摘要:
A software system that provides access control to resources and that disassociates access rights to resources from references to resources to prevent the formation of large and unwieldy access control lists and to enable advanced decentralized security controls. The software system includes a repository that holds a resource descriptor for each resource including lock/permission pairs. Access to particular resources or groups of resources is provided by providing users with the appropriate keys. The keys are themselves are resources with resource descriptors in the repository. Access rights for users may be revoked by deleting keys from the repository. The software system also provides visibility fields for compartmentalizing access to resources. In addition, the software system provides authorizers that maintain audit trails when critical resource such as keys are passed among users and that enable advanced security control when passing resources among users.
摘要:
A software infrastructure for providing an open digital services marketplace including a naming manager that enables a requesting task to refer to a desired resource using a name which is local to the requesting task and a router that forwards the request to an appropriate handler for the desired resource and that enables at least one additional task to be invoked in response to the request. The infrastructure includes a permission manager that compares a set of access rights of the requesting task to the desired resource to a set of permissions associated with the desired resource such that the access rights are kept separately from the reference to the desired resource. The desired resource, the requesting task, the additional task, and a set of additional components used to handle the request are each modeled as a resource defined by a corresponding set of meta-data which includes a set of attributes and a reference to a grammar for interpreting the attributes.
摘要:
A compound control/data channel connects an I/O bridge (IOB) and a data buffer unit (DBU) in a high performance I/O subsystem. Generally, data movements among an I/O bridge, data buffer unit, system bus and I/O bus are dominated by separate control signal groups issued from the I/O bridge. The compound control/data channel permits integration of these control signal groups onto the data channel connected between I/O bridge and data buffer unit. A data controller can control and transfer data to/from a data buffer using this unique channel, alternately, for control information and data streams.
摘要:
A software system with self-describing attribute vocabularies that enhance the capability of service providers to advertise their resources and that facilitate the addition of new types of attributes and resources to the system. Each self-describing attribute vocabulary is characterized by a corresponding set of attribute properties and a corresponding set of:matching rules that are adapted to the corresponding attribute properties. The software system includes a matching engine that enables a service provider of a resource to describe the resource to the software system in terms of any one or more of the self-describing attribute vocabularies.
摘要:
An electronic data storage system including a memory, a plurality of magnetic disk units, and a controller. The memory contains an index cross-referencing logical address with physical addresses, an obsolete list and a free list. In response to a "write " command, the controller selects a physical address according to which segment can be used the most quickly, appends a tag to the data to be written, and writes the data to the selected segment. Appropriate entries are made in the index and the free list. The system recovers from memory loss by using a checkpoint log and a set of checkpoint segments on the disk that together contain backups of the index and other critical information needed to restore the system. Group indices are used for roll-back groups; operations on data in a group are invisible outside the group until after a "commit " command is issued.
摘要:
A software system with task-specific flexible bindings that enhance the ability to dynamically add and remove resources from availability to tasks and that eliminates the need for coordination of globally unique names. The software system includes a task-specific name space which corresponds to a task executing in the software system. The task-specific name space holds flexible bindings each of which associates a task-specific name used by the task to refer to a desired resource or a set of one or more resources of the computer system and to information that describes the desired resource. The software system includes a resource mediator that obtains a message from the task. The resource mediator keeps information for each resource that identifies a resource handler task for the desired resource by resolving the task-specific name using the flexible binding.