公开(公告)号：US07900248B2

公开(公告)日：2011-03-01

申请号：US11756393

申请日：2007-05-31

申请人： Carl Melvin Ellison ,  Paul J. Lach ,  Butler Wright Lampson ,  Melissa W. Dunn ,  Ravindra Nath Pandya ,  Charles William Kaufman

发明人： Carl Melvin Ellison ,  Paul J. Lach ,  Butler Wright Lampson ,  Melissa W. Dunn ,  Ravindra Nath Pandya ,  Charles William Kaufman

IPC分类号： G06F17/30

CPC分类号： G06F21/6218

摘要： The subject disclosure pertains to systems and methods that facilitate managing groups entities for access control. A negative group is defined using a base group, where the negative group associated with a base group includes any entities not included in the base group. Negative groups can be implemented using certificates rather than explicit lists of negative group members. A certificate can provide evidence of membership in the negative group and can be presented for evaluation to obtain access to resources. Subtraction groups can also be used to manage access to resources. A subtraction group can be defined as the members of a first group, excluding any members of a second group.

摘要翻译： 本发明涉及便于管理组实体以进行访问控制的系统和方法。 使用基组定义负组，其中与基组关联的负组包括未包括在基组中的任何实体。 负组可以使用证书而不是负组成员的显式列表来实现。 证书可以提供负组织成员的证据，并可以提供评估以获得资源。 减法组也可用于管理对资源的访问。 减法组可以定义为第一组的成员，不包括第二组的任何成员。