Distributing permission information via a metadirectory

Abstract

A permission information system and method are provided. The system facilitates management of permissions across a wide variety of systems and applications in a network environment. The system includes a data store which is a central repository that maintains permissions (e.g., in a user readable format). The permissions can, optionally, be translated into a format that is useable by endpoint system(s).

Description

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a permission information system.

FIG. 2 is a block diagram of a permission information system.

FIG. 3 is a block diagram of a permission information system.

FIG. 4 is a flow chart of an access permission information system.

FIG. 5 illustrates an example operating environment.

FIG. 6 illustrates an exemplary networking environment.

Claims

1. A permission information system, comprising: a data store that stores permission information for a resource; and,a metadirectory component that, based at least in part, upon a change in information stored in the data store, provides permission information to an end system.

2. The system of claim 1, where the permission information is stored in a user readable format.

3. The system of claim 1, further comprising a translator that transforms permission information from a format used in the data store into a format that is consumable by the end system.

4. The system of claim 3, the transformed permission information stored in a separate area of the data store, or in a separate area in a set of data stores.

5. The system of claim 3, the translator performs rule checking on the permission information.

6. The system of claim 3, further comprising a plurality of translators with each of the translators able to translate the user readable format into a format that is consumable by a particular end system.

7. The system of claim 3, further comprising a single translator employed to translate the user readable format into a format that is consumable by each of the end system(s).

8. The system of claim 3, the translator transforming the permission information into a properly formatted access control list.

9. The system of claim 1, further comprising an administration component that allows an administrator, a set of administrators, and/or a set of processes including processes implementing workflow to manipulate data in the permissions data store(s).

10. The system of claim 1, the data store comprising a plurality of data store instances.

11. The system of claim 1, the metadirectory component is distributed between two or more computer systems.

12. The system of claim 1, the metadirectory component synchronizes security policy information employed by the end system(s).

13. The system of claim 1, the data store is a relational database system.

14. The system of claim 1, the metadirectory component provides permission information to an end system based, at least in part, upon a pre-configured rule.

15. The system of claim 1, the end system employs the permission information to enforce security policy.

16. An access permission information method, comprising: receiving modified access information;storing the modified access information;translating the modified access information; and,providing the translated modified access information to an end system.

17. The method of claim 16, storing the modified access information, further comprising storing the modified access information in an access data store.

18. The method of claim 16, further comprising employing the translated modified access information to enforce a security policy.

19. An access permission information system, comprising: means for storing access permission information for a resource; and,means for providing access permission information to an end system.

20. The system of claim 19, further comprising means for translating the access permission information into a format consumable by the end system.