| 发明名称 | Unified access control system and method for composed services in a distributed environment | ||
| 摘要 | A system, a computer device implemented method, and a computer readable article of manufacture for executing a computer implemented method for a unified access control for a plurality of composed services in a distributed computing environment without requiring repeated input of security certification. The method includes the steps of: acquiring a first role of a user in a first composed service; sending an invoking request by a processing unit of the first composed service to a second composed service; receiving the first role of the user in the first composed service and predefined role-role mapping relationships, and determining a second role of the user in the second composed service by a role determining component; and then sending the determined role in the second composed service by a role sending component to the second composed service, thereby providing unified access without requiring repeated input of security certification. | ||
| 申请公布号 | US8769653(B2) | 申请公布日期 | 2014.07.01 |
| 申请号 | US200912431909 | 申请日期 | 2009.04.29 |
| 申请人 | International Business Machines Corporation | 发明人 | Cao Bao Hua;Wang Jian;Wang Li;Zhu Jun |
| 分类号 | G06F7/04 | 主分类号 | G06F7/04 |
| 代理机构 | Fleit Gibbons Gutman Bongini & Bianco PL | 代理人 | Grzesik Thomas;Fleit Gibbons Gutman Bongini & Bianco PL |
| 主权项 | 1. A method of providing a unified access control for a plurality of composed services in a distributed computing environment, the method comprising: acquiring a first role of a user in a first composed service; sending an invoking request by a processing unit of the first composed service to a second composed service; receiving the first role of the user in the first composed service and predefined role-role mapping relationships based on the invoking request; determining a second role of the user in the second composed service according to the first role of the user in the first composed service and the predefined role-role mapping relationships, wherein the second role is further determined based on determining that is plurality of the predefined role-role mapping relationships are associated with the first role, wherein each of the plurality of the predefined role-role mapping relationships maps the first role of the user in the first composed service to at least two different roles of the user in the second composed service:selecting one of the plurality of the predefined role-role mapping relationships based on a current temporal condition satisfying a temporal constraint associated with the one of the plurality of the predefined role-role mapping relationships, anda priority ranking associated with the one of the plurality of the predefined role-role mapping relationships being higher than a priority ranking associated with a remaining set of the plurality of the predefined role-role mapping relationships;determining the second role from the one of the plurality of the predefined role-role mapping relationships that has been selected; and sending the determined second role in the second composed service to the second composed service. | ||
| 地址 | Armonk NY US | ||