-
1.发明申请System and method for managing user session meta-data in a reverse proxy 审中-公开用于在逆向代理中管理用户会话元数据的系统和方法公开(公告)号:US20060026286A1
公开(公告)日:2006-02-02
申请号:US10885300
申请日:2004-07-06
申请人: Ming Lei , Ajay Desai , Fredric Goell , Lawrence Jacobs
发明人: Ming Lei , Ajay Desai , Fredric Goell , Lawrence Jacobs
IPC分类号: G06F15/16
CPC分类号: G06F12/0875 , G06F12/0813 , G06F21/6218 , G06F2221/2141 , H04L63/101 , H04L63/20 , H04L67/14 , H04L67/142 , H04L67/145 , H04L67/28 , H04L67/2819 , H04L67/2842
摘要: A system and method for detecting and managing user session meta-data at a reverse proxy server. The reverse proxy server is logically located between one or more origin servers and any number of users. The reverse proxy server detects the establishment and tearing down of a user session, and any expiration associated with the user session. The reverse proxy server identifies the creation of a session from the pattern and/or content of communications between a user and an origin server, and associates the user (e.g., by username or user ID) with the session (e.g., session ID or cookie). A user session table may be populated with an entry for each observed session. Tear down of a session may be detected by identifying an explicit user logout or a session termination by the origin server.
摘要翻译: 一种用于在逆向代理服务器处检测和管理用户会话元数据的系统和方法。 反向代理服务器逻辑上位于一个或多个源服务器和任意数量的用户之间。 反向代理服务器检测用户会话的建立和拆除以及与用户会话相关联的任何到期。 反向代理服务器根据用户和原始服务器之间的通信模式和/或内容来识别会话的创建,并将用户(例如,通过用户名或用户ID)与会话相关联(例如,会话ID或cookie )。 用户会话表可以填充每个观察到的会话的条目。 可以通过识别源服务器的显式用户注销或会话终止来检测会话的撕裂。
-
公开(公告)号:US20060010442A1
公开(公告)日:2006-01-12
申请号:US10885338
申请日:2004-07-06
申请人: Ajay Desai , Ming Lei , Fredric Goell , Lawrence Jacobs
发明人: Ajay Desai , Ming Lei , Fredric Goell , Lawrence Jacobs
IPC分类号: G06F9/46
CPC分类号: H04L63/10 , H04L63/08 , H04L63/101
摘要: A system and method for managing security meta-data in a reverse proxy server. The reverse proxy caches data served by an origin server, and also stores security meta-data for authenticating a user and/or authorizing access to cached data. The security meta-data may include an ACL (Access Control List), access control token or descriptor, other access control information, user credentials, user privileges or roles, group membership, user aliases, etc. The reverse proxy may automatically receive access control information from the origin server when a request for data is forwarded to the origin server, or may explicitly request the information from the origin server or a security server. The reverse proxy receives and applies invalidation messages to invalidate stored security meta-data. Also, the reverse proxy acts in a stateful manner, with knowledge of the correlation between a given user and that user's session with the origin server.
-
3.发明授权公开(公告)号:US07600230B2
公开(公告)日:2009-10-06
申请号:US10885338
申请日:2004-07-06
申请人: Ajay Desai , Ming Lei , Fredric Goell , Lawrence Jacobs
发明人: Ajay Desai , Ming Lei , Fredric Goell , Lawrence Jacobs
CPC分类号: H04L63/10 , H04L63/08 , H04L63/101
摘要: A system and method for managing security meta-data in a reverse proxy server. The reverse proxy caches data served by an origin server, and also stores security meta-data for authenticating a user and/or authorizing access to cached data. The security meta-data may include an ACL (Access Control List), access control token or descriptor, other access control information, user credentials, user privileges or roles, group membership, user aliases, etc. The reverse proxy may automatically receive access control information from the origin server when a request for data is forwarded to the origin server, or may explicitly request the information from the origin server or a security server. The reverse proxy receives and applies invalidation messages to invalidate stored security meta-data. Also, the reverse proxy acts in a stateful manner, with knowledge of the correlation between a given user and that user's session with the origin server.
