Electrical computers and digital processing systems: multicomput – Computer-to-computer protocol implementing
Reexamination Certificate
2000-06-15
2004-10-05
Wiley, David (Department: 2143)
Electrical computers and digital processing systems: multicomput
Computer-to-computer protocol implementing
C709S219000
Reexamination Certificate
active
06801946
ABSTRACT:
TECHNICAL FIELD
The present invention relates in general to data processing systems, and in particular, to global sign-on technology in data processing systems.
BACKGROUND INFORMATION
Users in an enterprise computing environment typically must access several different systems, each potentially having unique and separate user identifiers (UID) and passwords. Global sign-on technology allows all of the UIDs and passwords to be maintained automatically by the global sign-on system (hereinafter, simply “GSO”). The GSO allows the user to have only a single GSO UID and password. Thereafter, GSO manages the various UIDs for the target systems that the user needs to access. GSO can automatically start a target application, for example, groupware application or terminal emulation, and log the user into the target system using the appropriate UID and password for that system.
Current implementations of GSO maintain the GSO “database” within a distributed computing environment. This, however, requires a system manager that wishes to implement a GSO to develop and maintain a distributed computing environment installation. Consequently, there is a need in the art for systems and methods for implementing a GSO in an open architecture environment, for example the Internet, while preserving the security afforded by a distributed computing environment.
SUMMARY OF THE INVENTION
The aforementioned needs are addressed by the present invention. Accordingly, there is provided, in a first form, a method for global sign-on (GSO). The method includes receiving a user login and determining an existence of a first directory entry corresponding to the user in response to a first Lightweight Directory Access Protocol (LDAP) message. The first directory entry represents a data structure in accordance with a defined LDAP GSO schema. The user is logged into one or more data processing services in response to a corresponding one or more second directory entries also representing a data structure in accordance with a corresponding second predetermined LDAP schema object.
There is also provided, in a second form, a computer program product embodied in a tangible storage medium. The program product includes programming for global sign-on (GSO), having instructions for performing the steps of receiving a user login and determining an existence of a first directory entry corresponding to the user in response to a first Lightweight Directory Access Protocol (LDAP) message. Also included are instructions for logging the user into one or more data processing services in response to one or more second directory entries, and wherein each of the first and second directory entries represents a data structure in accordance with a corresponding first and second predetermined LDAP schema object.
Additionally provided, in a third form, is a GSO data processing system. The system contains circuitry operable for receiving a user login, and circuitry operable for determining an existence of a first directory entry corresponding to the user in response to a first Lightweight Directory Access Protocol (LDAP) message. User are logged into the system via circuitry contained therein operable for logging the user into one or more data processing services in response to one or more second directory entries, and wherein each of the first and second directory entries represents a data structure in accordance with a corresponding first and second predetermined LDAP schema object.
REFERENCES:
patent: 5684950 (1997-11-01), Dare et al.
patent: 5944824 (1999-08-01), He
patent: 6016508 (2000-01-01), Chu et al.
patent: 6085188 (2000-07-01), Bachmann et al.
patent: 6178511 (2001-01-01), Cohen et al.
patent: 6240512 (2001-05-01), Fang et al.
patent: 6243816 (2001-06-01), Fang et al.
patent: 6275941 (2001-08-01), Saito et al.
patent: 6275944 (2001-08-01), Kao et al.
patent: 6539382 (2003-03-01), Byrne et al.
patent: 6556995 (2003-04-01), Child et al.
patent: 6557039 (2003-04-01), Leong et al.
patent: 6609198 (2003-08-01), Wood et al.
patent: 6629246 (2003-09-01), Gadi
patent: 6643782 (2003-11-01), Jin et al.
patent: 2002/0083336 (2002-06-01), Bradford et al.
Novell, Inc., “Novell Single Sign-on Makes Network Access a Reality”, Press Release, Provo, Utah, Jul. 21, 1999.*
“Single Sign-On Deployment Guide”, Netscape Communications Corporation, http://developer.netscape.com/docs/manuals/security/sso/contents.htm, 1997.*
IBM Technical Disclosure Bulletin, “Flexible DCE User Management through GSO”, Issue 429, p. 180, Jan. 1, 2000.*
IBM Technical Disclosure Bulletin, “Handling GSO Checkpoints in a Tivoli Environment”, Issue 428, p. 1696, Dec. 1, 1999.*
IBM Technical Disclosure Bulletin, “Multi-Modal Data Access”, Issue 426, p. 1393, Oct. 1, 1999.*
Request for Comments: 1823,The C LDAP Application Program Interfaceby M. Smith, T. Howes, A. Herron, M. Wahl., and A. Anantha (Oct. 8, 1999), pp. 1-71.
Request for Comments: 1777,Lightweight Directory Access Protocolby W. Yeong, T. Howes and S. Kille (Mar. 1995), pp. 1-18.
Request for Comments: 1510,The Kerberos Network Authentication Service(V5) by J. Kohl, C. and C. Neuman (Sep. 1993), pp. 1-99.
Request for Comments: 2222,Simple Authentication and Security Layer(SASL) by J. Myers (Oct. 1997), pp. 1-14.
Request for Comments: 2251,Lightweight Directory Access(V3) by M. Wahl and S. Kille (Dec. 1997), pp. 1-44.
Understanding LDAPby Heinz Johner, Larry Brown, Franz-Stefan Hinner, Wolfgang Reis, and John Westman (IBM, International Technical Support Organization, http://www.redbooks.ibm.com), pp. 1-177.
LDAP Implementation Cookbookby Heinz Johner, Michel Melot, Harri Stranden, and Permana Widhiasta (IBM, International Technical Support Organization, http://www.redbooks.imb.com), pp. 1-293.
Request for Comments: 1274,The COSINE and Internet X.500 Schemaby P. Barker and S. Kille (Nov. 1991), pp. 1-52.
Request for Comments: 2256,A Summary of the X.500(96)User Schema for use with LDAPv3by M. Wahl (Dec. 1997), pp. 1-18.
Child Garry Lee
Fichtner Larry
Lin Dah-Haur
Collins Scott M.
International Business Machines - Corporation
LaBaw Jeffrey S.
Wiley David
Winstead Sechrest & Minick P.C.
LandOfFree
Open architecture global sign-on apparatus and method therefor does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Open architecture global sign-on apparatus and method therefor, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Open architecture global sign-on apparatus and method therefor will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3326114