METHOD AND APPARATUS TO SECURE DISTRIBUTED DIGITALMETHOD AND APPARATUS TO SECURE DISTRIBUTED DIGITAL DIRECTORY OBJECT CHANGES DIRECTORY OBJECT CHANGES

摘要

A method of providing authoritative access control to computer networks that employs a distributed network directory using a static means of resolving object attributes is disclosed. The method employs the existing directories and an authentication procedure for each server. A first object that is under the physical control of the administrator of one partition of the distributed network directory requests access to a second object that is under the physical control of the administrator of another partition of the distributed network directory. The directory verifies that the access control list of the first object includes the second object. The access control list of the second object is then checked to verify that it includes a reference to the first object as an object that is permitted access to the second object. As a result, access is only granted in response to requests from objects that appear in the access control list of the second object. A method of synchronizing the access control lists based upon an authoritative access control list is also disclosed.