Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing – Network resources access controlling
Reexamination Certificate
1999-07-23
2003-02-11
Etienne, Ario (Department: 2157)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
Network resources access controlling
C709S203000, C709S225000, C709S248000, C713S152000, C713S152000
Reexamination Certificate
active
06519647
ABSTRACT:
TECHNICAL FIELD
This invention relates to methods and apparatus for synchronizing access control in a web server.
BACKGROUND
Web servers are computer systems that support web sites. Web sites typically include a number of resources that are used to build the web site. Files are one example of a resource that can be used to build a web site. It is highly desirable to protect the content of and access to a web site so that unauthorized individuals cannot access and manipulate web site resources.
Various security schemes have evolved to give web site administrators the ability to protect the resources on their web sites. Often times more than one security scheme can be used in conjunction with another, and often times the different security schemes are set at different places within a system. For example,
FIG. 1
shows an exemplary system that can include different security schemes that can be set from different places within the system. These security schemes are not synchronized and because of this, problems can arise for both the system administrator and product service engineers who might be called upon to assist a system administrator when problems arise. In this example, a server
10
includes a file system
11
, an operating system
12
that can be used to operate on the file system, and an internet information server
13
, such as Microsoft's Internet Information Service that manages internet access for a plurality of different clients
18
,
20
. In this example, file system
11
has a file system access controller
14
that is used by a system administrator to set security access for the file system. For example, read and write access can be set through the file system access controller
14
and specifies what privileges the various clients of the system have. Additionally, a web site access controller
16
is provided and is used by the internet information server
13
to determine which of the various clients can access a particular web site and what operations are allowed on particular resources that are accessible through the web site. Here too, read and write access can be set for particular files. The security settings that are set by the file system access controller
14
can, in some instances, conflict with the security settings that are set by the web site access controller
16
. For example, if the file system access controller sets a “read only” setting on a particular file (e.g. “file”), and the web site access controller
16
sets a “read and write” setting for the same file, then when a client attempts to write to “http://www.file.com”, the request will fail because the file system access controller
14
has placed a more restrictive security setting on the particular file than the web site access controller
16
. This is a very elementary example—but is one that illustrates just how easily unsynchronized, inconsistent security settings can arise. These inconsistencies can lead to customer dissatisfaction and increased time for support calls to assist the customer in sorting out the inconsistent security settings. Administrators of secure products can become frustrated and support costs can escalate when any product has more than one tool or scheme to maintain and/or enforce security policy, such as access control or authentication.
This invention arose out of concerns associated with providing a simple, easy-to-use tool for synchronizing access control in a Web server that includes a plurality of different access control mechanisms.
SUMMARY
Methods and apparatus for synchronizing access control in a Web server are described. In one embodiment, a plurality of security scenarios are defined and each scenario has one or more security settings associated with it. The security settings are associated with a plurality of access control mechanisms that control access to a web server and/or its resources. One or more of the security settings for a plurality of the access control mechanisms are automatically set when a security scenario is selected by a user. Thus, the security settings for a number of different access control mechanism can be set contemporaneously by selecting one security scenario. This avoids having to individually set security settings for each of the access control mechanisms and can ensure that the individual settings are proper.
Among the various access control mechanisms that can be set by selection of an appropriate security scenario are: authentications for authenticating various users, Web permissions that define what particular operations are allowed on particular resources, access restrictions that can permit or deny access to a Web site based upon an identification that is associated with a particular user, and access control lists (ACLs) that include user information and privileges that are associated with a particular resource.
In addition, in some embodiments third party security access control mechanisms that control access to resources that are not managed or controlled by the web server can be set.
Further, in some embodiments various locations within a hierarchical name space can inherit the security settings from one or more upstream locations in the hierarchical name space.
REFERENCES:
patent: 6161146 (2000-12-01), Kley et al.
patent: 6321334 (2001-11-01), Jerger et al.
Brown Don L.
Clark Quentin J.
Dillingham Lara N.
Howard Michael
Meijer Ronald
Etienne Ario
Lee & Hayes PLLC
Microsoft Corporation
LandOfFree
Methods and apparatus for synchronizing access control in a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Methods and apparatus for synchronizing access control in a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Methods and apparatus for synchronizing access control in a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3172970