公开(公告)号：US08353005B2

公开(公告)日：2013-01-08

申请号：US12163791

申请日：2008-06-27

申请人： Jack Kabat ,  Vadim Meleshuk ,  Jasjeet Gill ,  Alexander T. Weinert

发明人： Jack Kabat ,  Vadim Meleshuk ,  Jasjeet Gill ,  Alexander T. Weinert

IPC分类号： G06F17/00 ,  G06F7/04 ,  G06F17/30 ,  G06F7/00 ,  H04L29/06

CPC分类号： G06F21/604 ,  G06F21/6218

摘要： Defining a unified access management policy expression that unifies access control policy with events or workflows. Unified management policy information is stored. The unified management policy information defines permissions for access to resources together with events or workflows. A request is received to execute the one or more operations on one or more objects. The requested operation is verified against the unified management rules. Verifying includes performing a single retrieval, retrieving both the access control information and the events or workflows and calculating the applicability of the rule to the conditions represented by the request. Matching rules are applied, access control decisions performed and associated workflows are executed.

摘要翻译： 定义将访问控制策略与事件或工作流统一的统一访问管理策略表达式。 存储统一的管理策略信息。 统一的管理策略信息定义了访问资源以及事件或工作流的权限。 接收到请求以对一个或多个对象执行一个或多个操作。 所要求的操作根据统一管理规则进行验证。 验证包括执行单个检索，检索访问控制信息和事件或工作流程，并计算规则对请求所表示的条件的适用性。 应用匹配规则，执行访问控制决策和相关工作流程。

公开(公告)号：US20090222882A1

公开(公告)日：2009-09-03

申请号：US12163791

申请日：2008-06-27

申请人： Jack Kabat ,  Vadim Meleshuk ,  Jasjeet Gill ,  Alexander T. Weinert

发明人： Jack Kabat ,  Vadim Meleshuk ,  Jasjeet Gill ,  Alexander T. Weinert

IPC分类号： H04L9/00

CPC分类号： G06F21/604 ,  G06F21/6218

摘要： Defining a unified access management policy expression that unifies access control policy with events or workflows. Unified management policy information is stored. The unified management policy information defines permissions for access to resources together with events or workflows. A request is received to execute the one or more operations on one or more objects. The requested operation is verified against the unified management rules. Verifying includes performing a single retrieval, retrieving both the access control information and the events or workflows and calculating the applicability of the rule to the conditions represented by the request. Matching rules are applied, access control decisions performed and associated workflows are executed.

摘要翻译： 定义将访问控制策略与事件或工作流统一的统一访问管理策略表达式。 存储统一的管理策略信息。 统一的管理策略信息定义了访问资源以及事件或工作流的权限。 接收到请求以对一个或多个对象执行一个或多个操作。 所要求的操作根据统一管理规则进行验证。 验证包括执行单个检索，检索访问控制信息和事件或工作流程，并计算规则对请求所表示的条件的适用性。 应用匹配规则，执行访问控制决策和相关工作流程。

公开(公告)号：US20090222881A1

公开(公告)日：2009-09-03

申请号：US12163782

申请日：2008-06-27

申请人： Jack Kabat ,  Vadim Meleshuk ,  Alexander T. Weinert

发明人： Jack Kabat ,  Vadim Meleshuk ,  Alexander T. Weinert

IPC分类号： G06F21/00

CPC分类号： G06F21/604 ,  G06F21/6218

摘要： Enforcing access control based on resource state. A method includes receiving a request for an operation on one or more objects stored on computer readable media. One or more pre-operation states of the one or more objects are determined. One or more post-operation states of the one or more objects are determined. One or more access control rules are referenced. The access control rules control access to resources based on pre-operation state and post operation state. It can then be determined that the one or more access control rules allow the operation to succeed based on the one or more pre-operation states and the one or more post operation states. Based on determining that the one or more access control rules allow the operation to succeed, the operation is allowed to succeed.

摘要翻译： 基于资源状态执行访问控制。 一种方法包括在存储在计算机可读介质上的一个或多个对象上接收对操作的请求。 确定一个或多个对象的一个​​或多个预操作状态。 确定一个或多个对象的一个​​或多个后操作状态。 引用一个或多个访问控制规则。 访问控制规则基于操作前状态和后操作状态来控制对资源的访问。 然后可以确定一个或多个访问控制规则基于一个或多个预操作状态和一个或多个后操作状态来允许操作成功。 基于确定一个或多个访问控制规则允许操作成功，允许操作成功。

公开(公告)号：US08196187B2

公开(公告)日：2012-06-05

申请号：US12163782

申请日：2008-06-27

申请人： Jack Kabat ,  Vadim Meleshuk ,  Alexander T. Weinert

发明人： Jack Kabat ,  Vadim Meleshuk ,  Alexander T. Weinert

IPC分类号： G06F21/00

CPC分类号： G06F21/604 ,  G06F21/6218

摘要： Enforcing access control based on resource state. A method includes receiving a request for an operation on one or more objects stored on computer readable media. One or more pre-operation states of the one or more objects are determined. One or more post-operation states of the one or more objects are determined. One or more access control rules are referenced. The access control rules control access to resources based on pre-operation state and post operation state. It can then be determined that the one or more access control rules allow the operation to succeed based on the one or more pre-operation states and the one or more post operation states. Based on determining that the one or more access control rules allow the operation to succeed, the operation is allowed to succeed.

