Browse Prior Art Database

Transient ACL Disclosure Number: IPCOM000246203D
Publication Date: 2016-May-17
Document File: 4 page(s) / 158K

Publishing Venue

The Prior Art Database


Disclosed is a system called Transient ACL Service, which generates temporary access codes to delegated users. The transient code automatically provides the delegated user with the same access as the delegator (i.e., person who generated the code) so that the delegate can perform tasks on certain systems or documents as directed.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 4

Transient ACL

When a person delegates or shares work items with another, the delegate might not have the same access rights to systems, documents, and conferences as the delegator; therefore, the delegate cannot efficiently perform the tasks.

One possible solution to this problem is that the first user manually sends personal account and password information to the delegated user, which violates security

constraints. As another solution, the original user manually gives the delegated user control access for each system or document. This process is time-consuming, tedious, and erroneous, especially if the original user has to go back in later and revoke this access.

The novel solution is to provide the delegated user a transient code. The code automatically provides the user with the same access as the person who generated the code (or a lower access level), so that the delegated person can perform all the tasks on all systems or documents as directed.

This solution is a system called Transient ACL Service. In this system, a user signs up, generates a code with a specified lifetime, and then send this code to a delegated user. To access a system or document, the user inputs the code. The Transient ACL Service provides access to the item based on the code generator's access.

This is an automatic and immediate solution. There is no error, as the service reads the original access and assigns it to the delegated user. As long as the systems or

software is registered with the service, the delegated user has access to it. This also avoids any security constraints, because a user cannot share a user name or password, and the system audits all actions the delegated user performs under the associated name.

The service registers programs, applications, and machines on which it can operate. When the program registers with the service, it includes information such as Uniform Resource Locator (URL), name, location, and credentials to access and operate on as an administrator.

The user accesses the service to generate a transient code. The service performs a search to...