JP2000276451A - Method and system for transmitting and receiving authority transfer information under distributed object environments - Google Patents

Abstract

PROBLEM TO BE SOLVED: To reduce the communication volume over a network of information related to authority transfer to shorten the communication time and to prevent leakage of authority transfer information. SOLUTION: In distributed object circumstances where objects are distributedly arranged on a computer network, a server 21 constituting the computer network inquires of a remotely placed client 11 (connected through a remote line 10) about information related to access authority transfer. The client 11 returns reference information to an agent 31, which holds information related access authority transfer, instead of information related to access authority transfer. The server 21 uses reference information to inquire of an agent 31, which is placed on the same network (local line 30), about information related to access authority transfer and obtains information related to access authority transfer from the agent 31.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to a method and system for transmitting and receiving authority transfer information in a distributed object environment.

[0002]

2. Description of the Related Art In a distributed environment in which a plurality of computers cooperate via a network, a plurality of users access objects existing in a shared space shared by the plurality of computers. in this case,
An apparatus, which is one of the computers constituting the network, arbitrates access rights so that accesses to the same object do not conflict. A device that wants to access an object requests the device that centrally manages the access right of the object to assign the access right of the object, so that the device is not assigned the access right to another device. And checks the operation authority of the object. Each device determines whether or not access to the object is possible according to a response from the device that centrally manages the access authority.

On the other hand, in a system in which the device for managing the access authority is fixedly set as described above, there is a request for the authority for the access management on the assumption that the device for managing the access authority can be changed. Some systems unconditionally delegate to devices. FIG. 4 shows an example of a computer network under the distributed object environment as a conventional example. In the computer network shown in FIG. 4, the authority transfer under the distributed object environment is performed by transferring the transfer information held in the storage device 412 incorporated in the device 41 (processing device 411) to the remote device 42 (processing device 421). Via the remote line 40, and the access right is delegated to the device 42.

[0004]

However, when such an authority transfer is performed in the network form shown in FIG. 4, information about the authority transfer is exchanged via the remote line 40. As it increases, the time required for transmission increases. Further, if the information to be transmitted is leaked to the outside, the device 41 stores the information in the storage device 412.
Is leaked as it is, which is not preferable in terms of security. The present invention has been made in view of the above circumstances, and in a computer network in an object distributed environment, reduces the amount of communication of information related to authority transfer over a network, shortens communication time, and performs the transfer of authority. It is an object of the present invention to provide a method and a system for transmitting and receiving authority transfer information in a distributed object environment, which prevent leakage of authority information by taking care not to direct communication to be performed over a network.

[0005]

According to a first aspect of the present invention, there is provided a method for transmitting and receiving authority transfer information in a distributed object environment, in which the objects are distributed on a computer network. Wherein the server constructing the computer network inquires of a remotely located client about information relating to access right delegation, and retains information relating to the access right delegation instead of the information relating to access right delegation. Reference information to the agent is obtained, an inquiry about the information about the access right delegation is made to an agent located on the same network using the reference information, and information about the access right delegation is obtained from the agent.

According to a second aspect of the present invention, there is provided a system for transmitting and receiving authority transfer information in a distributed object environment, wherein the object is distributed in a distributed object environment in which the objects are distributed on a computer network, and the object is remotely established when the computer network is constructed. First inquiring means in the server for inquiring about information relating to delegation of access authority of an object held by the located client;
In response to the inquiry, reference information sending means in the client for sending reference information to an agent holding information for authority transfer instead of the information relating to access authority transfer of the object owned by the client, Second inquiry means in the server for inquiring information on the delegation of authority to agents located on the same network using reference information, and authority in the agent for sending information on delegation of access authority to the server, Transfer information transmitting means.

