-
公开(公告)号:US08595805B2
公开(公告)日:2013-11-26
申请号:US13417705
申请日:2012-03-12
CPC分类号: G06F21/6218
摘要: A method, system and computer-usable medium are disclosed for controlling access to attribute information. A request is received from an application for attribute information. An attribute release policy associated with the requesting application is used to filter attributes stored in a datastore. The filtered attributes are then provided to the requesting application.
摘要翻译: 公开了一种用于控制对属性信息的访问的方法,系统和计算机可用介质。 从应用程序接收到属性信息的请求。 与请求应用程序相关联的属性发布策略用于过滤存储在数据存储中的属性。 然后将过滤的属性提供给请求应用程序。
-
22.发明申请METHOD AND SYSTEM FOR DISTRIBUTED RETRIEVAL OF DATA OBJECTS USING TAGGED ARTIFACTS WITHIN FEDERATED PROTOCOL OPERATIONS 失效在联合协议中使用标签制作的数据对象分发检索方法和系统公开(公告)号:US20080010287A1
公开(公告)日:2008-01-10
申请号:US11456193
申请日:2006-07-08
IPC分类号: G06F17/30
CPC分类号: H04L61/30 , G06F17/30545 , G06F17/30566 , H04L29/12594 , H04L67/10
摘要: A method is presented for transferring data objects between federated entities within a federated computational environment using artifacts. A first federated entity receives artifacts from a second federated entity that generates data objects, such as assertions, for use at or by the first federated entity. An artifact references a data object that is locally stored by the second federated entity, which is implemented as a distributed system having multiple data processing systems, each of which can generate artifacts and associated data objects and can proxy retrieval requests to systems within the second federated entity. Each artifact includes a tag that indicates the data processing system within the second federated entity that generated the artifact. When the second federated entity receives a retrieval request with an artifact from the first federated entity, the appropriate data object is retrieved from within the distributed data processing system using the artifact and the tag.
摘要翻译: 提出了一种方法,用于在联合计算环境中的联合实体之间使用工件传输数据对象。 第一联合实体从生成数据对象(例如断言)的第二联合实体接收工件,以在第一联合实体处或由第一联合实体使用。 工件引用由第二联合实体本地存储的数据对象,其被实现为具有多个数据处理系统的分布式系统,每个数据处理系统可以生成工件和相关联的数据对象,并且可以将检索请求代理到第二联合实体 实体。 每个工件包括一个标签,该标签指示生成该工件的第二个联合实体内的数据处理系统。 当第二联合实体从第一联合实体接收到具有伪像的检索请求时,使用伪像和标签从分布式数据处理系统内检索适当的数据对象。
-
公开(公告)号:US09087120B2
公开(公告)日:2015-07-21
申请号:US13617461
申请日:2012-09-14
申请人: Timothy J. Hahn , Heather M. Hinton
发明人: Timothy J. Hahn , Heather M. Hinton
CPC分类号: G06F11/3065 , G06F8/70 , G06F11/302 , G06F11/3612 , G06F11/3692
摘要: Mechanisms for development tooling enablement of audit event generation are provided. The mechanisms automatically generate and insert compliance audit record generation code where appropriate in identified portions of program instructions based on established compliance policies and labels associated with keywords/library functions appearing in the source code. The mechanisms may analyze the program instructions to identify at least one portion of program instructions meeting a compliance policy requirement for generation of a compliance audit record. Compliance audit record generation code for generating the compliance audit record may be generated. The compliance audit record generation code may be inserted into the at least one portion of program instructions to generate modified program instructions. The modified program instructions may be output for execution on a computing device.
摘要翻译: 提供了开发工具启用审计事件生成的机制。 这些机制根据建立的符合性策略和与源代码中出现的关键字/库函数相关联的标签,自动生成并插入符合性审计记录生成代码。 这些机制可以分析程序指令以识别程序指令的至少一部分,其满足用于生成合规性审计记录的合规性策略要求。 可以生成用于生成合规审计记录的合规性审计记录生成代码。 合规性审核记录生成代码可被插入程序指令的至少一部分以产生修改的程序指令。 可以输出经修改的程序指令以在计算设备上执行。
-
24.发明授权Method and system for creating a protected object namespace from a WSDL resource description 有权从WSDL资源描述创建受保护对象命名空间的方法和系统公开(公告)号:US08464317B2
公开(公告)日:2013-06-11
申请号:US11123317
申请日:2005-05-06
IPC分类号: G06F7/04
CPC分类号: G06F21/6209 , G06F21/62 , G06F21/6218 , H04L63/101 , H04L63/20
摘要: A method and system is presented to parse a WSDL description and build a hierarchical protected object namespace for authorization of access to the resource, wherein the protected object namespace is based on the abstract part of a WSDL but can be used to assist in authorization decisions for multiple different concrete bindings of this WSDL, wherein the concrete binding/request is based on the WS-Addressing endpoint reference.
