Self-service credential management
    1.
    发明授权
    Self-service credential management 有权
    自助凭证管理

    公开(公告)号:US08474022B2

    公开(公告)日:2013-06-25

    申请号:US11763880

    申请日:2007-06-15

    IPC分类号: G06F21/00

    摘要: A self-service system and method for credential reset permits an administrator to customize policies for credential reset based on any user or group of users. Administrators may choose to set a more stringent policy for credential reset for users or groups that have higher-level permissions to access sensitive information within the resource protected by the credential. Customizable, plug-in gates are provided to permit administrators fine grained control over reset policy definition. When the user initiates a credential reset, the reset policy applicable to that user is invoked, and the user is presented with gates to pass pursuant to the applicable reset policy. The user's responses are compared to responses presented by the user at registration. If the responses meet the reset policy's threshold for accuracy, the user is permitted to reset the credential.

    摘要翻译: 用于凭证复位的自助服务系统和方法允许管理员基于任何用户或用户组自定义用于凭证复位的策略。 管理员可以选择为具有较高级别权限的用户或组访问凭据所保护资源内的敏感信息的凭据重置设置更严格的策略。 提供可定制的插件门,以允许管理员对重置策略定义进行细粒度控制。 当用户启动凭证复位时,调用适用于该用户的复位策略,并且根据适用的重置策略向用户呈现通过的门。 将用户的响应与用户在注册时呈现的响应进行比较。 如果响应满足重置策略的准确性阈值,则允许用户重置凭据。

    SELF-SERVICE CREDENTIAL MANAGEMENT
    2.
    发明申请
    SELF-SERVICE CREDENTIAL MANAGEMENT 有权
    自助服务认证管理

    公开(公告)号:US20080313731A1

    公开(公告)日:2008-12-18

    申请号:US11763880

    申请日:2007-06-15

    IPC分类号: G06F7/04

    摘要: A self-service system and method for credential reset permits an administrator to customize policies for credential reset based on any user or group of users. Administrators may choose to set a more stringent policy for credential reset for users or groups that have higher-level permissions to access sensitive information within the resource protected by the credential. Customizable, plug-in gates are provided to permit administrators fine grained control over reset policy definition. When the user initiates a credential reset, the reset policy applicable to that user is invoked, and the user is presented with gates to pass pursuant to the applicable reset policy. The user's responses are compared to responses presented by the user at registration. If the responses meet the reset policy's threshold for accuracy, the user is permitted to reset the credential.

    摘要翻译: 用于凭证复位的自助服务系统和方法允许管理员基于任何用户或用户组来自定义用于凭证复位的策略。 管理员可以选择为具有较高级别权限的用户或组访问凭据所保护资源内的敏感信息的凭据重置设置更严格的策略。 提供可定制的插件门,以允许管理员对重置策略定义进行细粒度控制。 当用户启动凭证复位时,调用适用于该用户的复位策略,并且根据适用的重置策略向用户呈现通过的门。 将用户的响应与用户在注册时呈现的响应进行比较。 如果响应满足重置策略的准确性阈值,则允许用户重置凭据。

    EXTENSIBLE AUTHENTICATION MANAGEMENT
    3.
    发明申请
    EXTENSIBLE AUTHENTICATION MANAGEMENT 审中-公开
    可扩展认证管理

    公开(公告)号:US20080313730A1

    公开(公告)日:2008-12-18

    申请号:US11763657

    申请日:2007-06-15

    IPC分类号: G06F21/20

    摘要: A system and method for controlling access to a resource permits an administrator to make changes to access policies at a server level without having to update client code unless and until such updated code is actually needed by a client. Customizable, plug-in gates are provided to permit administrators fine grained control over access policy definition. The most updated versions of corresponding gate clients used to display the gates are identified to client systems when an access request is made. The updated gate clients are downloaded if and when requested by a client system that has not already stored the updated gate clients locally. The user's responses to gate challenges are compared to responses presented by the user at registration. If the responses meet the access policy's threshold for accuracy, the user is permitted to access the resource.

