公开(公告)号：US08352999B1

公开(公告)日：2013-01-08

申请号：US11490676

申请日：2006-07-21

申请人： Kaijun Zhan ,  James Harper

发明人： Kaijun Zhan ,  James Harper

IPC分类号： H04L29/06

CPC分类号： H04L63/083 ,  H04L63/104

摘要： A method of storing secret data in a shared computing environment includes defining secret data, such as a password and administration policies according to a schema of a directory server such as a LDAP server. The secret data and administration polices are centrally stored on the LDAP server. The secret data can be encrypted. Administration polices include authorization and authentication policies, and a security zone can be defined for a collection of entities with a common security characteristic, such as a common password. A security zone defines a group of users and the secret data that can be accessed by the group of users. Multiple security zones can be defined. The secret data can be accessed directly from the server of the directory service without accessing another server or data store assuming the administration policies are satisfied.

摘要翻译： 在共享计算环境中存储秘密数据的方法包括根据诸如LDAP服务器的目录服务器的模式定义秘密数据，例如密码和管理策略。 秘密数据和管理策略集中存储在LDAP服务器上。 秘密数据可以加密。 管理政策包括授权和认证策略，并且可以为具有公共安全特性的实体集合定义安全区域，例如通用密码。 安全区域定义一组用户和可由该组用户访问的秘密数据。 可以定义多个安全区域。 秘密数据可以直接从目录服务的服务器访问，而不需要访问另一个服务器或数据存储，假设管理策略得到满足。