摘要翻译： 基于资源状态执行访问控制。 一种方法包括在存储在计算机可读介质上的一个或多个对象上接收对操作的请求。 确定一个或多个对象的一个​​或多个预操作状态。 确定一个或多个对象的一个​​或多个后操作状态。 引用一个或多个访问控制规则。 访问控制规则基于操作前状态和后操作状态来控制对资源的访问。 然后可以确定一个或多个访问控制规则基于一个或多个预操作状态和一个或多个后操作状态来允许操作成功。 基于确定一个或多个访问控制规则允许操作成功，允许操作成功。

公开(公告)号：US07979896B2

公开(公告)日：2011-07-12

申请号：US12024896

申请日：2008-02-01

申请人： Craig V. McMurtry ,  Alexander T. Weinert ,  Vadim Meleshuk ,  Mark E. Gabarra

发明人： Craig V. McMurtry ,  Alexander T. Weinert ,  Vadim Meleshuk ,  Mark E. Gabarra

IPC分类号： H04L29/06

CPC分类号： G06F21/335 ,  G06F21/6227 ,  G06F2221/2141

摘要： A web service includes a protected resource. A requester requests access to the protected resource by sending a request to the web service. The web service prevents access to the web service until the request has been authorized by an authorizer. After the request has been authorized by the authorizer, the web service allows the requester to access the protected resource.

摘要翻译： Web服务包括受保护的资源。 请求者通过向Web服务发送请求来请求对受保护资源的访问。 网络服务防止访问Web服务，直到请求被授权者授权为止。 在请求被授权者授权之后，Web服务允许请求者访问受保护的资源。

公开(公告)号：US20080263652A1

公开(公告)日：2008-10-23

申请号：US12024901

申请日：2008-02-01

申请人： Craig V. McMurtry ,  Alexander T. Weinert ,  Vadim Meleshuk ,  Mark E. Gabarra

发明人： Craig V. McMurtry ,  Alexander T. Weinert ,  Vadim Meleshuk ,  Mark E. Gabarra

IPC分类号： H04L9/32

CPC分类号： H04L63/083 ,  G06F21/32 ,  G06F21/335 ,  G06F21/40 ,  G06F21/602 ,  H04L63/06 ,  H04L63/08 ,  H04L63/0861 ,  H04L63/0869 ,  H04L63/10

摘要： Requests for access to Web service resources are evaluated based on the type of request that is received. Requests are not granted unless sufficient proof of authentication is provided to grant that request. An authentication service evaluates one or more factors to determine whether or not to authenticate the client. After being authenticated by the authentication service, proof of authentication is provided to the Web service, which grants access to the Web service resource.

摘要翻译： 根据收到的请求类型，对Web服务资源的访问请求进行评估。 除非提供足够的验证证明以授予该请求，否则不会授予请求。 认证服务评估一个或多个因素以确定是否验证客户端。 认证服务认证后，向Web服务提供认证证明，授权对Web服务资源的访问。

公开(公告)号：US20080263638A1

公开(公告)日：2008-10-23

申请号：US12024896

申请日：2008-02-01

申请人： Craig V. McMurtry ,  Alexander T. Weinert ,  Vadim Meleshuk ,  Mark E. Gabarra

发明人： Craig V. McMurtry ,  Alexander T. Weinert ,  Vadim Meleshuk ,  Mark E. Gabarra

IPC分类号： G06F21/00

CPC分类号： G06F21/335 ,  G06F21/6227 ,  G06F2221/2141

摘要： A web service includes a protected resource. A requester requests access to the protected resource by sending a request to the web service. The web service prevents access to the web service until the request has been authorized by an authorizer. After the request has been authorized by the authorizer, the web service allows the requester to access the protected resource.

