The present invention relates to information management. More particularly, embodiments of the invention relate to systems and methods for automated discovery of environment objects operating in a network.
The world is slowly and continually moving from being paper-based to being electronic-based and this is becoming apparent in a wide variety of different systems. Businesses, schools, and even home life are transitioning to electronic systems. For example, email is becoming a primary means of communication rather than sending regular mail. Bills are paid online. Airlines often prefer electronic ticketing and online check-in. The list goes on. There are several reasons for this transition, one of which is the convenience and accessibility of electronic systems. Email, for example, often arrives shortly after sending it.
As entities become more centered on electronic data, the ability to manage the electronic data becomes crucial for a wide variety of different reasons. Much of the electronic data maintained by an entity or organization often relates to different aspects of the entity and often is subject to various considerations. For example, much of the data of an entity may be dependent on the current business. Data related to a new and upcoming product, for example, may be business critical that should be safeguarded in various ways. At the same time, the entity may have older data about a product being phased out that is no longer subject to the same safeguards. More generally, there are a number of different factors that may determine how certain data is handled or that determine the services that are needed for the data. Some of the factors or considerations include data security, data backup, data retention, data access control, regulatory compliance, corporate compliance, and the like or any combination thereof. Further, much of the data is unstructured at least in the sense that the data's value to the entity is not readily known and thus the services required for the data is not necessarily known.
For example, an entity may have a file storage system that it backs up on a regular basis. However, there may be many files on the file storage system that have little or no value to the entity. As a result, the entity is often paying for services that are not required. Perhaps more importantly, there may be content in the file storage system that is not receiving sufficient service.
In other words, one of the problems faced by users is related to being able to better identify services that are required. As discussed above, current users often have too much or to little services. In the latter case, companies are at risk, for example, if they do not apply retention and protection to all the files that need it, like files with personal information about employees. But not all such files are recognized as such and are not getting the right services.
As a result, there is clearly a need in the industry to be able to properly identify and seek the right service levels. At the same time, there is also a need to be able to provide data classification and data reporting, even if existing service levels are not changed. The ability to simply classify data would enable entities to better evaluate the value of their data.
For example, the unstructured nature of most systems often makes it difficult to ensure that the proper services are sought. However, making decisions on how to manage the data of an entity is often further complicated by the organization of the entity irrespective of the data. For example, any given entity typically has more than one “line of business.” An engineering firm that performs contract work for the government, for instance, often has data that is associated with the engineering being performed. At the same time, the engineering firm may also have data that is associated with the legal department or corporate aspect of the engineering firm, data that is associated with human resources, and the like. In other words, a given entity often has various domains of data or different shares of data, some of which may be shared by the various lines of business.
In each line of business, there is often data that may be subject to certain requirements that are different from requirements that exist with respect to data in the other lines of business. Further, each line of business may have a different way of referring to types of data. All of these differences combine to make providing information management a complex and difficult process.
In today's world, entities are faced with questions such as identifying the levels of security or retention that apply to various files or needing to know which data is critical to the business. Entities must also account for the effects of time on certain data. Data that is associated with a cancelled project, for example, may no longer require certain services. In addition, entities would like to be able to better value their existing data.
One of the failures of conventional systems is related to their failure to understand and account for their network. A network, for example, may want to secure multiple levels of service. If the service provider is unaware of such storage on a network, however, then it may be unable to provide such service. Further, it is not practical to manually assign objects to the various service levels because of the sheer number of objects that are typically present in a network. This is one of the reasons, that most systems either provide too much or too little protection because of their inability to understand the environment in an automated fashion that can account for differences between the network's objects that often have an impact of the service levels required.
In sum, the data of an entity is an important asset and should be properly safeguarded. This means that services such as back, retention, encryption, etc., need to be obtained and orchestrated such that entities have neither too little or too much services for their data. As indicated above, conventional systems do not enable entities to effectively manage their data. As a result, these entities either have too much or too little protection for their data. Entities need a way to manage their data so as to comply with all relevant requirements without purchasing too many services and without providing insufficient services. Entities also need a way to manage their data in an ongoing manner as conditions in the entity change.
These and other limitations are overcome by embodiments of the invention, which relates to systems and methods for providing information management and in particular to discovering environment objects in a network. The ability to discover and classify environment objects enables an information management system to ensure that a network can better value its data and better identify the types of services that are needed to protect the data.
