System and method for managing user session meta-data in a reverse proxy
    1.
    发明申请
    System and method for managing user session meta-data in a reverse proxy 审中-公开
    用于在逆向代理中管理用户会话元数据的系统和方法

    公开(公告)号:US20060026286A1

    公开(公告)日:2006-02-02

    申请号:US10885300

    申请日:2004-07-06

    IPC分类号: G06F15/16

    摘要: A system and method for detecting and managing user session meta-data at a reverse proxy server. The reverse proxy server is logically located between one or more origin servers and any number of users. The reverse proxy server detects the establishment and tearing down of a user session, and any expiration associated with the user session. The reverse proxy server identifies the creation of a session from the pattern and/or content of communications between a user and an origin server, and associates the user (e.g., by username or user ID) with the session (e.g., session ID or cookie). A user session table may be populated with an entry for each observed session. Tear down of a session may be detected by identifying an explicit user logout or a session termination by the origin server.

    摘要翻译: 一种用于在逆向代理服务器处检测和管理用户会话元数据的系统和方法。 反向代理服务器逻辑上位于一个或多个源服务器和任意数量的用户之间。 反向代理服务器检测用户会话的建立和拆除以及与用户会话相关联的任何到期。 反向代理服务器根据用户和原始服务器之间的通信模式和/或内容来识别会话的创建,并将用户(例如,通过用户名或用户ID)与会话相关联(例如,会话ID或cookie )。 用户会话表可以填充每个观察到的会话的条目。 可以通过识别源服务器的显式用户注销或会话终止来检测会话的撕裂。

    System and method for invalidating data in a hierarchy of caches
    3.
    发明授权
    System and method for invalidating data in a hierarchy of caches 有权
    使缓存层次结构中的数据无效的系统和方法

    公开(公告)号:US07143244B2

    公开(公告)日:2006-11-28

    申请号:US10727308

    申请日:2003-12-02

    IPC分类号: G06F12/00

    CPC分类号: G06F12/0808

    摘要: A system and method for communicating a side effect of one data request, or other event, as part of a response to another data request or event. The side effect may include notification of the invalidation of cached data, from an upstream cache to a downstream cache. The upstream cache may store invalidation notifications as they are generated or received, and as responses to data requests are sent downstream, piggyback or merge one or more notifications with a response. This scheme avoids the need to open separate communication connections using specified invalidation accounts and passwords.

    摘要翻译: 用于传达一个数据请求或其他事件的副作用的系统和方法,作为对另一个数据请求或事件的响应的一部分。 副作用可能包括从上游缓存到下游缓存的缓存数据无效通知。 上游缓存可以在生成或接收时存储无效通知,并且作为对数据请求的响应被发送到下游,捎带或将一个或多个通知与响应合并。 该方案避免了使用指定的无效帐户和密码打开单独的通信连接。

    System and method for managing security meta-data in a reverse proxy

    公开(公告)号:US20060010442A1

    公开(公告)日:2006-01-12

    申请号:US10885338

    申请日:2004-07-06

    IPC分类号: G06F9/46

    摘要: A system and method for managing security meta-data in a reverse proxy server. The reverse proxy caches data served by an origin server, and also stores security meta-data for authenticating a user and/or authorizing access to cached data. The security meta-data may include an ACL (Access Control List), access control token or descriptor, other access control information, user credentials, user privileges or roles, group membership, user aliases, etc. The reverse proxy may automatically receive access control information from the origin server when a request for data is forwarded to the origin server, or may explicitly request the information from the origin server or a security server. The reverse proxy receives and applies invalidation messages to invalidate stored security meta-data. Also, the reverse proxy acts in a stateful manner, with knowledge of the correlation between a given user and that user's session with the origin server.

