-
公开(公告)号:US20100306824A1
公开(公告)日:2010-12-02
申请号:US12472885
申请日:2009-05-27
申请人: Daniel C. Gurney , Carol A. Jones , Anthony J. Nadalin , Nataraj Nagaratnam , John J. Rawls , Robert L. Yates , Alfred Zollar
发明人: Daniel C. Gurney , Carol A. Jones , Anthony J. Nadalin , Nataraj Nagaratnam , John J. Rawls , Robert L. Yates , Alfred Zollar
CPC分类号: G06F21/6245 , G06Q10/109 , G06Q10/1093 , H04L9/321
摘要: In some embodiments, a system includes a database of trust information that internalizes security and trust relationships between a first entity and a second entity in regards to scheduling, and a central trust manager operable to determine from the database of trust information whether a trust relationship exists between a first organization and a second organization, the central trust manager also being operable to provide availability information of a user of the first organization to a second user of the second organization, the central trust manager also being operable to determine whether the second user of the second organization is granted access to requested calendar data and the central trust manager also being operable to provide the requested calendar data.
摘要翻译: 在一些实施例中,系统包括内部化关于调度的第一实体和第二实体之间的安全性和信任关系的信任信息数据库,以及可操作以从数据库确定信任信息是否存在信任关系的中央信任管理器 在第一组织和第二组织之间,中央信任管理器还可操作以向第二组织的第二用户提供第一组织的用户的可用性信息,中央信任管理器还可操作以确定第二组织的第二用户是否 允许第二组织访问所请求的日历数据,并且中央信任管理器也可操作以提供所请求的日历数据。
-
12.发明申请DATABASE AUTHORIZATION RULES AND COMPONENT LOGIC AUTHORIZATION RULES AGGREGATION 有权数据库授权规则和组件逻辑授权规则聚合公开(公告)号:US20090064272A1
公开(公告)日:2009-03-05
申请号:US11848405
申请日:2007-08-31
申请人: German S. Goldszmidt , Dah-Haur H. Lin , Anthony J. Nadalin , Nataraj Nagaratnam , Indrajit Poddar
发明人: German S. Goldszmidt , Dah-Haur H. Lin , Anthony J. Nadalin , Nataraj Nagaratnam , Indrajit Poddar
IPC分类号: G06F17/00
CPC分类号: H04L63/105 , G06F21/6227
摘要: Embodiments of the present invention provide a method, system and computer program product for aggregating database and component logic authorization rules in a multi-tier application. In an embodiment of the invention, a method for aggregating database and component logic authorization rules in a multi-tier application system can include aggregating role-based authorization rules for both a persistence layer and a logic layer of a multi-tier application in a unified policy, distributing the unified policy to both the persistence layer and the logic layer of the multi-tier application, transforming the unified policy into respectively a set of role based permissions for the persistence layer and a set of role based permissions for the logic layer, and applying the set of role based permissions for the persistence layer in the persistence layer, and the set of role based permissions for the logic layer in the logic layer of the multi-tier application.
摘要翻译: 本发明的实施例提供了一种在多层应用中聚合数据库和组件逻辑授权规则的方法,系统和计算机程序产品。 在本发明的一个实施例中,用于在多层应用系统中聚合数据库和组件逻辑授权规则的方法可以包括为统一的多层应用的持久层和逻辑层聚合基于角色的授权规则 策略,将统一策略分发到多层应用的持久层和逻辑层,将统一策略分为一组基于角色的持久层权限和逻辑层的一组基于角色的权限, 并在持久层中为持久层应用一组基于角色的权限,以及在多层应用程序的逻辑层中逻辑层的基于角色的权限集合。
-
公开(公告)号:US10984457B2
公开(公告)日:2021-04-20
申请号:US11849210
申请日:2007-08-31
摘要: Embodiments of the present invention address deficiencies of the art in respect to privacy data management and provide a novel and non-obvious method, system and computer program product for trusted statement verification for data privacy. In one embodiment of the invention, a method for trusted statement verification for data privacy can be provided. The method can include deducing a claim from an attribute for personal data for an end user, receiving a request from a personal data consumer to vouch for an assertion based upon the attribute, comparing the assertion to the claim, and providing a voucher for the assertion to the personal data consumer on behalf of the end user if the claim supports the assertion without revealing the attribute to the personal data consumer.
