1. Field of the Invention
The present invention relates in general to the field of information processing, and more specifically to a system and method for providing security for variable domain resource data in an electronic data processing system.
2. Description of the Related Art
Data security issues often exist at the forefront of technology challenges faced by entities that maintain, use, view, manipulate, and otherwise access data. Often entities desire to grant different levels of access to different subsets of data to different principals. For example, in a product configuration context, it may be desirable to allow some principals to access one set of data and allow others principals to access another set of data, and the data represents a single, data configuration space.
Prior to discussing conventional data security solutions, for reference purposes, this application uses the following definitions unless otherwise indicated:
Resource Data (Also Referred to as a “Resource”)
Principal
Permission
Access Control List (ACL)
Condition
Part
Part Group
Attribute
Configuration Model
Conventional data security solutions fall into one of the following two categories:
Solutions for applications with very simple security needs will usually fall into the first category. These applications are characterized by relatively few resource data, and these resource data may not have well defined properties. Each resource data has its own ACL that controls access to the resource data. The security solutions for these applications become slower and more difficult to manage when the number of resource data increases.
A large number of applications require a much more complex security solution. Applications in the second category can be characterized by a large or very large number of resource data that have well defined properties or domains. There are typically many ACL-to-resource data relationships. An example of a 1 ACL-to-many resource data relationship is an ACL that controls access to all row and columns in a database table. Another example is an ACL associated with a directory in a file system that also controls access to all files in that directory. An example of a many ACL-to-1 resource data relationship is a multi-level hierarchy of directories in a file system where a separate ACL exists for each directory in the hierarchy along with rules of inheritance that define how the many ACLs combine together to control access to a file.
As the number and complexity of the conditions and resource data increases, the conventional data security solutions become increasingly difficult to maintain, performance decreases, and the possibility of ill defined or overlapping conditions in ACLs increases, thereby necessitating a definition for conflict resolution process.
An application that points out the shortcoming of the two conventional data security solutions is product configuration. A resource data in a product configuration model is an attribute and/or rule for a part that that applies to a valid or invalid permutation of parts from one or more part groups (properties of the attribute or rule). The number of possible resource data in a configuration model can easily reach beyond 10^10 (10 part families with 10 parts in each family).
Existing security solutions for product configuration typically fall into one of the two categories discussed above.
There are many problems with data security solution 100 in the context of a configuration application. The sub-configuration models 106, 108, and 110 need to be combined together before they can be processed by a configuration engine, which is a difficult task to perform manually and algorithmically. It is more difficult to manage and maintain separate sub-configuration models than one larger model. And finally, as the domain of the configuration model increases, the number of sub-configuration models will need to increase, making the task of managing the ACL 112 more difficult.
However, solution 200 has three major drawbacks. First, adding “helper” part families increases the complexity of the configuration model 104 by modifying the resource data in order to create security categories. This extra complexity increases storage and processing memory requirements and reduces processing performance. Second, mapping the helper parts so that the correct resource data can be addressed in the ACL 204 is difficult to set up and maintain. The right combination of helper parts must be associated with correct resource data. Third, it is possible to define conflicting ACLs.
Product configuration environments present many data security challenges.
A configuration model 304 uses, for example, data, rules, and/or constraints (collectively referred to as “data”) to define compatibility relationships between parts (also commonly referred to as “features”) contained in a specific type of product. A product configuration is a set of parts that define a product. For example, a vehicle configuration containing the parts “V6 engine” and “red” represents a physical vehicle that has a red exterior and a V6 engine. A product can be a physical product such as a vehicle, computer, or any other product that consists of a number of configurable features such as an insurance product. Additionally, a product can also represent a service such as financial services, insurance services, or consulting services.
A configuration query (also referred to as a “query”) is essentially a question that is asked about the parts, relationships, and attributes in a configuration model. The answer returned from a configuration query will depend on the data in the configuration model, the approach used for answering the question, and the specifics of the question itself. For example, one possible configuration query, translated to an English sentence, is the following: For the given configuration model, are the parts “red” and “V6 engine” compatible with each other? Another possible configuration query is the following: For the given configuration model, is the “V6 engine” part standard or optional when in the presence of the “XLT trim”, “XL trim”, “USA”, and “Canada” parts, wherein “standard” and “optional” are attributes?