When providing information management, the discovery of network environments is one of the first processes performed. Through discovery, servers or devices that act like servers are discovered, applications are discovered, and information describing the servers and applications is collected. For example, environment discovery may result in the discovery of a server that provides tiered storage. This information can then be used when assigning storage services for the data. By better matching data requirements with offered levels of service, data can be provisioned with more cost effective services including cost effective services.
In one example of discovery in the context of information management, a discovery module first establishes a connection with multiple adapters. The adapters are able to provide information about environment objects in a network by themselves or in conjunction with another external module. The discovery module then begins discovering environment objects using the adapters. The discovery module receives information from or through the adapters. The information describes aspects about discovered environment objects. At each stage of discovery, attributes or metadata discovered allows the discovery module to user additional adapters in the discovery process to both refine and extend the attributes of a discovered object and to discover further objects related to a previous object. Thus, the discovery of environment objects cascades through the use of adapters and by building on discovered attributes. Finally, the discovered environment objects as well as the corresponding information (attributes or metadata) is stored in a database. This accumulated information can be used by an information management system for various reasons, including identifying service levels or valuing data in a network.
In one embodiment, discovery of environment objects is initiated and objects are discovered. An adapter is used to collect information from the object. The collected information can be used to drive a cascaded discovery of the object such that additional information is collected for each discovered object. The collected information can be used to drive a cascaded discovery of the object such that, for each discovered object, additional information is collected and related. Subordinate objects can also be discovered.
Additional features and advantages of the embodiments disclosed herein will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the invention. The features and advantages of the embodiments disclosed herein may be realized and obtained by means of the instruments and combinations particularly pointed out in the appended claims. These and other features of the embodiments disclosed herein will become more fully apparent from the following description and appended claims, or may be learned by the practice of the embodiments disclosed herein as set forth hereinafter.
In order to describe the manner in which the above-recited and other advantages and features of the invention can be obtained, a more particular description of the invention briefly described above will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings. Understanding that these drawings depict only typical embodiments of the invention and are not therefore to be considered to be limiting of its scope, the invention will be described and explained with additional specificity and detail through the use of the accompanying drawings.
Embodiments of the invention relate to information or data management and more particularly to systems and methods for acquiring information describing environment that may include objects including servers, systems, and services. The discovery of environment objects provides information that can be used to better provide or better orchestrate information management. The discovery of environment objects also enables an entity to better value its data.
I. Information Management
Information management enables the orchestration of services such as data protection, data placement, corporate compliance, and others based on the value of the underlying data. The ability of information management to orchestrate and/or provide these services is related to the ability of the information management system to understand the environment in which the services are required. Embodiments of the invention include the acquisition of this knowledge by discovering environment objects in a computer or computing system.
This knowledge can be obtained through discovery of the computer system, which provides the information management system with an understanding of the relationships that may exist between the various servers (and other devices) on the computer system and the data that is accessible over the computer system and the applications or services operating therein. The discovery of a computer system provides an information management system with information that can be used to classify the computer system and its resources as well as the data in the network. Advantageously, embodiments of the invention enable the classification or categorization of objects in a computer system to be automated. As previously discussed, many computer systems include hundreds of thousands of objects. Automated classification is a great advance over manual classification of objects.
After the computer system (infrastructure and data) has been discovered, it is useful to classify the data that is in the computer system. Classification is a process that enables each object to be grouped with other objects or be examined in a manner that enables the needed services for that object to be identified. An object can be any data (e.g., file), server, service, or the like in the network. Classification typically assigns one or more categories to each object.
Once classification is complete (e.g., categories have been assigned to the objects), service level management is performed using the assigned categories. Service level management provides methods for modeling/mapping the results of discovery and classification to service levels. There are two aspects to service level management. First, the categories of each object are examined to identify service level objectives. These service level objectives effectively identify recommended services for each object. The second aspect relates to the service levels that are offered by the resources of a computer system. For example, the servers, storage devices, and services often offer certain services or various service levels in a service package. Service level mapping encompasses both the aspect of identifying service level objectives and then selecting an appropriate service package based on those service level objectives.
After service levels have been identified, the various services can be orchestrated and executed. Advantageously, the services can be carried out with respect to individual objects rather than on shares or drives. As a result, an entity may only pay for the services that are actually needed rather that pay for services that may not be needed. Further, unstructured data is categorized and can be provided with the services based on its value to the entity. In one embodiment, classification is a way for an entity to automatically place a value on the various objects of data. The classification process can also be used as a way to value the underlying objects even if a service package is not selected.