    摘要翻译: 用于控制对资源的访问的系统和方法允许管理员在服务器级别对访问策略进行更改,而不必更新客户端代码,除非客户端实际需要这样更新的代码。 提供可定制的插件门,以便管理员对访问策略定义进行细粒度的控制。 当进行访问请求时,用于显示门的相应门客户端的最新版本被识别给客户端系统。 如果客户端系统尚未在本地存储更新的门户客户端的客户端系统请求,则更新的门户客户端将被下载。 用户对门挑战的回应与用户在注册时提出的响应进行比较。 如果响应符合访问策略的准确性阈值,则允许用户访问资源。

    Codeless provisioning
    4.
    发明授权
    Codeless provisioning 有权
    无代码配置

    公开(公告)号:US08407331B2

    公开(公告)日:2013-03-26

    申请号:US12120138

    申请日:2008-05-13

    IPC分类号: G06F15/173

    CPC分类号: G06F9/468

    摘要: Managing resources. A resource manager includes programmatic code for managing resources in the computing environment. Resources available from resource systems within the computing environment are managed. Methods may include receiving user input indicating one or more of that a new entity should be added to the resource manager, that an entity represented by an entity object of the resource manager should have permissions removed at the resource manager, or that an entity represented by an entity object of the resource manager should have permissions added at the resource manager. In response to receiving user input, events may be generated and objects created or removed from the resource manager for from downstream resource systems. The events may specify workflows that should be executed to perform synchronization between objects at the resource manager and objects at a downstream resource system by adding or changing rules in an expected rules list.

    摘要翻译: 管理资源 资源管理器包括用于管理计算环境中的资源的编程代码。 可以从计算环境中的资源系统获得资源。 方法可以包括接收指示新实体应该被添加到资源管理器中的一个或多个的用户输入,由资源管理器的实体对象表示的实体应该具有在资源管理器处移除的权限,或者由 资源管理器的实体对象应具有在资源管理器中添加的权限。 响应于接收到的用户输入,可以从下游资源系统生成事件和从资源管理器创建或移除的对象。 事件可以指定应该执行的工作流,以通过在预期规则列表中添加或更改规则来执行资源管理器上的对象与下游资源系统中的对象之间的同步。

    Request processing with mapping and repeatable processes
    5.
    发明授权
    Request processing with mapping and repeatable processes 有权
    请求处理与映射和可重复的进程

    公开(公告)号:US08326911B2

    公开(公告)日:2012-12-04

    申请号:US11771640

    申请日:2007-06-29

    IPC分类号: G06F15/16 G06F9/44 G06F9/46

    CPC分类号: G06F9/5038

    摘要: The embodiments described herein generally relate to a method and system of injecting repeatable processes, or workflows, into the processing of data-oriented or procedural requests in an entity management system. A request in such a system is subject to authentication, authorization, and action phases of processing, and workflows may be associated with each phase for automatic processing upon the triggering of a certain request under particular circumstances. A declarative mapping associates workflows with the request type, phase, requester, and target. The mapping may be created at the system administrator level, or by any person with the necessary capabilities, through the application of the processing concept in API or UI and may be consulted and invoked upon receipt of a request matching the mapping's criteria. Mappings may also be created and retrieved to manage state changes resulting from processing in other phases of the request processing model.

    摘要翻译: 本文描述的实施例通常涉及将可重复进程或工作流注入到实体管理系统中面向数据或程序请求的处理中的方法和系统。 在这样的系统中的请求需要经过处理的认证,授权和操作阶段,并且工作流可以与每个阶段相关联,以便在特定情况下触发特定请求时进行自动处理。 声明性映射将工作流与请求类型,阶段,请求者和目标相关联。 映射可以通过在API或UI中应用处理概念在系统管理员级别或任何具有必要功能的人员创建,并且可以在接收到符合映射标准的请求时被查询和调用。 还可以创建和检索映射以管理由请求处理模型的其他阶段中的处理导致的状态改变。

    CODELESS PROVISIONING SYNC RULES
    6.
    发明申请
    CODELESS PROVISIONING SYNC RULES 审中-公开
    无条件规定同步规则

    公开(公告)号:US20090222833A1

    公开(公告)日:2009-09-03

    申请号:US12120136

    申请日:2008-05-13

    IPC分类号: G06F9/46

    CPC分类号: G06F9/468

    摘要: Managing resources. A computing environment may include a resource manager. The resource manager includes programmatic code for managing resources. Expected rule entries are added to an expected rules list. Each of the expected rule entries includes: an indicator used to identify a synchronization rule, a definition of flow type, a specification of an object type in the resource manager to which the synchronization rule applies, a specification of a downstream resource system, a specification of an object type in the downstream resource system to which the synchronization rule applies, a specification of relationship criteria including one or more conditions for linking objects in the resource manager and the downstream resource system, and a specification of attribute flow information. Objects in downstream resource systems can be synchronized with objects in the resource manager based on the expected rule entries in the expected rules list.

