CN106462717B - 用于在多租户应用服务器环境中支持安全性的系统和方法 - Google Patents

用于在多租户应用服务器环境中支持安全性的系统和方法 Download PDF

Info

Publication number
CN106462717B
CN106462717B CN201580032647.5A CN201580032647A CN106462717B CN 106462717 B CN106462717 B CN 106462717B CN 201580032647 A CN201580032647 A CN 201580032647A CN 106462717 B CN106462717 B CN 106462717B
Authority
CN
China
Prior art keywords
partition
domain
tenant
resources
identity domain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201580032647.5A
Other languages
English (en)
Chinese (zh)
Other versions
CN106462717A (zh
Inventor
W·霍普金斯
C·普瑞
D·盖
P·鲍尔
J·李
J·谭希尔
K·斯瑞拉玛德斯肯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Oracle International Corp
Original Assignee
Oracle International Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Oracle International Corp filed Critical Oracle International Corp
Publication of CN106462717A publication Critical patent/CN106462717A/zh
Application granted granted Critical
Publication of CN106462717B publication Critical patent/CN106462717B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • G06F16/278Data partitioning, e.g. horizontal or vertical partitioning
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)
CN201580032647.5A 2014-06-23 2015-06-23 用于在多租户应用服务器环境中支持安全性的系统和方法 Active CN106462717B (zh)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US201462016058P 2014-06-23 2014-06-23
US62/016,058 2014-06-23
US201462054912P 2014-09-24 2014-09-24
US62/054,912 2014-09-24
PCT/US2015/037270 WO2015200379A1 (en) 2014-06-23 2015-06-23 System and method for supporting security in a multitenant application server environment

Publications (2)

Publication Number Publication Date
CN106462717A CN106462717A (zh) 2017-02-22
CN106462717B true CN106462717B (zh) 2019-06-14

Family

ID=53610997

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201580032647.5A Active CN106462717B (zh) 2014-06-23 2015-06-23 用于在多租户应用服务器环境中支持安全性的系统和方法

Country Status (6)

Country Link
US (2) US9578009B2 (enExample)
EP (1) EP3158494B1 (enExample)
JP (1) JP6510568B2 (enExample)
KR (1) KR102355480B1 (enExample)
CN (1) CN106462717B (enExample)
WO (1) WO2015200379A1 (enExample)