Information management is also a process that can be ongoing. In most computer systems, objects are continually added to a computer system and those objects typically require certain services (backup, retention, etc.). In addition to new objects, many objects also have a lifecycle associated with them. As a result, the status or need for services for certain objects can change over time. Information management incorporates lifecycle aspects such that data that grows old or stale can have the various services changed as needed.
Also, embodiments of the invention include reports, auditing, gap analysis, and the like to ensure that the services being provided are adequate. This protective ability ensures, for example, that a company complies with any applicable rule or regulation. The detection of a gap in service, for example, can lead to a change in service levels.
II. Computing System Environment
Information management is scalable and can be implemented in a variety of different computer or computing systems. A computer system, by way of example only, may refer to a single computer, to multiple computers (including clients and/or server computers, and other devices) that are connected with a network. The objects of a computer system can include servers, applications, services, data, files, content and the like or any combination thereof. Embodiments of the invention are discussed with reference to a network, which is one example of a computer or computing system.
In this example, the network 100 is a computer system that represents a network such as a local area network, a wide area network, and the like or any combination thereof. The connections in the system or network 100 can be wired and/or wireless. In this case, the network 100 typically includes clients 102 that have access to various servers 104 and to data 114. Various services are typically provided by the servers 104 and, in some embodiments, access to some or all of the data 114 is controlled by the various servers 104. Some of the data 114 (e.g., backed up data) is not necessarily available to the clients 102.
Examples of the servers 104 may include a file server 106, an email server 110, a backup server 108, and an information management server 112 and the like or any combination thereof. Each of the servers 104 resides in or is accessible over the network 100. The data 114 may include file storage 118, a database 116, and the like. The file storage 118 and database can be implemented in various ways using different software, different configurations, and the like. The hardware used to store the data 114 can include network attached storage (NAS) systems, and any other system known to one of skill in the art.
The data 114 can also be partitioned in different ways as well for different lines of business within the entity. For example, the data 114 may include a share for home directories, a shared area, an engineering share, and a marketing and sales share. Each share may be in its own domain to allow fine grain management by the respective line of business. One advantage of having different shares is that the corresponding files can be owned by different users.
One of skill in the art can appreciate that the clients 102, servers 104, and data 114 can be connected in a wide variety of configurations using various types of connections. Further, the software that operates on the servers 104, clients 102, and on the data 114 in some instances, may have certain properties or configurations. As previously discussed, it is this variability that can often complicate the ability to manage the information in a network.
III. Discovery of the Environment of a Computer System
Information management according to embodiments of the invention has several components that work together to provide an understanding of the value of an entity's information. Information management also reduces various risks (such as non-compliance) often associated with unstructured data. As described below, embodiments of the invention provide a system for classifying data such that the appropriate services can be provided to the entity's data. Embodiments of the invention also enables services that are required by an entity to be effectively identified and orchestrated. Examples of the services often required by entities includes backup services, retention services, corporate compliance services, regulatory compliance, data accessibility, data deletion, and the like or any combination thereof.
In
In this example, the information management system 112 discovers the file server 202 and the server 204. Even though the storage 208 being managed by the file server 202 may have an IP address, it is not necessarily acting like a server. Often, the storage 208 may not have an IP address and are discovered as additional adapters probe the capabilities and attributes of the server 202. As a result, this aspect of the infrastructure of the network 100 may not be discovered initially, but is discovered through the use of additional adapters.
Advantageously, the discovery module 306 is not required to have a complete understanding of all types of environment objects. The adapters enable the discovery module 306 to collect the necessary information. In effect, the adapters provide a common strategy for interacting with various modules and services that can provide information about the environment objects.
The adapter 408 is associated with another module that may provide a compatibility database that enables, for example, compatibility of the server 410 to be identified. This information received through the adapter 408 is added to the data 404. In this manner, the information management system 112 begins to collect information that enable the objects in the computer system (network in this example) to be discovered in a manner that can later be used to provide services that may include, but are not limited to, backup, retention, encryption, secure storage, tiered storage, file migration, disaster recovery, operational recovery, corporate compliance, regulatory compliance, and the like or any combination thereof.
For example, the server 410 may be a back up server that backs up data on the network. The adapter 406 may only be able to discover that the server 410 is acting like a server. The adapter 406, however, is unable to determine that the server 410 is a backup server. The adapter 408 may be able to determine that the server 410 is compatible with a particular operating system. This enables the information management system to collect additional information from the server 410 that can be stored in the data 404.
