Asserting identities of application users in a database system based on delegated trust
US10049205B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 25, 2014 |
| Grant date | Aug 14, 2018 |
| Priority date | — |
| Expiry date | Jun 25, 2034 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2141
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Techniques are provided for integrating application-level user security context with a database. A session manager, in a middle tier that includes an application, obtains the security context of a user and establishes, in the database, a light-weight session (LWS) that reflects the security context. The security context is synchronized between the middle tier and database before application code execution. The database maintains an isolated copy of the LWS for the unit of application code executed as the security context. The database sends to the session manager the identifier of the copy of LWS. Before allowing a request from an application to be sent to the database, the session manager, transparent to the application, inserts an identifier that identifies the LWS. In this way, the database processes an application request in the context of the corresponding user's security context that is the same as the security context in the middle tier.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.