Families Citing this family (49)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102271265B1 (ko) 2014-01-21 2021-07-01 오라클 인터내셔날 코포레이션 어플리케이션 서버, 클라우드 또는 다른 환경에서 멀티 테넌시를 지원하기 위한 시스템 및 방법
US10474998B2 (en) 2014-01-21 2019-11-12 Oracle International Corporation System and method for messaging in a multitenant application server environment
US10103946B2 (en) 2014-01-21 2018-10-16 Oracle International Corporation System and method for JMS integration in a multitenant application server environment
US10187454B2 (en) 2014-01-21 2019-01-22 Oracle International Corporation System and method for dynamic clustered JMS in an application server environment
US10476938B2 (en) 2014-01-21 2019-11-12 Oracle International Corporation System and method for multitenancy store in a multitenant application server environment
US10873627B2 (en) 2014-06-23 2020-12-22 Oracle International Corporation System and method for supporting use of an in-memory data grid with a multitenant application server environment
KR102355480B1 (ko) 2014-06-23 2022-01-26 오라클 인터내셔날 코포레이션 멀티테넌트 어플리케이션 서버 환경에서 보안을 지원하는 시스템 및 방법
US10027550B2 (en) 2014-06-23 2018-07-17 Oracle International Corporation System and method for multitenant-aware console for use in a multitenant application server environment
US11477278B2 (en) 2014-06-24 2022-10-18 Oracle International Corporation System and method for supporting partitions in a multitenant application server environment
US10348565B2 (en) 2014-09-25 2019-07-09 Oracle International Corporation System and method for rule-based elasticity in a multitenant application server environment
US10467061B2 (en) 2014-09-25 2019-11-05 Oracle International Corporation System and method for resource overriding in a multitenant application server environment
US10382537B2 (en) 2014-09-25 2019-08-13 Oracle International Corporation System and method for use of a global runtime in a multitenant application server environment
US10469401B2 (en) 2014-09-25 2019-11-05 Oracle International Corporation System and method for supporting lifecycle plugins in a multitenant application server environment
US10050903B2 (en) 2014-09-26 2018-08-14 Oracle International Corporation System and method for multi-tenancy enablement of enterprise JAVA (TM) applications using resource proxies and application tenancy context
US10091135B2 (en) 2014-09-26 2018-10-02 Oracle International Corporation System and method for multi-tenancy enablement of enterprise java applications using resource proxies and application tenancy context
EP3198426B1 (en) * 2014-09-26 2023-08-30 Oracle International Corporation System and method for transaction recovery in a multitenant application server environment
US11057272B2 (en) 2014-09-26 2021-07-06 Oracle International Corporation System and method for transactions in a multitenant application server environment
JP2016085641A (ja) * 2014-10-27 2016-05-19 キヤノン株式会社 権限移譲システム、権限移譲システムにて実行される方法、およびそのプログラム
US10250512B2 (en) 2015-01-21 2019-04-02 Oracle International Corporation System and method for traffic director support in a multitenant application server environment
US9667657B2 (en) * 2015-08-04 2017-05-30 AO Kaspersky Lab System and method of utilizing a dedicated computer security service
US10079693B2 (en) * 2015-12-28 2018-09-18 Netapp, Inc. Storage cluster management proxy
CN107153565B (zh) * 2016-03-03 2020-06-16 华为技术有限公司 配置资源的方法及其网络设备
US10404702B1 (en) * 2016-03-30 2019-09-03 EMC IP Holding Company LLC System and method for tenant network identity-based authentication and authorization for administrative access in a protection storage system
CN107204978B (zh) * 2017-05-24 2019-10-15 北京邮电大学 一种基于多租户云环境的访问控制方法及装置
US20190068572A1 (en) * 2017-08-22 2019-02-28 Salesforce.Com, Inc. Customizable secondary verification in a multi-tenant system
US11075799B2 (en) 2017-08-24 2021-07-27 Oracle International Corporation System and method for provisioning in a multi-tenant application server environment
CN109670312A (zh) 2017-10-13 2019-04-23 华为技术有限公司 安全控制方法及计算机系统
US10430606B1 (en) 2018-04-30 2019-10-01 Aras Corporation System and method for implementing domain based access control on queries of a self-describing data system
CN108848104B (zh) * 2018-07-02 2021-06-01 北京阿尔山金融科技有限公司 信息管理方法及装置
CN109587151A (zh) * 2018-12-13 2019-04-05 泰康保险集团股份有限公司 访问控制方法、装置、设备及计算机可读存储介质
US11165764B2 (en) * 2019-05-09 2021-11-02 Open Text Sa Ulc Data isolation and two-factor access control
CN110188573B (zh) * 2019-05-27 2024-06-04 深圳前海微众银行股份有限公司 分区授权方法、装置、设备及计算机可读存储介质
US11595378B2 (en) * 2019-06-03 2023-02-28 Zuora, Inc. Systems and methods for providing authentication in a microservice system
US11675927B2 (en) * 2019-11-13 2023-06-13 Open Text Sa Ulc System and method for external users in groups of a multitenant system
CN110855714B (zh) * 2019-11-29 2021-09-14 广州鲁邦通物联网科技有限公司 一种多租户设备的安全连接方法和系统
FR3105471B1 (fr) * 2019-12-19 2022-02-04 Amadeus Une plateforme de réservation informatique distribuée pour stocker et gérer des enregistrements de données partagés
US12225010B2 (en) 2020-03-31 2025-02-11 Atlassian Pty Ltd. Access controls for a dedicated database system storing user-generated content input to a multitenant service of a collaborative work environment
CN111541654A (zh) * 2020-04-08 2020-08-14 曙光信息产业(北京)有限公司 基于多租户云管平台的用户管理方法、装置和计算机设备
CN111488599A (zh) * 2020-04-09 2020-08-04 北京思特奇信息技术股份有限公司 基于附加组使用的赋权方法、装置、电子设备及存储介质
JP7559358B2 (ja) * 2020-05-28 2024-10-02 株式会社リコー サービス提供システム、情報処理システム、利用権限割当方法
US11574068B2 (en) * 2020-06-08 2023-02-07 Open Text Sa Ulc Methods and systems for tenancy in a multitenant environment
US11445021B2 (en) 2020-12-22 2022-09-13 Salesforce.Com, Inc. Sharing objects across namespaces in a container-orchestration system
US20230085994A1 (en) * 2021-09-17 2023-03-23 Intel Corporation Logical resource partitioning via realm isolation
US12149537B2 (en) * 2022-01-12 2024-11-19 VMware LLC Resource access control in cloud environments
US12050708B2 (en) * 2022-03-11 2024-07-30 Oracle International Corporation Cardinal method for hierarchical phased secure access to system entities in isolated multi-tenant database for autonomous cloud environments
CN117201046A (zh) * 2022-05-30 2023-12-08 华为技术有限公司 认证方法及通信装置
US12052146B2 (en) 2022-12-05 2024-07-30 Bank Of America Corporation Machine learning-based multitenant server application dependency mapping system
US20250240293A1 (en) * 2024-01-19 2025-07-24 Dell Products L.P. Multi-tenant secrets manager
US20250330469A1 (en) * 2024-04-17 2025-10-23 Red Hat, Inc. Remote login resource access control using a container

