公开(公告)号：US20100306824A1

公开(公告)日：2010-12-02

申请号：US12472885

申请日：2009-05-27

申请人： Daniel C. Gurney ,  Carol A. Jones ,  Anthony J. Nadalin ,  Nataraj Nagaratnam ,  John J. Rawls ,  Robert L. Yates ,  Alfred Zollar

发明人： Daniel C. Gurney ,  Carol A. Jones ,  Anthony J. Nadalin ,  Nataraj Nagaratnam ,  John J. Rawls ,  Robert L. Yates ,  Alfred Zollar

IPC分类号： H04L9/32 ,  G06F17/30 ,  G06F21/00 ,  G06Q10/00

CPC分类号： G06F21/6245 ,  G06Q10/109 ,  G06Q10/1093 ,  H04L9/321

摘要： In some embodiments, a system includes a database of trust information that internalizes security and trust relationships between a first entity and a second entity in regards to scheduling, and a central trust manager operable to determine from the database of trust information whether a trust relationship exists between a first organization and a second organization, the central trust manager also being operable to provide availability information of a user of the first organization to a second user of the second organization, the central trust manager also being operable to determine whether the second user of the second organization is granted access to requested calendar data and the central trust manager also being operable to provide the requested calendar data.

摘要翻译： 在一些实施例中，系统包括内部化关于调度的第一实体和第二实体之间的安全性和信任关系的信任信息数据库，以及可操作以从数据库确定信任信息是否存在信任关系的中央信任管理器 在第一组织和第二组织之间，中央信任管理器还可操作以向第二组织的第二用户提供第一组织的用户的可用性信息，中央信任管理器还可操作以确定第二组织的第二用户是否 允许第二组织访问所请求的日历数据，并且中央信任管理器也可操作以提供所请求的日历数据。

公开(公告)号：US08261329B2

公开(公告)日：2012-09-04

申请号：US12472885

申请日：2009-05-27

申请人： Daniel C. Gurney ,  Carol A Jones ,  Anthony J Nadalin ,  Nataraj Nagaratnam ,  John J Rawls ,  Robert L. Yates ,  Alfred Zollar

发明人： Daniel C. Gurney ,  Carol A Jones ,  Anthony J Nadalin ,  Nataraj Nagaratnam ,  John J Rawls ,  Robert L. Yates ,  Alfred Zollar

IPC分类号： H04L9/32

CPC分类号： G06F21/6245 ,  G06Q10/109 ,  G06Q10/1093 ,  H04L9/321

摘要： In some embodiments, a system includes a database of trust information that internalizes security and trust relationships between a first entity and a second entity in regards to scheduling, and a central trust manager operable to determine from the database of trust information whether a trust relationship exists between a first organization and a second organization, the central trust manager also being operable to provide availability information of a user of the first organization to a second user of the second organization, the central trust manager also being operable to determine whether the second user of the second organization is granted access to requested calendar data and the central trust manager also being operable to provide the requested calendar data.

摘要翻译： 在一些实施例中，系统包括内部化关于调度的第一实体和第二实体之间的安全性和信任关系的信任信息的数据库，以及中央信任管理器，可操作以从数据库确定信任信息是否存在信任关系 在第一组织和第二组织之间，中央信任管理器还可操作以向第二组织的第二用户提供第一组织的用户的可用性信息，中央信任管理器还可操作以确定第二组织的第二用户是否 允许第二组织访问所请求的日历数据，并且中央信任管理器也可操作以提供所请求的日历数据。

公开(公告)号：US10984457B2

公开(公告)日：2021-04-20

申请号：US11849210

申请日：2007-08-31

申请人： Gregory T. Byrd ,  Michael G. McIntosh ,  Nataraj Nagaratnam ,  Anthony J. Nadalin

发明人： Gregory T. Byrd ,  Michael G. McIntosh ,  Nataraj Nagaratnam ,  Anthony J. Nadalin

IPC分类号： G06Q10/00 ,  G06Q30/06

摘要： Embodiments of the present invention address deficiencies of the art in respect to privacy data management and provide a novel and non-obvious method, system and computer program product for trusted statement verification for data privacy. In one embodiment of the invention, a method for trusted statement verification for data privacy can be provided. The method can include deducing a claim from an attribute for personal data for an end user, receiving a request from a personal data consumer to vouch for an assertion based upon the attribute, comparing the assertion to the claim, and providing a voucher for the assertion to the personal data consumer on behalf of the end user if the claim supports the assertion without revealing the attribute to the personal data consumer.

公开(公告)号：US08683545B2

公开(公告)日：2014-03-25

申请号：US12192769

申请日：2008-08-15

申请人： Anthony J. Nadalin ,  Nataraj Nagaratnam ,  Sridhar R. Muppidi

发明人： Anthony J. Nadalin ,  Nataraj Nagaratnam ,  Sridhar R. Muppidi

IPC分类号： G06F21/00

CPC分类号： H04L63/102 ,  H04L63/20

摘要： One aspect of the present invention can include a system, a method, a computer program product and an apparatus for federating policies from multiple policy providers. The aspect can identify a set of distinct policy providers, each maintaining at least one policy related to a service or a resource. A federated policy exchange service can be established that has a policy provider plug-in for each of the distinct policy providers. The federated policy exchange service can receive requests for policies from a set of policy requesters. Each request can include a resource_id or a service_id used to uniquely identify the service or resource. The federated policy exchange service can dynamically connect to a set of the policy providers to determine policies applicable to each request. For each request, results from the policy providers can be received and processed to generate a response. The federated policy exchange service can provide the response to each policy requestor responsive in response to each response.

摘要翻译： 本发明的一个方面可以包括系统，方法，计算机程序产品和用于从多个策略提供者联合策略的装置。 该方面可以识别一组不同的策略提供者，每个策略提供者保持至少一个与服务或资源相关的策略。 可以建立联合的策略交换服务，其具有针对每个不同策略提供者的策略提供者插件。 联合策略交换服务可以从一组策略请求者接收到策略请求。 每个请求可以包括用于唯一标识服务或资源的resource_id或service_id。 联合策略交换服务可以动态地连接到一组策略提供者，以确定适用于每个请求的策略。 对于每个请求，可以接收和处理策略提供者的结果以产生响应。 联合策略交换服务可以响应于每个响应来响应每个策略请求者。

公开(公告)号：US20090183184A1

公开(公告)日：2009-07-16

申请号：US12013867

申请日：2008-01-14

申请人： Anthony J. Nadalin ,  Nataraj Nagaratnam ,  Indrajit Poddar

发明人： Anthony J. Nadalin ,  Nataraj Nagaratnam ,  Indrajit Poddar

IPC分类号： G06F9/54

CPC分类号： G06F9/4435 ,  G06F9/4493

摘要： Embodiments of the present invention provide a method, system and computer program product for declarative instance based access control for persistent application resources in a multi-tier application. In one embodiment of the invention, a method for instance based access control in a persistent application resource can be provided. The method can include creating one or more instances of an persistent application resource for a particular user or based on attributes of the user, coupling the instance(s) of the persistent application resource to a database implementing row-level access control, initializing access to the database according to a role or attribute for the particular user, and accessing a restricted set of data in the database through the instance(s) of the persistent application resource.

摘要翻译： 本发明的实施例提供了一种用于在多层应用中用于持久应用资源的基于声明性实例的访问控制的方法，系统和计算机程序产品。 在本发明的一个实施例中，可以提供用于持久应用资源中的基于实例的访问控制的方法。 该方法可以包括为特定用户创建持久性应用资源的一个或多个实例，或者基于用户的属性，将持久应用资源的实例耦合到实现行级访问控制的数据库，初始化对 数据库根据特定用户的角色或属性，以及通过持久性应用程序资源的实例访问数据库中受限制的一组数据。

公开(公告)号：US20090063289A1

公开(公告)日：2009-03-05

申请号：US11849210

申请日：2007-08-31

申请人： Gregory T. Byrd ,  Michael G. McIntosh ,  Nataraj Nagaratnam ,  Anthony J. Nadalin

发明人： Gregory T. Byrd ,  Michael G. McIntosh ,  Nataraj Nagaratnam ,  Anthony J. Nadalin

IPC分类号： G06Q30/00 ,  G06F7/04

CPC分类号： G06Q30/06 ,  G06Q30/0601

摘要： Embodiments of the present invention address deficiencies of the art in respect to privacy data management and provide a novel and non-obvious method, system and computer program product for trusted statement verification for data privacy. In one embodiment of the invention, a method for trusted statement verification for data privacy can be provided. The method can include deducing a claim from an attribute for personal data for an end user, receiving a request from a personal data consumer to vouch for an assertion based upon the attribute, comparing the assertion to the claim, and providing a voucher for the assertion to the personal data consumer on behalf of the end user if the claim supports the assertion without revealing the attribute to the personal data consumer.

