JP2005084723A - Information sharing service providing device and method and program therefor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To allow an information user such as a service provider to share shared information such as personal information owned by an information owner such as a service user, and to maintain the anonymity of the information owner. <P>SOLUTION: In response to each issue request from an issuing requester such as a space owner having the infinite ID such as space owner ID, space ID or information area ID, an ID issue management part 41 issues one time ID with time limit substituted for the infinite ID. In response to a provision request from a provision client such as a space user to designate one time ID within the time limit, a space management part 4 reads shared information whose access is permitted based on the infinite ID substituted for the one time ID from a space storing part 5, and transmits the shared information to the above provision client. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to an apparatus, a program, and a method for providing an information sharing service that allows a plurality of service providers that provide Web services to share information shared by service users.

  As a method for providing personal information anonymously, there is an anonymous access method based on attribute certification (see, for example, Patent Document 1). According to this method, a service user can use an anonymous and personalized service by receiving attribute certification.

In addition, there is a method for guaranteeing anonymity using a handle name or a key code (see, for example, Patent Document 2).
Japanese Patent Laid-Open No. 11-25045 JP2002-183484

  However, in the method shown in Patent Document 1, it is necessary to specify personal information provided by the service user, and it is difficult for the service provider to request necessary information from the service user. .

  Moreover, in the method as shown in Patent Document 2, since the fixed ID is used although it is anonymous, the owner of the personal information can be traced.

  These methods are used for one-way information provision from the service user to the service provider. That is, the service provider does not provide a method for updating information held by the user by providing information to the anonymous user.

  The present invention has been made in view of such circumstances, and its purpose is to share information such as personal information held by an information owner such as a service user by an information user such as a service provider. It is possible to maintain the anonymity of the information owner while making it possible to share information.

  In order to achieve the above object, the present invention sets a time-limited ID in response to an issuance request from an issuance requester that designates an indefinite ID for permitting access to the shared information stored in the first storage medium. Issued and managed in association with the indefinite ID and the ID with time limit. The shared information that is permitted to be accessed with the indefinite ID that is managed in association with the designated term-limited ID in response to a provision request from the provision requester that designates the term-limited ID that is within the term Is provided to the provision requester.

  By taking such means, a time-limited ID obtained by transferring the above indefinite ID is issued for each issue request from an issue requester having an indefinite ID. In response to a provision request from a provision requester that designates the time-limited ID that is within the time limit, shared information that is permitted to be accessed with an indefinite ID that is managed in association with the specified time-limited ID is provided. Provided to the requester. Therefore, the same shared information can be provided to the provision requester with different time-limited IDs.

  According to the present invention, an information user such as a service provider can share shared information such as personal information held by an information owner such as a service user, while maintaining the anonymity of the information owner. It becomes possible to do.

  Hereinafter, an embodiment of the present invention will be described with reference to the drawings.

  FIG. 1 is a block diagram showing a configuration of a space system according to the present embodiment.

  The space system according to the present embodiment is a device that provides a service that provides a place for sharing personal information and the like. Hereinafter, the above place is referred to as “space”. Those who have this space are called “space owners”. A person who uses shared information shared in a space is called a “space user”. A person who manages the space system is referred to as a “space manager”. This space system can be used for providing a web service, for example, and can provide a personalized web service using shared information. In the case of such a web service, the user of the web service corresponds to the space owner, and the provider of the web service corresponds to the space user. Information stored in the space includes the attribute information of the space owner (for example, information such as name and age if the owner is an individual, company name and business type if the owner is a corporation), There is information written by the space user (for example, keyword information searched by the space user). All information stored and shared in this space is referred to as “shared information”. The information written in the space may not be used by anyone other than the writer, that is, it may not be actually shared. However, such information is also “shared information”.

  The space system includes a space system access control management unit 1, a space access control management unit 2, an access control information storage unit 3, a space management unit 4, a space storage unit 5, a space directory 6, a meta information storage unit 7, and an access control information edit Part 8 is included.

  The space system access control management unit 1 manages access control information (hereinafter referred to as system access control information) to the space system, and controls the access of the space owner and the space user to the space system according to the system access control information. To do. That is, only those who are permitted to access the space system are allowed to access the space system.

  The space access control management unit 2 manages access control information to the space (hereinafter referred to as space access control information), and controls the access of the space owner and the space user to the space according to the space access control information. That is, only those who are permitted to access the space are allowed to access the space.

  The access control information storage unit 3 stores system access control information and space access control information. System access control information is specified by the space manager. Space access control information is specified by the space owner.

  The space management unit 4 includes an ID issue management unit 41, an ID storage unit 42, a signature issue management unit 43, a signature storage unit 44, and an information area management unit 45. The space management unit 4 can access the space storage unit 5, the space directory 6, and the meta information storage unit 7.