Alternatively, the adapter 408 may be specifically designed for the server 410. For example, the server 410 may be a gateway to a storage system such as a NAS server. The adapter 408 is an adapter specifically targeted to the NAS server. As a result, the adapter 408 may be able to discover additional information that may include, but is not limited to, firmware version, type of storage, IP addresses of storage devices, tiered storage capabilities, and the like or any combination thereof.
The discovery of the network can provide a substantial benefit to the information management system when it comes time to identify services and to orchestrate those servers. For example, by discovering that a backup server provides tiered storage, or by determining the amount of storage available, etc., the backup services can be allocated appropriately. Thus, files that are categorized as requiring second tier storage or lower priority storage can be stored accordingly while files requiring first tier or high priority services can also be stored accordingly.
Advantageously, the cost incurred by an entity for certain services can be managed more effectively because the entity's data is being provide with services that are actually required. Thus, an entity is not necessarily charged for services that are not required. At the same time, the entity can be assured that it is receiving the services that it actually needs.
In another example, part of the discovery of the environment also includes discovery of services. The discovery of services can also involve the use of adapters. For example, a payroll application often involves a software aspect (people management) and hardware (database). An adapter can be used to identify tables and log files in a database that are consistent with the software application. Next, communications to the database can be examined to identify the types of queries or to examine the headers of the communications. This information together can enable the information management service to identify the various communicating components and to present the application as an environment object of the network. For example, when particular tables of the database are known to be part of a payroll application, then they may be backed up more frequently, retained for some period of time, encrypted if they contain personal data, and the like.
As illustrated below, the discovery of a computer system results in the collection of data that can be used by an information management system as it categorizes objects (including environment objects) and determines services level objectives for those objects.
In another embodiment of the invention, the discovery module or the discovery portion of information management can attempt to collect more information from environment objects by simply attempting to communicate using various protocols. If an environment object does not respond to a particular call or to the use of a particular adapter, then another can be tried.
In another embodiment, information gleaned from one adapter can be used to select the next adapter. For example, a server operating on a network may be identified as a Windows device. In this case, a windows adapter can then be tried to collect additional information. If the windows device reveals that the server is an email server, then the appropriate adapter for that type of email server can be used to collect additional data.
Over time the collected information accumulates and can be used to better categorize all objects (environment objects, data objects, etc.) and better value the objects of the network. Also, more information about an object enables the needed service level objects to be identified more accurately, and orchestrated more effectively. Further, the information collected about a service or an object (such as a backup server) can aid the classification process in identifying service levels and in orchestrating the associated services.
In this example, an object 610 is created in a database 608 for each object in the network including environment objects. In this example, the object 610 is associated with the environment object 606 and the entries 618 represent the information discovered by the information management system 620 about the object 606. The object 610, in other words, contains metadata about the corresponding object in the computer system.
More particularly, the discovery module 622 of the information management system 620 uses the adapters 600 to discover environment objects such as servers, applications, and the like as previously described. In this example, the adapter 602 has discovered the object 606 is acting like a server on the network. This information may be stored as an entry 612 in the object 610.
With this information, the object 606 may then be probed with the adapter 604, which discovers that the object 606 is a file server. This information may be stored as the entry 614 in the object 608. With this type of known information, the object 606 may be examined with other adapters to determine the type of file server. In this example, the adapter 624 is for a particular type that is the same as the type of file server. For example, the object 606 may be a “X” file server (among other choices) and the adapter 624 may be an “X” specific adapter. As a result, the adapter 624 may be able to discover additional information such as firmware version and other configuration information that is unique to this specific type of file server. This information is also stored in the object 610.
In cascaded discovery, the results obtained by a particular adapter can therefore be used to drive the process of additional discovery. By discovering an object in this manner, an information management system can more effectively assign categories to content and more effectively identify service level objectives, better value the data, and the like or any combination thereof.
For example, it may be discovered that the object 606 offers tiered storage. With this knowledge, an information management system can identify specific service level objectives for other objects accordingly. As a result, the objects ultimately receive the needed services. Alternatively, the information management system 620 may be made aware of its needs by the discovery and classification processes performed by the information management system 620 without actually changing existing service levels.
In this example, however, the information management system collects 704 information describing a discovered object. Using this collected information, an information management system may then probe 706 the object with additional adapters. In this manner, the environment objects are subjected to cascaded discovery as described herein.
