Browse Prior Art Database

Provider Based Access Control to Reconciled Data Disclosure Number: IPCOM000238992D
Publication Date: 2014-Sep-30
Document File: 7 page(s) / 82K

Publishing Venue

The Prior Art Database


A method for provider based access control to reconciled data is disclosed.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 19% of the total text.

Page 01 of 7

Provider Based Access Control to Reconciled Data

Disclosed is a method for provider based access control to reconciled data.

Data reconciliation consists in constructing a reconciled view of the same entity, or resource, based on attributes collected from different sources, or Providers. An entity can be a Configuration Item, such as defined by the IT Infrastructure Library (ITIL), or any physical object that needs to be managed for a specific purpose.

An entity can be identified by a set of unique attributes. For example, a computer system may be uniquely identified by the attribute System Board UUID or by attribute MAC address, or by the set of attributes Manufacturer, Model and Serial Number.

Inventory and management tools are some of the tools that automatically discover the physical and application infrastructure in an enterprise. These tools collect information about specific attributes that are related to a specific domain. For example, considering a computer, while one tool may be interested in attributes related to the network topology, like IP address, subnet and ethernet address, other tool may be interested in software related information, like Operating System and installed software. The attributes discovered by each one of the different tools may overlap. For example, both tools may discover the IP address of the computer. The attributes that overlap can then be used by a reporting tool to reconcile all the information and build, for example, a reconciled report of all the data collected by the different tools.

A reconciliation service may keep only the identifying information, needed to reconciled records originated from different sources, or also keep non-identifying attributes of the discovered records. Other non-identifying information, associated with each records, may be kept only in each Providers database, being availability upon query by using a mechanism similar to the one defined, for example, by The Open Services for Life cycle Collaboration (OSLC).

Both a reconciled resource as well as the individual records from different data Providers used to build it up can have different authorization restrictions, based on the users that requested this information, or any other contextual information, i.e., a specific access control policy. Considering the reconciled resource, there may be a conflict resolution mechanism that allows different policies from different providers to be used to control the access to it.

In one embodiment the invention provides a method for controlling the access to reconciled resources created from records from different providers. The invention provides a means of specifying authorization requirements for individual records, based on the authenticated user, and a conflict resolution mechanism used to determine the attributes of the reconciled resource whose access is granted to this specific user. The invention provides a method for controlling both identifying and non-identifying inf...