摘要翻译: 用于在逆向代理服务器中管理安全元数据的系统和方法。 反向代理缓存由原始服务器服务的数据,并且还存储用于认证用户的安全元数据和/或授权访问缓存的数据。 安全元数据可以包括ACL(访问控制列表),访问控制令牌或描述符,其他访问控制信息,用户凭证,用户特权或角色,组成员资格,用户别名等。反向代理可以自动接收访问控制 当请求数据被转发到原始服务器时,来自原始服务器的信息,或者可以从源服务器或安全服务器显式地请求信息。 反向代理接收并应用无效消息以使存储的安全元数据无效。 此外,反向代理以有状态的方式运行,知道给定用户与该用户与源服务器的会话之间的相关性。
-
公开(公告)号:US20090158047A1
公开(公告)日:2009-06-18
申请号:US12276182
申请日:2008-11-21
申请人: Thomas Baby , Asha Tarachandani , Naveen Zalpuri , Sam Idicula , Nipun Agarwal , Shu Ling , Ravi Murthy , Fredric Scott Goell , Eric Sedlar , Ming Lei , Ajay Desai , Lawrence Jacobs
发明人: Thomas Baby , Asha Tarachandani , Naveen Zalpuri , Sam Idicula , Nipun Agarwal , Shu Ling , Ravi Murthy , Fredric Scott Goell , Eric Sedlar , Ming Lei , Ajay Desai , Lawrence Jacobs
IPC分类号: H04L9/00
CPC分类号: H04L63/101 , G06F12/0813 , G06F12/0875 , G06F21/6218 , G06F2221/2141 , H04L63/20 , H04L67/14 , H04L67/142 , H04L67/145 , H04L67/28 , H04L67/2819 , H04L67/2842
摘要: In a multi-tier data server system, data from the first tier is cached in a mid-tier cache of the middle tier. Access control information from the first tier for the data is also cached within the mid-tier cache. Caching the security information in the middle tier allows the middle tier to make access control decisions regarding requests for data made by clients in the outer tier.
摘要翻译: 在多层数据服务器系统中,来自第一层的数据被缓存在中间层的中间层缓存中。 来自数据的第一层的访问控制信息也缓存在中间层缓存中。 缓存中间层的安全信息允许中间层对外层客户端的数据请求进行访问控制决策。
-
5.发明申请Web object access authorization protocol based on an HTTP validation model 有权基于HTTP验证模型的Web对象访问授权协议公开(公告)号:US20050246383A1
公开(公告)日:2005-11-03
申请号:US10836917
申请日:2004-04-30
申请人: Ajay Desai , Ming Lei , Ric Goell , Lawrence Jacobs
发明人: Ajay Desai , Ming Lei , Ric Goell , Lawrence Jacobs
CPC分类号: H04L63/101 , H04L67/02 , H04L67/2842 , H04L69/329
摘要: One embodiment of the present invention provides a system that facilitates serving data from a cache server. The system operates upon receiving a request for the data at the cache server. The system first determines if the request requires access control, and also if the data is available in the cache. If the request requires access control and if the data is available in the cache, the system sends an authorization request to an origin server. Upon receiving a response from the origin server, the system determines if the response is an authorization. If so, the system sends the data to the requester.
摘要翻译: 本发明的一个实施例提供一种便于从缓存服务器提供数据的系统。 该系统在接收到缓存服务器上的数据请求时进行操作。 系统首先确定请求是否需要访问控制,以及数据是否在缓存中可用。 如果请求需要访问控制,并且如果数据在缓存中可用,则系统向原始服务器发送授权请求。 在收到源服务器的响应后,系统确定响应是否为授权。 如果是这样,系统会将数据发送给请求者。
-
公开(公告)号:US07143244B2
公开(公告)日:2006-11-28
申请号:US10727308
申请日:2003-12-02
申请人: Shu Ling , Xiang Liu , Fredric Goell , Lawrence Jacobs
发明人: Shu Ling , Xiang Liu , Fredric Goell , Lawrence Jacobs
IPC分类号: G06F12/00
CPC分类号: G06F12/0808
摘要: A system and method for communicating a side effect of one data request, or other event, as part of a response to another data request or event. The side effect may include notification of the invalidation of cached data, from an upstream cache to a downstream cache. The upstream cache may store invalidation notifications as they are generated or received, and as responses to data requests are sent downstream, piggyback or merge one or more notifications with a response. This scheme avoids the need to open separate communication connections using specified invalidation accounts and passwords.
摘要翻译: 用于传达一个数据请求或其他事件的副作用的系统和方法,作为对另一个数据请求或事件的响应的一部分。 副作用可能包括从上游缓存到下游缓存的缓存数据无效通知。 上游缓存可以在生成或接收时存储无效通知,并且作为对数据请求的响应被发送到下游,捎带或将一个或多个通知与响应合并。 该方案避免了使用指定的无效帐户和密码打开单独的通信连接。
-
公开(公告)号:US20050120181A1
公开(公告)日:2005-06-02
申请号:US10726112
申请日:2003-12-02
申请人: Senthilnathan Arunagirinathan , Zheng Zeng , Yuhui Zhu , Shu Ling , Fredric Goell , Xiang Liu , Lawrence Jacobs
发明人: Senthilnathan Arunagirinathan , Zheng Zeng , Yuhui Zhu , Shu Ling , Fredric Goell , Xiang Liu , Lawrence Jacobs
CPC分类号: G06F17/30595 , G06F17/3048 , G06F17/30902 , Y10S707/99953 , Y10S707/99954
摘要: A system and method for facilitating the invalidation of cached data, in which the data to be invalidated are identified using information other than a primary key. The primary key for a cached data object, such as a web page, may be a Uniform Resource Locator (URL). Instead of using an object's URL to identify to a cache the data to be invalidated, a secondary key is used, such as the object's data source or a template from which the object was created. An application communicates the secondary key to a cache, and the cache identifies cached objects that match the secondary key. Those data objects are then invalidated without having to issue multiple invalidation messages from the application.