With the above-described configuration, in a distributed object environment where objects are distributed on a computer network, a server constructing the computer network relates to delegation of access authority to a client located at a remote (remote line). Inquire about information. The client replies with reference information to an agent holding information on access right delegation instead of the information on access right delegation.
The server uses the reference information to inquire an agent located on the same network (local line) about the information about the access right transfer, and obtains information about the access right transfer from the agent.
According to the present invention, even when the amount of delegated information increases, the information that the client sends to the server is only a reference to the agent, so that the time required for remote communication is not increased and is constant. After that, delegation information is transmitted from the agent to the server. However, in the conventional method, the portion that is a communication between remotes is a local communication, so that the communication speed is high and the time required for the transmission is reduced. Also,
Since the client and server are in a remote network environment, the conventional method of sending delegation information as it is
If the transmitted information is leaked, there is a problem because the authority information is leaked as it is, but in the present invention, even if the transmitted information is leaked, it is only reference information, and the direct transfer information is leaked. Security effect.

[0008]

FIG. 1 is a block diagram showing an embodiment of the present invention. The system for transmitting and receiving authority transfer information in an object distribution environment according to the present invention includes a device 1, a device 2, and a device 3. Apparatus 1 is processing apparatus 1
1 and a storage device 12. The device 2 includes a processing device 21 and a storage device 22. The device 3 includes a processing device 31 and a storage device 32
including. In each of the storage devices 12 (22, 32), in addition to the program executed by each processing device 11 (21, 31),
It is assumed that information for authority transfer regarding the object is stored. The device 3 includes a processing device 31 and a storage device 32. Although the device 1, the device 2 and the device 3 are in a distributed environment, the device 1 and the device 2 are in a distant network environment (connected via the remote line 10). Therefore, the communication speed between the device 1 and the device 2 is Slowly, it is assumed that the devices 2 and 3 are under the same network environment (connected via the local line 30), and therefore the communication speed between the devices 2 and 3 is high.

The general operation of the embodiment of the present invention shown in FIG. 1 will be described below. Here, it is assumed that there are N pieces of information for authority transfer. The processing device 11 holds authority information # 1, authority information # 2,... Authority information #N in the storage device 12. The processing device 31 also stores the authority information # in the storage device 32.
1, authority information # 2,... Holds authority information #N. The processing device 21 transmits the authority information I (I is # 1 to #N
An inquiry is made to the processing device 11 via the remote line 10 for an arbitrary number up to). The processing device 11 that has received this inquiry sends a reference (inquiry destination information) to the processing device 31 that holds the information of the authority information I via the remote line 10 instead of sending the authority information I. The processing device 21 inquires the processing device 31 of the authority information I via the local line 30 using the received reference. The processing device 31 sends the authority information I to the processing device 21 via the local line 30.

FIG. 2 is a block diagram showing details of the embodiment shown in FIG. In FIG. 2, a processing device (hereinafter, referred to as a client) 11 includes an inquiry information receiving unit 111 that receives an inquiry about authority transfer information issued from a processing device 21 (hereinafter, referred to as a server), and replies reference information to the inquiry. And a reference information sending unit 112 to be used. The server 21 includes an authority transfer information inquiry unit 211 that issues an inquiry request for authority transfer information to the client 11, and a reference that receives reference information for acquiring authority transfer information, which is a response of the client 11 to the inquiry about the authority transfer information. An information receiving unit 212, an authority transfer information inquiry unit 213 for inquiring information for authority transfer to a processing device (hereinafter referred to as an agent 31) 31 based on the reference information, and an authority transfer as a response from the agent 31 to the inquiry An authority transfer information receiving unit 214 for receiving information is included. The agent 31 includes an inquiry information receiving unit 311 for receiving an inquiry from the server 21 and an authority transfer information transmitting unit 3 for transmitting authority transfer information as a response to the inquiry.
12 inclusive.

