Generic security claim processing model
    1.
    发明授权
    Generic security claim processing model 有权
    通用安全声明处理模式

    公开(公告)号:US07640573B2

    公开(公告)日:2009-12-29

    申请号:US10780274

    申请日:2004-02-16

    CPC分类号: G06F21/335

    摘要: A system for processing multiple types of security schemes includes a server having a claims engine that extracts claim(s) from security token(s) and maps extracted claims to other claims. The term claim as used in this context is a statement about a token's subject. The claims engine can extract claim(s) from one or more different types of security tokens corresponding to the multiple security schemes. These extracted claim(s) can then be selectively mapped to other claims using mapping information that is accessible to the server. The security decision can then be based on the extracted and/or derived claim(s) rather than tokens. This system can thereby support multiple security schemes and simplify the security process for the user.

    摘要翻译: 用于处理多种类型的安全方案的系统包括具有从安全令牌提取权利要求并将提取的权利要求映射到其他权利要求的权利要求引擎的服务器。 在这种情况下使用的这个术语是关于令牌主题的声明。 索赔引擎可以从对应于多个安全方案的一个或多个不同类型的安全令牌中提取索赔。 然后可以使用服务器可访问的映射信息将这些提取的权利要求选择性地映射到其他权利要求。 然后,安全性决定可以基于提取的和/或导出的权利要求而不是令牌。 因此,该系统可以支持多种安全方案,并简化用户的安全过程。

    Security scopes and profiles
    2.
    发明授权
    Security scopes and profiles 有权
    安全范围和配置文件

    公开(公告)号:US07716728B2

    公开(公告)日:2010-05-11

    申请号:US10779922

    申请日:2004-02-16

    IPC分类号: G06F12/14 G06F15/16 H04L29/06

    摘要: A security system with a mechanism to identify types of information that need to be secured and another mechanism to specify how the types are to be secured. The system includes a sender having an application and a receiver having a security module and one or more datastores to store information related to types of information that need to be secured (e.g. “scopes”), how information is to be secured (e.g., “profiles”), and a mapping (e.g., “bindings”) between the scopes and profiles. Scopes can be implemented by application developers. Profiles can be implemented by application deployers and/or administrators. The security module determines which scope is appropriate for the message, and then determines the profile that is mapped to the scope. The security module can then make an access control decision using the profile.

    摘要翻译: 一种具有识别需要保护的信息类型的机制的安全系统和另一种机制来指定类型是如何被保护的。 该系统包括具有应用的发送者和具有安全模块和一个或多个数据存储的接收者,用于存储与需要被保护的信息类型(例如“范围”)有关的信息,如何保护信息(例如“ 配置文件“)以及范围和配置文件之间的映射(例如”绑定“)。 范围可以由应用程序开发人员实现。 配置文件可以由应用程序部署人员和/或管理员实现。 安全模块确定哪个范围适合消息,然后确定映射到范围的配置文件。 安全模块然后可以使用配置文件进行访问控制决定。