公开(公告)号：US20070056026A1

公开(公告)日：2007-03-08

申请号：US11221630

申请日：2005-09-08

申请人： Kathryn Britton ,  Dieter Buehler ,  Ching-Yun Chao ,  Timothy Hahn ,  Anthony Nadalin ,  Nataraj Nagaratnam ,  Yi-Hsiu Wei ,  Chun Yang

发明人： Kathryn Britton ,  Dieter Buehler ,  Ching-Yun Chao ,  Timothy Hahn ,  Anthony Nadalin ,  Nataraj Nagaratnam ,  Yi-Hsiu Wei ,  Chun Yang

IPC分类号： H04L9/32

CPC分类号： G06F21/6236

摘要： Embodiments of the present invention address deficiencies of the art in respect to access control and provide a method, system and computer program product for access control management for a collection of heterogeneous application components. In a first embodiment, a data processing system for role-based access control management for multiple heterogeneous application components can include at least one business role descriptor associating a business role with multiple, different application roles for corresponding, disparate application components. The system also can include at least one access policy associating a user with the business role. Finally, the system can include policy deployment logic include program code enabled to process the access policy to assign the user to the different application roles in the disparate application components.

摘要翻译： 本发明的实施例解决了本领域在访问控制方面的缺陷，并提供了用于异构应用组件的集合的访问控制管理的方法，系统和计算机程序产品。 在第一实施例中，用于多个异构应用组件的用于基于角色的访问控制管理的数据处理系统可以包括将业务角色与用于相应的不同应用组件的多个不同应用角色相关联的至少一个业务角色描述符。 系统还可以包括将用户与业务角色相关联的至少一个访问策略。 最后，系统可以包括策略部署逻辑，包括能够处理访问策略的程序代码，以将用户分配给不同应用程序组件中的不同应用程序角色。

公开(公告)号：US07676831B2

公开(公告)日：2010-03-09

申请号：US11221630

申请日：2005-09-08

申请人： Kathryn H. Britton ,  Dieter Buehler ,  Ching-Yun Chao ,  Timothy J. Hahn ,  Anthony J. Nadalin ,  Nataraj Nagaratnam ,  Yi-Hsiu Wei ,  ChunHui Yang

发明人： Kathryn H. Britton ,  Dieter Buehler ,  Ching-Yun Chao ,  Timothy J. Hahn ,  Anthony J. Nadalin ,  Nataraj Nagaratnam ,  Yi-Hsiu Wei ,  ChunHui Yang

IPC分类号： H04L9/32 ,  H04L9/00 ,  G06F7/04

CPC分类号： G06F21/6236

摘要： Embodiments of the present invention address deficiencies of the art in respect to access control and provide a method, system and computer program product for access control management for a collection of heterogeneous application components. In a first embodiment, a data processing system for role-based access control management for multiple heterogeneous application components can include at least one business role descriptor associating a business role with multiple, different application roles for corresponding, disparate application components. The system also can include at least one access policy associating a user with the business role. Finally, the system can include policy deployment logic include program code enabled to process the access policy to assign the user to the different application roles in the disparate application components.

摘要翻译： 本发明的实施例解决了本领域在访问控制方面的缺陷，并提供了用于异构应用组件的集合的访问控制管理的方法，系统和计算机程序产品。 在第一实施例中，用于多个异构应用组件的用于基于角色的访问控制管理的数据处理系统可以包括将业务角色与用于相应的不同应用组件的多个不同应用角色相关联的至少一个业务角色描述符。 系统还可以包括将用户与业务角色相关联的至少一个访问策略。 最后，系统可以包括策略部署逻辑，包括能够处理访问策略的程序代码，以将用户分配给不同应用程序组件中的不同应用程序角色。

公开(公告)号：US20070198522A1

公开(公告)日：2007-08-23

申请号：US11359212

申请日：2006-02-22

申请人： Kathryn Britton ,  Dieter Buehler ,  William Higgins ,  Yi-Hsiu Wei ,  Chunhui Yang

发明人： Kathryn Britton ,  Dieter Buehler ,  William Higgins ,  Yi-Hsiu Wei ,  Chunhui Yang

IPC分类号： G06F17/30

CPC分类号： G06F21/629

摘要： Embodiments of the present invention address deficiencies of the art in respect to access control and provide a method, system and computer program product for access control management for a composite application. In a first embodiment, a method for role-based access control management for a composite application can be provided. The method can include selecting a component for deployment in a composite application and parsing a security policy for the component to identify a mapping between a specific role for the component and a virtual role for the composite application. Binding logic can be generated from the security policy and the component can be deployed into the composite application. Finally, security access operations for the virtual role can be processed through method calls to operations defined in the binding logic.

