公开(公告)号：US07844625B2

公开(公告)日：2010-11-30

申请号：US12110695

申请日：2008-04-28

申请人： Kurt Frieden ,  Mitchell B. Rudominer ,  Matthew S. Markoff

发明人： Kurt Frieden ,  Mitchell B. Rudominer ,  Matthew S. Markoff

IPC分类号： G06F7/00 ,  G06F17/30

CPC分类号： G06F17/30873 ,  G06F21/31 ,  H04L63/101 ,  H04L63/104 ,  Y10S707/99939 ,  Y10S707/99942

摘要： A method, apparatus, and computer-readable media for authorizing users of network portals to access a secure resource hosted by a secure server comprises storing a plurality of user identifiers, each representing a user of an owning portal; storing for each of the user identifiers an access privilege to the secure resource; storing a proxy user identifier representing a guest portal and a guest access privilege to the secure resource for all of the users of the guest portal; receiving from the owning portal a first request for access to the secure resource, the first request comprising a first user identifier representing a user of the owning portal; granting to the user of the owning portal access to the secure resource according to the access privilege stored for the first user identifier; receiving from the guest portal a second request for access to the secure resource, the second request comprising a second user identifier representing a user of the guest portal and a portal identifier representing the guest portal; and granting to the user of the guest portal access to the secure resource according to the guest access privilege stored in the authorization table for the proxy user identifier.

摘要翻译： 用于授权网络门户的用户访问由安全服务器托管的安全资源的方法，装置和计算机可读介质包括存储多个用户标识符，每个用户标识符代表拥有门户的用户; 为每个用户标识符存储对安全资源的访问权限; 将代表客户端口的代理用户标识符和来宾访问权限存储到所述访客门户的所有用户的安全资源; 从所述入口门户接收对所述安全资源的访问的第一请求，所述第一请求包括表示所属门户的用户的第一用户标识符; 根据为第一用户标识符存储的访问权限向用户授予对安全资源的访问; 从所述访客门户接收对所述安全资源的访问的第二请求，所述第二请求包括表示所述访客门户的用户的第二用户标识符和表示所述访客门户的门户标识符; 以及根据存储在代理用户标识符的授权表中的访客访问权限，授权访客门户的用户访问安全资源。

公开(公告)号：US20080289010A1

公开(公告)日：2008-11-20

申请号：US12110695

申请日：2008-04-28

申请人： Kurt Frieden ,  Mitchell B. Rudominer ,  Matthew S. Markoff

发明人： Kurt Frieden ,  Mitchell B. Rudominer ,  Matthew S. Markoff

IPC分类号： G06F21/00

CPC分类号： G06F17/30873 ,  G06F21/31 ,  H04L63/101 ,  H04L63/104 ,  Y10S707/99939 ,  Y10S707/99942

摘要： A method, apparatus, and computer-readable media for authorizing users of network portals to access a secure resource hosted by a secure server comprises storing a plurality of user identifiers, each representing a user of an owning portal; storing for each of the user identifiers an access privilege to the secure resource; storing a proxy user identifier representing a guest portal and a guest access privilege to the secure resource for all of the users of the guest portal; receiving from the owning portal a first request for access to the secure resource, the first request comprising a first user identifier representing a user of the owning portal; granting to the user of the owning portal access to the secure resource according to the access privilege stored for the first user identifier; receiving from the guest portal a second request for access to the secure resource, the second request comprising a second user identifier representing a user of the guest portal and a portal identifier representing the guest portal; and granting to the user of the guest portal access to the secure resource according to the guest access privilege stored in the authorization table for the proxy user identifier.