IV. Discovery in Information Management
The following discussion illustrates the discovery of a network in the context of information management. and
In this example, the information management system 500 includes an adapter API 522 that interfaces with a plurality of adapters 524. The adapters 524 are used by the information management system 500 to interface with network (or with another computer system). Information management 500 uses adapters 524 to discover the infrastructure of the network, to discover the objects (data, files, information, etc.) of the network, for classification of the data, and/or for action orchestration.
The adapters 524 can each be specifically prepared to enable the information management system 500 to interface and interact with various aspects of the network. For example, one adapter may enable the system 500 to discover IP devices on the network that are acting like servers. Another adapter may enable the system 500 to discover more information about specific types of network attached storage (NAS). Another adapter may enable the system 500 to example or watch the network in order to discover services. For example, if a particular NAS has its own adapter, it can typically collect more information than what can be collected by a generic adapter. For example, the specific adapter can take advantage of features in the NAS that are not necessarily available to other adapters. As more information is discovered or collected, the information management 500 can perform better classification. One of skill in the art can appreciate that many different adapters are possible. The adapters 524 can be used by each aspect of the system 500.
The system 500 includes an adapter manager 522 that provides an interface between the adapters 524 and the system 500. The adapter manager 522 can abstract the interface between the system 500 and the adapters 524 such that adapters can easily be accommodated by the system 500.
The discovery 512 portion of the system 500 uses the adapters 524 to discover the infrastructure and the other objects of the network 526. The discovery 512 portion, for example, may use a particular adapter to discover information about a backup server. The discover 512 portion may also use other adapters to discover the same backup server. All of the information collected through the adapters 524 can be combined or correlated.
After discovery (or during in some instances), classification is performed. In this embodiment, classification includes metadata collection 514 and metadata generation 516. The metadata collection 514 portion begins to collect metadata about the infrastructure and the objects. This can be performed, for example, by queries through the various adapters 524. Examples of metadata include size, owner, path, line of business, creation date, or any other information that can be collected using an adapter or information that may be provided about the data or device.
Metadata can also be generated during metadata generation 516. The generated metadata generates additional metadata that can be used to classify the data. For example, rules, hash rules, computer information service rules, classifier rules, etc. are examples of rules or methods that can be used to generate metadata. Finally, category assignment rules are executed that assign the data to one or more categories.
Once the categories have been assigned to the various objects, the coordinator 510 can then initiate service level mapping 518. Service level mapping includes identifying service level objectives from the assigned categories of the objects. The desired services are then mapped to services that are actually available. For example, a service provider that offers backup, retention, and other services often offers bundles of services, but does not typically offer bundles that specifically cover every potential need or variation. As a result, service level mapping is the process of identifying the best fit. One of skill in the art can appreciate that embodiments of the invention could identify the exact services required, but may be limited by the services that are actually available. As a result, service level mapping includes the process of mapping the services level objectives to available services from the service providers.
Next, the coordinator 510 provides action orchestration 520. Action orchestration 520 is the process by which the selected services in the service levels can be implemented. In one example, the action orchestration submits a proposal to orchestration adapters. The adapters report their ability to satisfy the proposal of the action orchestration 520 at specified locations. The action orchestration 520 then selects the best location and adapter set to satisfy the service requirements of the data. The actions are then performed.
The information management system includes a repository service 526 that has access to a database 526. In one embodiment, the database 528 is used to store infoobjects, which are objects used to record the processing state of data in the network and to record specific information. The infoobject can be persisted for state information and can support dynamic properties. For example, as new information is discovered or additional classification information is found or accumulated, this information can be recorded and stored in the infoobject. For example, an infoobject may include the categories assigned for data. These categories, as described above, can then be used for service level mapping.
The embodiments described herein may include the use of a special purpose or general-purpose computer including various computer hardware or software modules, as discussed in greater detail below.
Embodiments within the scope of the present invention also include computer-readable media for carrying or having computer-executable instructions or data structures stored thereon. Such computer-readable media can be any available media that can be accessed by a general purpose or special purpose computer. By way of example, and not limitation, such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to carry or store desired program code means in the form of computer-executable instructions or data structures and which can be accessed by a general purpose or special purpose computer. When information is transferred or provided over a network or another communications connection (either hardwired, wireless, or a combination of hardwired or wireless) to a computer, the computer properly views the connection as a computer-readable medium. Thus, any such connection is properly termed a computer-readable medium. Combinations of the above should also be included within the scope of computer-readable media.
Computer-executable instructions comprise, for example, instructions and data which cause a general purpose computer, special purpose computer, or special purpose processing device to perform a certain function or group of functions. Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.