-
14.发明授权Method and system for detecting movement of a signed element in a structured document 有权用于检测结构化文档中有符号元素的移动的方法和系统公开(公告)号:US09292619B2
公开(公告)日:2016-03-22
申请号:US11427408
申请日:2006-06-29
CPC分类号: G06F17/30908 , G06F21/64
摘要: A sending entity creates a structured document and communicates it to a receiving entity includes a transform to ensure document elements are not moved during communication. The structured document comprises a root element and a set of child elements. A child element is protected by a digital signature, prior to being positioned within the document. This element includes a sending entity security policy. The receiving entity includes a transform that determines whether the signed element is in a given position within the received document. The transform evaluates the data string against a set of ancestor elements of the signed element to determine whether the signed element is in the given position. If so, the transform preferably outputs the signed element itself. If the transform determines that the signed element has been moved, however, preferably it outputs a given value other than the signed element.
摘要翻译: 发送实体创建结构化文档并将其传送到接收实体包括转换以确保文档元素在通信期间不被移动。 结构化文档包括根元素和一组子元素。 子元素在被放置在文档中之前被数字签名保护。 该元素包括发送实体安全策略。 接收实体包括一个变换,该变换确定有符号元素是否在接收的文档内的给定位置。 该变换根据有符号元素的一组祖先元素来评估数据字符串,以确定有符号元素是否在给定的位置。 如果是,变换优选地输出有符号元素本身。 然而,如果变换确定有符号元素已被移动,则优选地,它输出除了带符号元素之外的给定值。
-
公开(公告)号:US08683545B2
公开(公告)日:2014-03-25
申请号:US12192769
申请日:2008-08-15
IPC分类号: G06F21/00
CPC分类号: H04L63/102 , H04L63/20
摘要: One aspect of the present invention can include a system, a method, a computer program product and an apparatus for federating policies from multiple policy providers. The aspect can identify a set of distinct policy providers, each maintaining at least one policy related to a service or a resource. A federated policy exchange service can be established that has a policy provider plug-in for each of the distinct policy providers. The federated policy exchange service can receive requests for policies from a set of policy requesters. Each request can include a resource_id or a service_id used to uniquely identify the service or resource. The federated policy exchange service can dynamically connect to a set of the policy providers to determine policies applicable to each request. For each request, results from the policy providers can be received and processed to generate a response. The federated policy exchange service can provide the response to each policy requestor responsive in response to each response.
摘要翻译: 本发明的一个方面可以包括系统,方法,计算机程序产品和用于从多个策略提供者联合策略的装置。 该方面可以识别一组不同的策略提供者,每个策略提供者保持至少一个与服务或资源相关的策略。 可以建立联合的策略交换服务,其具有针对每个不同策略提供者的策略提供者插件。 联合策略交换服务可以从一组策略请求者接收到策略请求。 每个请求可以包括用于唯一标识服务或资源的resource_id或service_id。 联合策略交换服务可以动态地连接到一组策略提供者,以确定适用于每个请求的策略。 对于每个请求,可以接收和处理策略提供者的结果以产生响应。 联合策略交换服务可以响应于每个响应来响应每个策略请求者。
-
公开(公告)号:US20120167173A1
公开(公告)日:2012-06-28
申请号:US13414736
申请日:2012-03-08
IPC分类号: G06F21/00
CPC分类号: H04L63/0428 , G06F21/6209 , H04L63/126
摘要: Techniques are disclosed for achieving context-sensitive confidentiality within a federated environment for which content is aggregated in a distributed Web portal (or similar aggregation framework), ensuring that message portions that should be confidential are confidential to all entities in the federated environment except those entities to which the message portions may properly be divulged. The federation may comprise an arbitrary number of autonomous security domains, and these security domains may have independent trust models and authentication services. Using the disclosed techniques, messages can be routed securely within a cross-domain federation (irrespective of routing paths), thereby ensuring that confidential information is not exposed to unintended third parties and that critical information is not tampered with while in transit between security domains. Preferred embodiments leverage Web services techniques and a number of industry standards.
