-
公开(公告)号:US08607067B1
公开(公告)日:2013-12-10
申请号:US13038277
申请日:2011-03-01
申请人: Cornelle Christiaan Pretorius Janse van Rensburg , Marc J. Brooker , David Brown , Abhinav Agrawal , Matthew S. Garman , Kevin Ross O'Neill , Eric Jason Brandwine , Christopher Richard Jacques de Kadt , Mark Joseph Cavage
发明人: Cornelle Christiaan Pretorius Janse van Rensburg , Marc J. Brooker , David Brown , Abhinav Agrawal , Matthew S. Garman , Kevin Ross O'Neill , Eric Jason Brandwine , Christopher Richard Jacques de Kadt , Mark Joseph Cavage
IPC分类号: H04L29/06
CPC分类号: G06F21/45 , H04L63/0823 , H04L63/20 , H04L67/1002
摘要: Systems and methods for attesting to information about a computing resource involve electronically signed documents. For a computing resource, a document containing information about the resource is generated and electronically signed. The document may be provided to one or more entities as an attestation to at least some of the information contained in the document. Attestation to information in the document may be a prerequisite for performance of one or more actions that may be taken in connection with the computing resource.
摘要翻译: 用于证明有关计算资源的信息的系统和方法涉及电子签名的文档。 对于计算资源,生成包含资源信息的文档并进行电子签名。 文档可以被提供给一个或多个实体,作为对文档中包含的至少一些信息的证明。 证明文档中的信息可能是执行可能与计算资源相关联的一个或多个动作的前提。
-
公开(公告)号:US08683560B1
公开(公告)日:2014-03-25
申请号:US12981231
申请日:2010-12-29
申请人: Marc J. Brooker , Mark Joseph Cavage , David Brown , Kevin Ross O'Neill , Eric Jason Brandwine , Christopher Richard Jacques de Kadt
发明人: Marc J. Brooker , Mark Joseph Cavage , David Brown , Kevin Ross O'Neill , Eric Jason Brandwine , Christopher Richard Jacques de Kadt
CPC分类号: H04L63/08 , G06F21/44 , H04L9/3247 , H04L63/10 , H04L63/20
摘要: Systems and methods for managing credentials distribute the credentials to subsets of a set of collectively managed computing resources. The collectively managed computing resources may include one or more virtual machine instances. The credentials distributed to the computing resources may be used by the computing resources to perform one or more actions. Actions may include performing one or more functions in connection with configuration, management, and/or operation of the one or more resources, and/or access of other computing resources. The ability to use credentials may be changed based at least in part on the occurrence of one or more events.
摘要翻译: 用于管理凭据的系统和方法将凭证分发到一组共同管理的计算资源的子集。 共同管理的计算资源可以包括一个或多个虚拟机实例。 分配给计算资源的证书可以被计算资源用于执行一个或多个动作。 操作可以包括执行与一个或多个资源的配置,管理和/或操作有关的一个或多个功能,和/或其他计算资源的访问。 至少部分地基于一个或多个事件的发生来改变使用凭证的能力。
-
公开(公告)号:US08904511B1
公开(公告)日:2014-12-02
申请号:US12861692
申请日:2010-08-23
申请人: Kevin Ross O'Neill , Mark Joseph Cavage , Nathan R. Fitch , Anders Samuelsson , Brian Irl Pratt , Yunong Jeff Xiao , Bradley Jeffery Behm , James E. Scharf, Jr.
发明人: Kevin Ross O'Neill , Mark Joseph Cavage , Nathan R. Fitch , Anders Samuelsson , Brian Irl Pratt , Yunong Jeff Xiao , Bradley Jeffery Behm , James E. Scharf, Jr.
CPC分类号: H04L63/0263 , H04L29/08081 , H04L41/28 , H04L63/08 , H04L63/102 , H04L63/20
摘要: Virtual firewalls may be established that enforce sets of policies with respect to computing resources maintained by multi-tenant distributed services. Particular subsets of computing resources may be associated with particular tenants of a multi-tenant distributed service. A tenant may establish a firewalling policy set enforced by a virtual firewall for an associated subset of computing resources without affecting other tenants of the multi-tenant distributed service. Virtual firewalls enforcing multiple firewalling policy sets may be maintained by a common firewalling component of the multi-tenant distributed service. Firewalling policy sets may be distributed at multiple locations throughout the multi-tenant distributed service. For a request targeting a particular computing resource, the common firewalling component may identify the associated virtual firewall, and submit the request to the virtual firewall for evaluation in accordance with the corresponding firewalling policy set.
