en) | 2004-10-14 | 2009-03-31 | International Business Machines Corporation | System and method for visually rendering resource policy usage information |
US7490349B2 (en) | 2005-04-01 | 2009-02-10 | International Business Machines Corporation | System and method of enforcing hierarchical management policy |
US20060277594A1 (en) | 2005-06-02 | 2006-12-07 | International Business Machines Corporation | Policy implementation delegation |
US7953734B2 (en) * | 2005-09-26 | 2011-05-31 | Oracle International Corporation | System and method for providing SPI extensions for content management system |
US7836489B2 (en) | 2006-06-15 | 2010-11-16 | Microsoft Corporation | Selecting policy for compatible communication |
-
2003
- 2003-02-14 US US10/367,177 patent/US7591000B2/en active Active
-
2004
- 2004-02-12 AU AU2004214449A patent/AU2004214449A1/en not_active Abandoned
- 2004-02-12 CN CNA2004800098678A patent/CN1842785A/zh active Pending
- 2004-02-12 WO PCT/US2004/004078 patent/WO2004074993A2/en active Application Filing
- 2004-02-12 JP JP2006503515A patent/JP4787149B2/ja not_active Expired - Lifetime
- 2004-02-12 EP EP04710599.4A patent/EP1593024B1/en not_active Expired - Lifetime
-
2009
- 2009-08-05 US US12/536,183 patent/US7992189B2/en not_active Expired - Lifetime
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101951377A (zh) * | 2010-09-21 | 2011-01-19 | 用友软件股份有限公司 | 分层授权管理方法和装置 |
CN105051749A (zh) * | 2013-03-15 | 2015-11-11 | 瑞典爱立信有限公司 | 基于策略的数据保护 |
CN105224678A (zh) * | 2015-10-19 | 2016-01-06 | 浪潮软件集团有限公司 | 一种电子文档管理的方法及装置 |
CN105224678B (zh) * | 2015-10-19 | 2018-08-21 | 浪潮软件集团有限公司 | 一种电子文档管理的方法及装置 |
CN106326760A (zh) * | 2016-08-31 | 2017-01-11 | 清华大学 | 一种用于数据分析的访问控制规则描述方法 |
CN106326760B (zh) * | 2016-08-31 | 2019-03-15 | 清华大学 | 一种用于数据分析的访问控制规则描述方法 |
CN106446666A (zh) * | 2016-09-18 | 2017-02-22 | 珠海格力电器股份有限公司 | 一种权限配置方法及装置 |
CN106446666B (zh) * | 2016-09-18 | 2019-03-08 | 珠海格力电器股份有限公司 | 一种权限配置方法及装置 |
US11275823B2 (en) | 2016-09-18 | 2022-03-15 | Gree Electric Appliances, Inc. Of Zhuhai | Authority configuration method and device |
CN112036774A (zh) * | 2020-10-09 | 2020-12-04 | 北京嘀嘀无限科技发展有限公司 | 服务策略的评估方法、装置、设备及存储介质 |
Also Published As
Publication number | Publication date |
---|---|
EP1593024A4 (en) | 2011-08-24 |
US20040162906A1 (en) | 2004-08-19 |
JP2007524884A (ja) | 2007-08-30 |
US7591000B2 (en) | 2009-09-15 |
EP1593024A2 (en) | 2005-11-09 |
US7992189B2 (en) | 2011-08-02 |
EP1593024B1 (en) | 2018-11-07 |
US20100037290A1 (en) | 2010-02-11 |
WO2004074993A3 (en) | 2006-04-13 |
AU2004214449A1 (en) | 2004-09-02 |
WO2004074993A2 (en) | 2004-09-02 |
JP4787149B2 (ja) | 2011-10-05 |
AU2004214449A2 (en) | 2004-09-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN1842785A (zh) | 用于基于分层角色的权限的系统和方法 | |
US7809749B2 (en) | High run-time performance system | |
US7653930B2 (en) | Method for role and resource policy management optimization | |
US6917975B2 (en) | Method for role and resource policy management | |
CN1257440C (zh) | 带有活动角色的基于角色的访问控制模型的方法和系统 | |
US9455990B2 (en) | System and method for role based access control in a content management system | |
US6654745B2 (en) | System and method for control of access to resources | |
CN100430951C (zh) | 向用户/组授予访问控制列表所有权的访问控制系统和方法 | |
US7836078B2 (en) | Techniques for managing access to physical data via a data abstraction model | |
US7774601B2 (en) | Method for delegated administration | |
US8831966B2 (en) | Method for delegated administration | |
JP2002312220A (ja) | ユーザ定義機能を使用したセルレベルのデータアクセス制御 | |
CN100351791C (zh) | 控制对由应用程序限定的专用操作的执行的方法 | |
Farooqi et al. | Developing a dynamic trust based access control model for xml databases | |
Kim et al. | Context data abstraction framework using RDF | |
He | A role based XML security control | |
Paton et al. | Security in database systems: state of the art | |
Rahayu et al. | A Case Study of Using an Object-Relational Paradigm in Building a Web Database Application | |
Rahman et al. | Faculty of computer science and information systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20061004 |