摘要翻译： 本发明的实施例解决了本领域在访问控制方面的缺陷，并提供了用于组合应用的访问控制管理的方法，系统和计算机程序产品。 在第一实施例中，可以提供用于复合应用的基于角色的访问控制管理的方法。 该方法可以包括选择用于在复合应用程序中部署的组件并解析组件的安全策略，以识别组件的特定角色与复合应用程序的虚拟角色之间的映射。 绑定逻辑可以从安全策略生成，组件可以部署到组合应用程序中。 最后，可以通过对绑定逻辑中定义的操作的方法调用来处理虚拟角色的安全访问操作。

公开(公告)号：US20070271618A1

公开(公告)日：2007-11-22

申请号：US11419245

申请日：2006-05-19

申请人： CHING-YUN CHAO ,  Yi-Hsiu Wei

发明人： CHING-YUN CHAO ,  Yi-Hsiu Wei

IPC分类号： H04L9/32 ,  H04L9/00 ,  G06K9/00 ,  G06F17/30 ,  G06F7/04 ,  H03M1/68 ,  H04K1/00 ,  H04N7/16 ,  G06F17/00

CPC分类号： G06F21/6218 ,  H04L9/3247 ,  H04L9/3263 ,  H04L63/0823 ,  H04L63/20 ,  H04L2209/56 ,  H04L2209/80

摘要： Methods, systems, and computer program products are disclosed for securing access to a service data object that include providing a service data object having an embedded security policy, and enforcing by the object the security policy of the object. Securing access to a service data object may include establishing a trust relationship with a trusted environment, transmitting the object to the trusted environment, and enforcing by the object the security policy of the object in the trusted environment. Securing access to a service data object may include exposing an interface to provide access to the object in dependence upon an authorization policy of the security policy for an authenticated user. Securing access to a service data object may include exposing attributes of the object in dependence upon an authorization policy of the security policy for an authenticated user.

摘要翻译： 公开了方法，系统和计算机程序产品，用于保护对包括提供具有嵌入式安全策略的服务数据对象的服务数据对象的访问，以及由对象强制对象的安全策略。 保护对服务数据对象的访问可以包括建立与可信环境的信任关系，将对象发送到可信环境，以及由对象强制可信环境中对象的安全策略。 保护对服务数据对象的访问可以包括暴露接口以根据认证用户的安全策略的授权策略提供对对象的访问。 保护对服务数据对象的访问可以包括根据认证用户的安全策略的授权策略来公开对象的属性。

公开(公告)号：US07949688B2

公开(公告)日：2011-05-24

申请号：US12131399

申请日：2008-06-02

申请人： Shaw-Ben S. Shi ,  John W. Sweitzer ,  Yi-Hsiu Wei

发明人： Shaw-Ben S. Shi ,  John W. Sweitzer ,  Yi-Hsiu Wei

IPC分类号： G06F17/30

CPC分类号： G06Q10/10

摘要： A method, system and computer-usable medium are disclosed for managing the evolution of a data model through the application of change statements. Each change statement comprises a change operator operable to perform change operations on the elements of a target data model. The change statements are appended to a data model change stack. Execution of the change statements stored in the data model change stack results in change operations being performed on the target data model. Each change statement is associated with a version ID and a timestamp which identify the scope of the data model version and time instance of the change.