摘要翻译: 披露技术用于在分布式Web门户(或类似的聚合框架)内聚合内容的联合环境中实现上下文敏感的机密性,确保应该保密的消息部分对于联合环境中除实体之外的所有实体是机密的 消息部分可以正确地泄露给消息部分。 联盟可以包括任意数量的自治安全域,并且这些安全域可以具有独立的信任模型和认证服务。 使用所公开的技术,可以在跨域联合(不管路由路径)内安全地路由消息,从而确保机密信息不会暴露给无意的第三方,并且关键信息在安全域之间传输时不被篡改。 优选实施例利用Web服务技术和许多行业标准。
-
17.发明申请DECLARATIVE INSTANCE BASED ACCESS CONTROL FOR APPLICATION RESOURCES WITH PERSISTED ATTRIBUTES AND STATE 有权具有相关属性和状态的应用资源的基于事件的基于实例的访问控制公开(公告)号:US20090183184A1
公开(公告)日:2009-07-16
申请号:US12013867
申请日:2008-01-14
IPC分类号: G06F9/54
CPC分类号: G06F9/4435 , G06F9/4493
摘要: Embodiments of the present invention provide a method, system and computer program product for declarative instance based access control for persistent application resources in a multi-tier application. In one embodiment of the invention, a method for instance based access control in a persistent application resource can be provided. The method can include creating one or more instances of an persistent application resource for a particular user or based on attributes of the user, coupling the instance(s) of the persistent application resource to a database implementing row-level access control, initializing access to the database according to a role or attribute for the particular user, and accessing a restricted set of data in the database through the instance(s) of the persistent application resource.
摘要翻译: 本发明的实施例提供了一种用于在多层应用中用于持久应用资源的基于声明性实例的访问控制的方法,系统和计算机程序产品。 在本发明的一个实施例中,可以提供用于持久应用资源中的基于实例的访问控制的方法。 该方法可以包括为特定用户创建持久性应用资源的一个或多个实例,或者基于用户的属性,将持久应用资源的实例耦合到实现行级访问控制的数据库,初始化对 数据库根据特定用户的角色或属性,以及通过持久性应用程序资源的实例访问数据库中受限制的一组数据。
-
公开(公告)号:US20090063289A1
公开(公告)日:2009-03-05
申请号:US11849210
申请日:2007-08-31
CPC分类号: G06Q30/06 , G06Q30/0601
摘要: Embodiments of the present invention address deficiencies of the art in respect to privacy data management and provide a novel and non-obvious method, system and computer program product for trusted statement verification for data privacy. In one embodiment of the invention, a method for trusted statement verification for data privacy can be provided. The method can include deducing a claim from an attribute for personal data for an end user, receiving a request from a personal data consumer to vouch for an assertion based upon the attribute, comparing the assertion to the claim, and providing a voucher for the assertion to the personal data consumer on behalf of the end user if the claim supports the assertion without revealing the attribute to the personal data consumer.
