Browse Prior Art Database

Aggregate User Profile

IP.com Disclosure Number: IPCOM000104279D
Original Publication Date: 1993-Mar-01
Included in the Prior Art Database: 2005-Mar-19
Document File: 1 page(s) / 60K

Publishing Venue

IBM

Related People

Tate, KA: AUTHOR

Abstract

An "aggregate" user profile is disclosed. This profile is distinguishable from single user profiles (the norm) and from IEEE POSIX-style group profiles as a new type of profile. Like other user profiles, the aggregate user profile contains user information but it is expressly invented to contain information used by more than one user. Some systems use this type of entry to create a shared log-in or to collect owned files of a set of users into one place for easier backup and management.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Aggregate User Profile

      An "aggregate" user profile is disclosed.  This profile is
distinguishable from single user profiles (the norm) and from IEEE
POSIX-style group profiles as a new type of profile.  Like other user
profiles, the aggregate user profile contains user information but it
is expressly invented to contain information used by more than one
user.  Some systems use this type of entry to create a shared log-in
or to collect owned files of a set of users into one place for easier
backup and management.

      Within the security community, there is a requirement to be
able to audit the actions of unique users.  For systems that have
enriched function listed above for user or group profiles, some of
the actions using that profile may not be uniquely traceable to a
user.  In this case the new "aggregate" profile type can be used.

      Since it is distinguishable from single user profiles, its use
on a particular system can be managed by system values.  Its creation
or restoration to a system can be disallowed by the system when
system values are set to require enforcement of the single-user audit
capability.  For systems without such stringent constraints, it
provides a vehicle for maintaining or extending the value-added
extensions for users or groups on the system.

      This capability is required to achieve discretionary access
control (C2) and higher evaluation levels for secure systems.  It is
also assumed by the Distributed Computing Environment (DCE).  On
systems that support rich function via user or group profiles with
long history prior to Departm...