利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

14 条记录 (耗时 0.025 秒)

    Method and apparatus to secure distributed digital directory object changes
    1.
    发明授权
    Method and apparatus to secure distributed digital directory object changes 失效
    保护分布式数字目录对象更改的方法和装置

    公开(公告)号:US5784560A

    公开(公告)日:1998-07-21

    申请号:US573034

    申请日:1995-12-15

    申请人: Kevin Kingdon Randal Earl Childers DeeAnne Higley Dale R. Olds

    发明人: Kevin Kingdon Randal Earl Childers DeeAnne Higley Dale R. Olds

    IPC分类号: G06F15/16 G06F1/00 G06F9/46 G06F12/00 G06F13/00 G06F21/00 G06F21/20 H04L12/28

    CPC分类号: G06F21/6218 G06F21/604 G06F2221/2113 G06F2221/2145

    摘要: A method and apparatus for providing access control to objects in a distributed network directory employing static resolution to resolve object attributes. A first object has a Security Equals attribute and a second object has an Equivalent To Me attribute. Upon receiving a request for the first object to access the second object, authorization of such access is verified by checking if the two attributes are synchronized. The attributes are synchronized when the Security Equals attribute of the first object includes the second object, and the Equivalent To Me attribute of the second object includes the first object. A method of synchronizing the two attributes is also disclosed.

    摘要翻译: 一种用于提供对使用静态分辨率解析对象属性的分布式网络目录中的对象的访问控制的方法和装置。 第一个对象具有Security Equals属性,第二个对象具有“等价对象”属性。 在接收到第一对象访问第二对象的请求时,通过检查两个属性是否同步来验证这种访问的授权。 当第一个对象的Security Equals属性包含第二个对象时,属性将同步,而第二个对象的Equivalent To Me属性包含第一个对象。 还公开了一种使两个属性同步的方法。

    Method and apparatus to secure digital directory object changes
    2.
    发明授权
    Method and apparatus to secure digital directory object changes 失效
    保护数字目录对象更改的方法和装置

    公开(公告)号:US5677851A

    公开(公告)日:1997-10-14

    申请号:US357467

    申请日:1994-12-15

    申请人: Kevin Kingdon Randal Earl Childers DeeAnne Higley Dale R. Olds

    发明人: Kevin Kingdon Randal Earl Childers DeeAnne Higley Dale R. Olds

    IPC分类号: G06F15/16 G06F1/00 G06F9/46 G06F12/00 G06F13/00 G06F21/00 G06F21/20 H04L9/00

    CPC分类号: G06F21/6218 G06F21/604 G06F2221/2113 G06F2221/2145

    摘要: A method of providing authoritative access control to computer networks that employs a distributed network directory using a static means of resolving object attributes is disclosed. The method employs the existing directories and an authentication procedure for each server. A first object that is under the physical control of the administrator of one partition of the distributed network directory requests access to a second object that is under the physical control of the administrator of another partition of the distributed network directory. The directory verifies that the access control list of the first object includes the second object. The access control list of the second object is then checked to verify that it includes a reference to the first object as an object that is permitted access to the second object. As a result, access is only granted in response to requests from objects that appear in the access control list of the second object. A method of synchronizing the access control lists based upon an authoritative access control list is also disclosed.

    摘要翻译: 公开了一种向计算机网络提供权威访问控制的方法,该计算机网络采用分布式网络目录使用静态解析对象属性。 该方法使用现有目录和每个服务器的身份验证过程。 在分布式网络目录的一个分区的管理员的物理控制下的第一个对象请求访问处于分布式网络目录的另一分区的管理员的物理控制下的第二对象。 目录验证第一个对象的访问控制列表包含第二个对象。 然后检查第二对象的访问控制列表以验证其包括对作为允许访问第二对象的对象的对第一对象的引用。 因此,只有在响应出现在第二个对象的访问控制列表中的对象的请求时才允许访问。 还公开了一种基于权威访问控制列表来同步访问控制列表的方法。

    Method and apparatus for moving subtrees in a distributed network directory
    5.
    发明授权
    Method and apparatus for moving subtrees in a distributed network directory 失效
    用于在分布式网络目录中移动子树的方法和装置

