06064656 is referenced by 146 patents and cites 7 patents.

An access control database defines access rights through the use of access control objects. The access control objects include group objects, each defining a group and a set of users who are members of the group, and rule objects. Some of the rule objects each specify a set of the group objects, a set of the management objects, and access rights by the users who are members of the groups defined by the specified set of the group objects to the specified set of management objects. A plurality of access control servers are used to process access requests. Each access control server controls access to a distinct subset of the management objects in accordance with the access rights specified in the access control database. At least one of the access control servers receives access requests from the users and distributes the received access requests among the access control servers for processing. A subset of the access requests specify operations to be performed on specified sets of the management objects. Each of these access requests is sent for processing to one or more of the access control servers in accordance with the management objects to which access is being requested. The access control servers responding to the access requests from the users by granting, denying and partially granting and denying the access requested in each access request in accordance with the access rights specified in the access control database.

Title
Distributed system and method for controlling access control to network resources
Application Number
8/962089
Publication Number
6064656
Application Date
October 31, 1997
Publication Date
May 16, 2000
Inventor
Ping Luo
Union City
CA, US
Bart Lee Fisher
Sunnyvale
CA, US
Shivaram Bhat
Cupertino
CA, US
Sai V S Allavarpu
Pleasanton
CA, US
Rajeev Angal
Santa Clara
CA, US
Agent
Gary S Pennie & Edmonds Williams
Assignee
Sun Microsystems
CA, US
IPC
H04L 12/28
View Original Source