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100274910A1 (en) * 2009-04-24 2010-10-28 Microsoft Corporation Hosted application sandbox model
US20120096521A1 (en) * 2010-10-13 2012-04-19 Salesforce.Com, Inc. Methods and systems for provisioning access to customer organization data in a multi-tenant system
US20120150912A1 (en) * 2010-12-09 2012-06-14 International Business Machines Corporation Hierarchical multi-tenancy management of system resources in resource groups
US20130007891A1 (en) * 2011-06-29 2013-01-03 Canon Kabushiki Kaisha Server system, control method, and storage medium for securely executing access to data of a tenant
US20140013325A1 (en) * 2012-07-09 2014-01-09 Ca, Inc. Managing virtual machines using owner digital signatures
US20140123316A1 (en) * 2012-10-30 2014-05-01 Cleversafe, Inc. Access control of data in a dispersed storage network
CN103810444A (zh) * 2012-11-15 2014-05-21 中兴通讯股份有限公司 一种云计算平台中多租户应用隔离的方法和系统

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8819801B2 (en) * 2011-10-31 2014-08-26 Microsoft Corporation Secure machine enrollment in multi-tenant subscription environment
US9959423B2 (en) * 2012-07-30 2018-05-01 Microsoft Technology Licensing, Llc Security and data isolation for tenants in a business data system
US9069979B2 (en) * 2012-09-07 2015-06-30 Oracle International Corporation LDAP-based multi-tenant in-cloud identity management system
US9276942B2 (en) 2012-09-07 2016-03-01 Oracle International Corporation Multi-tenancy identity management system
KR102355480B1 (ko) 2014-06-23 2022-01-26 오라클 인터내셔날 코포레이션 멀티테넌트 어플리케이션 서버 환경에서 보안을 지원하는 시스템 및 방법

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100274910A1 (en) * 2009-04-24 2010-10-28 Microsoft Corporation Hosted application sandbox model
US20120096521A1 (en) * 2010-10-13 2012-04-19 Salesforce.Com, Inc. Methods and systems for provisioning access to customer organization data in a multi-tenant system
US20120150912A1 (en) * 2010-12-09 2012-06-14 International Business Machines Corporation Hierarchical multi-tenancy management of system resources in resource groups
US20130007891A1 (en) * 2011-06-29 2013-01-03 Canon Kabushiki Kaisha Server system, control method, and storage medium for securely executing access to data of a tenant
US20140013325A1 (en) * 2012-07-09 2014-01-09 Ca, Inc. Managing virtual machines using owner digital signatures
US20140123316A1 (en) * 2012-10-30 2014-05-01 Cleversafe, Inc. Access control of data in a dispersed storage network
CN103810444A (zh) * 2012-11-15 2014-05-21 中兴通讯股份有限公司 一种云计算平台中多租户应用隔离的方法和系统

Also Published As

Publication number Publication date
JP2017526048A (ja) 2017-09-07
CN106462717A (zh) 2017-02-22
KR102355480B1 (ko) 2022-01-26
EP3158494B1 (en) 2020-04-08
EP3158494A1 (en) 2017-04-26
US9578009B2 (en) 2017-02-21
US10097589B2 (en) 2018-10-09
JP6510568B2 (ja) 2019-05-08
US20170126742A1 (en) 2017-05-04
WO2015200379A1 (en) 2015-12-30
US20150373004A1 (en) 2015-12-24
KR20170024014A (ko) 2017-03-06

Similar Documents

Publication Publication Date Title
CN106462717B (zh) 用于在多租户应用服务器环境中支持安全性的系统和方法
US10027716B2 (en) System and method for supporting web services in a multitenant application server environment
US11552956B2 (en) Secure resource authorization for external identities using remote principal objects
US10853805B2 (en) Data processing system utilising distributed ledger technology
CA2975843C (en) Apparatus, system, and methods for a blockchain identity translator
US11888856B2 (en) Secure resource authorization for external identities using remote principal objects
CN105900059B (zh) 用于在应用服务器、云或其它环境中支持多租户的系统和方法
CA2968248C (en) Identity infrastructure as a service
KR101720160B1 (ko) 인간의 개입이 없는 어플리케이션들을 위한 인증 데이터베이스 커넥티비티
US8601482B2 (en) Delegation metasystem for composite services
US9218200B2 (en) Selective class hiding in open API component architecture system
EP4080817B1 (en) Guarantee control method, information processing device, and guarantee control program
US11539533B1 (en) Access control using a circle of trust
JP2004110335A (ja) アクセス制御システム
Deinum et al. Spring Security
Fugkeaw et al. A-COLD: access control of web OLAP over multi-data warehouse
Walters et al. SQL Server Security
Morrison et al. A Data Location Control Model for Cloud Service Deployments
Aikema et al. An Assessment of the VOMS and GridShib VO Management Systems
Kő et al. Improving the Security Levels of E-government Processes within Public Administration through the Establishment of Improved Security Systems
Kwiatkowski Security for modern mobile applications

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant