发明名称 |
Unified access control system and method for composed services in a distributed environment |
摘要 |
A system, a computer device implemented method, and a computer readable article of manufacture for executing a computer implemented method for a unified access control for a plurality of composed services in a distributed computing environment without requiring repeated input of security certification. The method includes the steps of: acquiring a first role of a user in a first composed service; sending an invoking request by a processing unit of the first composed service to a second composed service; receiving the first role of the user in the first composed service and predefined role-role mapping relationships, and determining a second role of the user in the second composed service by a role determining component; and then sending the determined role in the second composed service by a role sending component to the second composed service, thereby providing unified access without requiring repeated input of security certification. |
申请公布号 |
US8769653(B2) |
申请公布日期 |
2014.07.01 |
申请号 |
US200912431909 |
申请日期 |
2009.04.29 |
申请人 |
International Business Machines Corporation |
发明人 |
Cao Bao Hua;Wang Jian;Wang Li;Zhu Jun |
分类号 |
G06F7/04 |
主分类号 |
G06F7/04 |
代理机构 |
Fleit Gibbons Gutman Bongini & Bianco PL |
代理人 |
Grzesik Thomas;Fleit Gibbons Gutman Bongini & Bianco PL |
主权项 |
1. A method of providing a unified access control for a plurality of composed services in a distributed computing environment, the method comprising:
acquiring a first role of a user in a first composed service; sending an invoking request by a processing unit of the first composed service to a second composed service; receiving the first role of the user in the first composed service and predefined role-role mapping relationships based on the invoking request; determining a second role of the user in the second composed service according to the first role of the user in the first composed service and the predefined role-role mapping relationships, wherein the second role is further determined based on
determining that is plurality of the predefined role-role mapping relationships are associated with the first role, wherein each of the plurality of the predefined role-role mapping relationships maps the first role of the user in the first composed service to at least two different roles of the user in the second composed service:selecting one of the plurality of the predefined role-role mapping relationships based on
a current temporal condition satisfying a temporal constraint associated with the one of the plurality of the predefined role-role mapping relationships, anda priority ranking associated with the one of the plurality of the predefined role-role mapping relationships being higher than a priority ranking associated with a remaining set of the plurality of the predefined role-role mapping relationships;determining the second role from the one of the plurality of the predefined role-role mapping relationships that has been selected; and sending the determined second role in the second composed service to the second composed service. |
地址 |
Armonk NY US |