摘要翻译： 公开了一种方法，系统和计算机可用介质，用于通过应用变更语句来管理数据模型的演变。 每个改变语句包括可操作以对目标数据模型的元素执行改变操作的改变运算符。 更改语句附加到数据模型更改堆栈。 执行存储在数据模型更改堆栈中的更改语句导致正在对目标数据模型执行更改操作。 每个更改语句都与一个版本ID和时间戳相关联，该时间戳标识了更改的数据模型版本和时间实例的范围。

公开(公告)号：US20090063210A1

公开(公告)日：2009-03-05

申请号：US11846603

申请日：2007-08-29

申请人： Jinchao Hunag ,  John W. Sweitzer ,  Yi-Hsiu Wei ,  Larry K. Yusuf

发明人： Jinchao Hunag ,  John W. Sweitzer ,  Yi-Hsiu Wei ,  Larry K. Yusuf

IPC分类号： G06F17/50 ,  G06Q99/00

CPC分类号： G06Q10/00 ,  G06Q10/0633

摘要： A method for facilitating in assessing transitional costs in business transformations using a computer-aided organizational design system is provided. The method comprises creating a first organization design model representative of the current organizational design state of an organization using a graphical tool. The method further comprises changing the first organization design model into a second organization design model representative of the organizational design state of the organization after the business transformation. The method further comprises generating a report identifying the transition cost factors and the transition cost of moving from the first organization design model to the second organization design model, wherein the transition cost is determined based on predetermined calculation algorithms or heuristics.

摘要翻译： 提供了一种利用计算机辅助组织设计系统来方便评估业务转型过渡成本的方法。 该方法包括使用图形工具创建代表组织的当前组织设计状态的第一组织设计模型。 该方法还包括将业务转型后的第一组织设计模型改变为代表组织的组织设计状态的第二组织设计模型。 该方法还包括生成识别从第一组织设计模型到第二组织设计模型的转移成本因素和转移成本的报告，其中基于预定的计算算法或启发式确定转移成本。

公开(公告)号：US5682534A

公开(公告)日：1997-10-28

申请号：US526833

申请日：1995-09-12

申请人： Sandhya Kapoor ,  Kumar S. Varadan ,  Yi-Hsiu Wei

发明人： Sandhya Kapoor ,  Kumar S. Varadan ,  Yi-Hsiu Wei

IPC分类号： G06F13/00 ,  G06F9/46 ,  G06F9/54 ,  H04L29/06 ,  G06F13/14

CPC分类号： G06F9/547 ,  H04L29/06 ,  H04L67/40 ,  H04L67/42

摘要： A method for managing communication between a client process and a server process in a distributed computing environment, the client process residing on a host computer that is connected to a physical network having a transport layer and a network layer. The method begins when the client process makes a remote procedure call by detecting whether a server process identified by the remote procedure call is located on the host computer. If so, a binding handle vector is returned to the client process. The protocol sequence in the binding handle is mapped to a second protocol sequence that establishes an interprocess communication path between the client and server processes instead of a path through the transport and network layers of the physical network. The remote procedure call is then executed, preferably by using a send and receive messaging facility of the host computer operating system.

摘要翻译： 一种用于在分布式计算环境中管理客户端进程和服务器进程之间的通信的方法，所述客户端进程驻留在连接到具有传输层和网络层的物理网络的主计算机上。 当客户端进程通过检测由远程过程调用识别的服务器进程是否位于主机计算机上进行远程过程调用时，该方法开始。 如果是这样，绑定句柄向量返回给客户端进程。 绑定句柄中的协议序列被映射到第二协议序列，其建立客户端和服务器进程之间的进程间通信路径，而不是通过物理网络的传输层和网络层的路径。 然后，优选地通过使用主机操作系统的发送和接收消息传送设施来执行远程过程调用。

公开(公告)号：US20110153514A1

公开(公告)日：2011-06-23

申请号：US12642758

申请日：2009-12-18

申请人： Eric M. Chan ,  Jinchao Huang ,  John W. Sweitzer ,  Yi-Hsiu Wei

发明人： Eric M. Chan ,  Jinchao Huang ,  John W. Sweitzer ,  Yi-Hsiu Wei

IPC分类号： G06Q10/00

CPC分类号： G06Q10/10 ,  G06Q30/016

摘要： The disclosed techniques enable a customer or solution provider to generate customer-specific solution documentation according to an organizational design corresponding to a customer from generic, or “out-of-the-box,” documentation. A solution package includes an assumed, out-of-box organizational design, out-of-box solution documentation and solution materials. A customer or information technology (IT) integrator is provided a graphical user interface (GUI) to edit the out-of-box organizational design to conform to the customer's organizational design. A Documentation Generation and Delivery Tool (DGDT) analyzes both organizational and documentation designs. The DGDT generates and delivers customer-specific documentation based upon out-of-box documentation and customer-specific organizational design. The DGDT also provides a GUI for human interaction. The disclosed techniques may be employed to build dynamic documentation in areas such as, but not limited to, software product info centers, IT solutions, service methods and specific business processes.

