发明名称 |
Method for providing user access control within a distributed data processing system by the exchange of access control profiles. |
摘要 |
<p>A method is disclosed for providing user access control for a plurality of resource objects within a distributed data processing system having a plurality of resource managers. A reference monitor service is established and a plurality of access control profiles are stored therein. Thereafter, selected access control profiles are exchanged between the reference monitor service and a resource manager in response to an attempted access (82) of a particular resource object controlled by that resource manager. The resource manager may then control access to the resource object by utilizing the exchanged access control profile (86-98). In a preferred embodiment of the present invention, each access control profile may include access control information relating to a selected user; a selected resource object; a selected group of user; a selected set of resource objects; or, a predetermined set of resource objects and a selected group of users. <IMAGE></p> |
申请公布号 |
EP0442838(A2) |
申请公布日期 |
1991.08.21 |
申请号 |
EP19910480002 |
申请日期 |
1991.01.08 |
申请人 |
INTERNATIONAL BUSINESS MACHINES CORPORATION |
发明人 |
JANIS, FREDERICK L. |
分类号 |
G06F13/00;G06F15/16;G06F21/00 |
主分类号 |
G06F13/00 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|