FIG. 3 is a flowchart cited for explaining the operation of the embodiment shown in FIG. Hereinafter, the operation of the embodiment of the present invention shown in FIG. 2 will be described in detail with reference to the flowchart shown in FIG. First, server 2
1 inquires of the client 21 via the remote line 10 about the authority information I (I is an arbitrary number from # 1 to #N) via the authority transfer information inquiry unit 211 (step S31). The client 11 having received the inquiry by the inquiry information receiving unit 111 incorporating the
Instead of sending the reference information, the reference information sending unit 112 sends a reference (inquiry destination information) to the agent 31 holding the information of the authority information I via the remote line 10. Server 2
1 receives this information via the reference information receiving unit 212 (step S32), and inquires of the agent 31 via the local line 30 for the authority information I via the authority transfer information inquiry unit 213 using the received reference information (step S32). S33). The agent 31 receives the inquiry at the inquiry information receiving unit 311, and sends desired authority information I to the authority transfer information receiving unit 314 of the server 21 via the local line 30 via the authority transfer information sending unit 312. The server 21 receives the authority transfer information I with the built-in authority transfer information receiving unit 314 (step S34).

As described above, according to the conventional authority transfer, all the information for authority transfer held by the client is transmitted to the server over the network as it is, but the conventional transfer information is entirely transmitted from the client to the server. In this case, when the amount of information increases, it is a remote communication, so the time required to go out increases.
According to the present invention, even when the amount of delegated information increases, the information that the client sends to the server is only a reference to the agent, so that the time required for the part to be remote communication does not increase and is constant. After that, the transfer information is transmitted from the agent to the server. However, since the communication which has conventionally been the communication between the remote is now the local communication, the communication speed is high and the time required for the transmission is shortened. Also, since the client and the server are in a distant network environment, the conventional method of transmitting delegated information as it is has a problem because if the transmitted information leaks, the right information leaks as it is. According to the present invention, even if the transmitted information leaks, the delegated information does not leak directly, and an effect on security can be obtained.

[0013]

As described above, according to the present invention, in a distributed object environment in which objects are distributed on a computer network, a server constructing the computer network accesses a client located remotely. Inquires about information about the delegation of authority, obtains, instead of the information about the delegation of access authority, reference information to an agent holding the information about the delegation of access authority, and uses the reference information to inform the agent located on the same network. Inquiry of the information about the access right delegation is performed, and the information about the access right delegation is obtained from the agent. This reduces the amount of communication of the information about the authority transfer over the network. , Shorten communication time Can, in the communication do for empowerment, because does not flow directly empowerment information over the network, the authority information is less likely to leak outside, the effect on the OSSs today is obtained.

[Brief description of the drawings]

FIG. 1 is a block diagram showing an embodiment of the present invention.

FIG. 2 is a block diagram showing details of the embodiment shown in FIG. 1;

FIG. 3 is a flowchart showing an operation procedure of the server shown in FIGS. 1 and 2;

FIG. 4 is a block diagram showing a conventional example.

[Explanation of symbols]

1 (2, 3) device, 10 remote line, 11 processing device (client), 21 processing device (server), 3
1 ... processing device (agent), 12 (22, 32) ...
Storage device, 30 local line, 111 (311) inquiry information receiving unit, 112 reference information transmitting unit, 211
(213): Authority transfer information inquiry unit, 212: Reference information receiving unit, 214: Authority transfer information receiving unit, 312: Authority transfer information sending unit

Claims (2)

[Claims] In a distributed object environment in which objects are distributed and arranged on a computer network, a server constructing the computer network inquires a remotely located client for information regarding access right delegation, Instead of the information on the access right delegation, reference information to an agent holding the information on the access right delegation is obtained, and an inquiry about the information on the access right delegation is made to an agent located on the same network using the reference information. And transmitting and receiving access right delegation information from the agent. 2. A server which is in a distributed object environment where objects are distributed on a computer network and inquires about information relating to delegation of access authority of an object held by a client located remotely in constructing the computer network. And a client for sending reference information to an agent holding information for delegation of authority in place of information relating to delegation of access authority of the object in response to the inquiry. A second inquiry means in the server for inquiring information on the delegation of authority to an agent located on the same network using the received reference information, Send to the server And an authority delegation information sending unit in the agent.