-
1.发明申请公开(公告)号:US20050138061A1
公开(公告)日:2005-06-23
申请号:US10741708
申请日:2003-12-19
申请人: David Kuehr-McLaren , Pratik Gupta , Govindaraj Sampathkumar , Vincent Williams , Sharon Cutcher , Sumit Taank , Brian Stube , Hari Shankar
发明人: David Kuehr-McLaren , Pratik Gupta , Govindaraj Sampathkumar , Vincent Williams , Sharon Cutcher , Sumit Taank , Brian Stube , Hari Shankar
IPC分类号: G06F17/00
摘要: Policies defining the entitlements to be assigned to a new identity joining a role are automatically generated. An automatic policy assigns a new identity the entitlements commonly owned by a predetermined number of identities in the role, which may be all of the role identities. A conditional policy recommends that a new identity be assigned the non-commonly-owned entitlements associated with the role identity whose non-entitlement attributes most closely match the non-entitlement attributes of the new identity. This may be automatically determined by iterating through a vector that maps the non-commonly-owned entitlements with the non-entitlement attributes of each role identity, comparing the non-entitlement attributes of the new identity to find the closest match. The non-commonly-owned entitlements of that identity are then recommended to be assigned to the new identity, upon approval.
摘要翻译: 将自动生成定义要分配给加入角色的新身份的权利的策略。 自动策略将新身份分配给角色中预定数量的身份共同拥有的权利,这些身份可能是所有角色身份。 条件政策建议将新身份分配给与非授权属性与新身份的非授权属性最接近的角色身份相关联的非共同所有权利。 这可以通过迭代通过将非共同所有权利与每个角色身份的非授权属性进行映射的向量来自动确定,比较新身份的非授权属性以找到最接近的匹配。 然后,建议将该身份的非共同所有权利分配给新身份,并经批准。
-
公开(公告)号:US20050138420A1
公开(公告)日:2005-06-23
申请号:US10741904
申请日:2003-12-19
申请人: Govindaraj Sampathkumar , Pratik Gupta , David Kuehr-McLaren , Vincent Williams , Sharon Cutcher , Sumit Taank , Brian Stube , Hari Shankar
发明人: Govindaraj Sampathkumar , Pratik Gupta , David Kuehr-McLaren , Vincent Williams , Sharon Cutcher , Sumit Taank , Brian Stube , Hari Shankar
IPC分类号: H04L9/00
CPC分类号: G06Q10/10 , G06F21/604 , G06F21/6218 , G06F2221/2145
摘要: A role hierarchy is automatically generated by hierarchically ranking roles in a role based control system, each role including a plurality of identities having attributes. Iteratively at each hierarchical level: each non-cohesive role (wherein, in this case, at least one attribute is not possessed by every identity in the role) is replaced, at the same hierarchical level, by a cohesive role formed by grouping identities having at least one common attribute. The remaining identities are clustered into children roles based on attributes other than the common attribute, and the children roles are added to the role hierarchy at a hierarchical level below the cohesive role. If no common attribute exists in the non-cohesive role, the role is clustered into two or more new roles based on all the attributes in the role, and the non-cohesive role is replaced with the new roles at the same hierarchical level.
摘要翻译: 通过在基于角色的控制系统中对角色进行分级排序自动生成角色层次结构,每个角色包括具有属性的多个身份。 迭代地在每个层次级别:每个非凝聚的角色(其中,在这种情况下,角色中的每个身份不具有至少一个属性)在相同的层次上由通过将身份分组 至少有一个共同的属性。 剩余的身份基于公共属性以外的属性聚类成儿童角色,并且儿童角色被添加到角色层次结构中,层级低于凝聚角色。 如果非凝聚角色中不存在共同属性,则该角色将基于角色中的所有属性聚集到两个或多个新角色中,并且将非相关角色替换为同一层次级别的新角色。
-
公开(公告)号:US20050138419A1
公开(公告)日:2005-06-23
申请号:US10741634
申请日:2003-12-19
申请人: Pratik Gupta , Govindaraj Sampathkumar , David Kuehr-McLaren , Vincent Williams , Sharon Cutcher , Sumit Taank , Brian Stube , Hari Shankar
发明人: Pratik Gupta , Govindaraj Sampathkumar , David Kuehr-McLaren , Vincent Williams , Sharon Cutcher , Sumit Taank , Brian Stube , Hari Shankar
CPC分类号: G06F21/6218
摘要: An automated, bottom-up role discovery method for a role based control system includes automatically extracting identities and attributes from data sources and automatically clustering the identities based on the attributes to form recommended roles. The recommended roles may be modified by intervention of an administrator. Additionally, the recommended roles may be aggregated by defining the role definition as an attribute of each constituent identity, and re-clustering the identities to generate refined roles. The recommended, modified, and/or refined roles may then be utilized in a role based control system, such as a role based access control system. Periodically performing the role discovery process provides a means to audit a role based access control system.
摘要翻译: 用于基于角色的控制系统的自动化的自下而上角色发现方法包括自动从数据源提取身份和属性,并根据属性自动聚类身份以形成推荐角色。 推荐的角色可以通过管理员的干预来修改。 另外,推荐的角色可以通过将角色定义定义为每个组成标识的属性来进行聚合,并重新聚集身份以生成精细角色。 然后,可以在基于角色的控制系统(例如基于角色的访问控制系统)中使用推荐的,修改的和/或细化的角色。 定期执行角色发现过程提供了一种审核基于角色的访问控制系统的方法。
-
4.发明申请Automatic Policy Generation Based on Role Entitlements and Identity Attributes 有权基于角色权利和身份属性的自动策略生成公开(公告)号:US20080016104A1
公开(公告)日:2008-01-17
申请号:US11780956
申请日:2007-07-20
申请人: David Kuehr-McLaren , Pratik Gupta , Govindaraj Sampathkumar , Vincent Williams , Sharon Cutcher , Sumit Taank , Brian Stube , Hari Shankar
发明人: David Kuehr-McLaren , Pratik Gupta , Govindaraj Sampathkumar , Vincent Williams , Sharon Cutcher , Sumit Taank , Brian Stube , Hari Shankar
IPC分类号: G06F17/00
摘要: Policies defining the entitlements to be assigned to a new identity joining a role are automatically generated. An automatic policy assigns a new identity the entitlements commonly owned by a predetermined number of identities in the role, which may be all of the role identities. A conditional policy recommends that a new identity be assigned the non-commonly-owned entitlements associated with the role identity whose non-entitlement attributes most closely match the non-entitlement attributes of the new identity. This may be automatically determined by iterating through a vector that maps the non-commonly-owned entitlements with the non-entitlement attributes of each role identity, comparing the non-entitlement attributes of the new identity to find the closest match. The non-commonly-owned entitlements of that identity are then recommended to be assigned to the new identity, upon approval.
摘要翻译: 将自动生成定义要分配给加入角色的新身份的权利的策略。 自动策略将新身份分配给角色中预定数量的身份共同拥有的权利,这些身份可能是所有角色身份。 条件政策建议将新身份分配给与非授权属性与新身份的非授权属性最接近的角色身份相关联的非共同所有权利。 这可以通过迭代通过将非共同所有权利与每个角色身份的非授权属性进行映射的向量来自动确定,比较新身份的非授权属性以找到最接近的匹配。 然后,建议将该身份的非共同所有权利分配给新身份,并经批准。
-
-
-
搜索结果
4 条记录 (耗时 0.026 秒)