  The ID issuance management unit 41 issues a space owner ID and a space user ID to the space owner and the space user, respectively. The ID issue management unit 41 issues a space ID for each space, an information area ID for each information area in the space, and a meta information ID for each meta information of the information area. Furthermore, the ID issuance management unit 41 issues a time-limited ID (hereinafter referred to as a one-time ID) to the space user. The one-time ID is issued for the space owner ID, the space user ID, the space ID, and the information area ID. The ID light emission management unit 41 stores the various IDs in the ID storage unit 42 and manages them. The ID issuance management unit 41 manages the one-time ID so as to invalidate the one-time ID after a predetermined time has elapsed since the issuance.

  The ID storage unit 42 stores each ID issued by the ID issue management unit 41.

  The signature issuance management unit 43 issues three types of signatures: a permanent signature, an attribute signature, and an anonymous signature. The permanent signature is a unique signature that is permanently managed by the space management unit 4, and the space owner ID or space user ID can be identified from this signature. The attribute signature is a signature based on the space directory 6. The attribute signature is, for example, a content indicating “restaurant” for a space user indicated to belong to “restaurant” in the space directory 6. Therefore, the space user ID or the space owner ID to which the signature is attached cannot be specified from the attribute signature. An anonymous signature is a signature with no valid period, and is issued only once to a space user or a space owner regardless of the space user ID or the space owner ID. Therefore, although the space user ID or the space owner ID cannot be directly specified from the anonymous signature, since the same anonymous signature is always used, it can be determined that the same space user or space owner has accessed. The signature light emission management unit 43 stores the various signatures in the signature storage unit 44 and manages them.

  The signature storage unit 44 stores each signature issued by the signature issue management unit 43.

The information area management unit 45 includes an information area access control management unit 451, a meta information management unit 452, and a shared information management unit 453, and manages information related to the information area.
The information area access control management unit 451 manages the access control information stored in the space storage unit 5, and accesses the space owner and the space user to the information area stored in the space storage unit 5 according to this access control information. Control. That is, only those who are permitted to access the information area are allowed to access the information area. The information area access control management unit 451 also manages meta access control information stored in the meta information storage unit 7. The meta information management unit 452 manages meta shared information stored in the meta information storage unit 7. The shared information management unit 453 manages shared information stored in the space storage unit 5.

The space storage unit 5 stores all the spaces allocated for each space owner.
The space directory 6 stores attribute information of the space owner or the space user. FIG. 2 is a diagram showing an example of the contents of the space directory 6.
The meta information storage unit 7 stores meta information and ontology information 72.
The access control information editing unit 8 changes and corrects the access control information.

  FIG. 3 is a diagram showing a logical structure of the space storage unit 5 and the meta information storage unit 7. As shown in FIG. 3, one of the spaces stored in the space storage unit 5 includes a plurality of information areas 51. The information area 51 further includes an access control information block 511, a shared information block 512, and a meta information block 513. The meta information storage unit 7 includes a plurality of information area meta information 71 and ontology information 72. The information area meta information 71 further includes a meta access control information block 711 and a meta shared information block 712. The logical structures of the space storage unit 5 and the meta information storage unit 7 are common regardless of the information area creator. The physical structures of the space storage unit 5 and the meta information storage unit 7 are not limited.

  The information area 51 is created by a space owner, a space user, or a space manager corresponding to the space in which the information area 51 is included. Hereinafter, the creator of the information area 51 is referred to as an information area creator. However, the space owner corresponding to the space including the information area 51 is given preferential management authority over other information area creators regarding the change of the access right or validity period information for the information area 51. The effective period of the information area 51 is limited, and the space management unit 4 accepts designation by the information area creator at the time of creation, or the validity period is set by the space management unit 4 designating. When the valid period elapses, the information area 51 is deleted by the space management unit 4. If the change of the effective period is instructed by the information area creator or the space owner corresponding to the space including the information area 51 before the effective period elapses, the effective period is changed by the space management unit 4 according to this specification. Is done. It is also possible to accept designation of an expiration date instead of an expiration date.

  The access control information block 511 has access control information for the information area 51. The access control information block 511 is managed by the information area access control management unit 451. In the access control information of the access control information block 511, the value of the access control information stored in the meta access control information block 711 of the information area meta information 71 referred to by the meta information block 513 is set as a default value. The access control information in the access control information block 511 is changed by the space management unit 4 in accordance with an instruction from the information area creator or the space owner corresponding to the space having the information area 51. The content of the access control information changed according to the instruction from the space owner may not be changed according to the instruction from the information area creator.

