公开(公告)号：DE112012002741T5

公开(公告)日：2014-03-13

申请号：DE112012002741

申请日：2012-06-26

Applicant: IBM

Inventor： CHANG DAVID YU ,  CHANG JOHN YOW-CHUN ,  BENANTAR MESSAOUD ,  VENKATARAMAPPA VISHWANATH

IPC: H04L9/32 ,  H04L12/24

Abstract: Ein Plug-In-Modell zur Identitäts- und Berechtigungsprüfung für eine Cloud-Datenverarbeitungsumgebung ermöglicht Cloud-Kunden, die Kontrolle über ihre Unternehmensdaten zu behalten, wenn ihre Anwendungen in der Cloud bereitgestellt werden. Der Cloud-Dienstanbieter stellt eine einbindbare Schnittstelle für Kundensicherheitsmodule bereit. Wenn ein Kunde eine Anwendung bereitstellt, ordnet der Cloud-Umgebungsadministrator der Anwendung und den Daten des Kunden eine Ressourcengruppe zu (z. B. Prozessoren, Speicher und Arbeitsspeicher). Der Kunde registriert sein eigenes Sicherheitsmodul zur Identitäts- und Berechtigungsprüfung bei dem Cloud-Sicherheitsdienst, und anhand dieses Sicherheitsmoduls wird dann kontrolliert, welche Personen oder Einheiten auf Daten zugreifen können, die der bereitgestellten Anwendung zugehörig sind. Der Cloud-Umgebungsadministrator ist jedoch typischerweise nicht (als zugelassener Benutzer) bei dem Sicherheitsmodul des Kunden registriert; somit ist der Cloud-Umgebungsadministrator nicht in der Lage, auf die dem Cloud-Kunden zugewiesenen Ressourcen (obwohl er diese Ressourcen selbst zugewiesen hat) oder die zugehörigen Geschäftsdaten zuzugreifen (bzw. sie für andere oder für den allgemeinen Ressourcen-Pool der Cloud freizugeben). Um die Rechte der verschiedenen Parteien des Weiteren auszutarieren, schützt ein Drittanbieter-Notardienst die Vertraulichkeit und das Zugriffsrecht des Kunden, wenn seine Anwendung und seine Daten in der Cloud bereitgestellt werden.

公开(公告)号：GB2506564B

公开(公告)日：2015-09-23

申请号：GB201401348

申请日：2012-06-26

Applicant: IBM

Inventor： CHANG DAVID YU ,  BENANTAR MESSAOUD ,  CHANG JOHN YOW-CHUN ,  VENKATARAMAPPA VISHWANATH

IPC: H04L9/32 ,  G06F21/62 ,  G06F21/78 ,  H04L12/24

Abstract: An authentication and authorization plug-in model for a cloud computing environment enables cloud customers to retain control over their enterprise information when their applications are deployed in the cloud. The cloud service provider provides a pluggable interface for customer security modules. When a customer deploys an application, the cloud environment administrator allocates a resource group for the customer's application and data. The customer registers its own authentication and authorization security module with the cloud security service, and that security module is then used to control what persons or entities can access information associated with the deployed application. To further balance the rights of the various parties, a third party notary service protects the privacy and the access right of the customer when its application and information are deployed in the cloud.

公开(公告)号：DE69429977T2

公开(公告)日：2002-10-02

申请号：DE69429977

申请日：1994-12-09

Applicant: IBM

Inventor： CHANG DAVID YU ,  LI SHIH-GONG

IPC: G06F3/048 ,  G06F3/033 ,  G06F3/14 ,  G06F9/44 ,  G06F11/32

Abstract: A system and method is described for presenting dynamic data on a display device. The dynamic data is displayed in a notebook as a plurality of groups, each group assigned to a page in the notebook. The dynamic data is monitored to detect a change in state of the dynamic data. In response to a detected change, a determination is made as to whether the dynamic data should be regrouped in response to the change in state. If the data is regrouped, the notebook is then displayed according to the regrouped dynamic data. Each page in the notebook preferably has a tab which is displayed according to the state of the group assigned to that page. In response to the detected change of the dynamic data, the display of the tab may also be changed. Typically, the top page in the notebook has a window displayed within. A child window can be created by copying the window to a location on the display device outside the notebook. When the notebook is closed in response to a user command, the child window is automatically closed in response to closing the notebook.