    Invalidating cached data using secondary keys
    5.
    发明申请
    Invalidating cached data using secondary keys 有权
    使用辅助密钥无效缓存的数据

    公开(公告)号:US20050120181A1

    公开(公告)日:2005-06-02

    申请号:US10726112

    申请日:2003-12-02

    IPC分类号: G06F12/00 G06F17/30

    摘要: A system and method for facilitating the invalidation of cached data, in which the data to be invalidated are identified using information other than a primary key. The primary key for a cached data object, such as a web page, may be a Uniform Resource Locator (URL). Instead of using an object's URL to identify to a cache the data to be invalidated, a secondary key is used, such as the object's data source or a template from which the object was created. An application communicates the secondary key to a cache, and the cache identifies cached objects that match the secondary key. Those data objects are then invalidated without having to issue multiple invalidation messages from the application.

    摘要翻译: 一种用于促进缓存数据无效化的系统和方法,其中使用除主键之外的信息来识别要被无效的数据。 缓存数据对象(如网页)的主键可能是统一资源定位符(URL)。 不要使用对象的URL来标识要缓存的数据,否则将使用辅助键,例如对象的数据源或创建对象的模板。 应用程序将辅助密钥传送到缓存,缓存标识与辅助密钥匹配的缓存对象。 然后,这些数据对象无效,而不必从应用程序发出多个无效消息。

    System and method for invalidating data in a hierarchy of caches
    6.
    发明申请
    System and method for invalidating data in a hierarchy of caches 有权
    使缓存层次结构中的数据无效的系统和方法

    公开(公告)号:US20050055508A1

    公开(公告)日:2005-03-10

    申请号:US10727308

    申请日:2003-12-02

    IPC分类号: G06F12/08 G06F12/00

    CPC分类号: G06F12/0808

    摘要: A system and method for communicating a side effect of one data request, or other event, as part of a response to another data request or event. The side effect may include notification of the invalidation of cached data, from an upstream cache to a downstream cache. The upstream cache may store invalidation notifications as they are generated or received, and as responses to data requests are sent downstream, piggyback or merge one or more notifications with a response. This scheme avoids the need to open separate communication connections using specified invalidation accounts and passwords.

    摘要翻译: 用于传达一个数据请求或其他事件的副作用的系统和方法,作为对另一个数据请求或事件的响应的一部分。 副作用可能包括从上游缓存到下游缓存的缓存数据无效通知。 上游缓存可以在生成或接收时存储无效通知,并且作为对数据请求的响应被发送到下游,捎带或将一个或多个通知与响应合并。 该方案避免了使用指定的无效帐户和密码打开单独的通信连接。

    System and method for managing security meta-data in a reverse proxy
    7.
    发明授权
    System and method for managing security meta-data in a reverse proxy 有权
    用于管理逆向代理中的安全元数据的系统和方法

    公开(公告)号:US07600230B2

    公开(公告)日:2009-10-06

    申请号:US10885338

    申请日:2004-07-06

    IPC分类号: G06F3/00 G06F15/16 G06F7/04

    摘要: A system and method for managing security meta-data in a reverse proxy server. The reverse proxy caches data served by an origin server, and also stores security meta-data for authenticating a user and/or authorizing access to cached data. The security meta-data may include an ACL (Access Control List), access control token or descriptor, other access control information, user credentials, user privileges or roles, group membership, user aliases, etc. The reverse proxy may automatically receive access control information from the origin server when a request for data is forwarded to the origin server, or may explicitly request the information from the origin server or a security server. The reverse proxy receives and applies invalidation messages to invalidate stored security meta-data. Also, the reverse proxy acts in a stateful manner, with knowledge of the correlation between a given user and that user's session with the origin server.

    摘要翻译: 用于在逆向代理服务器中管理安全元数据的系统和方法。 反向代理缓存由原始服务器服务的数据,并且还存储用于认证用户的安全元数据和/或授权访问缓存的数据。 安全元数据可以包括ACL(访问控制列表),访问控制令牌或描述符,其他访问控制信息,用户凭证,用户特权或角色,组成员资格,用户别名等。反向代理可以自动接收访问控制 当请求数据被转发到原始服务器时,来自原始服务器的信息,或者可以从源服务器或安全服务器显式地请求信息。 反向代理接收并应用无效消息以使存储的安全元数据无效。 此外,反向代理以有状态的方式运行,知道给定用户与该用户与源服务器的会话之间的相关性。

    System and method for inline invalidation of cached data
    8.
    发明授权
    System and method for inline invalidation of cached data 有权
    缓存数据的内联无效的系统和方法

