-
公开(公告)号:US06950825B2
公开(公告)日:2005-09-27
申请号:US10159482
申请日:2002-05-30
申请人: David Yu Chang , Ching-Yun Chao , Hyen Vui Chung , Carlton Keith Mason , Vishwanath Venkataramappa , Leigh Allen Williamson
发明人: David Yu Chang , Ching-Yun Chao , Hyen Vui Chung , Carlton Keith Mason , Vishwanath Venkataramappa , Leigh Allen Williamson
CPC分类号: H04L63/102 , G06F21/6218 , H04L63/08 , Y10S707/99939
摘要: A security policy process which provides role-based permissions for hierarchically organized system resources such as domains, clusters, application servers, and resources, as well as topic structures for messaging services. Groups of permissions are assigned to roles, and each user is assigned a role and a level of access within the hierarchy of system resources or topics. Forward or reverse inheritance is applied to each user level-role assignment such that each user is allowed all permissions for ancestors to the assigned level or descendants to the assigned level. This allows simplified security policy definition and maintenance of user permissions as each user's permission list must only be configured and managed at one hierarchical level with one role.
摘要翻译: 为分层组织的系统资源(如域,集群,应用服务器和资源)以及消息传递服务的主题结构提供基于角色的权限的安全策略流程。 将权限组分配给角色,并为系统资源或主题的层次结构中的每个用户分配角色和级别的访问权限。 将向前或反向继承应用于每个用户级别角色分配,以便允许每个用户将祖先的所有权限分配给所分配的级别或后代到所分配的级别。 这允许简化的安全策略定义和维护用户权限,因为每个用户的权限列表只能在一个层次上配置和管理一个角色。
-
2.发明申请公开(公告)号:US20080222697A1
公开(公告)日:2008-09-11
申请号:US12123693
申请日:2008-05-20
申请人: Peter Daniel Birk , Ching-Yun Chao , Hyen Vui Chung , Carlton Keith Mason , Ajaykumar Karkala Reddy , Vishwanath Venkataramappa
发明人: Peter Daniel Birk , Ching-Yun Chao , Hyen Vui Chung , Carlton Keith Mason , Ajaykumar Karkala Reddy , Vishwanath Venkataramappa
IPC分类号: G06F21/00
CPC分类号: G06F21/31
摘要: Objects on application servers may be defined into classes which receive different levels of security protection, such as definition of user objects and administrative objects. Domain-wide security may be enforced on administrative objects, which user object security may be configured separately for each application server in a domain. In a CORBA architecture, IOR's for shared objects which are to be secured on a domain-wide basis, such as administrative objects, are provided with tagged components during IOR creation and exporting to a name server. Later, when the IOR is used by a client, the client invokes necessary security measures such as authentication, authorization and transport protection according to the tagged components.
摘要翻译: 应用服务器上的对象可以被定义为接收不同级别的安全保护的类,例如用户对象和管理对象的定义。 可以在管理对象上实施全域安全性,可以为域中的每个应用程序服务器单独配置哪些用户对象安全性。 在CORBA体系结构中,IOR对于在域范围内进行安全保护的共享对象(如管理对象)在IOR创建和导出到名称服务器期间提供了已标记组件。 之后,当客户端使用IOR时,客户机根据标记的组件调用必要的安全措施,如认证,授权和传输保护。
-
3.发明授权公开(公告)号:US07810132B2
公开(公告)日:2010-10-05
申请号:US12123693
申请日:2008-05-20
申请人: Peter Daniel Birk , Ching-Yun Chao , Hyen Vui Chung , Carlton Keith Mason , Ajaykumar Karkala Reddy , Vishwanath Venkataramappa
发明人: Peter Daniel Birk , Ching-Yun Chao , Hyen Vui Chung , Carlton Keith Mason , Ajaykumar Karkala Reddy , Vishwanath Venkataramappa
CPC分类号: G06F21/31
摘要: Objects on application servers are distributed to one or more application servers; a user is allowed to declare in a list which objects residing on each application server are to be protected; the list is read by an interceptor; responsive to exportation of a Common Object Request Broker Architecture (“CORBA”) compliant Interoperable Object Reference (“IOR”) for a listed object, the interceptor associates one or more application server security flags with interfaces to the listed objects by tagging components of the IOR with one or more security flags; and one or more security operations are performed by an application server according to the security flags tagged to the IOR when a client accesses an application server-stored object, the security operations including an operation besides establishing secure communications between the client process and the server-stored object.