摘要翻译: 可以建立虚拟防火墙,执行关于由多租户分布式服务维护的计算资源的策略集。 计算资源的特定子集可以与多租户分布式服务的特定租户相关联。 租户可以建立由虚拟防火墙为相关联的计算资源子集强制执行的防火墙策略集,而不会影响多租户分布式服务的其他租户。 实施多个防火墙策略集的虚拟防火墙可以由多租户分布式服务的通用防火墙组件维护。 防火墙策略集可以分布在多租户分布式服务的多个位置。 对于针对特定计算资源的请求,常用防火墙组件可以标识相关联的虚拟防火墙,并根据相应的防火墙策略集将请求提交给虚拟防火墙进行评估。
-
4.发明授权公开(公告)号:US08429757B1
公开(公告)日:2013-04-23
申请号:US13277070
申请日:2011-10-19
申请人: Mark Joseph Cavage , John Cormie , Nathan R. Fitch , Don Johnson , Peter Sirota
发明人: Mark Joseph Cavage , John Cormie , Nathan R. Fitch , Don Johnson , Peter Sirota
IPC分类号: H04L29/06
CPC分类号: H04L63/10 , G06F21/604 , G06F21/6218 , G06F2221/2141 , H04L63/0227 , H04L63/102 , H04L63/20
摘要: Techniques are described for managing access to computing-related resources that, for example, may enable multiple distinct parties to independently control access to the resources (e.g., such that a request to access a resource succeeds only if all of multiple associated parties approve that access). For example, an executing software application may, on behalf of an end user, make use of computing-related resources of one or more types that are provided by one or more remote third-party network services (e.g., data storage services provided by an online storage service) —in such a situation, both the developer user who created the software application and the end user may be allowed to independently specify access rights for one or more particular such computing-related resources (e.g., stored data files), such that neither the end user nor the software application developer user may later access those resources without the approval of the other party.
摘要翻译: 描述了用于管理对计算相关资源的访问的技术,例如,可以使多个不同方独立地控制对资源的访问(例如,使得只有当所有多个关联方批准该访问时,访问资源的请求才能成功 )。 例如,执行的软件应用程序可以代表最终用户利用由一个或多个远程第三方网络服务提供的一种或多种类型的计算相关资源(例如,由 在这种情况下,可以允许创建软件应用程序的开发者用户和终端用户独立地指定一个或多个特定的这样的计算相关资源(例如,存储的数据文件)的访问权限,例如, 最终用户和软件应用程序开发者用户以后都不可以在未经对方批准的情况下访问这些资源。
-
5.发明申请Real-time Attribute Processor and Syntax Schema for Directory Access Protocol Services 失效用于目录访问协议服务的实时属性处理器和语法模式公开(公告)号:US20110029683A1
公开(公告)日:2011-02-03
申请号:US12898917
申请日:2010-10-06
IPC分类号: G06F15/16
CPC分类号: H04L61/1552 , G06F17/30589 , H04L29/12084 , H04L29/12132 , H04L61/1523
摘要: A processor which cooperates with directory servers to handle requests for values of dynamic attributes which would otherwise present a real-time processing challenge to the directory server due to the server's dependence on the data normally being static in nature. Special schema syntax identifiers are used to identify dynamic attributes which then are not stored directly in the directory, but whose values are resolved at the time a read request is made for those attributes. This approach eliminates the need to store the dynamic information in the directory, and allows user-supplied modules to perform the resolution of the dynamic attributes in a real-time manner, including not only retrieving a value from a dynamic data source, but optionally performing calculations or manipulations on the data as well. One embodiment of the invention cooperates with Lightweight Directory Access Protocol (“LDAP”) directory servers.