    公开(公告)号:US07089363B2

    公开(公告)日:2006-08-08

    申请号:US10727309

    申请日:2003-12-02

    IPC分类号: G06F12/00

    CPC分类号: G06F12/0808

    摘要: A system and method for communicating a side effect of a data request, from a data server and through one or more caches, inline with a response to the request. Instead of sending a separate notification of the side effect (e.g., instructions to invalidate data cached in one or more caches), the notification is included in the response. As the response traverses caches on its way to the requestor, each cache applies the side effect with the proper timing. Thus, data invalidation may be performed prior to caching data included in the request and/or forwarding the response toward the requester. A final cache configured to serve the response to the requestor may remove the side effect notification before serving the response.

    摘要翻译: 一种用于从数据服务器和通过一个或多个高速缓存传送数据请求的副作用的系统和方法,其与请求的响应一致。 不是发送单独的副作用的通知(例如,使在一个或多个高速缓存中缓存的数据无效的指令),所以通知被包括在响应中。 当响应在到达请求者的路径上遍历缓存时,每个高速缓存应用正确的时序的副作用。 因此,可以在缓存包含在请求中的数据之前执行数据无效,和/或将请求转发给请求者。 配置为向请求者提供响应的最终缓存可以在服务响应之前去除副作用通知。

    Invalidating cached data using secondary keys
    9.
    发明授权
    Invalidating cached data using secondary keys 有权
    使用辅助密钥无效缓存的数据

    公开(公告)号:US07076608B2

    公开(公告)日:2006-07-11

    申请号:US10726112

    申请日:2003-12-02

    IPC分类号: G06F12/00

    摘要: A system and method for facilitating the invalidation of cached data, in which the data to be invalidated are identified using information other than a primary key. The primary key for a cached data object, such as a web page, may be a Uniform Resource Locator (URL). Instead of using an object's URL to identify to a cache the data to be invalidated, a secondary key is used, such as the object's data source or a template from which the object was created. An application communicates the secondary key to a cache, and the cache identifies cached objects that match the secondary key. Those data objects are then invalidated without having to issue multiple invalidation messages from the application.

    摘要翻译: 一种用于促进缓存数据无效化的系统和方法,其中使用除主键之外的信息来识别要被无效的数据。 缓存数据对象(如网页)的主键可能是统一资源定位符(URL)。 不要使用对象的URL来标识要缓存的数据,否则将使用辅助键,例如对象的数据源或创建对象的模板。 应用程序将辅助密钥传送到缓存,缓存标识与辅助密钥匹配的缓存对象。 然后,这些数据对象无效,而不必从应用程序发出多个无效消息。

    System and method for inline invalidation of cached data
    10.
    发明申请
    System and method for inline invalidation of cached data 有权
    缓存数据的内联无效的系统和方法

    公开(公告)号:US20050055509A1

    公开(公告)日:2005-03-10

    申请号:US10727309

    申请日:2003-12-02

    IPC分类号: G06F12/00 G06F12/08

    CPC分类号: G06F12/0808

    摘要: A system and method for communicating a side effect of a data request, from a data server and through one or more caches, inline with a response to the request. Instead of sending a separate notification of the side effect (e.g., instructions to invalidate data cached in one or more caches), the notification is included in the response. As the response traverses caches on its way to the requestor, each cache applies the side effect with the proper timing. Thus, data invalidation may be performed prior to caching data included in the request and/or forwarding the response toward the requester. A final cache configured to serve the response to the requestor may remove the side effect notification before serving the response.

    摘要翻译: 一种用于从数据服务器和通过一个或多个高速缓存传送数据请求的副作用的系统和方法,其与请求的响应一致。 不是发送单独的副作用的通知(例如,使在一个或多个高速缓存中缓存的数据无效的指令),所以通知被包括在响应中。 当响应在到达请求者的路径上遍历缓存时,每个高速缓存应用正确的时序的副作用。 因此,可以在缓存包含在请求中的数据之前执行数据无效,和/或将请求转发给请求者。 配置为向请求者提供响应的最终缓存可以在服务响应之前去除副作用通知。