公开(公告)号：WO2005015387A3

公开(公告)日：2005-06-16

申请号：PCT/EP2004051434

申请日：2004-07-09

Applicant: IBM ,  IBM UK ,  ASHLEY PAUL ANTHONY ,  MUPPIDI SRIDHAR ,  VANDENWAUVER MARK

Inventor： ASHLEY PAUL ANTHONY ,  MUPPIDI SRIDHAR ,  VANDENWAUVER MARK

IPC: G06F9/40 ,  G06F9/44 ,  G06F9/46 ,  G06F11/30 ,  H04L9/00 ,  H04L29/06

CPC classification number: H04L63/0227 ,  H04L63/0263 ,  H04L63/0281 ,  H04L63/08 ,  H04L63/083 ,  H04L63/101 ,  H04L63/166

Abstract: A method, system, and computer program product is presented for restricting access to a set of resources in a distributed data processing system. A server determines a set of authorized resources for which a user is authorized to access; the set of authorized resources is a subset of the set of resources that are operational within the distributed data processing system. An evaluation is made about the availability of the set of authorized resources based upon state information about the set of authorized resources. A list of a set of entitled resources for the user is then generated; the set of entitled resources is a subset of the set of authorized resources. An indication of the set of entitled resources may be sent to the user, after which the system would respond to requests for the user to access the set of entitled resources.

Abstract translation: 介绍了用于限制对分布式数据处理系统中的一组资源的访问的方法，系统和计算机程序产品。 服务器确定用户被授权访问的一组授权资源; 该组授权资源是在分布式数据处理系统内操作的该组资源的子集。 基于关于授权资源集合的状态信息评估授权资源集合的可用性。 然后生成用户的一组有权资源的列表; 该组有权限的资源是该组授权资源的子集。 可以向用户发送对该组有权资源的指示，之后系统将响应用户访问该组有权资源的请求。

公开(公告)号：CA2528486C

公开(公告)日：2012-07-24

申请号：CA2528486

申请日：2004-07-09

Applicant: IBM

Inventor： ASHLEY PAUL ANTHONY ,  MUPPIDI SRIDHAR ,  VANDENWAUVER MARK

IPC: H04L29/06 ,  G06F21/00 ,  H04L9/00

Abstract: A method is presented for performing authentication operations. When a client requests a resource from a server, a non-certificate~based authentication operation is performed through an SSL (Secure Sockets Layer) session between the server and the client, When the client requests another resource, the server determines to step up to a more restrictive level of authentication, and a certificate-based authentication operation is performed through the SSL session without exiting or renegotiating the SSL session prior to completion of the certificate-based authentication operation. During the certificate-based authentication procedure, an executable module is downloaded to the client from the server through the SSL session, after which the server receives through the SSL session a digital signature that has been generated by the executable module using a digital certificate at the client. In response to successfully verifying the digital signature at the server, the server provides access to a requested resource.

公开(公告)号：CA2633313A1

公开(公告)日：2007-06-21

申请号：CA2633313

申请日：2006-12-13

Applicant: IBM

Inventor： HINTON HEATHER MARIA ,  MILMAN IVAN MATTHEW ,  HARMON BENJAMIN BREWER ,  VANDENWAUVER MARK ,  MORAN ANTHONY SCOTT

IPC: H04L29/08 ,  G06F17/30

Abstract: A method for externalizing message handling within a data processing system is presented. A request (412) to access a resource (406) is received at a first server (404) from a client (402). In response to determining at the first server that processing of the request requires a message to be sent to the client, a redirect message (416) is generated that contains an operation code that corresponds to message handling functionality at a second server (418) for the message to be sent to the client. A configurable macro is evaluated to determine an evaluated macro, and the evaluated macro is inserted into the redirect message. The redirect message is then sent from the first server to the second server via the client. The second server extracts the operation code from the redirect message and invokes the message handling functionality that corresponds to the extracted operation code. The second server extracts the evaluated macro from the redirect message and employs the evaluated macro at the second server as an input parameter for the message handling functionality.

公开(公告)号：DE602004023728D1

公开(公告)日：2009-12-03

申请号：DE602004023728

申请日：2004-07-09

Applicant: IBM

Inventor： ASHLEY PAUL ANTHONY ,  MUPPIDI SRIDHAR ,  VANDENWAUVER MARK

IPC: H04L29/06 ,  G06F21/00 ,  H04L9/00

Abstract: A method is presented for performing authentication operations. When a client requests a resource from a server, a non-certificate-based authentication operation is performed through an SSL (Secure Sockets Layer) session between the server and the client. When the client requests another resource, the server determines to step up to a more restrictive level of authentication, and a certificate-based authentication operation is performed through the SSL session without exiting or renegotiating the SSL session prior to completion of the certificate-based authentication operation. During the certificate-based authentication procedure, an executable module is downloaded to the client from the server through the SSL session, after which the server receives through the SSL session a digital signature that has been generated by the executable module using a digital certificate at the client. In response to successfully verifying the digital signature at the server, the server provides access to a requested resource.

公开(公告)号：AT446638T

公开(公告)日：2009-11-15

申请号：AT04766174

申请日：2004-07-09

Applicant: IBM

Inventor： ASHLEY PAUL ,  MUPPIDI SRIDHAR ,  VANDENWAUVER MARK

IPC: H04L29/06 ,  G06F21/00 ,  H04L9/00

Abstract: A method is presented for performing authentication operations. When a client requests a resource from a server, a non-certificate-based authentication operation is performed through an SSL (Secure Sockets Layer) session between the server and the client. When the client requests another resource, the server determines to step up to a more restrictive level of authentication, and a certificate-based authentication operation is performed through the SSL session without exiting or renegotiating the SSL session prior to completion of the certificate-based authentication operation. During the certificate-based authentication procedure, an executable module is downloaded to the client from the server through the SSL session, after which the server receives through the SSL session a digital signature that has been generated by the executable module using a digital certificate at the client. In response to successfully verifying the digital signature at the server, the server provides access to a requested resource.

公开(公告)号：CA2528486A1

公开(公告)日：2005-02-17

申请号：CA2528486

申请日：2004-07-09

Applicant: IBM

Inventor： MUPPIDI SRIDHAR ,  VANDENWAUVER MARK ,  ASHLEY PAUL ANTHONY

IPC: H04L29/06 ,  G06F21/00 ,  H04L9/00

Abstract: A method is presented for performing authentication operations. When a clien t requests a resource from a server, a non-certificate~based authentication operation is performed through an SSL (Secure Sockets Layer) session between the server and the client, When the client requests another resource, the server determines to step up to a more restrictive level of authentication, and a certificate-based authentication operation is performed through the SS L session without exiting or renegotiating the SSL session prior to completion of the certificate-based authentication operation. During the certificate- based authentication procedure, an executable module is downloaded to the client from the server through the SSL session, after which the server receives through the SSL session a digital signature that has been generated by the executable module using a digital certificate at the client. In response to successfully verifying the digital signature at the server, the server provides access to a requested resource.