摘要翻译: 与目录服务器协作以处理对动态属性的值的请求的处理器,否则由于服务器对数据的依赖通常是静态的,否则将向目录服务器呈现实时处理挑战。 特殊模式语法标识符用于标识动态属性,然后不直接存储在目录中,但是在为这些属性进行读取请求时解析其值。 该方法消除了将动态信息存储在目录中的需要,并且允许用户提供的模块以实时方式来执行动态属性的解析,包括不仅从动态数据源检索值,而且还可以执行 也可以对数据进行计算或操作。 本发明的一个实施例与轻量级目录访问协议(“LDAP”)目录服务器协作。
-
公开(公告)号:US07373348B2
公开(公告)日:2008-05-13
申请号:US11106396
申请日:2005-04-14
IPC分类号: G06F17/30
CPC分类号: G06F17/30067 , Y10S707/99943 , Y10S707/99953
摘要: Each LDIF entry of a directory tree is read, split to a domain of LDIF fragments (corresponding to backend servers) and written to each LDIF fragment. The split may be accomplished through a hash function, establishing, for that iteration of LDIF entry, a write file. The LDIF entry is appended to the write file. A subsequent LDIF entry is read. A corresponding LDIF fragment is determined, which need not be different from the LDIF fragment to which the first LDIF entry was written. The current LDIF entry is written to the currently selected write file. The process continues until all LDIF entries are exhausted from the directory tree. LDIF fragments are each copied to distinct backend servers, where, each LDIF fragment may be loaded into a distributed directory data structure.
摘要翻译: 读取目录树的每个LDIF条目,分割为LDIF片段的域(对应于后端服务器)并写入每个LDIF片段。 可以通过散列函数完成拆分,为LDIF条目的迭代建立写入文件。 LDIF条目附加到写入文件。 读取随后的LDIF条目。 确定对应的LDIF片段,其不需要与写入第一LDIF条目的LDIF片段不同。 当前的LDIF条目写入当前选择的写入文件。 该过程继续,直到所有LDIF条目从目录树中用尽。 LDIF片段都被复制到不同的后端服务器,其中每个LDIF片段可以被加载到分布式目录数据结构中。
-
7.发明授权公开(公告)号:US08051491B1
公开(公告)日:2011-11-01
申请号:US11966692
申请日:2007-12-28
申请人: Mark Joseph Cavage , John Cormie , Nathan R. Fitch , Don Johnson , Peter Sirota
发明人: Mark Joseph Cavage , John Cormie , Nathan R. Fitch , Don Johnson , Peter Sirota
CPC分类号: H04L63/10 , G06F21/604 , G06F21/6218 , G06F2221/2141 , H04L63/0227 , H04L63/102 , H04L63/20
摘要: Techniques are described for managing access to computing-related resources that, for example, may enable multiple distinct parties to independently control access to the resources (e.g., such that a request to access a resource succeeds only if all of multiple associated parties approve that access). For example, an executing software application may, on behalf of an end user, make use of computing-related resources of one or more types that are provided by one or more remote third-party network services (e.g., data storage services provided by an online storage service)—in such a situation, both the developer user who created the software application and the end user may be allowed to independently specify access rights for one or more particular such computing-related resources (e.g., stored data files), such that neither the end user nor the software application developer user may later access those resources without the approval of the other party.
摘要翻译: 描述了用于管理对计算相关资源的访问的技术,例如,可以使多个不同方独立地控制对资源的访问(例如,使得只有当所有多个关联方批准该访问时,访问资源的请求才能成功 )。 例如,执行的软件应用程序可以代表最终用户利用由一个或多个远程第三方网络服务提供的一种或多种类型的计算相关资源(例如,由 在这种情况下,可以允许创建软件应用程序的开发者用户和终端用户独立地指定一个或多个特定的这样的计算相关资源(例如,存储的数据文件)的访问权限,例如, 最终用户和软件应用程序开发者用户以后都不可以在未经对方批准的情况下访问这些资源。
-
公开(公告)号:US07860864B2
公开(公告)日:2010-12-28
申请号:US12108416
申请日:2008-04-23
IPC分类号: G06F17/30
CPC分类号: G06F17/30067 , Y10S707/99943 , Y10S707/99953
摘要: Each LDIF entry of a directory tree is read, split to a domain of LDIF fragments (corresponding to backend servers) and written to each LDIF fragment. The split may be accomplished through a hash function, establishing, for that iteration of LDIF entry, a write file. The LDIF entry is appended to the write file. A subsequent LDIF entry is read. A corresponding LDIF fragment is determined, which need not be different from the LDIF fragment to which the first LDIF entry was written. The current LDIF entry is written to the currently selected write file. The process continues until all LDIF entries are exhausted from the directory tree. LDIF fragments are each copied to distinct backend servers, where, each LDIF fragment may be loaded into a distributed directory data structure.
