P
US9270771B2ExpiredUtilityPatentIndex 41

System and method for performing a delegation operation

Assignee: OH JAE-KWONPriority: Apr 28, 2006Filed: Apr 27, 2007Granted: Feb 23, 2016
Est. expiryApr 28, 2026(expired)· nominal 20-yr term from priority
Inventors:OH JAE-KWONKIM WUKSUNG SANG-KYUNG
H04L 67/28H04L 67/24H04L 63/08H04L 67/2819H04L 67/564H04L 67/56H04L 67/54H04L 9/32
41
PatentIndex Score
0
Cited by
14
References
12
Claims

Abstract

A method in which a delegated client sends a request message containing operation information, a delegated client identity (ID), and a delegating client ID at the time of sending an operation request to a target system. The target system receives the request message and delegation-authorizes the delegated client by examining whether the delegating client is authorized to perform the operation requested by the request message and also whether the delegating client has delegated the authority to perform the operation to the delegated client sending the request message using the delegating client ID included in the request message. A new header is provided which includes ID information of the delegating client in the request message. When receiving the request message, the target system performs a procedure for authenticating and authorizing not only the delegated client but also the delegating client using the delegating client ID.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A server for performing a delegation operation, the server comprising:
 a non-transitory memory; and 
 a processor configured for: 
 receiving, from a delegated client, a request message for requesting that the server should execute an operation for a resource, the request message including an identity (ID) of the delegated client, an ID of a delegating client, and information of the requested operation; 
 determining whether at least one authorization rule is stored in the memory based on the delegating client ID, the at least one authorization rule including information about the delegating client delegating which authority to which client; 
 when determining that the at least one authorization rule is stored in the memory, determining whether the delegating client has delegated authority to the delegated client for requesting execution of the operation based on the delegated client ID and the information about the delegating client delegating which authority to which client; 
 when determining that the at least one authorization rule is not stored in the memory, requesting, from the delegating client, the information about the delegating client delegating which authority to which client, and determining whether the delegating client has delegated authority to the delegated client for requesting the execution of the operation based on the delegated client ID and the information about the delegating client delegating which authority to which client; and 
 executing the requested operation when determining that the delegating client has delegated authority to the delegated client for requesting the execution of the operation, 
 wherein the execution of the operation comprises providing the delegated client with access to a document owned by the delegating client and stored on the server, and permitting the delegated client to modify the document, and 
 wherein the server reports the execution results to the delegated client. 
 
     
     
       2. The server of  claim 1 , wherein the request message comprises:
 a first header including the delegated client ID; and 
 a second header including the delegating client ID. 
 
     
     
       3. The server of  claim 1 , wherein the server stores information indicating that the delegated client has been authenticated with respect to the request message when determining the delegating client has delegated authority to the delegated client for requesting the execution of the operation. 
     
     
       4. The server of  claim 1 , wherein the server is an Extensible Markup Language (XML) Document Management Server (XDMS). 
     
     
       5. A method for performing a delegation operation in a delegation operation system by a server, the method comprising the steps of:
 receiving, from a delegated client, a request message including an identity (ID) of a delegated client, an ID of a delegating client, and information of a requested operation for requesting that the server execute the requested operation for a particular resource from the delegated client; 
 determining whether at least one authorization rule is stored in the server based on the delegating client ID, the at least one authorization rule including information about the delegating client delegating which authority to which client; 
 when the at least one authorization rule is stored in the server, determining whether the delegating client has delegated authority to the delegated client for requesting execution of the operation based on the delegated client ID and the information about the delegating client delegating which authority to which client; 
 when the at least one authorization rule is not stored in the server, requesting, from the delegating client, the information about the delegating client delegating which authority to which client, and determining whether the delegating client has delegated authority to the delegated client for requesting the execution of the operation based on the delegated client ID and the information about the delegating client delegating which authority to which client; 
 executing the requested operation when the delegated client is authenticated when determining the delegating client has delegated authority to the delegated client for requesting the execution of the operation; and 
 reporting the execution results to the delegated client; 
 wherein the execution of the operation comprises providing the delegated client with access to a document owned by the delegating client and stored on the server, and permitting the delegated client to modify the document. 
 
     
     
       6. The method of  claim 5 , wherein the request message comprises:
 a first header including the delegated client ID; and 
 a second header including the delegating client ID. 
 
     
     
       7. The method of  claim 5 , wherein the server stores information indicating that the delegated client has been authenticated with respect to the request message when the determining delegating client has delegated authority to the delegated client for requesting the execution of the operation. 
     
     
       8. The method of  claim 5 , wherein the server is an Extensible Markup Language (XML) Document Management Server (XDMS). 
     
     
       9. The server of  claim 1 , wherein the server comprises:
 a proxy server for authenticating the delegated client as a requesting client of the request message, and 
 a target system for authenticating the delegating client and the delegated client and executing the requested operation. 
 
     
     
       10. The server of  claim 9 , wherein the proxy server authenticates the delegated client as the requesting client of the request message and forwards the request message received from the delegated client to the target system, and the target system determines whether the delegating client has delegated authority to the delegated client. 
     
     
       11. The method of  claim 5 , wherein the server comprises:
 a proxy server for authenticating the delegated client as a requesting client of the request message, and 
 a target system for authenticating the delegating client and the delegated client and executing the requested operation. 
 
     
     
       12. The method of  claim 11 , wherein the proxy server authenticates the delegated client as the requesting client of the request message and forwards the request message received from the delegated client to the target system, and the target system determines whether the delegating client has delegated authority to the delegated client.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.