As used herein, the term “module” or “component” can refer to software objects or routines that execute on the computing system. The different components, modules, engines, and services described herein may be implemented as objects or processes that execute on the computing system (e.g., as separate threads). While the system and methods described herein are preferably implemented in software, implementations in hardware or a combination of software and hardware are also possible and contemplated. In this description, a “computing entity” may be any computing system as previously defined herein, or any module or combination of modulates running on a computing system.
The present invention may be embodied in other specific forms without departing from its spirit or essential characteristics. The described embodiments are to be considered in all respects only as illustrative and not restrictive. The scope of the invention is, therefore, indicated by the appended claims rather than by the foregoing description. All changes which come within the meaning and range of equivalency of the claims are to be embraced within their scope.
This application is a Continuation of U.S. application Ser. No. 11/528,783, filed Sep. 27, 2006, which claims the benefit of: U.S. Provisional Application Ser. No. 60/826,072, filed Sep. 18, 2006 and entitled “INFORMATION MANAGEMENT”;U.S. Provisional Application Ser. No. 60/826,073, filed Sep. 18, 2006 and entitled “CASCADED DISCOVERY OF INFORMATION ENVIRONMENT”;U.S. Provisional Application Ser. No. 60/826,053, filed Sep. 18, 2006, entitled “ENVIRONMENT CLASSIFICATION”;U.S. Provisional Application Ser. No. 60/826,074, filed Sep. 18, 2006 and entitled “INFORMATION CLASSIFICATION”; andU.S. Provisional Application No. 60/826,042, filed Sep. 18, 2006, entitled “SERVICE LEVEL MAPPING METHOD”;which applications are incorporated herein by reference in their entirety.
Number | Name | Date | Kind |
---|---|---|---|
5678044 | Pastilha et al. | Oct 1997 | A |
6003040 | Mital et al. | Dec 1999 | A |
6167445 | Gai et al. | Dec 2000 | A |
6182075 | Hsu | Jan 2001 | B1 |
6308216 | Goldszmidt et al. | Oct 2001 | B1 |
6349297 | Shaw et al. | Feb 2002 | B1 |
6363053 | Schuster et al. | Mar 2002 | B1 |
6430613 | Brunet et al. | Aug 2002 | B1 |
6591300 | Yurkovic | Jul 2003 | B1 |
6633312 | Rochford et al. | Oct 2003 | B1 |
6829745 | Yassin et al. | Dec 2004 | B2 |
6862594 | Saulpaugh et al. | Mar 2005 | B1 |
6865728 | Branson | Mar 2005 | B1 |
6970869 | Slaughter et al. | Nov 2005 | B1 |
7028312 | Merrick et al. | Apr 2006 | B1 |
7185073 | Gai et al. | Feb 2007 | B1 |
7240076 | McCauley et al. | Jul 2007 | B2 |
7278156 | Mei et al. | Oct 2007 | B2 |
7363292 | Chaboche | Apr 2008 | B2 |
7412518 | Duigou et al. | Aug 2008 | B1 |
7433304 | Galloway et al. | Oct 2008 | B1 |
7543020 | Walker et al. | Jun 2009 | B2 |
7548915 | Ramer et al. | Jun 2009 | B2 |
7565324 | Vincent | Jul 2009 | B2 |
7565656 | Yamasaki et al. | Jul 2009 | B2 |
7580357 | Chang et al. | Aug 2009 | B2 |
7613806 | Wright et al. | Nov 2009 | B2 |
7616642 | Anke et al. | Nov 2009 | B2 |
7640345 | Nair et al. | Dec 2009 | B2 |
7676798 | Snover et al. | Mar 2010 | B2 |
7720950 | Joanovic et al. | May 2010 | B2 |
7725570 | Lewis | May 2010 | B1 |
7725571 | Lewis | May 2010 | B1 |
