Browse Prior Art Database

Volatile Access Group

IP.com Disclosure Number: IPCOM000195600D
Publication Date: 2010-May-07

Publishing Venue

The IP.com Prior Art Database

Abstract

We need temporary access privileges when we use Web applications as a proxy of our managers. In most cases, we implement a function for the Web application to assign the user to upper level groups temporarily. In this system, the user id of the target user is assigned to a upper group by a user management tool, when the user needs the privileged access. The group information will be deleted from the user information by the user management tool after the privileged operation. This function is implemented widely, however, it has mainly 4 issues. 1: The operator who use the user management tool does not always use the tool, so it is very difficult to delete the privileged information immediately, when the right is no longer needed. 2: The user could access with the privileged group, in case there is a cache of this information in the system memory. 3: The user could not access with the privileged group, in case an older cache information which does not include the group information is used. 4: It is difficult to implement restrictions for the privileged access; how long the user can access with the group information or how many times the user can operate with the information. To solve these issues, we propose 4 functions in this idea. 1: The privileged group information is registered as a restricted information in a user credential (a information after the user authentication to determine whether the user is authenticated or not). 2: This privileged information is inserted the user credential directly. It means the privileged information is not inserted in a user entry information in a user registry. 3: The "restriction information" describes in the credential and enables to handle "how long the user can operate with the information" or "how many times the user can operate with the information". 4: The restriction information will be deleted immediately when the user reaches the limited condition written in the restricted information.