The configuration model 304 can be used to determine, for example, which parts are compatible with other parts, and provide additional details around specific relationships. For example, a vehicle configuration model can indicate that “red” (a part) is the standard feature from the color part group for a specific vehicle and “red” is not compatible with “V6 engine” (a part). Configuration model 304 may also contain additional information needed to support specific product related queries. Configuration models can be developed in any number of ways. U.S. Pat. No. 5,825,651 entitled “Method and Apparatus for Maintaining and Configuring Systems”, inventors Gupta et al., and assigned to Trilogy Development Group, Inc., describes an example configuration engine and rules based configuration model. U.S. Pat. No. 5,825,651 (referred to herein as the “Gupta Patent”) is incorporated herein by reference in its entirety. U.S. Pat. No. 5,515,524 entitled “Method and Apparatus for Configuring Systems”, inventors John Lynch and David Franke, and assigned to Trilogy Development Group, Inc., describes another example configuration engine and constraint based configuration model. U.S. Pat. No. 5,515,524 (referred to herein as the “Lynch Patent”) is also incorporated by reference in it entirety.
In one embodiment of the present invention, a method of providing controlled, electronic access to variable domain data stored in a data processing system includes receiving information from a principal that includes information identifying the principal. The method also includes performing one or more logical relationship operations on a data security model and a variable domain data model using security attributes of the data security model to determine a level of resource data access to be granted to the principal, wherein the data security model and the variable domain model share a common logical relationship data structure and granting the principal access to the resource data in accordance with the determined level of resource data access to be granted to the principal.
In another embodiment of the present invention, a data processing system to provide controlled, electronic access to variable domain data stored in a data processing system includes a processor and a storage medium coupled to the processor and having data encoded therein. The data includes processor executable code for:
In a further embodiment of the present invention, a computer storage medium comprising data embedded therein to cause a computer system to provide controlled, electronic access to variable domain data stored in a data processing system. The embedded data comprises processor executable code for:
In another embodiment of the present invention, a computer system to provide controlled, electronic access to variable domain data stored in a data processing system includes means for receiving information from a principal that includes information identifying the principal. The computer system also includes means for performing one or more logical relationship operations on a data security model and a variable domain data model using security attributes of the data security model to determine a level of resource data access to be granted to the principal, wherein the data security model and the variable domain model share a common logical relationship data structure and means for granting the principal access to the resource data in accordance with the determined level of resource data access to be granted to the principal.
In a further embodiment of the present invention, a method of defining a security data model used to provide controlled, electronic access to variable domain data stored in a data processing system includes storing security attributes in a logical relationship data structure used by an associated variable domain data model, wherein the security attributes are stored in a computer readable storage medium.
The present invention may be better understood, and its numerous objects, features and advantages made apparent to those skilled in the art by referencing the accompanying drawings. The use of the same reference number throughout the several figures designates a like or similar element.
The variable domain data access control system and method described herein use the same variable domain to describe a data security model and a variable domain data model, such as a product configuration model. A variable domain is a set of resource data that can be described using a logical relationship data structure. An example of a variable domain is a set of part combinations described by attributes and/or rules in a configuration model. A variable domain could also be a set of all data elements in an on-line analytical processing (OLAP) data hyper-cube. The variable domain utilizes logical relationship expressions, such as a Boolean logic language, to define resource data in terms of parts, rules and/or attributes, and any other property that can be accessed for viewing, manipulation, or other purposes. The data security model represents an access control list (ACL) that includes security attributes as resource data and uses the same data structure and logical relationship expressions (collectively referred to as a “logical relationship data structure”) as an associated variable domain data model. Accordingly, the data security model can be seamlessly integrated with the associated variable domain data model. Additionally, the same application used to process the variable data model can be used to process the data security model using logical relationship operations. One embodiment of a logical relationship operation is determining the intersection of one or more configuration spaces. Thus, for example, the application, such as a configuration engine, can be used to view, manipulate, and determine cross-products (e.g. configuration space intersections) between the security data model and the variable domain data model to create controlled access to the variable domain data model. The data display capabilities of the application allow a principal to visualize each principal's level of access to resource data in the variable domain data model.
Embodiments of the variable domain data access control system and method:
The data access control business logic 102 represents an example desired access control to the data in configuration model 104. The data security model 502 is defined using the same variable domain logical relationship data structure including the same logical relationship expressions, such as a logical relationship language such as a Boolean language, used to define the associated configuration model 104. Configuration model 104 represents one embodiment of a variable domain data model. The logical relationship data structure of configuration model 104 includes a Part or Parts and Rules and/or Attributes to relate each Part to another Part or Part Combination. The logical relationship data structure of data security model 502 is the same as the configuration logic structure of configuration model 104.
