Location based network usage policies
US-9225790-B2 · Dec 29, 2015 · US
System and method for performing a delegation operation
US9270771B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9270771-B2 |
| Application number | US-79646607-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 27, 2007 |
| Priority date | Apr 28, 2006 |
| Publication date | Feb 23, 2016 |
| Grant date | Feb 23, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method in which a delegated client sends a request message containing operation information, a delegated client identity (ID), and a delegating client ID at the time of sending an operation request to a target system. The target system receives the request message and delegation-authorizes the delegated client by examining whether the delegating client is authorized to perform the operation requested by the request message and also whether the delegating client has delegated the authority to perform the operation to the delegated client sending the request message using the delegating client ID included in the request message. A new header is provided which includes ID information of the delegating client in the request message. When receiving the request message, the target system performs a procedure for authenticating and authorizing not only the delegated client but also the delegating client using the delegating client ID.
First claim
Opening claim text (preview).
What is claimed is: 1. A server for performing a delegation operation, the server comprising: a non-transitory memory; and a processor configured for: receiving, from a delegated client, a request message for requesting that the server should execute an operation for a resource, the request message including an identity (ID) of the delegated client, an ID of a delegating client, and information of the requested operation; determining whether at least one authorization rule is stored in the memory based on the delegating client ID, the at least one authorization rule including information about the delegating client delegating which authority to which client; when determining that the at least one authorization rule is stored in the memory, determining whether the delegating client has delegated authority to the delegated client for requesting execution of the operation based on the delegated client ID and the information about the delegating client delegating which authority to which client; when determining that the at least one authorization rule is not stored in the memory, requesting, from the delegating client, the information about the delegating client delegating which authority to which client, and determining whether the delegating client has delegated authority to the delegated client for requesting the execution of the operation based on the delegated client ID and the information about the delegating client delegating which authority to which client; and executing the requested operation when determining that the delegating client has delegated authority to the delegated client for requesting the execution of the operation, wherein the execution of the operation comprises providing the delegated client with access to a document owned by the delegating client and stored on the server, and permitting the delegated client to modify the document, and wherein the server reports the execution results to the delegated client. 2. The server of claim 1 , wherein the request message comprises: a first header including the delegated client ID; and a second header including the delegating client ID. 3. The server of claim 1 , wherein the server stores information indicating that the delegated client has been authenticated with respect to the request message when determining the delegating client has delegated authority to the delegated client for requesting the execution of the operation. 4. The server of claim 1 , wherein the server is an Extensible Markup Language (XML) Document Management Server (XDMS). 5. A method for performing a delegation operation in a delegation operation system by a server, the method comprising the steps of: receiving, from a delegated client, a request message including an identity (ID) of a delegated client, an ID of a delegating client, and information of a requested operation for requesting that the server execute the requested operation for a particular resource from the delegated client; determining whether at least one authorization rule is stored in the server based on the delegating client ID, the at least one authorization rule including information about the delegating client delegating which authority to which client; when the at least one authorization rule is stored in the server, determining whether the delegating client has delegated authority to the delegated client for requesting execution of the operation based on the delegated client ID and the information about the delegating client delegating which authority to which client; when the at least one authorization rule is not stored in the server, requesting, from the delegating client, the information about the delegating client delegating which authority to which client, and determining whether the delegating client has delegated authority to the delegated client for requesting the execution of the operation based on the delegated client ID and the information about the delegating client delegating which authority to which client; executing the requested operation when the delegated client is authenticated when determining the delegating client has delegated authority to the delegated client for requesting the execution of the operation; and reporting the execution results to the delegated client; wherein the execution of the operation comprises providing the delegated client with access to a document owned by the delegating client and stored on the server, and permitting the delegated client to modify the document. 6. The method of claim 5 , wherein the request message comprises: a first header including the delegated client ID; and a second header including the delegating client ID. 7. The method of claim 5 , wherein the server stores information indicating that the delegated client has been authenticated with respect to the request message when the determining delegating client has delegated authority to the delegated client for requesting the execution of the operation. 8. The method of claim 5 , wherein the server is an Extensible Markup Language (XML) Document Management Server (XDMS). 9. The server of claim 1 , wherein the server comprises: a proxy server for authenticating the delegated client as a requesting client of the request message, and a target system for authenticating the delegating client and the delegated client and executing the requested operation. 10. The server of claim 9 , wherein the proxy server authenticates the delegated client as the requesting client of the request message and forwards the request message received from the delegated client to the target system, and the target system determines whether the delegating client has delegated authority to the delegated client. 11. The method of claim 5 , wherein the server comprises: a proxy server for authenticating the delegated client as a requesting client of the request message, and a target system for authenticating the delegating client and the delegated client and executing the requested operation. 12. The method of claim 11 , wherein the proxy server authenticates the delegated client as the requesting client of the request message and forwards the request message received from the delegated client to the target system, and the target system determines whether the delegating client has delegated authority to the delegated client.
Assignees
Inventors
Classifications
Electricity · mapped topic
- H04L67/24Primary
Electricity · mapped topic
- H04L63/08Primary
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Electricity · mapped topic
Enhancement of application control based on intercepted application data · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9270771B2 cover?
- A method in which a delegated client sends a request message containing operation information, a delegated client identity (ID), and a delegating client ID at the time of sending an operation request to a target system. The target system receives the request message and delegation-authorizes the delegated client by examining whether the delegating client is authorized to perform the operation r…
- Who is the assignee on this patent?
- Oh Jae-Kwon, Kim Wuk, Sung Sang-Kyung, and 1 more
- What technology area does this patent fall under?
- Primary CPC classification H04L67/24. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 23 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).