| 发明名称 |
Dynamically Constructed Capability for Enforcing Object Access Order |
| 摘要 |
Proposed is a Capability Management System (CMS) in a distributed computing environment that controls access to multiple objects by multiple subjects based upon a specified access order. A capability is dynamically constructed when the capability is needed. After the capability is used to access an object, a new capability is generated. In the alternative, multiple capabilities for enforcing an access order are generated independently of each other. The new capability is then employed by the same or another subject to access the object according to a prescribed access sequence. In this manner, at any particular time there is one capability valid to access the object by the appropriate subject. In addition, the capability includes information for verifying the authenticity of the capability and for specifying an expiration time associated with the capability. The technology may also be enhanced by providing a linkage between capabilities intended for use in a sequence. |
| 申请公布号 |
US2014223508(A1) |
申请公布日期 |
2014.08.07 |
| 申请号 |
US201414247432 |
申请日期 |
2014.04.08 |
| 申请人 |
International Business Machines Corporation |
发明人 |
Kao I-Lung |
| 分类号 |
G06F21/62 |
主分类号 |
G06F21/62 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for controlling an order of access to a computing resource, comprising:
generating a first capability database object; storing in the first capability database object a set of attributes for enforcing an access policy corresponding to a computing object, wherein the set of attributes store information specifying a party authorized to access the computing object and information specifying a first authorized action with respect to the computing object by the first authorized party; generating a second capability database object with a corresponding set of attributes for enforcing the access control policy, wherein the corresponding set of attributes store information specifying a second party authorized to access the computing object and information specifying a second authorized action with respect to the computing object by the second authorized party; and enabling access to the computing object by the second party in response to the first party completing the first authorized action. |
| 地址 |
Armonk NY US |