摘要翻译： 本发明的实施例解决了隐私数据管理方面的技术缺陷，并提供了一种用于数据隐私的可信语句验证的新颖且非显而易见的方法，系统和计算机程序产品。 在本发明的一个实施例中，可以提供用于数据隐私的可信语句验证的方法。 该方法可以包括从用于最终用户的个人数据的属性中推定权利要求，接收来自个人数据消费者的请求，以基于该属性来证明断言，将该断言与权利要求进行比较，以及为该断言提供凭证 如果索赔支持声明而不向个人数据消费者显示属性，则代表最终用户向个人数据消费者发送。

公开(公告)号：US09292305B2

公开(公告)日：2016-03-22

申请号：US12013867

申请日：2008-01-14

申请人： Indrajit Poddar ,  Anthony J. Nadalin ,  Nataraj Nagaratnam

发明人： Indrajit Poddar ,  Anthony J. Nadalin ,  Nataraj Nagaratnam

IPC分类号： G06F9/44

CPC分类号： G06F9/4435 ,  G06F9/4493

摘要： Embodiments of the present invention provide a method, system and computer program product for declarative instance based access control for persistent application resources in a multi-tier application. In one embodiment of the invention, a method for instance based access control in a persistent application resource can be provided. The method can include creating one or more instances of an persistent application resource for a particular user or based on attributes of the user, coupling the instance(s) of the persistent application resource to a database implementing row-level access control, initializing access to the database according to a role or attribute for the particular user, and accessing a restricted set of data in the database through the instance(s) of the persistent application resource.

摘要翻译： 本发明的实施例提供了一种用于在多层应用中用于持久应用资源的基于声明性实例的访问控制的方法，系统和计算机程序产品。 在本发明的一个实施例中，可以提供用于持久应用资源中的基于实例的访问控制的方法。 该方法可以包括为特定用户创建持久性应用资源的一个或多个实例，或者基于用户的属性，将持久应用资源的实例耦合到实现行级访问控制的数据库，初始化对 数据库根据特定用户的角色或属性，以及通过持久性应用程序资源的实例访问数据库中受限制的一组数据。

公开(公告)号：US20090064272A1

公开(公告)日：2009-03-05

申请号：US11848405

申请日：2007-08-31

申请人： German S. Goldszmidt ,  Dah-Haur H. Lin ,  Anthony J. Nadalin ,  Nataraj Nagaratnam ,  Indrajit Poddar

发明人： German S. Goldszmidt ,  Dah-Haur H. Lin ,  Anthony J. Nadalin ,  Nataraj Nagaratnam ,  Indrajit Poddar

IPC分类号： G06F17/00

CPC分类号： H04L63/105 ,  G06F21/6227

摘要： Embodiments of the present invention provide a method, system and computer program product for aggregating database and component logic authorization rules in a multi-tier application. In an embodiment of the invention, a method for aggregating database and component logic authorization rules in a multi-tier application system can include aggregating role-based authorization rules for both a persistence layer and a logic layer of a multi-tier application in a unified policy, distributing the unified policy to both the persistence layer and the logic layer of the multi-tier application, transforming the unified policy into respectively a set of role based permissions for the persistence layer and a set of role based permissions for the logic layer, and applying the set of role based permissions for the persistence layer in the persistence layer, and the set of role based permissions for the logic layer in the logic layer of the multi-tier application.