摘要翻译： 用于授权网络门户的用户访问由安全服务器托管的安全资源的方法，装置和计算机可读介质包括存储多个用户标识符，每个用户标识符代表拥有门户的用户; 为每个用户标识符存储对安全资源的访问权限; 将代表客户端口的代理用户标识符和来宾访问权限存储到所述访客门户的所有用户的安全资源; 从所述入口门户接收对所述安全资源的访问的第一请求，所述第一请求包括表示所属门户的用户的第一用户标识符; 根据为第一用户标识符存储的访问权限向用户授予对安全资源的访问; 从所述访客门户接收对所述安全资源的访问的第二请求，所述第二请求包括表示所述访客门户的用户的第二用户标识符和表示所述访客门户的门户标识符; 以及根据存储在代理用户标识符的授权表中的访客访问权限，授权访客门户的用户访问安全资源。

公开(公告)号：US07366724B2

公开(公告)日：2008-04-29

申请号：US11463839

申请日：2006-08-10

申请人： Kurt Frieden ,  Mitchell B. Rudominer ,  Matthew S. Markoff

发明人： Kurt Frieden ,  Mitchell B. Rudominer ,  Matthew S. Markoff

IPC分类号： G06F7/00 ,  G06F17/30

CPC分类号： G06F17/30873 ,  G06F21/31 ,  H04L63/101 ,  H04L63/104 ,  Y10S707/99939 ,  Y10S707/99942

摘要： A method, apparatus, and computer-readable media for authorizing users of network portals to access a secure resource hosted by a secure server comprises storing a plurality of user identifiers, each representing a user of an owning portal; storing for each of the user identifiers an access privilege to the secure resource; storing a proxy user identifier representing a guest portal and a guest access privilege to the secure resource for all of the users of the guest portal; receiving from the owning portal a first request for access to the secure resource, the first request comprising a first user identifier representing a user of the owning portal; granting to the user of the owning portal access to the secure resource according to the access privilege stored for the first user identifier; receiving from the guest portal a second request for access to the secure resource, the second request comprising a second user identifier representing a user of the guest portal and a portal identifier representing the guest portal; and granting to the user of the guest portal access to the secure resource according to the guest access privilege stored in the authorization table for the proxy user identifier.

摘要翻译： 用于授权网络门户的用户访问由安全服务器托管的安全资源的方法，装置和计算机可读介质包括存储多个用户标识符，每个用户标识符代表拥有门户的用户; 为每个用户标识符存储对安全资源的访问权限; 将代表客户端口的代理用户标识符和来宾访问权限存储到所述访客门户的所有用户的安全资源; 从所述入口门户接收对所述安全资源的访问的第一请求，所述第一请求包括表示所属门户的用户的第一用户标识符; 根据为第一用户标识符存储的访问权限向用户授予对安全资源的访问; 从所述访客门户接收对所述安全资源的访问的第二请求，所述第二请求包括表示所述访客门户的用户的第二用户标识符和表示所述访客门户的门户标识符; 以及根据存储在代理用户标识符的授权表中的访客访问权限，授权访客门户的用户访问安全资源。

公开(公告)号：US07092942B2

公开(公告)日：2006-08-15

申请号：US10159532

申请日：2002-05-31

申请人： Kurt Frieden ,  Mitchell B. Rudominer ,  Matthew S. Markoff

发明人： Kurt Frieden ,  Mitchell B. Rudominer ,  Matthew S. Markoff

IPC分类号： G06F17/30

CPC分类号： G06F17/30873 ,  G06F21/31 ,  H04L63/101 ,  H04L63/104 ,  Y10S707/99939 ,  Y10S707/99942

摘要： A method, apparatus, and computer-readable media for authorizing users of network portals to access a secure resource hosted by a secure server comprises storing a plurality of user identifiers, each representing a user of an owning portal; storing for each of the user identifiers an access privilege to the secure resource; storing a proxy user identifier representing a guest portal and a guest access privilege to the secure resource for all of the users of the guest portal; receiving from the owning portal a first request for access to the secure resource, the first request comprising a first user identifier representing a user of the owning portal; granting to the user of the owning portal access to the secure resource according to the access privilege stored for the first user identifier; receiving from the guest portal a second request for access to the secure resource, the second request comprising a second user identifier representing a user of the guest portal and a portal identifier representing the guest portal; and granting to the user of the guest portal access to the secure resource according to the guest access privilege stored in the authorization table for the proxy user identifier.

