Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Distributed Authorization Model

IP.com Disclosure Number: IPCOM000062305D
Original Publication Date: 1986-Nov-01
Included in the Prior Art Database: 2005-Mar-09
Document File: 2 page(s) / 48K

Publishing Venue

IBM

Related People

Dahlby, SH: AUTHOR [+4]

Abstract

A mechanism is provided for a computer system that can contain multiple data storage and execution sites (DASD and CPUs) while allowing data to be efficiently removed or relocated within the system (possibly on removal media such as a disk pack). The mechanism assumes that authorization data is stored on the same storage medium as the associated entity. An entity is any symbolically named piece of storage. When the entity is accessed during execution, the authorization data can be retrieved from the same medium. In the case of a distributed system, the request to access the data may be remote to the execution site so that the request is made by locating the entity, passing the user's identity to the remote site; authorization is checked and the entity accessed in that remote site.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 58% of the total text.

Page 1 of 2

Distributed Authorization Model

A mechanism is provided for a computer system that can contain multiple data storage and execution sites (DASD and CPUs) while allowing data to be efficiently removed or relocated within the system (possibly on removal media such as a disk pack). The mechanism assumes that authorization data is stored on the same storage medium as the associated entity. An entity is any symbolically named piece of storage. When the entity is accessed during execution, the authorization data can be retrieved from the same medium. In the case of a distributed system, the request to access the data may be remote to the execution site so that the request is made by locating the entity, passing the user's identity to the remote site; authorization is checked and the entity accessed in that remote site. The requestor site does not need to be queried for the authorization information, nor does it need to be passed in the request. Removal of the media results in removal of the corresponding authorization information, To be able to perform the query for "what am I authorized to," the system retains a user profile which contains a list of media on which the user has authorized entities and a count of the number of those authorizations. If the count is ever 0, the media identifier can be removed from the list. The query will result in going to each medium and retrieving the requested authorization information. When a medium that is no longer online is encount...