摘要翻译： 所公开的技术使得客户或解决方案提供商能够根据来自通用或“开箱即用”的文档的客户对应的组织设计来生成客户特定的解决方案文档。 解决方案包包括假设的开箱即用的组织设计，现成的解决方案文档和解决方案资料。 客户或信息技术（IT）集成商提供图形用户界面（GUI）来编辑开箱即用的组织设计，以符合客户的组织设计。 文档生成和交付工具（DGDT）分析组织和文档设计。 DGDT根据开箱即用的文档和客户特定的组织设计生成并提供客户特定的文档。 DGDT还提供了一个用于人类交互的GUI。 所公开的技术可用于在诸如但不限于软件产品信息中心，IT解决方案，服务方法和特定业务流程的领域中构建动态文档。

公开(公告)号：US20090300077A1

公开(公告)日：2009-12-03

申请号：US12131399

申请日：2008-06-02

申请人： Shaw-Ben S. Shi ,  John W. Sweitzer ,  Yi-Hsiu Wei

发明人： Shaw-Ben S. Shi ,  John W. Sweitzer ,  Yi-Hsiu Wei

IPC分类号： G06F12/00 ,  G06F17/30

CPC分类号： G06Q10/10

摘要： A method, system and computer-usable medium are disclosed for managing the evolution of a data model through the application of change statements. Each change statement comprises a change operator operable to perform change operations on the elements of a target data model. The change statements are appended to a data model change stack. Execution of the change statements stored in the data model change stack results in change operations being performed on the target data model. Each change statement is associated with a version ID and a timestamp which identify the scope of the data model version and time instance of the change.

摘要翻译： 公开了一种方法，系统和计算机可用介质，用于通过应用变更语句来管理数据模型的演变。 每个改变语句包括可操作以对目标数据模型的元素执行改变操作的改变运算符。 更改语句附加到数据模型更改堆栈。 执行存储在数据模型更改堆栈中的更改语句导致正在对目标数据模型执行更改操作。 每个更改语句都与一个版本ID和时间戳相关联，该时间戳标识了更改的数据模型版本和时间实例的范围。

公开(公告)号：US06728788B1

公开(公告)日：2004-04-27

申请号：US09464842

申请日：1999-12-16

申请人： Spencer James Ainsworth ,  David Werner Bachmann ,  Jayakumar Nagarajarao ,  James Dean Wade ,  Yi-Hsiu Wei

发明人： Spencer James Ainsworth ,  David Werner Bachmann ,  Jayakumar Nagarajarao ,  James Dean Wade ,  Yi-Hsiu Wei

IPC分类号： G06F946

CPC分类号： G06F9/547 ,  G06F9/4486

摘要： A client process resides on a host computer within a distributed data processing system, and the client process requests a remote procedure call for a service procedure. A binding handle of a server process is obtained; a determination is made as to whether the binding handle of the server process points to the client process; and in response to a determination that the binding handle of the server process points to the client process, a positive indication is generated that the service procedure is provided by the client process. In response to a determination that the service procedure is provided by the client process, the service procedure is called using a local procedure call after obtaining a local address for the function within the client process by looking up the service procedure in an interface registry.

摘要翻译： 客户端进程驻留在分布式数据处理系统中的主机上，并且客户端进程请求远程过程调用以进行服务过程。 获取服务器进程的绑定句柄; 确定服务器进程的绑定句柄是否指向客户端进程; 并且响应于服务器进程的绑定句柄指向客户端进程的确定，生成服务过程由客户端进程提供的肯定指示。 响应于确定服务过程由客户端进程提供，在通过在接口注册表中查找服务过程来获取客户端进程中的功能的本地地址之后，使用本地过程调用来调用服务过程。