7730172 | Lewis | Jun 2010 | B1 |
7734765 | Musman et al. | Jun 2010 | B2 |
7739239 | Cormie et al. | Jun 2010 | B1 |
7752312 | Perrin et al. | Jul 2010 | B1 |
7895220 | Evans et al. | Feb 2011 | B2 |
7953740 | Vadon et al. | May 2011 | B1 |
8046366 | Perrin et al. | Oct 2011 | B1 |
8069435 | Lai | Nov 2011 | B1 |
8104080 | Burns et al. | Jan 2012 | B2 |
8135685 | Nair et al. | Mar 2012 | B2 |
8346748 | Nair et al. | Jan 2013 | B1 |
8522248 | Nair et al. | Aug 2013 | B1 |
8543615 | Nair et al. | Sep 2013 | B1 |
8548964 | Nair et al. | Oct 2013 | B1 |
8612570 | Nair et al. | Dec 2013 | B1 |
8620724 | Adhiraju et al. | Dec 2013 | B2 |
8732215 | Nair et al. | May 2014 | B2 |
8819212 | Nair et al. | Aug 2014 | B1 |
8832246 | Nair et al. | Sep 2014 | B2 |
8868720 | Nair et al. | Oct 2014 | B1 |
8938457 | Nair et al. | Jan 2015 | B2 |
9135322 | Nair et al. | Sep 2015 | B2 |
9141658 | Nair et al. | Sep 2015 | B1 |
9323901 | Nair et al. | Apr 2016 | B1 |
9361354 | Bell, II | Jun 2016 | B1 |
9461890 | Nair et al. | Oct 2016 | B1 |
20020016800 | Spivak et al. | Feb 2002 | A1 |
20020038307 | Obradovic et al. | Mar 2002 | A1 |
20020091746 | Umberger et al. | Jul 2002 | A1 |
20020099814 | Mastrianni | Jul 2002 | A1 |
20020109713 | Carchidi et al. | Aug 2002 | A1 |
20020120685 | Srivastava | Aug 2002 | A1 |
20020161883 | Matheny et al. | Oct 2002 | A1 |
20030023587 | Dennis et al. | Jan 2003 | A1 |
20030023712 | Zhao et al. | Jan 2003 | A1 |
20030036886 | Stone | Feb 2003 | A1 |
20030041050 | Smith | Feb 2003 | A1 |
20030093528 | Rolia | May 2003 | A1 |
20030140009 | Namba et al. | Jul 2003 | A1 |
20030167180 | Chung et al. | Sep 2003 | A1 |
20030196108 | Kung | Oct 2003 | A1 |
20030200357 | Yanosy | Oct 2003 | A1 |
20030212778 | Collomb | Nov 2003 | A1 |
20030225829 | Pena | Dec 2003 | A1 |
20030233391 | Crawford et al. | Dec 2003 | A1 |
20030233464 | Walpole et al. | Dec 2003 | A1 |
20030234815 | Delaney | Dec 2003 | A1 |
20030236904 | Walpole et al. | Dec 2003 | A1 |
20040060002 | Lucovsky et al. | Mar 2004 | A1 |
20040098415 | Bone et al. | May 2004 | A1 |
20040133876 | Sproule | Jul 2004 | A1 |
20040210601 | Takayama | Oct 2004 | A1 |
20040215650 | Shaji et al. | Oct 2004 | A1 |
20040236660 | Thomas et al. | Nov 2004 | A1 |
20040243699 | Koclanes et al. | Dec 2004 | A1 |
20050060662 | Soares et al. | Mar 2005 | A1 |
20050071182 | Aikens et al. | Mar 2005 | A1 |
20050091346 | Krishnaswami | Apr 2005 | A1 |
20050102297 | Lloyd | May 2005 | A1 |
20050125768 | Wong et al. | Jun 2005 | A1 |
20050131982 | Yamasaki et al. | Jun 2005 | A1 |
20050132034 | Iglesia et al. | Jun 2005 | A1 |
20050177545 | Buco et al. | Aug 2005 | A1 |
20050197852 | Gebhard et al. | Sep 2005 | A1 |
20050235342 | Ene-Pietrosanu et al. | Oct 2005 | A1 |
20050251533 | Harken et al. | Nov 2005 | A1 |
20050262097 | Sim-Tang et al. | Nov 2005 | A1 |
20050273451 | Clark et al. | Dec 2005 | A1 |
20050289216 | Myka et al. | Dec 2005 | A1 |
20060015388 | Flockhart et al. | Jan 2006 | A1 |
20060036463 | Patrick et al. | Feb 2006 | A1 |
20060039364 | Wright | Feb 2006 | A1 |
20060092861 | Corday et al. | May 2006 | A1 |
20060095543 | Ito | May 2006 | A1 |
20060095570 | O'Sullivan | May 2006 | A1 |
20060101084 | Kishi | May 2006 | A1 |
20060106782 | Blumenau et al. | May 2006 | A1 |