    摘要翻译: 管理资源 计算环境可以包括资源管理器。 资源管理器包括用于管理资源的程序代码。 预期的规则条目将添加到预期的规则列表中。 每个期望的规则条目包括:用于标识同步规则的指示符,流类型的定义,同步规则应用到的资源管理器中的对象类型的规范,下游资源系统的规范,规范 在同步规则所适用的下游资源系统中的对象类型的规定,包括用于链接资源管理器和下游资源系统中的对象的一个​​或多个条件的关系准则的规范以及属性流信息的规范。 下游资源系统中的对象可以基于预期规则列表中的预期规则条目与资源管理器中的对象进行同步。

    CODELESS PROVISIONING
    7.
    发明申请
    CODELESS PROVISIONING 有权
    无条件提供

    公开(公告)号:US20090222834A1

    公开(公告)日:2009-09-03

    申请号:US12120138

    申请日:2008-05-13

    IPC分类号: G06F9/46

    CPC分类号: G06F9/468

    摘要: Managing resources. A resource manager includes programmatic code for managing resources in the computing environment. Resources available from resource systems within the computing environment are managed. Methods may include receiving user input indicating one or more of that a new entity should be added to the resource manager, that an entity represented by an entity object of the resource manager should have permissions removed at the resource manager, or that an entity represented by an entity object of the resource manager should have permissions added at the resource manager. In response to receiving user input, events may be generated and objects created or removed from the resource manager for from downstream resource systems. The events may specify workflows that should be executed to perform synchronization between objects at the resource manager and objects at a downstream resource system by adding or changing rules in an expected rules list.

    摘要翻译: 管理资源 资源管理器包括用于管理计算环境中的资源的编程代码。 可以从计算环境中的资源系统获得资源。 方法可以包括接收指示新实体应该被添加到资源管理器中的一个或多个的用户输入,由资源管理器的实体对象表示的实体应该具有在资源管理器处移除的权限,或者由 资源管理器的实体对象应具有在资源管理器中添加的权限。 响应于接收到的用户输入,可以从下游资源系统生成事件和从资源管理器创建或移除的对象。 事件可以指定应该执行的工作流,以通过在预期规则列表中添加或更改规则来执行资源管理器上的对象与下游资源系统中的对象之间的同步。

    Request Processing with Mapping and Repeatable Processes
    8.
    发明申请
    Request Processing with Mapping and Repeatable Processes 有权
    使用映射和可重复进程的请求处理

    公开(公告)号:US20080189705A1

    公开(公告)日:2008-08-07

    申请号:US11771640

    申请日:2007-06-29

    IPC分类号: G06F9/46

    CPC分类号: G06F9/5038

    摘要: The embodiments described herein generally relate to a method and system of injecting repeatable processes, or workflows, into the processing of data-oriented or procedural requests in an entity management system. A request in such a system is subject to authentication, authorization, and action phases of processing, and workflows may be associated with each phase for automatic processing upon the triggering of a certain request under particular circumstances. A declarative mapping associates workflows with the request type, phase, requester, and target. The mapping may be created at the system administrator level, or by any person with the necessary capabilities, through the application of the processing concept in API or UI and may be consulted and invoked upon receipt of a request matching the mapping's criteria. Mappings may also be created and retrieved to manage state changes resulting from processing in other phases of the request processing model.

    摘要翻译: 本文描述的实施例通常涉及将可重复进程或工作流注入到实体管理系统中面向数据或程序请求的处理中的方法和系统。 在这样的系统中的请求需要经过处理的认证,授权和操作阶段,并且工作流可以与每个阶段相关联,以便在特定情况下触发特定请求时进行自动处理。 声明性映射将工作流与请求类型,阶段,请求者和目标相关联。 映射可以通过在API或UI中应用处理概念在系统管理员级别或任何具有必要功能的人员创建,并且可以在接收到符合映射标准的请求时被查询和调用。 还可以创建和检索映射以管理由请求处理模型的其他阶段中的处理导致的状态改变。