Thus, since the logical relationship data structure of data security model 502 is the same as the logical relationship data structure of configuration model 104, the data security model 502 is compatible with all operations of a variable domain processing engine available for processing the configuration model 104. Thus, a configuration engine such as the configuration engine of
The ACL 504 provides an equivalent representation of the security model 502. ACL 504 also demonstrates that data security model 502 reflects the desired business logic 102.
The scope of the data security model and the variable domain data model can be scaled to accommodate any amount of data, including resource data, parts, and principals, and accommodate virtually any data access control scheme. Additionally, any type of security attribute can be included in the data security model. For example, in addition to an “edit” security attribute other security attributes can be used alone or in combination with other security attributes. For example, a “view” security attribute could be used to enable or restrict view access to data. A “delete” security attribute could be used to enable or restrict complete deletion of data.
The variable domain controlled display grid 706 represents the intersection between configuration model 104 and data security model 502. As discussed above, the intersection can be accomplished with a variety of configuration applications including configuration applications available from Trilogy Development Group, Inc. of Austin, Tex. Thus, variable domain security is implemented in a scalable and maintainable manner without architectural changes to a configuration model.
Operation 810 determines the security access level (i.e. the scope of security access) to grant the requesting principal. Configuration space intersection process 812 represents one embodiment of operation 810. Configuration space intersection process 812 performs an intersection operation between a data security model configuration space and the configuration model configuration space in, for example, the manner previously described. Where the configuration and security model configuration spaces overlap, the principal will be granted a level of access to the data. The principal will be denied the level of access to the data where no overlap exists. In the embodiment of
Operation 816 grants the requesting principal access to the variable domain data in accordance with the security access level determined by operation 810. Operation 816 displays variable domain data, such as resource data, to the requesting principal in accordance with the determined security access level. Operation 818 allows the principal to access the displayed variable domain data in accordance with the granted security access level.
Client computer systems 906(1)-(N) and/or server computer systems 904(1)-(N) may be, for example, computer systems of any appropriate design, including a mainframe, a mini-computer, a personal computer system including notebook computers, a wireless, mobile computing device (including personal digital assistants). These computer systems are typically information handling systems, which are designed to provide computing power to one or more principals, either locally or remotely. Such a computer system may also include one or a plurality of input/output (“I/O”) devices coupled to the system processor to perform specialized functions. Mass storage devices such as hard disks, compact disk (“CD”) drives, digital versatile disk (“DVD”) drives, and magneto-optical drives may also be provided, either as an integrated or peripheral device. One such example computer system is shown in detail in
Embodiments of variable domain data access control system 500 and variable domain data access control method 800 can be implemented on a computer system such as a general-purpose computer 1000 illustrated in
I/O device(s) 1019 may provide connections to peripheral devices, such as a printer, and may also provide a direct connection to remote server computer systems via a telephone link or to the Internet via an ISP. I/O device(s) 1019 may also include a network interface device to provide a direct connection to remote server computer systems via a direct network link to the Internet via a POP (point of presence). Such connection may be made using, for example, wireless techniques, including digital cellular telephone connection, Cellular Digital Packet Data (CDPD) connection, digital satellite data connection or the like. Examples of I/O devices include modems, sound and video devices, and specialized communication devices such as the aforementioned network interface.
Computer programs and data are generally stored as instructions and data in mass storage 1009 until loaded into main memory 1015 for execution. Computer programs may also be in the form of electronic signals modulated in accordance with the computer program and data communication technology when transferred via a network.
The processor 1013, in one embodiment, is a microprocessor manufactured by Motorola Inc. of Illinois, Intel Corporation of California, or Advanced Micro Devices of California. However, any other suitable single or multiple microprocessors or microcomputers may be utilized. Main memory 1015 is comprised of dynamic random access memory (DRAM). Video memory 1014 is a dual-ported video random access memory. One port of the video memory 1014 is coupled to video amplifier 1016. The video amplifier 1016 is used to drive the display 1017. Video amplifier 1016 is well known in the art and may be implemented by any suitable means. This circuitry converts pixel DATA stored in video memory 1014 to a raster signal suitable for use by display 1017. Display 1017 is a type of monitor suitable for displaying graphic images.