  The shared information block 512 has shared information shared between the space owner and the space user. The description format of the shared information block 512 is specified by the meta shared information stored in the meta shared information block 712 of the meta information storage unit 7.

  The meta information block 513 describes a pointer (meta information ID) to the information area meta information 71 referred to by the information area 51. This pointer is designated by the information area creator when the information area is created.

  The information area meta information 71 is changed only in response to an instruction from the space user who defines it.

  The meta access control information block 711 describes default access control information for each item described in the information area 51 or the information area 51. When specifying in item units, the access control information is described using the schema described in the meta shared information block 712. In the access control information, a space owner or a space user who is accessible or inaccessible is specified. In addition, the specification based on the attribute specified in the space directory 6 can be performed instead of the specification based on the space owner ID or the space user ID that uniquely specifies the space owner or the space user. The access control information is specified by the information area creator when the information area 51 is created. The access control information is basically changed in accordance with an instruction from the information area creator.

  The meta shared information block 712 describes meta information of the information area 51. Which information area meta information 71 is to be referred to from the information area 51 is specified by the information area creator when the information area 51 is created. When there is no meta information to be referenced, new meta information is created by the area creator and written in the meta shared information block 712. Information in the information area 51 is updated according to the meta information. When the information area 51 is updated, if the information to be updated includes information contrary to the meta information, the update information is not reflected. The meta information includes a schema, the presence / absence of a signature, a style, and the like.

  The schema defines what information (item) is described in the information area 51. For example, the order of items, the number of appearances of items, the hierarchical relationship of items, the data type of values, the range of values, etc. are specified. In particular, a schema based on the relationship between vocabularies can be defined using ontology information 72 described later. Further, in order to clearly indicate the updater of the information area 51, whether or not a signature is given to the information area 51, and if a signature is given, which of a permanent signature, an attribute signature, and an anonymous signature is given Described in meta information. In the case of an attribute signature, which attribute signature is given is also described in the meta information. The presence / absence of a signature can be specified not only in units of information area 51 but also in units of description items of shared information block 512. When the signature is designated as necessary, the person who updates the information area 51 needs to acquire the signature through the signature issuance management unit 43 and assign it. The style is used when information in the information area 51 is displayed using a Web browser or the like. The style defines the display method for the items defined in the schema.

  The ontology information 72 is information indicating a vocabulary relationship between information described in the information area 51 and information described in the space directory 6. For example, the ontology information 72 describes semantic information such as whether the item designated as “name” is a product name or a personal name. For example, if “station name” is specified in the description of the meta-shared information block 712 in the “name” item, the information of “store name” cannot be written even if the name is the same. FIG. 4 is a diagram illustrating an example of the contents of ontology information 72.

  FIG. 5 is a diagram showing an example in which the data structure of the information area 51 is described using XML (Extensible Markup Language) which is a standard markup language. In the example shown in FIG. 5, the access control information block 511 is described as an AccessControl element, and the shared information block 512 is described as a SharedInfo element.

  FIG. 6 is a diagram illustrating a description example of the information area 51 having a valid period and a valid period. In the example shown in FIG. 6, the attributes of the InformationArea element include ID (information area ID), spID (information area creator ID), period (valid period), from (expiration start date and time) and to (expiration date and time). ) Is set. FIG. 6A shows an example in which the effective period is from 17:30 on June 27, 2003 to 18:00 on June 27, 2003. FIG. 6B shows an example in which the effective period is one hour (3600000 milliseconds) from 17:30 on June 27, 2003. FIG. 6C shows an example in which the effective period is one hour (3600000 milliseconds) until 18:30 on June 28, 2003. FIG. 6D shows an example in which the date from 17:30 on June 27, 2003 is valid. FIG. 6E shows an example in which the expiration date is 18:30 on June 28, 2003.

  FIG. 7 is a diagram showing a description example for defining the meta information block 513 in the information area 51. In the example shown in FIG. 7, a name space indicating the meta information ID is given to the elements in the shared information block 512. Using this name space, the meta information indicated by each element in the shared information block 512 is referred to.

  FIG. 8 is a diagram illustrating an example in which the meta access control information block 711 and the meta shared information block 712 of the information area meta information 71 are described using XML. In the example shown in FIG. 8, the MetaInfo element corresponds to one information area meta information 71. The meta information ID is defined as the ID attribute of the MetaInfo element, and the service user ID that created the meta information is defined as the spID. Meta information can be described using “creator”, creation date (date), type (type), description language (language), etc. for “Hotel Room Number” which is shared information (resource). In addition, by setting the value of the anonymity element that specifies anonymity to “false” for this shared information, the signature of the XXX hotel reservation service will be attached to the shared information. Guarantee that it was created by the service. Alternatively, by setting the value of the element anonymity to “true”, it is possible to communicate with other services anonymously without disclosing who created the shared information. Furthermore, a rule for access authority to the shared information is defined using a rule element. In the example, a space user who has a contract with XXX Hotel ("XXX Hotel Contracted Service" is given as a space user attribute) is allowed to see and write, and the space user ID is "nnn" Reference and writing are disabled for space users.