20060112108 | Eklund | May 2006 | A1 |
20060114832 | Hamilton et al. | Jun 2006 | A1 |
20060123030 | Musteata et al. | Jun 2006 | A1 |
20060129415 | Thukral et al. | Jun 2006 | A1 |
20060129974 | Brendle et al. | Jun 2006 | A1 |
20060179143 | Walker et al. | Aug 2006 | A1 |
20060236061 | Koclanes | Oct 2006 | A1 |
20060248165 | Sridhar | Nov 2006 | A1 |
20060248187 | Thorpe | Nov 2006 | A1 |
20070033273 | White et al. | Feb 2007 | A1 |
20070038683 | Dixon et al. | Feb 2007 | A1 |
20070055689 | Rhoads et al. | Mar 2007 | A1 |
20070058632 | Back et al. | Mar 2007 | A1 |
20070061363 | Ramer et al. | Mar 2007 | A1 |
20070070894 | Wang | Mar 2007 | A1 |
20070083875 | Jennings | Apr 2007 | A1 |
20070094392 | Stone et al. | Apr 2007 | A1 |
20070103984 | Kavuri et al. | May 2007 | A1 |
20070104208 | Svensson | May 2007 | A1 |
20070127370 | Chang et al. | Jun 2007 | A1 |
20070153802 | Anke et al. | Jul 2007 | A1 |
20070162749 | Lim | Jul 2007 | A1 |
20070192352 | Levy | Aug 2007 | A1 |
20070208751 | Cowan et al. | Sep 2007 | A1 |
20070214208 | Balachandran | Sep 2007 | A1 |
20070226228 | Her | Sep 2007 | A1 |
20070260640 | Hamilton et al. | Nov 2007 | A1 |
20070294209 | Strub | Dec 2007 | A1 |
20070294406 | Suer et al. | Dec 2007 | A1 |
20070299828 | Lewis et al. | Dec 2007 | A1 |
20080002678 | Klessig | Jan 2008 | A1 |
20080005086 | Moore | Jan 2008 | A1 |
20080021850 | Irle | Jan 2008 | A1 |
20080049642 | Gudipudi | Feb 2008 | A1 |
20080059387 | Vaidhyanathan et al. | Mar 2008 | A1 |
20080071726 | Nair et al. | Mar 2008 | A1 |
20080071727 | Nair et al. | Mar 2008 | A1 |
20080071813 | Nair et al. | Mar 2008 | A1 |
20080071908 | Nair et al. | Mar 2008 | A1 |
20080077682 | Nair et al. | Mar 2008 | A1 |
20080077995 | Curnyn | Mar 2008 | A1 |
20080097923 | Kim et al. | Apr 2008 | A1 |
20080114725 | Indeck et al. | May 2008 | A1 |
20080134043 | Georgis et al. | Jun 2008 | A1 |
20080177994 | Mayer | Jul 2008 | A1 |
20080243900 | Yohanan et al. | Oct 2008 | A1 |
20080301760 | Lim | Dec 2008 | A1 |
20090064185 | Araujo | Mar 2009 | A1 |
20090077210 | Musman et al. | Mar 2009 | A1 |
20090106100 | Mashinsky | Apr 2009 | A1 |
20090150431 | Schmidt et al. | Jun 2009 | A1 |
20090157881 | Kavuri et al. | Jun 2009 | A1 |
20100191577 | Lu et al. | Jul 2010 | A1 |
20100250497 | Redich et al. | Sep 2010 | A1 |
20130110810 | Eidesen et al. | May 2013 | A1 |
20130110840 | Nair et al. | May 2013 | A1 |
Number | Date | Country |
---|---|---|
1855218 | Nov 2007 | EP |
WO 2008036621 | Mar 2008 | WO |
Entry |
---|
Ben-Ghorbel-Talbi et al.; “An Extended Role-Based Access Control Model for Delegating Obligations”; Springer-Verlag Berline Heidelberg 2009. |
Belokosztolszki et al.; “Meta-Policies for Distributed Role-Based Access Control Systems”; 2002 IEEE. |
Gasser et al., “An Architecture for Practical Delegation in a Distributed System”, 1990 IEEE Computer Society Symposium, May 7-9, 1990, pp. 20-30. |
Number | Date | Country | |
---|---|---|---|
20190377745 A1 | Dec 2019 | US |
Number | Date | Country | |
---|---|---|---|
60826073 | Sep 2006 | US | |
60826042 | Sep 2006 | US | |
60826053 | Sep 2006 | US | |
60826072 | Sep 2006 | US | |
60826074 | Sep 2006 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 11528783 | Sep 2006 | US |
Child | 16548339 | US |