05911143 is referenced by 239 patents and cites 13 patents.

A method and system for registration, authorization, and control of access rights in a computer system. Access rights of subjects on objects in a computer system are controlled using parameterized role types that can be instantiated into role instances equivalent to roles or groups. The required parameters are provided by the subject of the computer system, e.g. by a person, a job position, or an organization unit. Furthermore, relative resource sets are instantiated into concrete resource sets and individual resources by using the same parameter values as for instantiating the role types. Authorization and control of access rights include capability lists providing the access rights of the subjects on the objects of a computer system on a per subject basis. Furthermore, access control lists are derived from capability lists, so that access rights of the subjects on the respective objects are provided.

Title
Method and system for advanced role-based access control in distributed and centralized computer systems
Application Number
8/514710
Publication Number
5911143
Application Date
August 14, 1995
Publication Date
June 8, 1999
Inventor
Sven Lorenz
Stuttgart
DE
Christoph Lingenfelder
Walldorf
DE
Virgil Gligor
Chevy Chase
MD, US
Klaus Deinhart
Renningen
DE
Agent
Edward H Duffield
Assignee
International Business Machines Corporation
NY, US
IPC
G06F 17/30
View Original Source