  FIG. 9 is a diagram illustrating a description example of the access control information block 511 (AccessControl element) in the information area 51. As shown in FIG. 9, in the description of the access control information block 511 of the information area 51, the rule element of the information area meta information 71 is used. If you want to make the creator of the information area anonymous, set the anonymity attribute of the element InformationArea to "true". In order to guarantee who created the information area 51, the information area creator's signature can be attached. In that case, the Anonymity attribute of InformationArea is set to “false”. When the information area creator makes the created information area 51 anonymous, other space users can maintain anonymity, but the space owner and the space manager can specify the creator.

  In this space system, for example, a general-purpose computer can be used as basic hardware. The space system access control management unit 1, the space access control management unit 2, the ID light emission management unit 41, the signature light emission management unit 43, the information area management unit 45, and the access control information editing unit 8 are mounted on the computer device. This can be realized by causing a processor to execute a program. At this time, the space system may be realized by installing the above program in a computer in advance, or a magnetic disk (floppy (registered trademark) disk, hard disk, etc.), optical disk (CD-ROM, DVD, etc.), magneto-optical Recorded on a removable storage medium such as a disk (MO) or semiconductor memory, or distributed through a network such as a LAN (Local Area Network) or the Internet, and installed on a computer as appropriate. May be. The access control information storage unit 3, the ID storage unit 42, the signature management unit 44, the space storage unit 5, the space directory 6, and the meta information storage unit 7 are storage devices such as a memory and a hard disk device built in the computer, It can be realized by appropriately using a storage device such as a memory or a hard disk device externally attached to the computer, and a removable storage medium such as a floppy (R) disk.

In addition, an OS (operating system) operating on the computer based on an instruction of a program installed in the computer from the storage medium, MW (middleware) such as database management software, network software, and the like implement the present embodiment. A part of each process may be executed. The number of storage media is not limited to one, and the case where the processing in the present embodiment is executed from a plurality of media is also included in the storage medium of the present invention, and the media configuration may be any configuration.
The above computer executes each processing in the present embodiment based on a program stored in a storage medium, and includes any one of a device such as a personal computer and a system in which a plurality of devices are connected to a network. It may be configured as follows. The computer is not limited to a personal computer, but includes an arithmetic processing device, a microcomputer, and the like included in information processing equipment, and is a generic term for equipment and devices that can realize the functions of the present invention by a program.

Next, the operation of the space system configured as described above will be described.
First, an operation for creating the space and the information area 51 will be described. Here, it is assumed that the access of the information area creator is permitted by access control described later.
The registration of a new space owner in the space system is executed when the space manager requests the space system access control manager 1 to register the space owner. This request is notified from the space system access control management unit 1 to the space management unit 4. In response to this, the space management unit 4 creates a space for the designated new space owner. The created space is stored in the space storage unit 5.

  When the space owner is registered, the space manager instructs the creation of a plurality of information areas 51 in the created new space. In response to this instruction, the space management unit 4 creates a plurality of information areas 51 in the newly created space. When creating this information area, the space management unit 4 receives designation of the meta information ID of the information area 51 to be created, and creates the information area 51 according to the meta information managed in the meta information storage unit 7 with this meta information ID. . The space management unit 4 writes the meta information ID specified when the information area is created in the meta information block 513 of the created information area 51. The space management unit 4 sets the value of the meta access control information block 711 of the information area meta information 71 indicated by the meta information ID of the meta information block 513 as a default value in the created access control block of the information area 51.

  When an information area ID is specified by the space owner corresponding to the created space and registration of its own personal information is requested, the shared information management unit 453 registers it in the shared information block 512 of the information area 51. The shared information management unit 453 registers information according to the schema described in the meta shared information block 712 of the meta information referred to by the registration destination information area 51. Similarly, when a change in access control information is requested by the space owner, the shared information management unit 453 changes the access control information in the access control information block 511 in the information area 51.

  When the space user desires to create the information area 51, it is necessary to obtain the space owner ID or the space ID or the one-time ID from the space owner in advance. The space user designates one of these IDs and the meta information referred to by the information area 51 to be created, and requests the space management unit 4 to create the information area 51. When receiving the space owner ID or the one-time ID, the space management unit 4 replaces the ID with the corresponding space ID. The space management unit 4 creates the information area 51 by designating the space ID. The created information area 51 is stored in the space storage unit 5.