The computer system described above is for purposes of example only. The variable domain data access control system 500 and variable domain data access control method 800 may be implemented in any type of computer system or programming or processing environment. It is contemplated that the variable domain data access control system 500 and variable domain data access control method 800 might be run on a stand-alone computer system, such as the one described above. The variable domain data access control system 500 and variable domain data access control method 800 might also be run from a server computer systems system that can be accessed by a plurality of client computer systems interconnected over an intranet network. Finally, the variable domain data access control system 500 and variable domain data access control method 800 may be run from a server computer system that is accessible to clients over the Internet.
Many embodiments of the present invention have application to a wide range of industries and products including the following: computer hardware and software manufacturing and sales, professional services, financial services, automotive sales and manufacturing, telecommunications sales and manufacturing, medical and pharmaceutical sales and manufacturing, and construction industries.
Although the present invention has been described in detail, it should be understood that various changes, substitutions and alterations can be made hereto without departing from the spirit and scope of the invention as defined by the appended claims.
Number | Name | Date | Kind |
---|---|---|---|
5369732 | Lynch et al. | Nov 1994 | A |
5515524 | Lynch et al. | May 1996 | A |
5708798 | Lynch et al. | Jan 1998 | A |
5745765 | Paseman | Apr 1998 | A |
5825651 | Gupta et al. | Oct 1998 | A |
5844554 | Geller et al. | Dec 1998 | A |
5878400 | Carter, III | Mar 1999 | A |
5963953 | Cram et al. | Oct 1999 | A |
5995959 | Friedman et al. | Nov 1999 | A |
6002854 | Lynch et al. | Dec 1999 | A |
6023699 | Knoblock et al. | Feb 2000 | A |
6036349 | Gombar | Mar 2000 | A |
6064982 | Puri | May 2000 | A |
6115547 | Ghatate et al. | Sep 2000 | A |
6141658 | Mehr et al. | Oct 2000 | A |
6157922 | Vaughan | Dec 2000 | A |
6223170 | Skovgaard | Apr 2001 | B1 |
6300948 | Geller et al. | Oct 2001 | B1 |
6405308 | Gupta et al. | Jun 2002 | B1 |
6430730 | Ghatate et al. | Aug 2002 | B1 |
6438547 | Mehr et al. | Aug 2002 | B1 |
6446057 | Vaughan | Sep 2002 | B1 |
6473898 | Waugh et al. | Oct 2002 | B1 |
6486439 | Spear et al. | Nov 2002 | B1 |
6535227 | Fox et al. | Mar 2003 | B1 |
6549908 | Loomans | Apr 2003 | B1 |
6553350 | Carter | Apr 2003 | B2 |
6629153 | Gupta et al. | Sep 2003 | B1 |
6647396 | Parnell et al. | Nov 2003 | B2 |
6662164 | Koppelman et al. | Dec 2003 | B1 |
6675294 | Gupta et al. | Jan 2004 | B1 |
6678827 | Rothermel et al. | Jan 2004 | B1 |
6809292 | Spear et al. | Oct 2004 | B2 |
6810401 | Thompson et al. | Oct 2004 | B1 |
6834282 | Bonneau et al. | Dec 2004 | B1 |
6834287 | Folk-Williams et al. | Dec 2004 | B1 |
6836766 | Gilpin et al. | Dec 2004 | B1 |
6859768 | Wakelam et al. | Feb 2005 | B1 |
6865524 | Shah et al. | Mar 2005 | B1 |
6915433 | Barber | Jul 2005 | B1 |
6924459 | Spear et al. | Aug 2005 | B2 |
6941471 | Lin | Sep 2005 | B2 |
7003360 | Dillon | Feb 2006 | B1 |
7003562 | Mayer | Feb 2006 | B2 |
7043407 | Lynch et al. | May 2006 | B2 |
