公开(公告)号：US07103784B1

公开(公告)日：2006-09-05

申请号：US09565083

申请日：2000-05-05

申请人： Mark R. Brown ,  Murli Satagopan ,  Dave Detlef Staube

发明人： Mark R. Brown ,  Murli Satagopan ,  Dave Detlef Staube

IPC分类号： G06F12/00

CPC分类号： H04L63/105 ,  G06F21/6218

摘要： An improved system and method for network management is presented which facilitates better administration with a more intuitive reflection of the organizational structure with integrated security concerns by introducing novel strategies for grouping users of a network. In particular, a new group, the Universal Group, is introduced to facilitate nested groups with members in more than one Domain. Members of a universal group may be allowed access to resources across Domain boundaries, where Domains reflect a security boundary in the Network. In addition, the nesting of groups, e.g., within Universal Groups, is enabled, subject to some restrictions, in order to reduce the overhead associated with discovering the groups to which a user belongs. Furthermore, allowing a group to include members without security clearance, but restricting the groups listed on an access token corresponding to a user to groups to which the user has security clearence/authorizarion allows flexible management of groups having similar memberships but different security attributes.

摘要翻译： 提出了一种用于网络管理的改进的系统和方法，其通过引入用于对网络的用户进行分组的新颖策略，通过更加直观地反映具有集成安全性关注的组织结构来促进更好的管理。 特别是，引入了一个新的团体，即Universal Group，以促进具有多个域中的成员的嵌套组。 可以允许通用组的成员访问跨域边界的资源，其中域反映网络中的安全边界。 此外，为了减少与发现用户所属的组相关联的开销，允许例如在通用组内的组的嵌套受到一些限制。 此外，允许组包括没有安全许可的成员，但是将与用户相对应的访问令牌上列出的组限制在用户具有安全性清除/授权的组中，允许对具有相似成员资格但具有不同安全属性的组进行灵活管理。