  When there is no existing meta information, the space user requests registration of new meta information before requesting creation of the information area 51. That is, the space user specifies the information area meta information 71 and requests meta information registration. Upon receiving this request, the space management unit 4 creates the specified meta information and stores it in the meta information storage unit 7.

Next, operations related to access control in the space system, the space and the information area 51, and information sharing under the access control will be described.
The space owner and the space user ask the space manager to obtain access authority to the space system. The space manager registers the access authority (the ID and password of the person) in the access control information storage unit 3 through the space system access control management unit 1, and whether or not the person can be registered and the ID of the person. And tell the password. When access is requested using the ID and password, the space system access control management unit 1 searches the access control information storage unit 3 for the ID and password. The space system access control management unit 1 determines that the authentication is successful if the ID and password are registered in the access control information storage unit 3, and otherwise determines as an error. The space system access control management unit 1 permits access to the space system if authentication is successful, and rejects access to the space system if an error occurs.

  When a space user accesses the space or information area 51, his / her space user ID and password, the space owner ID or space ID notified from the space owner corresponding to the space to be accessed, and the information area The access is requested to the space system access control management unit 1 by specifying the ID and the one-time ID. The space system access control management unit 1 searches the access control information storage unit 3 for the designated space user ID and password. The space system access control management unit 1 passes the access request to the space access control management unit 2 as successful authentication if the space user ID and password are registered in the access control information storage unit 3.

  Upon receiving the access request, the space access control management unit 2 passes the space owner ID or space ID, the information area ID, and the one-time ID specified by the space user to the space management unit 4 to access the space ID to be accessed. Request a transfer. In response to this request, the space management unit 4 transfers the passed ID to the space ID and the space user ID, and returns the space ID and the space user ID to the space access control management unit 2. The space access control management unit 2 searches the access control information storage unit for the transferred space ID and space user ID. The space access control management unit 2 determines that the authentication is successful if the space ID and the space user ID are registered in the access control information storage unit 3, and allows the space user to access the target space.

  When the ID specified by the space user is an information area ID, or when the specified ID is a one-time ID that is a transfer of the information area ID, the space management unit 4 determines the space user ID and the information area. The ID is specified, and the information area access control management unit 451 confirms whether or not access is possible. The information area access control management unit 451 determines whether or not the information area 51 specified by the information area ID is accessible from the information in the access control information block 511 of the corresponding space stored in the space storage unit 5. When access is possible, the information area access control management unit 451 allows the space user to access the target information area 51.

  When the space owner desires access to the space owned by the space owner or the information area 51, the space owner requests the access to the space system access control management unit 1 by specifying the space owner ID and password. When receiving this request, the space system access control management unit 1 searches the access control information storage unit 3 for the designated space owner ID and password. The space system access control management unit 1 determines that authentication is successful if the space owner ID and password are registered in the access control information storage unit 3, and passes the access request to the space access control management unit 2.

When receiving the access request, the space access control management unit 2 permits access to the space owned by the space owner because it is an access request from the space owner. Therefore, the space owner can basically freely access the information area 51 owned by the space owner. However, the space management unit 4 deletes an item with a signature in the information area 51 in response to a request from the space owner, but does not change the value.
In the above various authentication operations, when a plurality of permission conditions collide, an existing algorithm such as giving priority to the prior designation can be used.

Next, operations when the space system access control management unit 1, the space access control management unit 2, and the information area access control management unit 451 determine whether access is possible will be described.
The space system access control management unit 1 and the space access control management unit 2 determine whether an access requester (space owner or space user) can access the space system and the space. The information area access control management unit 451 determines whether or not the access requester can access the information area from the access control conditions described in the access control information block 511 of the corresponding information area information in the space storage unit 5.

The above access control conditions describe which resource (space system, space or information area 51) can be accessed or not accessible to the access requester, and which access requester can access the resource. There are two cases: describing whether access is impossible.
There are two methods for specifying the access requester in the access control condition: a method by specifying an ID and a method by specifying an attribute of the access requester. The attribute of the access requester is stored in the space directory 6. The relationship between the attribute values is stored in ontology information 72 of the meta information storage unit 7. There are two types of attribute designation: a method of directly designating attribute values and a method of designating based on ontology information 72.
Access control conditions can be specified for each access content. The access content is any one of creation, writing, reference, update, deletion, or temporary writing of the information area 51.
When the access requester designates a one-time ID and requests access, and the access control condition is defined in the one-time ID, the access control condition of the one-time ID is obeyed.