摘要翻译: 一种用于促进缓存数据无效化的系统和方法,其中使用除主键之外的信息来识别要被无效的数据。 缓存数据对象(如网页)的主键可能是统一资源定位符(URL)。 不要使用对象的URL来标识要缓存的数据,否则将使用辅助键,例如对象的数据源或创建对象的模板。 应用程序将辅助密钥传送到缓存,缓存标识与辅助密钥匹配的缓存对象。 然后,这些数据对象无效,而不必从应用程序发出多个无效消息。
-
公开(公告)号:US20050055508A1
公开(公告)日:2005-03-10
申请号:US10727308
申请日:2003-12-02
申请人: Shu Ling , Xiang Liu , Fredric Goell , Lawrence Jacobs
发明人: Shu Ling , Xiang Liu , Fredric Goell , Lawrence Jacobs
CPC分类号: G06F12/0808
摘要: A system and method for communicating a side effect of one data request, or other event, as part of a response to another data request or event. The side effect may include notification of the invalidation of cached data, from an upstream cache to a downstream cache. The upstream cache may store invalidation notifications as they are generated or received, and as responses to data requests are sent downstream, piggyback or merge one or more notifications with a response. This scheme avoids the need to open separate communication connections using specified invalidation accounts and passwords.
摘要翻译: 用于传达一个数据请求或其他事件的副作用的系统和方法,作为对另一个数据请求或事件的响应的一部分。 副作用可能包括从上游缓存到下游缓存的缓存数据无效通知。 上游缓存可以在生成或接收时存储无效通知,并且作为对数据请求的响应被发送到下游,捎带或将一个或多个通知与响应合并。 该方案避免了使用指定的无效帐户和密码打开单独的通信连接。
-
公开(公告)号:US07089363B2
公开(公告)日:2006-08-08
申请号:US10727309
申请日:2003-12-02
申请人: Shu Ling , Xiang Liu , Fredric Goell , Lawrence Jacobs , Tie Zhong , Xiaoli Qi
发明人: Shu Ling , Xiang Liu , Fredric Goell , Lawrence Jacobs , Tie Zhong , Xiaoli Qi
IPC分类号: G06F12/00
CPC分类号: G06F12/0808
摘要: A system and method for communicating a side effect of a data request, from a data server and through one or more caches, inline with a response to the request. Instead of sending a separate notification of the side effect (e.g., instructions to invalidate data cached in one or more caches), the notification is included in the response. As the response traverses caches on its way to the requestor, each cache applies the side effect with the proper timing. Thus, data invalidation may be performed prior to caching data included in the request and/or forwarding the response toward the requester. A final cache configured to serve the response to the requestor may remove the side effect notification before serving the response.
摘要翻译: 一种用于从数据服务器和通过一个或多个高速缓存传送数据请求的副作用的系统和方法,其与请求的响应一致。 不是发送单独的副作用的通知(例如,使在一个或多个高速缓存中缓存的数据无效的指令),所以通知被包括在响应中。 当响应在到达请求者的路径上遍历缓存时,每个高速缓存应用正确的时序的副作用。 因此,可以在缓存包含在请求中的数据之前执行数据无效,和/或将请求转发给请求者。 配置为向请求者提供响应的最终缓存可以在服务响应之前去除副作用通知。
-
公开(公告)号:US07076608B2
公开(公告)日:2006-07-11
申请号:US10726112
申请日:2003-12-02
申请人: Senthilnathan Arunagirinathan , Zheng Zeng , Yuhui Zhu , Shu Ling , Fredric Goell , Xiang Liu , Lawrence Jacobs
发明人: Senthilnathan Arunagirinathan , Zheng Zeng , Yuhui Zhu , Shu Ling , Fredric Goell , Xiang Liu , Lawrence Jacobs
IPC分类号: G06F12/00
CPC分类号: G06F17/30595 , G06F17/3048 , G06F17/30902 , Y10S707/99953 , Y10S707/99954
摘要: A system and method for facilitating the invalidation of cached data, in which the data to be invalidated are identified using information other than a primary key. The primary key for a cached data object, such as a web page, may be a Uniform Resource Locator (URL). Instead of using an object's URL to identify to a cache the data to be invalidated, a secondary key is used, such as the object's data source or a template from which the object was created. An application communicates the secondary key to a cache, and the cache identifies cached objects that match the secondary key. Those data objects are then invalidated without having to issue multiple invalidation messages from the application.
摘要翻译: 一种用于促进缓存数据无效化的系统和方法,其中使用除主键之外的信息来识别要被无效的数据。 缓存数据对象(如网页)的主键可能是统一资源定位符(URL)。 不要使用对象的URL来标识要缓存的数据,否则将使用辅助键,例如对象的数据源或创建对象的模板。 应用程序将辅助密钥传送到缓存,缓存标识与辅助密钥匹配的缓存对象。 然后,这些数据对象无效,而不必从应用程序发出多个无效消息。
-
-
-
-
-
-
-
-
-
搜索结果
39 条记录 (耗时 0.023 秒)
