« PreviousContinue »
(12) United States Patent ao) Patent No.: Us 7,103,784 Bi
Brown et al. (45) Date of Patent: Sep. 5,2006
(54) GROUP TYPES FOR ADMINISTRATION OF NETWORKS
(75) Inventors: Mark R. Brown, Seattle, WA (US);
Murli Satagopan, Bellevue, WA (US);
Dave Detlef Staube, Vashon, WA (US)
(73) Assignee: Microsoft Corporation, Redmond, WA (US)
( * ) Notice: Subject to any disclaimer, the term of this patent is extended or adjusted under 35 U.S.C. 154(b) by 0 days.
IEEE Conference on, 13-16 Oct. 1996, pp. 116-125. 13-16*
McCullough , Security analysis of a token ring using Ulysses, Computer Assurance, 1989, COMPASS '89, 'Systems Integrity, Software Safety and Processs Security', Proceedings of the Fourth Annual Conference on 19-23 Jun. 1989 pp. 113-118.*
Cooke et al., Crypotographic algorithms and protocols for personal communication systems security, Security and Cryptography Applications to Radio Systems, IEE Colloquium on, 1994, pp. 8/1—8/6.*
(21) Appl. No.: 09/565,083
(22) Filed: May 5, 2000
(51) Int. CI.
(52) U.S. CI 713/201; 713/185; 713/151
(58) Field of Classification Search 713/182-186,
713/200, 202, 150-154, 168-173
See application file for complete search history.
(56) References Cited
U.S. PATENT DOCUMENTS
6,643,783 Bl * 11/2003 Flyntz 713/201
6,651,168 Bl * 11/2003 Kao et al 713/185
6,651,175 Bl * 11/2003 Slama 713/201
Lee et al., Designing a virtual access control configuration protocol for implementation over ISDN and shared-media networks, Local Computer Networks, 1996, Poceedings 21st
Primary Examiner—David Jung
(74) Attorney, Agent, or Firm—Workman Nydegger
An improved system and method for network management is presented which facilitates better administration with a more intuitive reflection of the organizational structure with integrated security concerns by introducing novel strategies for grouping users of a network. In particular, a new group, the Universal Group, is introduced to facilitate nested groups with members in more than one Domain. Members of a universal group may be allowed access to resources across Domain boundaries, where Domains reflect a security boundary in the Network. In addition, the nesting of groups, e.g., within Universal Groups, is enabled, subject to some restrictions, in order to reduce the overhead associated with discovering the groups to which a user belongs. Furthermore, allowing a group to include members without security clearance, but restricting the groups listed on an access token corresponding to a user to groups to which the user has security clearence/authorizarion allows flexible management of groups having similar memberships but different security attributes.
37 Claims, 3 Drawing Sheets
CredEx: user-centric credential management for grid and Web services; Del Vecchio et al; Web Services, 2005. ICWS 2005. Proceedings. 2005 IEEE International Conference on Nov. 15 Jul. 2005 pp. 149-156 vol. 1.* The Saga Security System: a security architecture for open distributed systems; Soshi, M.; Maekawa, M.; Distributed Computing Systems, 1997., Proceedings of the Sixth IEEE Computer Society Workshop on Future Trends of Oct. 29-31 1997 pp. 53-58.*
Assigning cryptographic keys to access control in a multiattribute hierarchy; Guan et al.; Security Technology, 2003. Proceedings IEEE 37th Annual 2003 International Carnahan Conference on Oct. 14-16, 2003 pp. 337-340.* www. winnetmag.com/Articles/Print.cfm?ArticleID+289.* "Managing Windows NT Server Domains", pp. 1-35, retrieved from "http://Microsoft.com/technet/prodtechnol/ winntas/proddocs/concept/xcp0.1.asp?fram."Jan. 29, 2004.
"Microsoft Exchange Server Directory Integration with the Microsoft Windows 2000 Active Directory," Microsoft Corporation, Sep. 1997, pp.-22, retrieved from mk@MSITStore:C/Program%20Files/Microsoft%20Vi.../ exchangej 3and13active 13directory ht. "Chapter 2 -Working with User and Group Accounts", pp. 1-34, retrieved from "http//technet.Microsoft.com/cdonli...t/winntas/manuals/concept/xcp02.htm"Nov. 11, 1999. Mark Brown, Murli Santagopan, Andy Harjanto "NT 5.0 Directory Service", Group, pp. 1-20, V 0.1, Monday, Dec. 1, 1997,retrieved from C:/Windows/TEMP/ 126631.1-Group Types for Access Control and Distributioin Lists.doc, Aug. 27, 1999.
"Microsoft Windows 2000 Active Directory Technical Summary", Aug. 1998, pp. 1-23, retrieved from mk:@MSITStore:c:/Program%20Files/ Microsoft%20Visual%20Studio/./sdn13actdsum.ht Dec. 28, 1999.
* cited by examiner