Next, an operation for providing the space owner's shared information anonymously will be described.
The space owner uses the one-time ID to anonymously provide space information to the space user. The space owner first passes the space owner ID and password to the space system access control management unit 1 to request access. When access by the space owner is permitted in each of the space system access control management unit 1 and the space access control management unit 2, the space owner can access the space management unit 4.

FIG. 10 is a diagram showing the processing and sequence of the space management unit 4 after allowing access by the space owner.
After the access to the space management unit 4 becomes possible, the space owner designates the space ID or information area ID that the user owns and requests the space management unit 4 to issue a one-time ID for the ID ( Step Sa1). At this time, the space owner also specifies the expiration date of the one-time ID and the access control condition possessed by the one-time ID to the space management unit 4. Further, the space owner designates the service user who can access using the one-time ID and the information area 51 which can be accessed or cannot be accessed using the one-time ID as the access control condition for the one-time ID. To do. The one-time ID is permitted to access only the space owned by the space owner who requested the issuance.

  In response to the above request, in the space management unit 4, in step Sb1, the ID issue management unit 41 issues a new one-time ID so as not to overlap with the already issued one-time ID. Subsequently, in the space management unit 4, the ID issuance management unit 41 in step Sb2 uses the issued one-time ID as information such as the space ID or information area ID, the expiration date, and the access control condition indicated in the issuance request. The ID is stored in the ID storage unit 42 in association with each other. In step Sb3, the space management unit 4 notifies the requesting space owner of the issued one-time ID.

  When making a service request to the space user, the space owner passes the one-time ID notified from the space system to the space user (step Sa2). The space user who has received the one-time ID designates the one-time ID, the space user ID and the password, accesses the space system access control management unit 1 and requests shared information. When the space system access control management unit 1 and the space access control management unit 2 permit access to the space system and the space, the space system access control management unit 1 and the space access control management unit 2 send the above request to the space management unit 4 (step Sc1).

  In response to the request for shared information, in step Sb4, the space management unit 4 changes the one-time ID indicated in the request. In order to transfer the one-time ID, the space management unit 4 first checks whether or not the expiration date associated with the designated one-time ID in the ID storage unit 42 has passed. When the expiration date has passed, the space management unit 4 denies access by the space user. If it is within the expiration date, the space management unit 4 acquires a space ID or information area ID associated with the designated one-time ID in the ID storage unit 42. Thereby, the space management unit 4 treats the access by the current one-time ID as equivalent to the access by the acquired space ID or information area ID, and the information area in which access to the space ID or information area ID is permitted. The space user is allowed to access 51. In step Sb5, the space management unit 4 reads from the space storage unit 5 the shared information stored in the information area 51 that is permitted to access the transferred space ID or information area ID. In step Sb6, the space management unit 4 sends the read shared information to the space user.

  The space user returns a personalized response for the space owner to the space owner using the shared information sent from the space system (step Sc2). If it is necessary to update shared information (new registration or change of shared information) in order to perform this personalized response, the space user specifies the one-time ID and requests the space system to update the shared information. (Step Sc3).

  If this request is received, in step Sb7, the space management unit 4 performs transfer of the one-time ID in the same manner as in step Sb4. In step Sb8, the space management unit 4 performs shared information update processing.

FIG. 11 is a flowchart of shared information update processing by the space management unit 4.
In step Sb81, the space management unit 4 confirms whether or not the update of the shared information block 512 requested to be updated is permitted for the transferred space ID or information area ID. If permitted, the space management unit 4 proceeds to step Sb82. In step Sb82, the space management unit 4 refers to the content described in the meta shared information block 712 of the information area meta information 71 that refers to the meta information block 513 in the same information area 51 as the shared information block 512 requested to be updated. To do. Subsequently, in step Sb83, the space management unit 4 confirms whether or not the requested update content matches the condition described in the meta shared information block 712. If the condition is met, the space management unit 4 proceeds to step SB84. In step Sb84, the space management unit 4 updates the shared information stored in the shared information block 512 requested to be updated based on the above request.

  By the way, the space user can specify that a signature is to be given to the shared information updated as described above. This designation of signature addition is added to the shared information update request and transmitted to the space management unit 4. In addition, in the designation of signature addition, the type of signature to be issued is designated. In some cases, a signature is specified in the meta-shared information block 712. In this case, the type of signature to be issued is specified in the meta shared information block 712.

  Therefore, in step Sb85, the space management unit 4 confirms whether or not a signature is specified. If so, the space management unit 4 proceeds to step Sb86. In step Sb86, the space management unit 4 issues a designated type of signature. In step Sb87, the space management unit 4 gives the issued signature to the item updated in step Sb84.