摘要翻译: 提出了一种方法和系统来解析WSDL描述并构建层次化受保护对象命名空间,以授权对资源进行访问,其中受保护对象命名空间基于WSDL的抽象部分,但可用于协助授权决策 该WSDL的多个不同的具体绑定,其中具体的绑定/请求基于WS-Addressing端点引用。
-
25.发明申请公开(公告)号:US20120011578A1
公开(公告)日:2012-01-12
申请号:US12832307
申请日:2010-07-08
申请人: Heather M. Hinton , Steven A. Bade , Jeb Linton , Peter Rodriguez
发明人: Heather M. Hinton , Steven A. Bade , Jeb Linton , Peter Rodriguez
CPC分类号: H04L63/0815 , H04L9/3228
摘要: A method to enable access to resources hosted in a compute cloud begins upon receiving a registration request to initiate a user's registration to use resources hosted in the compute cloud. During a registration process initiated by receipt of the registration request, a federated single sign-on (F-SSO) request is received. The F-SSO request includes an assertion (e.g., an HTTP-based SAML assertion) having authentication data (e.g., an SSH public key, a CIFS username, etc.) for use to enable direct user access to a resource hosted in the compute cloud. Upon validation of the assertion, the authentication data is deployed within the cloud to enable direct user access to the compute cloud resource using the authentication data. In this manner, the cloud provider provides authentication, single sign-on and lifecycle management for the user, despite the “air gap” between the HTTP protocol used for F-SSO and the non-HTTP protocol used for the user's direct access to the cloud resource.
摘要翻译: 能够访问计算云中托管的资源的方法从接收到注册请求开始,以启动用户的注册以使用计算云中托管的资源。 在通过接收注册请求发起的注册过程中,接收到联合单点登录(F-SSO)请求。 F-SSO请求包括具有认证数据(例如,SSH公钥,CIFS用户名等)的断言(例如,基于HTTP的SAML断言),用于使直接用户能够访问计算机中托管的资源 云。 在确认断言之后,将认证数据部署在云中,以使用身份验证数据可以直接访问计算云资源。 以这种方式,云提供商为用户提供身份验证,单点登录和生命周期管理,尽管用于F-SSO的HTTP协议与用于用户直接访问的非HTTP协议之间存在“空白” 云资源。
-
公开(公告)号:US08370796B2
公开(公告)日:2013-02-05
申请号:US12198606
申请日:2008-08-26
申请人: Timothy J. Hahn , Heather M. Hinton
发明人: Timothy J. Hahn , Heather M. Hinton
IPC分类号: G06F9/44
CPC分类号: G06F11/3065 , G06F8/70 , G06F11/302 , G06F11/3612 , G06F11/3692
摘要: Mechanisms for development tooling enablement of audit event generation are provided. The mechanisms automatically generate and insert compliance audit record generation code where appropriate in identified portions of program instructions based on established compliance policies and labels associated with keywords/library functions appearing in the source code. The mechanisms may analyze the program instructions to identify at least one portion of program instructions meeting a compliance policy requirement for generation of a compliance audit record. Compliance audit record generation code for generating the compliance audit record may be generated. The compliance audit record generation code may be inserted into the at least one portion of program instructions to generate modified program instructions. The modified program instructions may be output for execution on a computing device.
-
公开(公告)号:US20130019226A1
公开(公告)日:2013-01-17
申请号:US13617461
申请日:2012-09-14
申请人: Timothy J. Hahn , Heather M. Hinton
发明人: Timothy J. Hahn , Heather M. Hinton
IPC分类号: G06F9/44
CPC分类号: G06F11/3065 , G06F8/70 , G06F11/302 , G06F11/3612 , G06F11/3692
摘要: Mechanisms for development tooling enablement of audit event generation are provided. The mechanisms automatically generate and insert compliance audit record generation code where appropriate in identified portions of program instructions based on established compliance policies and labels associated with keywords/library functions appearing in the source code. The mechanisms may analyze the program instructions to identify at least one portion of program instructions meeting a compliance policy requirement for generation of a compliance audit record. Compliance audit record generation code for generating the compliance audit record may be generated. The compliance audit record generation code may be inserted into the at least one portion of program instructions to generate modified program instructions. The modified program instructions may be output for execution on a computing device.
