Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Prevent Delegate Access to Confirmation Entries for Sensitive Objects

IP.com Disclosure Number: IPCOM000121150D
Original Publication Date: 1991-Jul-01
Included in the Prior Art Database: 2005-Apr-03
Document File: 1 page(s) / 44K

Publishing Venue

IBM

Related People

Heyen, JG: AUTHOR [+3]

Abstract

Delegate users must be prevented from accessing objects which they have not been given access rights to. This includes confirmation entries associated with those objects.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 86% of the total text.

Prevent Delegate Access to Confirmation Entries for Sensitive Objects

      Delegate users must be prevented from accessing objects which
they have not been given access rights to.  This includes
confirmation entries associated with those objects.

      When users (principals) authorize others (delegates) to work on
their behalf,  the user specifies a level of object accessability
that determines what set of objects the delegate will be able to work
on. This also includes confirmation entries.  When a delegate works
on objects owned by the principal, the system must be able to
determine what level of access the delegate has and must only allow
access to confirmation entries that have that level of object access.

      When principals authorize users to work on their behalf with
objects they receive, they must specify the level of access a
delegate has with regard to those objects.  The access level for each
delegate will be kept in an access level table on the mail service
that contains the list of objects that principals receive.  When
confirmation is requested for an object that is mailed, the access
level of the object is saved in the confirmation entry associated
with that object.  When a delegate accesses objects received by the
principal, the system will determine what confirmation entries can be
accessed based on the delegate access level table entry and the
access level in the confirmation entries.

      When a user authorizes another user t...