Patent application number | Description | Published |
20090234805 | SORTED SEARCH IN A DISTRIBUTED DIRECTORY ENVIRONMENT USING A PROXY SERVER - A mechanism for performing a sorted search in a distributed directory environment using a proxy server. A sorted search request for a set of top entries is sent to each backend server. The proxy server identifies a target server which returned a top entry in the set and sends another sorted search request to the target server for all entries having a sort order higher than or equal to the top entry and a sort order lower than or equal to the next top entry of the set, and returns the entries to a requesting client. The proxy server sends another sorted search request to the target server for a new top entry having a sort order greater than the next top entry and adds the new top entry to the set. The proxy server returns to the evaluating step until no top entries remain in the set. | 09-17-2009 |
20100036952 | LOAD BALANCING USING REPLICATION DELAY - A method, system, and computer usable program product for load balancing using replication delay are provided in the illustrative embodiments. In response to a request to update, a system updates data associated with a write server, forming updated data of a data partition. The system receives a read request for the data partition. The system calculates a time difference between an arrival time of the request to update and an arrival time of the read request. The system receives a set of average replication delays for a set of replica servers serving the data partition. The system directs the read request to a replica server in the set of replica servers whose average replication delay is less than or equal to the time difference. | 02-11-2010 |
20100057697 | VIRTUAL LIST VIEW SUPPORT IN A DISTRIBUTED DIRECTORY - A computer implemented method, data processing system, and computer program product for performing a virtual list view search in a distributed directory environment using a proxy server. The mechanism described in the illustrative embodiments enables a proxy server to provide virtual list view search support in a distributed directory environment when data is partitioned across multiple directory servers | 03-04-2010 |
20100061233 | FLOW CONTROL IN A DISTRIBUTED ENVIRONMENT - A computer implemented method, apparatus, and computer program product for managing requests. Responsive to receiving a request from a client, a determination is made as to whether a connection within a pool of connections has a set of outstanding requests for the client to handle a previous request from the same client. Responsive to a determination that the connection has any outstanding request, a determination is made as to whether a set of requests queued for the connection is equal to or exceeds a threshold. Responsive to a determination that the set of outstanding requests is equal to or exceeds the threshold, subsequent requests from the client are unprocessed until the set of outstanding requests becomes less than the threshold. | 03-11-2010 |
20100318541 | Filter Range Bound Paged Search - A filter range based search control to request a range of data from one or more directory servers. A directory server receives a search request from a client application comprising a search filter control defining a set of requested data, a sort control defining a sorting order of the set of requested data, and a range filter control defining a range of entries in the requested data. Data entries matching a search value defined in the search filter control and sorted according to sort attributes defined in the sort control are obtained from a set of directories associated with the directory server to form a sorted list of matching entries. A subset of data entries in the sorted list that match a range value defined in the range filter control are collected, and a response comprising the collected subset of data entries is then sent to the client application. | 12-16-2010 |
20110106822 | Virtual List View Support in a Distributed Directory - A computer implemented method, data processing system, and computer program product for performing a virtual list view search in a distributed directory environment using a proxy server. The mechanism described in the illustrative embodiments enables a proxy server to provide virtual list view search support in a distributed directory environment when data is partitioned across multiple directory servers. | 05-05-2011 |
20120166455 | Filter Range Bound Paged Search - A filter range based search control to request a range of data from one or more directory servers. A directory server receives a search request from a client application comprising a search filter control defining a set of requested data, a sort control defining a sorting order of the set of requested data, and a range filter control defining a range of entries in the requested data. Data entries matching a search value defined in the search filter control and sorted according to sort attributes defined in the sort control are obtained from a set of directories associated with the directory server to form a sorted list of matching entries. A subset of data entries in the sorted list that match a range value defined in the range filter control are collected, and a response comprising the collected subset of data entries is then sent to the client application. | 06-28-2012 |
20130104046 | Role Engineering Scoping and Management - Mechanisms are provided for performing a role engineering project for applying security roles to access operations targeting resources. A plurality of data objects representing one or more user identities, permissions, and resources of an organization computing system are received. One or more filter criteria for filtering the plurality of data objects to generate a subset of data objects for consideration during the role engineering project are received. The one or more filter criteria specify a scope of the role engineering project. The one or more filter criteria are applied to generate the subset of data objects. Role engineering project operations are performed on the subset of data objects to generate one or more security roles. The one or more security roles are deployed to the organization computing system to control access operations targeting resources of the organization computing system. | 04-25-2013 |
20130198639 | Role Engineering Scoping and Management - Mechanisms are provided for performing a role engineering project for applying security roles to access operations targeting resources. A plurality of data objects representing one or more user identities, permissions, and resources of an organization computing system are received. One or more filter criteria for filtering the plurality of data objects to generate a subset of data objects for consideration during the role engineering project are received. The one or more filter criteria specify a scope of the role engineering project. The one or more filter criteria are applied to generate the subset of data objects. Role engineering project operations are performed on the subset of data objects to generate one or more security roles. The one or more security roles are deployed to the organization computing system to control access operations targeting resources of the organization computing system. | 08-01-2013 |
20140075492 | Identity context-based access control - Identity context-based access control is implemented by generating an identity context expression from user identity data. In particular, users are clustered based on combinations of one or more attributes. These clusters comprise one or more identity context(s). Preferably, an intersection of attribute sets of each user in the cluster is formed. In addition, an intersection of attribute sets of each user not in the cluster also is formed. If the attribute set that is common across the cluster of users is not a subset of the attribute set that is common across the rest of the users, then the attribute set forms a unique identity context expression. To reduce the number of roles used in role-based access control (RBAC), at least one role is replaced with an identity context expression. Run-time access control is then enabled. | 03-13-2014 |