摘要翻译： Web服务包括受保护的资源。 请求者通过向Web服务发送请求来请求对受保护资源的访问。 网络服务防止访问Web服务，直到请求被授权者授权为止。 在请求被授权者授权之后，Web服务允许请求者访问受保护的资源。

公开(公告)号：US08656472B2

公开(公告)日：2014-02-18

申请号：US12024901

申请日：2008-02-01

申请人： Craig V. McMurtry ,  Alexander T. Weinert ,  Vadim Meleshuk ,  Mark E. Gabarra

发明人： Craig V. McMurtry ,  Alexander T. Weinert ,  Vadim Meleshuk ,  Mark E. Gabarra

IPC分类号： H04L29/06

CPC分类号： H04L63/083 ,  G06F21/32 ,  G06F21/335 ,  G06F21/40 ,  G06F21/602 ,  H04L63/06 ,  H04L63/08 ,  H04L63/0861 ,  H04L63/0869 ,  H04L63/10

摘要： Requests for access to Web service resources are evaluated based on the type of request that is received. Requests are not granted unless sufficient proof of authentication is provided to grant that request. An authentication service evaluates one or more factors to determine whether or not to authenticate the client. After being authenticated by the authentication service, proof of authentication is provided to the Web service, which grants access to the Web service resource.

摘要翻译： 根据收到的请求类型，对Web服务资源的访问请求进行评估。 除非提供足够的验证证明以授予该请求，否则不会授予请求。 认证服务评估一个或多个因素以确定是否验证客户端。 认证服务认证后，向Web服务提供认证证明，授权对Web服务资源的访问。

公开(公告)号：US20080178195A1

公开(公告)日：2008-07-24

申请号：US11626144

申请日：2007-01-23

申请人： Laurence Melloul ,  Alexander T. Weinert

发明人： Laurence Melloul ,  Alexander T. Weinert

IPC分类号： G06F9/44

CPC分类号： G06F9/542

摘要： Several embodiments disclosed herein are directed to methods, computer program products, and systems configured to track operation dependencies. For example, in one embodiment, at a first entity, a first identifier corresponding to a first operation is accessed. For a second operation occurring as a result of the first operation, a second identifier is generated. A directed event including the first and second identifiers is emitted. The directed event is logged. The second identifier is sent to a second entity. An operation call for the second operation is also sent to the second entity. The second identifier is made available at the second entity for use in creating directed events for subsequent operations occurring as a result of the second operation.

摘要翻译： 本文公开的若干实施例涉及被配置为跟踪操作依赖性的方法，计算机程序产品和系统。 例如，在一个实施例中，在第一实体处，访问对应于第一操作的第一标识符。 对于作为第一操作的结果而发生的第二操作，生成第二标识符。 发射包括第一和第二标识符的定向事件。 定向事件被记录。 第二个标识符被发送到第二个实体。 第二个操作的操作调用也被发送到第二个实体。 第二标识符在第二实体可用，用于创建用于作为第二操作的结果的后续操作的定向事件。

公开(公告)号：US07136859B2

公开(公告)日：2006-11-14

申请号：US10003753

申请日：2001-10-22

申请人： Mark Lucovsky ,  Shaun D. Pierce ,  Alexander T. Weinert ,  Michael G. Burner ,  Richard B. Ward ,  Paul J. Leach ,  George M. Moore ,  Arthur Zwiegincew ,  Robert M. Hyman ,  Jonathan D. Pincus ,  Daniel R. Simon

发明人： Mark Lucovsky ,  Shaun D. Pierce ,  Alexander T. Weinert ,  Michael G. Burner ,  Richard B. Ward ,  Paul J. Leach ,  George M. Moore ,  Arthur Zwiegincew ,  Robert M. Hyman ,  Jonathan D. Pincus ,  Daniel R. Simon

IPC分类号： G06F7/00 ,  G06F17/30

CPC分类号： H04L67/16 ,  G06F17/3061 ,  G06F17/30908 ,  G06F21/6218 ,  G06F21/6227 ,  G06F21/6245 ,  G06Q10/109 ,  H04L12/1859 ,  H04L12/1863 ,  H04L29/06 ,  H04L63/101 ,  H04L67/02 ,  H04L67/28 ,  H04L67/2819 ,  H04L67/303 ,  H04L67/306 ,  H04L67/325 ,  H04L67/40 ,  H04L67/42 ,  H04L69/329 ,  Y10S707/99944

摘要： Directly operating on data structures in a generic manner regardless of the type of data structure being operated upon and without requiring dedicated executable code for manipulating data structures of the particular data type. A common set of commands (e.g., insert, delete, replace, update, query) are recognized that may be used to operate on data structures of a number of different data types. A navigation module accesses a request to execute one of the common command methods on at least an identified portion of an identified data structure. Then, the navigation module accesses a navigation assistance module to access a set of rules associated with the particular data type, the set of rules allowing the navigation module to find the portion of the data structure that is to be operated on. If appropriate, the command operation is then executed on the identified portion of the data structure.