| US 7,594,112 B2 | ||
| Delegated administration for a distributed security system | ||
| Paul Patrick, Manchester, N.H. (US); David Byrne, Woburn, Mass. (US); Kenneth D. Yagen, San Francisco, Calif. (US); Mingde Xu, San Jose, Calif. (US); Jason Howes, Cambridge, Mass. (US); Mark A. Falco, Lexington, Mass. (US); and Richard J. Riendeau, Burlington, Mass. (US) | ||
| Assigned to BEA Systems, Inc., Redwood Shores, Calif. (US) | ||
| Filed on Oct. 08, 2004, as Appl. No. 10/961,839. | ||
| Claims priority of provisional application 60/508427, filed on Oct. 10, 2003. | ||
| Prior Publication US 2005/0081063 A1, Apr. 14, 2005 | ||
| Int. Cl. H04L 9/00 (2006.01) | ||
| U.S. Cl. 713—166 [713/165; 713/150] | 33 Claims |
| 1. A method comprising the steps of:
delegating a capability from a first user to a second user;
propagating from a provisioning service provider configuration information that includes evidence of the delegation to a plurality
of security service modules executing on one of a plurality of computers distributed throughout an enterprise, wherein each
one of the plurality of security service modules is integrated with a different process, including applications, application
servers, and web servers, executing on the computer and wherein each security service module is capable of protecting one
or more resources;
providing the evidence to a first security service module belonging to the plurality of security service modules;
enforcing the delegation when the second user attempts to access a resource in the one or more resources wherein the resource
is protected by the first security service module; and
wherein the enforcement is carried out by the first security service module and wherein each security service module can dynamically
load security providers based on the configuration information.
|