摘要翻译： 本发明的实施例提供了一种在多层应用中聚合数据库和组件逻辑授权规则的方法，系统和计算机程序产品。 在本发明的一个实施例中，用于在多层应用系统中聚合数据库和组件逻辑授权规则的方法可以包括为统一的多层应用的持久层和逻辑层聚合基于角色的授权规则 策略，将统一策略分发到多层应用的持久层和逻辑层，将统一策略分为一组基于角色的持久层权限和逻辑层的一组基于角色的权限， 并在持久层中为持久层应用一组基于角色的权限，以及在多层应用程序的逻辑层中逻辑层的基于角色的权限集合。

公开(公告)号：US07676831B2

公开(公告)日：2010-03-09

申请号：US11221630

申请日：2005-09-08

申请人： Kathryn H. Britton ,  Dieter Buehler ,  Ching-Yun Chao ,  Timothy J. Hahn ,  Anthony J. Nadalin ,  Nataraj Nagaratnam ,  Yi-Hsiu Wei ,  ChunHui Yang

发明人： Kathryn H. Britton ,  Dieter Buehler ,  Ching-Yun Chao ,  Timothy J. Hahn ,  Anthony J. Nadalin ,  Nataraj Nagaratnam ,  Yi-Hsiu Wei ,  ChunHui Yang

IPC分类号： H04L9/32 ,  H04L9/00 ,  G06F7/04

CPC分类号： G06F21/6236

摘要： Embodiments of the present invention address deficiencies of the art in respect to access control and provide a method, system and computer program product for access control management for a collection of heterogeneous application components. In a first embodiment, a data processing system for role-based access control management for multiple heterogeneous application components can include at least one business role descriptor associating a business role with multiple, different application roles for corresponding, disparate application components. The system also can include at least one access policy associating a user with the business role. Finally, the system can include policy deployment logic include program code enabled to process the access policy to assign the user to the different application roles in the disparate application components.

摘要翻译： 本发明的实施例解决了本领域在访问控制方面的缺陷，并提供了用于异构应用组件的集合的访问控制管理的方法，系统和计算机程序产品。 在第一实施例中，用于多个异构应用组件的用于基于角色的访问控制管理的数据处理系统可以包括将业务角色与用于相应的不同应用组件的多个不同应用角色相关联的至少一个业务角色描述符。 系统还可以包括将用户与业务角色相关联的至少一个访问策略。 最后，系统可以包括策略部署逻辑，包括能够处理访问策略的程序代码，以将用户分配给不同应用程序组件中的不同应用程序角色。

公开(公告)号：US20100043050A1

公开(公告)日：2010-02-18

申请号：US12192769

申请日：2008-08-15

申请人： Anthony J. Nadalin ,  Nataraj Nagaratnam ,  Sridhar R. Muppidi

发明人： Anthony J. Nadalin ,  Nataraj Nagaratnam ,  Sridhar R. Muppidi

IPC分类号： G06F21/00 ,  G06F15/16

CPC分类号： H04L63/102 ,  H04L63/20

摘要： One aspect of the present invention can include a system, a method, a computer program product and an apparatus for federating policies from multiple policy providers. The aspect can identify a set of distinct policy providers, each maintaining at least one policy related to a service or a resource. A federated policy exchange service can be established that has a policy provider plug-in for each of the distinct policy providers. The federated policy exchange service can receive requests for policies from a set of policy requesters. Each request can include a resource_id or a service_id used to uniquely identify the service or resource. The federated policy exchange service can dynamically connect to a set of the policy providers to determine policies applicable to each request. For each request, results from the policy providers can be received and processed to generate a response. The federated policy exchange service can provide the response to each policy requestor responsive in response to each response.

摘要翻译： 本发明的一个方面可以包括系统，方法，计算机程序产品和用于从多个策略提供者联合策略的装置。 该方面可以识别一组不同的策略提供者，每个策略提供者保持至少一个与服务或资源相关的策略。 可以建立联合的策略交换服务，其具有针对每个不同策略提供者的策略提供者插件。 联合策略交换服务可以从一组策略请求者接收到策略请求。 每个请求可以包括用于唯一标识服务或资源的resource_id或service_id。 联合策略交换服务可以动态地连接到一组策略提供者，以确定适用于每个请求的策略。 对于每个请求，可以接收和处理策略提供者的结果以产生响应。 联合策略交换服务可以响应于每个响应来响应每个策略请求者。