公开(公告)号：US06604198B1

公开(公告)日：2003-08-05

申请号：US10137911

申请日：2002-05-03

申请人： Brian C. Beckman ,  Anthony D. Andrews ,  Alexander A. Armanasu

发明人： Brian C. Beckman ,  Anthony D. Andrews ,  Alexander A. Armanasu

IPC分类号： G06F0124

CPC分类号： G06F21/629 ,  G06F2221/2101 ,  G06F2221/2141 ,  G06F2221/2145

摘要： An object-based security framework provides automatic caller chain building to track the identity of upstream callers. An application developer can define impersonation settings declaratively using a graphical interface. At runtime, logic outside the application objects handles the caller chain and impersonation, relieving the developer from having to incorporate impersonation logic into the application. A group of special identities are permitted to provide identities of others without themselves being recorded in the chain when the chain traverses a method invocation queue. The framework supports a copy style for the chain to support various caller scenarios. Additionally, a minimum authentication level can be enforced throughout the chain. The caller chain can be used in conjunction with roles, and objects may consult the chain programmatically to enforce a custom security scheme.

公开(公告)号：US06385724B1

公开(公告)日：2002-05-07

申请号：US09201276

申请日：1998-11-30

申请人： Brian C. Beckman ,  Anthony D. Andrews ,  Alexander A. Armanasu

发明人： Brian C. Beckman ,  Anthony D. Andrews ,  Alexander A. Armanasu

IPC分类号： G06F0124

CPC分类号： G06F21/629 ,  G06F2221/2101 ,  G06F2221/2141 ,  G06F2221/2145

摘要： An object-based security framework provides automatic caller chain building to track the identity of upstream callers. An application developer can define impersonation settings declaratively using a graphical interface. At runtime, logic outside the application objects handles the caller chain and impersonation, relieving the developer from having to incorporate impersonation logic into the application. A group of special identities are permitted to provide identities of others without themselves being recorded in the chain when the chain traverses a method invocation queue. The framework supports a copy style for the chain to support various caller scenarios. Additionally, a minimum authentication level can be enforced throughout the chain. The caller chain can be used in conjunction with roles, and objects may consult the chain programmatically to enforce a custom security scheme.

摘要翻译： 基于对象的安全框架提供自动呼叫者链建立，以跟踪上游呼叫者的身份。 应用程序开发人员可以使用图形界面以声明方式定义模拟设置。 在运行时，应用程序对象之外的逻辑处理调用者链和模拟，从而减轻开发人员将模拟逻辑并入到应用程序中。 允许一组特殊身份提供其他人的身份，而不会在链中遍历方法调用队列时将其标识在链中。 该框架支持链的副本样式，以支持各种调用方案。 此外，可以在整个链中实施最低认证级别。 调用者链可以与角色一起使用，对象可以以编程方式查询链，以实施自定义安全性方案。

公开(公告)号：US06487665B1

公开(公告)日：2002-11-26

申请号：US09201060

申请日：1998-11-30

申请人： Anthony D. Andrews ,  Satish R. Thatte ,  Richard D. Hill ,  Rebecca A. Norlander ,  Alexander A. Armanasu

发明人： Anthony D. Andrews ,  Satish R. Thatte ,  Richard D. Hill ,  Rebecca A. Norlander ,  Alexander A. Armanasu

IPC分类号： G06F1130

CPC分类号： H04L63/105 ,  G06F9/468 ,  G06F21/629 ,  H04L63/08

摘要： An object-based security framework provides for intra-process security boundaries. An application developer can define security settings declaratively at the object, interface, and method level using a graphical interface. When the application is deployed, the settings are placed into a central store and can be modified at a later time. At runtime, logic outside the application objects enforces the security boundaries, relieving the developer of having to incorporate security logic into the application. Changes to the security can be implemented by changing the settings without having to change the application objects. In addition to checking for identity, the security framework supports roles and enforces specified authentication levels. The integrity of an application's security scheme is retained when the application is combined with another application in the framework.

摘要翻译： 基于对象的安全框架提供了进程内安全边界。 应用程序开发人员可以使用图形界面以对象，接口和方法级别声明性地定义安全性设置。 当部署应用程序时，设置将放置在中央存储区中，并可在以后进行修改。 在运行时，应用程序对象之外的逻辑强制执行安全边界，减轻开发人员必须将安全逻辑并入到应用程序中。 可以通过更改设置来实现对安全性的更改，而无需更改应用程序对象。 除了检查身份之外，安全框架还支持角色并强制执行指定的身份验证级别。 当应用程序与框架中的另一个应用程序组合时，应用程序的安全性方案的完整性将被保留。

公开(公告)号：US06606711B2

公开(公告)日：2003-08-12

申请号：US10283567

申请日：2002-10-29

申请人： Anthony D. Andrews ,  Satish R. Thatte ,  Richard D. Hill ,  Rebecca A. Norlander ,  Alexander A. Armanasu

发明人： Anthony D. Andrews ,  Satish R. Thatte ,  Richard D. Hill ,  Rebecca A. Norlander ,  Alexander A. Armanasu

IPC分类号： G06F1230

CPC分类号： H04L63/105 ,  G06F9/468 ,  G06F21/629 ,  H04L63/08

摘要： An object-based security framework provides for intra-process security boundaries. An application developer can define security settings declaratively at the object, interface, and method level using a graphical interface. When the application is deployed, the settings are placed into a central store and can be modified at a later time. At runtime, logic outside the application objects enforces the security boundaries, relieving the developer of having to incorporate security logic into the application. Changes to the security can be implemented by changing the settings without having to change the application objects. In addition to checking for identity, the security framework supports roles and enforces specified authentication levels. The integrity of an application's security scheme is retained when the application is combined with another application in the framework.