7069235 | Postelnik et al. | Jun 2006 | B1 |
7093283 | Chen et al. | Aug 2006 | B1 |
7096164 | Musharbash | Aug 2006 | B1 |
7103593 | Dean | Sep 2006 | B2 |
7130821 | Connors et al. | Oct 2006 | B1 |
7171659 | Becker et al. | Jan 2007 | B2 |
7188075 | Smirnov | Mar 2007 | B1 |
7188091 | Huelsman et al. | Mar 2007 | B2 |
7188333 | LaMotta et al. | Mar 2007 | B1 |
7188335 | Darr et al. | Mar 2007 | B1 |
7200582 | Smith | Apr 2007 | B1 |
7200583 | Shah et al. | Apr 2007 | B1 |
7228307 | Dettinger et al. | Jun 2007 | B2 |
7236983 | Nabors et al. | Jun 2007 | B1 |
7266515 | Costello et al. | Sep 2007 | B2 |
7272618 | Bisotti et al. | Sep 2007 | B1 |
7319873 | Zhang et al. | Jan 2008 | B2 |
7337179 | Plain | Feb 2008 | B1 |
7343584 | Plain et al. | Mar 2008 | B1 |
7386832 | Brunner et al. | Jun 2008 | B2 |
7430592 | Schmidt et al. | Sep 2008 | B2 |
7505921 | Lukas et al. | Mar 2009 | B1 |
7567922 | Weinberg et al. | Jul 2009 | B1 |
7584079 | Lichtenberg et al. | Sep 2009 | B2 |
7672936 | Dettinger et al. | Mar 2010 | B2 |
20010018746 | Lin | Aug 2001 | A1 |
20030042288 | Spear et al. | Mar 2003 | A1 |
20030233401 | Dean | Dec 2003 | A1 |
20040117624 | Brandt et al. | Jun 2004 | A1 |
20040181690 | Rothermel et al. | Sep 2004 | A1 |
20040205342 | Roegner | Oct 2004 | A1 |
20040243822 | Buchholz et al. | Dec 2004 | A1 |
20040262279 | Spear et al. | Dec 2004 | A1 |
20050033777 | Moraes et al. | Feb 2005 | A1 |
20050081062 | Patrick et al. | Apr 2005 | A1 |
20050103767 | Kainec et al. | May 2005 | A1 |
20050138078 | Christenson et al. | Jun 2005 | A1 |
20050182950 | Son et al. | Aug 2005 | A1 |
20050193222 | Greene | Sep 2005 | A1 |
20050251852 | Patrick et al. | Nov 2005 | A1 |
20050262487 | Pistoia et al. | Nov 2005 | A1 |
20060005228 | Matsuda | Jan 2006 | A1 |
20060025985 | Vinberg et al. | Feb 2006 | A1 |
20060026159 | Dettinger et al. | Feb 2006 | A1 |
20060030328 | Zhang et al. | Feb 2006 | A1 |
20060072456 | Chari et al. | Apr 2006 | A1 |
20060147043 | Mann et al. | Jul 2006 | A1 |
20060150243 | French et al. | Jul 2006 | A1 |
20060174222 | Thonse et al. | Aug 2006 | A1 |
20060190984 | Heard et al. | Aug 2006 | A1 |
20060242685 | Heard et al. | Oct 2006 | A1 |
20070016890 | Brunner et al. | Jan 2007 | A1 |
20070226066 | Brunner et al. | Sep 2007 | A1 |
Entry |
---|
Trilogy, Trilogy Report Developer's Guide, 1999. |
Trilogy Software, Inc., Trilogy Pricer Bridge Developer's Guide, 1998. |
Trilogy, Selling Chain Pricer Developer's Guide, Release 3.1, 1996. |
Trilogy, Enterprise Class E-Busines Solutions, Webpages from www.trilogy.com at www.archive.org of Feb. 29, 2000. |
Trilogy, Buying Chain Marketplace, Webpages from www.trilogy.com at www.archive.org of Feb. 29, 2000. |
Trilogy, MCC Catalog, Webpages from www.trilogy.com at www.archive.org of Feb. 29, 2000. |
Trilogy, MCC Commission, Webpages from www.trilogy.com at www.archive.org of Feb. 29, 2000. |
Trilogy, MCC Contig, Webpages from www.trilogy.com at www.archive.org of Feb. 29, 2000. |
Trilogy, MCC Personalization, Webpages from www.trilogy.com at www.archive.org of Feb. 29, 2000. |
Trilogy, MCC Quote, Webpages from www.trilogy.com at www.archive.org of Feb. 29, 2000. |
Trilogy, MCC Workplace, Webpages from www.trilogy.com at www.archive.org of Feb. 29, 2000. |
Trilogy, Products Overview, Webpages from www.trilogy.com at www.archive.org of Feb. 29, 2000. |