公开(公告)号：US06438549B1

公开(公告)日：2002-08-20

申请号：US09204920

申请日：1998-12-03

申请人： Barry Keith Aldred ,  Debora Jean Byrne ,  Shaw-Ben Shi ,  Ellen J. Stokes

发明人： Barry Keith Aldred ,  Debora Jean Byrne ,  Shaw-Ben Shi ,  Ellen J. Stokes

IPC分类号： G06F1730

CPC分类号： G06F17/30595 ,  Y10S707/954 ,  Y10S707/956 ,  Y10S707/99932 ,  Y10S707/99939 ,  Y10S707/99943

摘要： A method for securing sparse access control list (ACL) data in a relational database used as a backing store for a hierarchical-based directory service. The sparse ACL data is secured in a plurality of tables. An owner table stores data objects with explicitly set ACLs. A propagation table stores data on whether individual ACLs are inherited by descendant objects. A permissions table stores data regarding permissions which a user may perform on an object. A source table stores data for a set of ancestor objects having respective ACLs for each of a set of descendant objects. Preferably, the tables are stored in the relational database together with the objects. For a given object, data in the tables is used to determine the given object's entry owner and ACL. The inventive technique has particular applicability in a Lightweight Directory Access Protocol (LDAP) directory service having a relational database as a backing store.

摘要翻译： 一种用于将稀疏访问控制列表（ACL）数据保护在用作基于层次的目录服务的后备存储的关系数据库中的方法。 稀疏ACL数据被固定在多个表中。 所有者表以明确设置的ACL存储数据对象。 传播表存储有关个别ACL是否由后代对象继承的数据。 权限表存储关于用户可以对对象执行的权限的数据。 源表存储一组祖先对象的数据，其具有针对一组后代对象中的每一个的相应ACL。 优选地，这些表与对象一起存储在关系数据库中。 对于给定的对象，表中的数据用于确定给定对象的条目所有者和ACL。 本发明的技术在具有关系数据库作为后备存储的轻量级目录访问协议（LDAP）目录服务中具有特别的适用性。

公开(公告)号：US5278955A

公开(公告)日：1994-01-11

申请号：US539935

申请日：1990-06-18

申请人： Roger W. Forte ,  Ellen J. Stokes

发明人： Roger W. Forte ,  Ellen J. Stokes

IPC分类号： G06F13/00 ,  H04L12/58 ,  H04L29/06

CPC分类号： H04L51/066 ,  H04L51/28

摘要： A system and method is provided which allows users of an OSI mail handling system the advantage of communicating with users of other mail handling systems and utilizing the functionality associated with the OSI system. The functionality of a RFC-987 gateway is extended to provide, in addition to a straight conversion function, full OSI mail handling functions. A conventional mail handler is extended to allow for both OSI mail and conventional mail originating from a user of any mail system to be processed, thus providing a common interface for mail system users. Further, the sendmail component has now been enabled to recognize OSI addresses and route the associated messages to the appropriate destination. Mixed mode addressing has also been extended to include OSI type addresses in an address string that may contain components from several different networks, e.g. TCP/IP, UUCP.

摘要翻译： 提供了一种系统和方法，其允许OSI邮件处理系统的用户与其他邮件处理系统的用户通信并利用与OSI系统相关联的功能的优点。 扩展RFC-987网关的功能，除了直接转换功能外，还提供完整的OSI邮件处理功能。 常规邮件处理程序被扩展以允许来自任何邮件系统的用户的OSI邮件和常规邮件被处理，从而为邮件系统用户提供通用接口。 此外，sendmail组件现在已经被启用以识别OSI地址并将相关联的消息路由到适当的目的地。 混合模式寻址也被扩展到将OSI类型地址包括在可能包含来自几个不同网络的组件的地址串中。 TCP / IP，UUCP。

公开(公告)号：US4885789A

公开(公告)日：1989-12-05

申请号：US150966

申请日：1988-02-01

申请人： Wilhelm F. Burger ,  Mark E. Carson ,  Abhai Johri ,  Ellen J. Stokes

发明人： Wilhelm F. Burger ,  Mark E. Carson ,  Abhai Johri ,  Ellen J. Stokes

IPC分类号： G06F13/00 ,  G06F21/00 ,  G06F21/20 ,  H04L9/10

CPC分类号： G06F21/6218 ,  G06F2211/009

摘要： In the remote trusted path invention, secure systems may provide a mechanism for the user to establish a trusted path for direct communication with the system's trusted computing base for security-critical operations. This invention allows users to request such a trusted path from remote systems using a new TELNET option and command, in a system-independent, confirmed, backward-compatible manner. It also describes how to implement remote support for such a trusted path in systems which use a Secure Attention Key mechanism such as Secure AIX.