摘要翻译: 应用程序服务器上的对象分发到一个或多个应用程序服务器; 允许用户在列表中声明哪些驻留在每个应用服务器上的对象将被保护; 列表由拦截器读取; 响应于为列出的对象导出通用对象请求代理体系结构(“CORBA”)兼容的可互操作对象引用(“IOR”),拦截器通过标记所列对象的组件将一个或多个应用程序服务器安全标志与列出的对象的接口相关联 IOR带有一个或多个安全标志; 并且当客户端访问应用服务器存储的对象时,应用服务器根据标记为IOR的安全标志执行一个或多个安全操作,该安全操作包括除客户端进程和服务器端之间建立安全通信之外的操作, 存储对象。
-
4.发明授权公开(公告)号:US07448066B2
公开(公告)日:2008-11-04
申请号:US10246909
申请日:2002-09-19
申请人: Peter Daniel Birk , Ching-Yun Chao , Hyen Vui Chung , Carlton Keith Mason , Ajaykumar Karkala Reddy , Vishwanath Venkataramappa
发明人: Peter Daniel Birk , Ching-Yun Chao , Hyen Vui Chung , Carlton Keith Mason , Ajaykumar Karkala Reddy , Vishwanath Venkataramappa
CPC分类号: G06F21/31
摘要: Objects on application servers may be defined into classes which receive different levels of security protection, such as definition of user objects and administrative objects. Domain-wide security may be enforced on administrative objects, which user object security may be configured separately for each application server in a domain. In a CORBA architecture, IOR's for shared objects which are to be secured on a domain-wide basis, such as administrative objects, are provided with tagged components during IOR creation and exporting to a name server. Later, when the IOR is used by a client, the client invokes necessary security measures such as authentication, authorization and transport protection according to the tagged components.
摘要翻译: 应用服务器上的对象可以被定义为接收不同级别的安全保护的类,例如用户对象和管理对象的定义。 可以在管理对象上实施全域安全性,可以为域中的每个应用程序服务器单独配置哪些用户对象安全性。 在CORBA体系结构中,IOR对于在域范围内进行安全保护的共享对象(如管理对象)在IOR创建和导出到名称服务器期间提供了已标记组件。 之后,当客户端使用IOR时,客户机根据标记的组件调用必要的安全措施,如认证,授权和传输保护。
-
5.发明授权Method and apparatus for optimizing references to objects in a data processing system 失效用于优化对数据处理系统中的对象的引用的方法和装置公开(公告)号:US06253253B1
公开(公告)日:2001-06-26
申请号:US08917992
申请日:1997-08-25
IPC分类号: G06F954
CPC分类号: G06F9/548
摘要: A method and apparatus for optimizing references to objects in a distributed data processing system. A method is invoked in a client process by client application on a target object. In response to determining that the target object is on a remote process reference, a smart proxy determines whether the message can be processed within the client process. In response to determining that the message can be processed in the client process, the message is processed locally. Otherwise the message is sent to the target object for processing.
摘要翻译: 一种用于优化对分布式数据处理系统中的对象的引用的方法和装置。 客户端应用程序在目标对象上调用一种方法。 响应于确定目标对象在远程进程引用上,智能代理确定消息是否可以在客户端进程内处理。 响应于确定消息可以在客户端进程中处理,消息在本地进行处理。 否则将该消息发送到目标对象进行处理。
-
公开(公告)号:US06826716B2
公开(公告)日:2004-11-30
申请号:US09963712
申请日:2001-09-26
申请人: Carlton Keith Mason
发明人: Carlton Keith Mason
IPC分类号: G06F1100
CPC分类号: G06F11/3684
摘要: Testing J2EE applications, wherein J2EE applications comprise modules, the testing including identifying (204), from an application deployment descriptor, modules comprised within the J2EE application; identifying, from an identified module, at least one QOS element; and identifying, from the identified QOS element, a software resource to be tested. Typical embodiments further including generating Java test code; identifying, for the software resource to be tested, a user identification and a user password for a user that is a member of a role intended to protect the software resource; and testing the software resource to be tested by use of the Java test code, including passing as parameters to the Java test code at run time the user identification and user password.
摘要翻译: 测试J2EE应用程序,其中J2EE应用程序包括模块,测试包括从应用程序部署描述符识别(204)包含在J2EE应用程序中的模块; 从识别的模块识别至少一个QOS元素; 以及从所识别的QOS元素识别要测试的软件资源。 典型实施例还包括生成Java测试代码; 为要测试的软件资源识别作为旨在保护软件资源的角色的成员的用户的用户标识和用户密码; 并通过使用Java测试代码测试要测试的软件资源,包括在运行时将Java测试代码作为参数传递给用户标识和用户密码。
-
-
-
-
-
搜索结果
6 条记录 (耗时 0.037 秒)