摘要翻译: 本发明的实施例解决了隐私数据管理方面的技术缺陷,并提供了一种用于数据隐私的可信语句验证的新颖且非显而易见的方法,系统和计算机程序产品。 在本发明的一个实施例中,可以提供用于数据隐私的可信语句验证的方法。 该方法可以包括从用于最终用户的个人数据的属性中推定权利要求,接收来自个人数据消费者的请求,以基于该属性来证明断言,将该断言与权利要求进行比较,以及为该断言提供凭证 如果索赔支持声明而不向个人数据消费者显示属性,则代表最终用户向个人数据消费者发送。
-
公开(公告)号:US07735117B2
公开(公告)日:2010-06-08
申请号:US12172229
申请日:2008-07-12
IPC分类号: G06F7/04 , H04K1/00 , G06F15/173
CPC分类号: H04L63/0428 , G06F21/6209 , H04L63/126
摘要: Techniques are disclosed for achieving context-sensitive confidentiality within a federated environment for which content is aggregated in a distributed Web portal (or similar aggregation framework), ensuring that message portions that should be confidential are confidential to all entities in the federated environment except those entities to which the message portions may properly be divulged. The federation may comprise an arbitrary number of autonomous security domains, and these security domains may have independent trust models and authentication services. Using the disclosed techniques, messages can be routed securely within a cross-domain federation (irrespective of routing paths), thereby ensuring that confidential information is not exposed to unintended third parties and that critical information is not tampered with while in transit between security domains. Preferred embodiments leverage Web services techniques and a number of industry standards.
摘要翻译: 披露技术用于在分布式Web门户(或类似的聚合框架)内聚合内容的联合环境中实现上下文敏感的机密性,确保应该保密的消息部分对于联合环境中除实体之外的所有实体是机密的 消息部分可以正确地泄露给消息部分。 联盟可以包括任意数量的自治安全域,并且这些安全域可以具有独立的信任模型和认证服务。 使用所公开的技术,可以在跨域联合(不管路由路径)内安全地路由消息,从而确保机密信息不会暴露给无意的第三方,并且关键信息在安全域之间传输时不被篡改。 优选实施例利用Web服务技术和许多行业标准。
-
20.发明授权Role-based access control management for multiple heterogeneous application components 失效基于角色的多个异构应用程序组件的访问控制管理公开(公告)号:US07676831B2
公开(公告)日:2010-03-09
申请号:US11221630
申请日:2005-09-08
申请人: Kathryn H. Britton , Dieter Buehler , Ching-Yun Chao , Timothy J. Hahn , Anthony J. Nadalin , Nataraj Nagaratnam , Yi-Hsiu Wei , ChunHui Yang
发明人: Kathryn H. Britton , Dieter Buehler , Ching-Yun Chao , Timothy J. Hahn , Anthony J. Nadalin , Nataraj Nagaratnam , Yi-Hsiu Wei , ChunHui Yang
CPC分类号: G06F21/6236
摘要: Embodiments of the present invention address deficiencies of the art in respect to access control and provide a method, system and computer program product for access control management for a collection of heterogeneous application components. In a first embodiment, a data processing system for role-based access control management for multiple heterogeneous application components can include at least one business role descriptor associating a business role with multiple, different application roles for corresponding, disparate application components. The system also can include at least one access policy associating a user with the business role. Finally, the system can include policy deployment logic include program code enabled to process the access policy to assign the user to the different application roles in the disparate application components.
摘要翻译: 本发明的实施例解决了本领域在访问控制方面的缺陷,并提供了用于异构应用组件的集合的访问控制管理的方法,系统和计算机程序产品。 在第一实施例中,用于多个异构应用组件的用于基于角色的访问控制管理的数据处理系统可以包括将业务角色与用于相应的不同应用组件的多个不同应用角色相关联的至少一个业务角色描述符。 系统还可以包括将用户与业务角色相关联的至少一个访问策略。 最后,系统可以包括策略部署逻辑,包括能够处理访问策略的程序代码,以将用户分配给不同应用程序组件中的不同应用程序角色。
-
-
-
-
-
-
-
-
-
搜索结果
24 条记录 (耗时 0.028 秒)