摘要翻译: 提供了开发工具启用审计事件生成的机制。 这些机制根据建立的符合性策略和与源代码中出现的关键字/库函数相关联的标签,自动生成并插入符合性审计记录生成代码。 这些机制可以分析程序指令以识别程序指令的至少一部分,其满足用于生成合规性审计记录的合规性策略要求。 可以生成用于生成合规审计记录的合规性审计记录生成代码。 合规性审核记录生成代码可被插入程序指令的至少一部分以产生修改的程序指令。 可以输出经修改的程序指令以在计算设备上执行。
-
公开(公告)号:US20120179646A1
公开(公告)日:2012-07-12
申请号:US13004945
申请日:2011-01-12
IPC分类号: G06F17/30 , G06F15/173 , G06F7/00
CPC分类号: G06F17/30557
摘要: A cloud enablement aggregation proxy (CEAP) receives and processes audit data from audited resources before such data is stored in a database. The CEAP manages log data for resources hosted in a multi-tenant shared pool of configurable computing resources (e.g., a compute cloud). A method for managing log data begins by the proxy aggregating and normalizing log information received from a plurality of the resources. The aggregated and normalized log information is then parsed to identify a tenant associated with each of a set of transactions. For each of the set of transactions, the CEAP annotates log data associated with the tenant and the particular transaction to include a tenant-specific identifier. An optional tenant separation proxy (TSP) separates the annotated log data on a per tenant basis prior to storage, and the tenant-specific log data may be stored in per tenant data structures or dedicated tenant log event databases to facilitate subsequent compliance or other analysis.
摘要翻译: 云启用聚合代理(CEAP)在将数据存储在数据库中之前接收并处理来自经审计资源的审计数据。 CEAP管理托管在可配置计算资源(例如,计算云)的多租户共享池中的资源的日志数据。 用于管理日志数据的方法开始于代理聚合并规范从多个资源接收的日志信息。 然后对聚合和归一化的日志信息进行解析,以识别与一组事务中的每一个相关联的租户。 对于交易集合中的每一个,CEAP注释与租户和特定交易相关联的日志数据,以包括租户特定的标识符。 可选的租户分离代理(TSP)在存储之前按照每个租户分离注释的日志数据,并且租户特定的日志数据可以存储在每租户数据结构或专用承租人日志事件数据库中以促进随后的遵从或其他分析 。
-
29.发明授权公开(公告)号:US08151317B2
公开(公告)日:2012-04-03
申请号:US11456118
申请日:2006-07-07
CPC分类号: H04L63/0815 , G06F21/41 , G06Q99/00 , H04L63/20
摘要: A method, a system, an apparatus, and a computer program product is presented for performing federation protocol operations within a data processing system. A message is received. In response to a determination that subsequent processing of the message requires execution of a first federation protocol operation, the message is filtered against a set of policies to determine a subset of one or more applicable policies. An applicable policy is enforced by performing a second federation protocol operation as indicated by the applicable policy prior to performing the first federation protocol operation. In response to concluding enforcement of the applicable policy, the first federation protocol operation is initiated.
摘要翻译: 提出了一种在数据处理系统内执行联合协议操作的方法,系统,装置和计算机程序产品。 收到一条消息。 响应于确定消息的后续处理需要执行第一联合协议操作,根据一组策略来过滤消息以确定一个或多个适用策略的子集。 在执行第一联合协议操作之前,通过执行由适用策略指示的第二联合协议操作来执行适用的策略。 针对适用政策的总结执行情况,启动了第一个联合协议操作。
-
公开(公告)号:US08006289B2
公开(公告)日:2011-08-23
申请号:US11305646
申请日:2005-12-16
IPC分类号: G06F21/00
CPC分类号: H04L63/08 , H04L63/0815
摘要: A method is presented for managing authentication credentials for a user. A session management server performs session management with respect to the user for a domain that includes a protected resource. The session management server receives a request to access the protected resource, which requires authentication credentials that have been generated for a first type of authentication context. In response to determining that authentication credentials for the user have been generated for a second type of authentication context, the session management server sends to an authentication proxy server a first message that contains the authentication credentials for the user and an indicator for the first type of authentication context. The session management server subsequently receives a second message that contains updated authentication credentials for the user that indicate that the updated authentication credentials have been generated for the first type of authentication context.
摘要翻译: 呈现用于管理用户的认证凭证的方法。 会话管理服务器针对包含受保护资源的域对用户执行会话管理。 会话管理服务器接收访问受保护资源的请求,该请求需要为第一类型的认证上下文生成的认证凭证。 为了响应于确定用于第二类型的认证上下文的用户的认证凭证,会话管理服务器向认证代理服务器发送包含用户的认证凭证的第一消息和用于第一类型的认证凭证的指示符 认证上下文。 会话管理服务器随后接收第二消息,该第二消息包含用于指示为第一类型的认证上下文生成了更新的认证凭证的用户的更新认证证书。
-
-
-
-
-
-
-
-
-
搜索结果
39 条记录 (耗时 0.029 秒)