  If it is confirmed in step Sb81 that the update is not permitted, or if it is confirmed in step Sb83 that the communication content is not in accordance with the conditions, the space management unit 4 proceeds from step Sb81 or step Sb83 to step Sb88. move on. In step Sb88, the space management unit 4 rejects the update.

  Then, after completing the processing of step Sb87 or step Sb88, or when it is confirmed in step Sb85 that signature assignment is not specified, the space management unit 4 ends this shared information update processing.

  Thus, the space user can share the shared information of the space owner through the space system of the present embodiment. As an ID for a space user to access, a different one-time ID is issued every time an issuance is requested even for the same space owner. The one-time ID is invalidated after the expiration date. Accordingly, it is possible to prevent the shared information from being continuously accessed by the same one-time ID. Even if the same space owner requests a service from the same space user more than once, the space user is requested by the same space owner because the one-time ID is different each time. I cannot be certain. For this reason, it is impossible to track the space owner and it is possible to maintain anonymity.

  In addition, the update of the shared information is limited as necessary according to various access control conditions indicated by the access control information and the meta information. This can prevent the shared information from being unnecessarily altered.

  In addition, when a permanent signature is given, another person can specify the creator of the information area. When a signature other than a permanent signature is given or when no signature is given, the information area creator, the space owner corresponding to the space including the information area 51, and the space manager are the information area. The creator cannot be specified.

Next, operations related to update, notification, and reference of information in the access control information block 511 will be described.
In the access control information storage unit 3 or the access control information block 511, when the access permission to the space or the information area 51 is given to the ID of the space user A, the space access control management unit 2 or the information area access control management The unit 451 notifies the space user A having the newly permitted ID that the access permission has been issued.
When an attribute value in the space directory 6 is designated as an access control condition, update is notified to all space users who are permitted to access according to the attribute value.
In response to a request from the space user, the information area access control management unit 451 refers to the information area 51 that is permitted to be accessed by the space user. As a result, the space user can explicitly search the information area 51 accessible by the user and share the information.

Next, operations related to temporary writing will be described.
As an access control condition for the one-time ID, provisional write authority can be given. When an information update is requested by a space user who has been accessed with a one-time ID to which temporary writing authority is given, the space management unit 4 keeps the information before the update in the information area 51 while leaving the information before the update. The information area 51 is temporarily written. When the space user requests reference to the information area 51 on which temporary writing is performed in this way, the space management unit 4 presents the information before the update to the space user. When the space owner requests to refer to the information area 51 on which temporary writing is performed, the space management unit 4 presents both the information before update and the temporarily written information to the space owner or the information area creator. . When the permission of the temporarily written information is given by the space owner, the space management unit 4 deletes the information before the update and sets the temporarily written information as the formal information.
As a result, the information updated by the space user can be referred to by the space user only when the space owner permits the disclosure, and the information released by the space user can be arbitrarily restricted. It becomes possible to do.

Next, an operation related to changing access control conditions by the access control information editing unit 8 will be described.
The access control information editing unit 8 presents the access control conditions described in the access control information block 511 to the space owner on a screen as shown in FIG. 12, for example. Also, an instruction from the space owner is accepted on this screen. Then, the access control information editing unit 8 edits the access control condition described in the access control information block 511 in accordance with an instruction from the space owner. For example, in the information area 51 where the space user A is the creator, it is assumed that the space user A describes in the access control information block 511 the designation that the space user B and the space user C can access. If the space owner U corresponding to the space including the information area 51 specifies that the space user B and the space user C cannot access, the access control information editing unit 8 responds accordingly by accessing the access control information. The access control information stored in block 511 is modified so that access by space user B and space user C is not permitted.
Thereby, the space owner U can arbitrarily modify access to the space owned by the user so as to limit unintended sharing.

  If the creator of the information area 51 is the space owner U itself, the access control information editing unit 8 performs both deletion and addition of the space user who is permitted to access. However, when the creator of the information area 51 is not the space owner U itself, the access control information editing unit 8 only deletes the space user who is permitted to access. This prevents information from being unfairly shared as viewed from the information area creator.

  By the way, the space system of the present embodiment is applied to an environment in which a service provider provides a service to a service user via the Internet, for example. In this case, the space owner (service user) is operated as a Web browser, and the space user (service provider) and the space system are operated as a Web site. In this case, the steps shown in FIG. 10 are as follows.