    公开(公告)号:US5608903A

    公开(公告)日:1997-03-04

    申请号:US357466

    申请日:1994-12-15

    申请人: Ranjan Prasad Dale R. Olds

    发明人: Ranjan Prasad Dale R. Olds

    IPC分类号: G06F12/00 G06F13/00 G06F17/30

    CPC分类号: G06F17/30589 H04L41/22 H04L61/1517 Y10S707/955 Y10S707/956 Y10S707/966 Y10S707/972 Y10S707/99932 Y10S707/99933 Y10S707/99952

    摘要: A method of moving leaf objects and subtrees in computer networks that employ a distributed network directory is disclosed. The method employs the existing directories and an authentication procedure for each server. A first object that is under the physical control of the administrator of one partition of the distributed network directory requests access to a second object that is under the physical control of the administrator of another partition of the distributed network directory. The directory verifies that the access control list of the first object includes the second object. The access control list of the second object is then checked to verify that it includes a reference to the first object as an object that is permitted access to the second object. As a result, access is only granted in response to requests from objects that appear in the access control list of the second object. a method of synchronizing the access control lists based upon an authoritative access control list is also disclosed.

    摘要翻译: 公开了一种在采用分布式网络目录的计算机网络中移动叶子对象和子树的方法。 该方法使用现有目录和每个服务器的身份验证过程。 在分布式网络目录的一个分区的管理员的物理控制下的第一个对象请求访问处于分布式网络目录的另一分区的管理员的物理控制下的第二对象。 目录验证第一个对象的访问控制列表包含第二个对象。 然后检查第二对象的访问控制列表以验证其包括对作为允许访问第二对象的对象的对第一对象的引用。 因此,只有在响应出现在第二个对象的访问控制列表中的对象的请求时才允许访问。 还公开了一种基于权威访问控制列表同步访问控制列表的方法。

    CLAIM CATEGORY HANDLING
    7.
    发明申请
    CLAIM CATEGORY HANDLING 审中-公开
    索赔类别处理

    公开(公告)号:US20090249430A1

    公开(公告)日:2009-10-01

    申请号:US12054774

    申请日:2008-03-25

    申请人: Duane F. Buss Andrew A. Hodgkinson Dale R. Olds Daniel S. Sanders

    发明人: Duane F. Buss Andrew A. Hodgkinson Dale R. Olds Daniel S. Sanders

    IPC分类号: G06F21/00

    CPC分类号: G06F21/6218 G06F2221/2115

    摘要: A relying party can have a security policy. The security policy can include claims that are categorized other than “required” and “optional”. The user can specify, in a user policy, whether or not to include in a request for a security token from an identity provider claims that are not “required”.

    摘要翻译: 依赖方可以拥有安全策略。 安全策略可以包括除“必需”和“可选”之外的分类的声明。 用户可以在用户策略中指定是否在不是“必需”的身份提供者声明的请求中包括安全令牌。

    Controlling access to objects in a hierarchical database
    9.
    发明授权
    Controlling access to objects in a hierarchical database 失效
    控制对分层数据库中对象的访问

    公开(公告)号:US5878415A

    公开(公告)日:1999-03-02

    申请号:US821087

    申请日:1997-03-20

    申请人: Dale R. Olds

    发明人: Dale R. Olds

    IPC分类号: G06F1/00 G06F12/14 G06F21/00 G06F17/30

    CPC分类号: G06F21/6218 G06F12/1491 G06F2221/2145 Y10S707/99939

    摘要: Methods and systems are provided for controlling access to objects in a hierarchical database. The database may include a directory services repository, and/or synchronized partitions. An access constraint propagator reads an access control property of an ancestor of a target object. The access control property designates an inheritable access constraint such as an object class filter or an "inheritable" flag. The object class filter restricts a grant of rights to objects of an identified class. The "inheritable" flag allows inheritance of an access constraint on a specific object property. The propagator enforces the inheritable access constraint by applying it to at least the target object.

    摘要翻译: 提供了用于控制对分层数据库中的对象的访问的方法和系统。 数据库可以包括目录服务存储库和/或同步分区。 访问约束传播器读取目标对象的祖先的访问控制属性。 访问控制属性指定可继承的访问约束,例如对象类过滤器或“可继承”标志。 对象类过滤器限制对已识别类的对象的授权。 “可继承”标志允许对特定对象属性继承访问约束。 传播者通过将其应用到至少目标对象来强制执行可继承的访问约束。