公开(公告)号：US20070153814A1

公开(公告)日：2007-07-05

申请号：US11322846

申请日：2005-12-30

申请人： William P. Canning ,  David R. Mowers ,  Geeman Yip ,  Cezar Ungureanasu

发明人： William P. Canning ,  David R. Mowers ,  Geeman Yip ,  Cezar Ungureanasu

IPC分类号： H04L12/56

CPC分类号： H04L63/10 ,  H04L63/20

摘要： A permission information system and method are provided. The system facilitates management of permissions across a wide variety of systems and applications in a network environment. The system includes a data store which is a central repository that maintains permissions (e.g., in a user readable format). The permissions can, optionally, be translated into a format that is useable by endpoint system(s).The system further includes a metadirectory component which notices change(s) that are created in the data store and sends the security information to the endpoint system(s). The new security policy can then installed and enforced on the endpoint systems. The system can thus employ the capabilities of a metadirectory to distribute security policy(ies) to these end-point systems. The system can, optionally, include one or more translator(s) which transform the user readable format into a format that is consumable by the endpoint system(s).

摘要翻译： 提供了许可信息系统和方法。 该系统便于管理网络环境中各种系统和应用程序的权限。 该系统包括数据存储器，其是维护许可（例如，以用户可读格式）的中央存储库。 可以选择地将权限转换为可由端点系统使用的格式。 系统还包括元目录组件，其识别在数据存储中创建的变化并将安全信息发送到端点系统。 然后可以在端点系统上安装和实施新的安全策略。 因此，系统可以采用元目录的功能来将安全策略分发给这些端点系统。 系统可以可选地包括一个或多个转换器，其将用户可读格式转换成端点系统可消耗的格式。

公开(公告)号：US20100100953A1

公开(公告)日：2010-04-22

申请号：US12647327

申请日：2009-12-24

申请人： David R. Mowers ,  John Banes ,  Daniel R. Simon ,  Paul J. Leach

发明人： David R. Mowers ,  John Banes ,  Daniel R. Simon ,  Paul J. Leach

IPC分类号： H04L9/32 ,  H04L9/00

CPC分类号： H04L63/08 ,  H04L63/0442 ,  H04L63/0807 ,  H04L63/0869 ,  H04L63/10 ,  H04L63/12 ,  H04L63/166 ,  H04L67/42

摘要： This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.

摘要翻译： 本公开通常涉及客户端认证。 本公开的一个方面涉及一种用于向第一认证上下文的域控制器（DC）呈现证据的第一服务器，该第一认证上下文从客户端提交到第一服务器以获得可委托的证书，其中该凭证可用于请求第二认证上下文 认证上下文从该客户端到第二个服务器。 另一方面涉及第一台服务器向DC提供证据。 证据涉及从客户端向第一服务器提交的第一个身份验证上下文，它获取了一个可委托凭证。 通过与凭证组合使用以从客户端请求第二认证上下文到第二服务器。