摘要翻译: 读取目录树的每个LDIF条目,分割为LDIF片段的域(对应于后端服务器)并写入每个LDIF片段。 可以通过散列函数完成拆分,为LDIF条目的迭代建立写入文件。 LDIF条目附加到写入文件。 读取随后的LDIF条目。 确定对应的LDIF片段,其不需要与写入第一LDIF条目的LDIF片段不同。 当前的LDIF条目写入当前选择的写入文件。 该过程继续,直到所有LDIF条目从目录树中用尽。 LDIF片段都被复制到不同的后端服务器,其中每个LDIF片段可以被加载到分布式目录数据结构中。
-
公开(公告)号:US20080216080A1
公开(公告)日:2008-09-04
申请号:US12105140
申请日:2008-04-17
IPC分类号: G06F9/46
CPC分类号: G06F9/3851 , G06F11/0715 , G06F11/0793 , H04L63/1458
摘要: A method is presented for processing data in a multithreaded application to alleviate impaired or substandard performance conditions. Work items that are pending processing by the multithreaded application are placed into a data structure. The work items are processed by a plurality of threads within the multithreaded application in accordance with a first algorithm, e.g., first-in first-out (FIFO). A thread within the multithreaded application is configured apart from the plurality of threads such that it processes work items in accordance with a second algorithm that differs from the first algorithm, thereby avoiding the impairing condition. For example, the thread may process a pending work item only if it has a particular characteristic. The thread restricts its own processing of work items by intermittently evaluating workflow conditions for the plurality of threads; if the workflow conditions improve or are unimpaired, then the thread does not process any work items.
-
10.发明授权Real-time attribute processor and syntax schema for directory access protocol services 失效用于目录访问协议服务的实时属性处理器和语法模式公开(公告)号:US07840588B2
公开(公告)日:2010-11-23
申请号:US10809583
申请日:2004-03-25
IPC分类号: G06F17/30
CPC分类号: H04L61/1552 , G06F17/30589 , H04L29/12084 , H04L29/12132 , H04L61/1523
摘要: A directory server handles requests for values of dynamic attributes by providing at least one declaration for an attribute to be handled as a real-time attribute associated with but external to a directory structure; receiving a directory access protocol request for access to an attribute value from the associated directory structure; detecting requested access to an attribute declared as a real-time external attribute; resolving a real-time value by obtaining an attribute value from a real-time source external to the directory structure; converting the obtained attribute value from a real-time attribute to a static attribute, wherein the real-time attribute is incompatible with the directory access protocol, and wherein the static attribute is compatible with the directory access protocol; and returning to a requester the converted real-time attribute directly in the directory access protocol, wherein storing and updating of the converted real-time attribute value in the directory structure is eliminated or avoided.
摘要翻译: 目录服务器通过为要处理的属性作为与目录结构相关联但在外部的实时属性提供至少一个声明来处理对动态属性的值的请求; 从相关联的目录结构接收访问属性值的目录访问协议请求; 检测对被声明为实时外部属性的属性的请求访问; 通过从目录结构外部的实时源获取属性值来解析实时值; 将所获得的属性值从实时属性转换为静态属性,其中所述实时属性与所述目录访问协议不兼容,并且其中所述静态属性与所述目录访问协议兼容; 并且直接在目录访问协议中返回到请求者转换的实时属性,其中消除或避免了在目录结构中存储和更新转换的实时属性值。
-
-
-
-
-
-
-
-
-
搜索结果
19 条记录 (耗时 0.042 秒)