公开(公告)号：US07017183B1

公开(公告)日：2006-03-21

申请号：US09896039

申请日：2001-06-29

申请人： Bridget J. Frey ,  Matthew S. Markoff ,  Michael E. Smedberg

发明人： Bridget J. Frey ,  Matthew S. Markoff ,  Michael E. Smedberg

IPC分类号： H04L9/32

CPC分类号： G06F21/6236 ,  G06F2221/2141 ,  Y10S707/99939

摘要： A method, system, and computer program product for corporate portal security are provided, wherein security information corresponding to an external object imported into the corporate portal is automatically mapped from the object's native security system into the corporate portal system. For each external object imported, the corporate portal maps external users and external groups identified by the native security into corresponding portal users and portal groups according to a predefined mapping process, and stores the results in a manner that associates the external object with those portal users and portal groups. A plurality of database tables and maps determines the outcome of the predefined mapping process. Advantageously, when new external users or groups are added, they are detected by a synchronization agent which then automatically updates the database tables and maps. When custom group security configurations are desired, or when new domains are added, the portal administrator may manipulate a subset of the database tables and maps to achieve the desired configuration. Advantageously, manually intensive operations such as object-by-object security stampings, and/or re-manipulation of individual security settings associated with re-instantiated crawls, are avoided.

摘要翻译： 提供了一种用于企业门户安全的方法，系统和计算机程序产品，其中对应于导入到企业门户中的外部对象的安全信息被自动地从对象的本机安全系统映射到企业门户系统中。 对于导入的每个外部对象，公司门户根据预定义的映射过程将外部用户和由本机安全性标识的外部组映射到相应的门户网站用户和门户组中，并以外部对象与门户网站用户相关联的方式存储结果 和门户组。 多个数据库表和映射确定预定义映射过程的结果。 有利地，当添加新的外部用户或组时，它们由同步代理检测，同步代理然后自动更新数据库表和映射。 当需要自定义组安全配置时，或添加新域时，门户网站管理员可以操纵数据库表和映射的子集，以实现所需的配置。 有利地，避免了手动密集的操作，例如逐个对象的安全标记，和/或重新操纵与重新实例化的爬行相关联的各个安全设置。

公开(公告)号：US08281404B2

公开(公告)日：2012-10-02

申请号：US11308377

申请日：2006-03-20

申请人： Bridget J. Frey ,  Matthew S. Markoff ,  Michael E. Smedberg

发明人： Bridget J. Frey ,  Matthew S. Markoff ,  Michael E. Smedberg

IPC分类号： H04L29/06

CPC分类号： G06F21/6236 ,  G06F2221/2141 ,  Y10S707/99939

摘要： A method, system, and computer program product for corporate portal security are provided, wherein security information corresponding to an external object imported into the corporate portal is automatically mapped from the object's native security system into the corporate portal system. For each external object imported, the corporate portal maps external users and external groups identified by the native security into corresponding portal users and portal groups according to a predefined mapping process, and stores the results in a manner that associates the external object with those portal users and portal groups. A plurality of database tables and maps determines the outcome of the predefined mapping process. Advantageously, when new external users or groups are added, they are detected by a synchronization agent which then automatically updates the database tables and maps. When custom group security configurations are desired, or when new domains are added, the portal administrator may manipulate a subset of the database tables and maps to achieve the desired configuration. Advantageously, manually intensive operations such as object-by-object security stampings, and/or re-manipulation of individual security settings associated with re-instantiated crawls, are avoided.

摘要翻译： 提供了一种用于企业门户安全的方法，系统和计算机程序产品，其中对应于导入到企业门户中的外部对象的安全信息被自动地从对象的本机安全系统映射到企业门户系统中。 对于导入的每个外部对象，公司门户根据预定义的映射过程将外部用户和由本机安全性标识的外部组映射到相应的门户网站用户和门户组中，并以外部对象与该门户网站用户相关联的方式存储结果 和门户组。 多个数据库表和映射确定预定义映射过程的结果。 有利地，当添加新的外部用户或组时，它们由同步代理检测，同步代理然后自动更新数据库表和映射。 当需要自定义组安全配置时，或添加新域时，门户网站管理员可以操纵数据库表和映射的子集，以实现所需的配置。 有利地，避免了手动密集的操作，例如逐个对象的安全标记，和/或重新操纵与重新实例化的爬行相关联的各个安全设置。