公开(公告)号：GB2506564A

公开(公告)日：2014-04-02

申请号：GB201401348

申请日：2012-06-26

Applicant: IBM

Inventor： CHANG DAVID YU ,  BENANTAR MESSAOUD ,  CHANG JOHN YOW-CHUN ,  VENKATARAMAPPA VISHWANATH

IPC: H04L9/32 ,  G06F21/62 ,  G06F21/78 ,  H04L12/24

Abstract: An authentication and authorization plug-in model for a cloud computing environment enables cloud customers to retain control over their enterprise information when their applications are deployed in the cloud. The cloud service provider provides a pluggable interface for customer security modules. When a customer deploys an application, the cloud environment administrator allocates a resource group (e.g., processors, storage, and memory) for the customer's application and data. The customer registers its own authentication and authorization security module with the cloud security service, and that security module is then used to control what persons or entities can access information associated with the deployed application. The cloud environment administrator, however, typically is not registered (as a permitted user) within the customer's security module; thus, the cloud environment administrator is not able to access (or release to others, or to the cloud's general resource pool) the resources assigned to the cloud customer (even though the administrator itself assigned those resources) or the associated business information. To further balance the rights of the various parties, a third party notary service protects the privacy and the access right of the customer when its application and information are deployed in the cloud.

公开(公告)号：DE69409445D1

公开(公告)日：1998-05-14

申请号：DE69409445

申请日：1994-07-15

Applicant: IBM

Inventor： CHANG DAVID YU

IPC: G06F11/30 ,  G06F11/32 ,  G06F13/00

Abstract: A system and method for determining and displaying the status of client application programs executing on a multiprocessing server. Server process control blocks (5) and synchronization object descriptors (10) are created in the shared memory (11) of the server (3). Application program interfaces APIs (8) are linked to the control blocks and descriptors during the execution of the various multiprocessing application programs (7). A status utility (13) related to the service process monitor (12) selectively accesses information from the control blocks (5) and descriptors (10) to determine the status of the individual multiple processes executing on the server workstation (3). In a preferred form, the status information is conveyed to and displayed on a video display (4) associated with the service process monitor. In contrast to operating system monitors which disclose the status of all processes as a whole, the present server process monitor particularizes the information to the specific client process. Thereby, the information is of a granularity to identify processes which are hung up on semaphores, message queues, or the like. The information is at the level used by a system administrator or software developer.

公开(公告)号：AU2004223222A1

公开(公告)日：2004-10-07

申请号：AU2004223222

申请日：2004-03-10

Applicant: IBM

Inventor： CHANG DAVID YU ,  CHAO CHING-YUN

IPC: G06F21/00 ,  H04L29/06 ,  G06F1/00

Abstract: An approach to handling integrated security roles is presented. An upstream application includes one or more role-mapping requirements that correspond to an upstream security role and a downstream security role. The upstream security role is expanded by adding an upstream security role identifier in a downstream application's role-mapping table or by adding upstream user-to-role mappings to a downstream application's role-mapping table. When an upstream security role is expanded, a user assigned to the upstream security role automatically has access to role-mapped downstream applications.

公开(公告)号：IN190247B

公开(公告)日：2003-07-05

申请号：IN1532DE1994

申请日：1994-11-28

Applicant: IBM

Inventor： LI SHIH-GONG ,  CHANG DAVID YU

IPC: G01R13/00

公开(公告)号：DE69429977D1

公开(公告)日：2002-04-04

申请号：DE69429977

申请日：1994-12-09

Applicant: IBM

Inventor： CHANG DAVID YU ,  LI SHIH-GONG

IPC: G06F3/048 ,  G06F3/033 ,  G06F3/14 ,  G06F9/44 ,  G06F11/32

Abstract: A system and method is described for presenting dynamic data on a display device. The dynamic data is displayed in a notebook as a plurality of groups, each group assigned to a page in the notebook. The dynamic data is monitored to detect a change in state of the dynamic data. In response to a detected change, a determination is made as to whether the dynamic data should be regrouped in response to the change in state. If the data is regrouped, the notebook is then displayed according to the regrouped dynamic data. Each page in the notebook preferably has a tab which is displayed according to the state of the group assigned to that page. In response to the detected change of the dynamic data, the display of the tab may also be changed. Typically, the top page in the notebook has a window displayed within. A child window can be created by copying the window to a location on the display device outside the notebook. When the notebook is closed in response to a user command, the child window is automatically closed in response to closing the notebook.