Appeal No. 2000-1360
Application No. 08/632,251
The invention is directed to a method and apparatus for
controlling server access to a resource in a client/server
system. More particularly, the invention is directed to the
problem of “untrusted” servers which present a security risk
since the host system cannot assume that they have not
manipulated a client’s identity and are not accessing a
resource on their own behalf while purporting to act on behalf
of a client. Access rights of these servers acting as
principals are specified by the instant invention by allowing
such servers to access only those host resources that the
servers themselves can access as principals, even when the
servers purport to be acting on behalf of a client that has
access to those resources. Since untrusted servers access
rights are limited, untrusted servers are allowed to coexist
on a host system together with trusted servers.
Representative independent claim 1 is reproduced as
follows:
1. In a client/server system in which a server executing
on a host system performs application services for a client
that involve accessing a host resource, said client and said
server each having independently specified access rights to
said host resource, a method of controlling server access to
said host resource comprising the steps of:
2–
Page: Previous 1 2 3 4 5 6 7 8 9 Next
Last modified: November 3, 2007