Step Sa1: A service user logs in to a Web site provided by the space system using a Web browser.
Steps Sb1, Sb2: The space system receives the ID and password as login information by the service user and authenticates the service user. If the authentication is successful, the space management unit 4 issues a one-time ID and self-registers for management.
Step Sb3: The space management unit 4 returns an HTML document in which a one-time ID is given to a link to a Web site serving as a service provider, to the service user. FIG. 13 is a diagram showing an example of the above link.
Step Sa2: The service user passes the one-time ID to the service provider by accessing the service provider's website using the above link. At this time, an access control condition is set for the one-time ID so that only a space user who is an operator of the Web site indicated by the link can use it.
Step Sc1: The service provider's website accesses the space system using the one-time ID included in the link specified at the time of access, and sends information for requesting user information of the service user. FIG. 14 is a diagram illustrating an example of information for requesting user information. In the example of FIG. 14, a SOAP (Simple Object Access Protocol) message is used as the request format. The service provider authentication information is given in the header, and the one-time ID and the requested meta information area ID are given in the body.
Steps Sb4 and Sb5: In response to receiving the SOAP message, the space system authenticates the service provider from the service provider ID and password included in the header. When the space that the service user corresponding to the one-time ID has successfully has the information area 51 of the designated meta information area ID, the space management unit 4 reads the information in the information area 51.
Step Sb6: The space management unit 4 returns the read information as a SOAP message to the service provider's website.
Step Sc2: Upon receiving the SOAP message returned from the space system, the service provider's website returns an HTML document including information personalized for the service user according to this information to the Web browser used by the service user.
Step Sc3: The service provider's Web site accesses the space system again using the SOAP message in order to write the service content provided to the service user in the information area 51 possessed by the service provider. The SOAP message at this time includes the service provider ID and password in the header, the one-time ID in the body, the meta information area ID of the information area 51 to be written, and the information to be written.
Steps Sb7 and Sb8: Upon receiving the SOAP message, the space system authenticates the service provider using the header's service provider ID and password. When the authentication is successful and the space held by the service user has the information area 51 of the specified meta information area ID, the space management unit 4 rewrites the contents of the information area 51 with the specified information.

A specific example of a new service that can be provided by using the space system of the present embodiment will be described below.
The service exemplified here is a human resources mediation support service. The human resource mediation support service is a service that supports human resource mediation between a job seeker who is a human resource provider and a job recruiting company which is a human resource recipient via the Internet.

  In this human resource intermediation support service, the space owner is a job seeker or a job seeking company, the space user is a job seeking company or job seeker, and the space manager is a staffing company or job placement company. If the space owner is the job seeker and the space user is the job offer company, the job seeker has a designation that can only be accessed by job offer companies belonging to a certain group (for example, “foreign-affiliated”). By describing the access control information block 511 in the information area 51, only the foreign company can refer to the shared information (experience, skill, qualification, etc.) regarding the job seeker from the information area 51 of the job seeker. And it can restrict domestic companies from browsing shared information about job seekers. In this way, the job seeker can set the companies that can access the information area 51 for each group such as the type of business, the company size, the listed company, and the foreign company. Can be set by group such as experience, skills, qualifications.

  The job seeker creates his or her own space in the space system, and registers information such as experience, skills, and qualifications as shared information in the information area 51 in the space. FIG. 15 is a diagram illustrating a description example of shared information registered in the information area 51. In the example of FIG. 15, the experience of the job seeker is described as the experience element, the skill of the job seeker as the skill element, the qualification of the job seeker as the certified element, and the desired location of the job seeker as the place element.

  When a job seeker requests details of job offer information from a job offer company, the job seeker obtains a one-time ID from the space system prior to that request, and notifies the job offer enterprise of this one-time ID at the time of the above request. . The recruiting company can refer to the shared information registered in the information area 51 of the job seeker by accessing the space system using the one-time ID notified from the job seeker. Accordingly, the recruiting company can return the job offer information such as rewards and treatments personalized for the job seeker to the job seeker based on the shared information that can be referred to in this way.

  In this way, job information personalized for individual job seekers can be exchanged between the job seeking company and the job seeker. This makes it possible for job seekers to acquire job offer conditions that properly evaluate their skills, etc., and job recruiting companies can recruit the necessary personnel under appropriate conditions according to their skills. It becomes possible. Until this stage, since the job seeker is recognized by the job seeking company only with the one-time ID, the job seeking company cannot identify the job seeker. That is, the job seeker can obtain personalized job information while remaining anonymous.

In addition, this embodiment can be variously modified as follows.
For example, the sequence for providing the service from the service provider to the service user can be changed to other sequences as shown in FIGS.
FIG. 16 is a diagram showing a first modified example of a sequence for providing a service from a service provider to a service user. In addition, the same code | symbol is attached | subjected and shown to the process similar to FIG.
In this sequence, a service user who has received a one-time ID notification from the space system makes a service request indicating the one-time ID to the space system, not to the service provider (step Sa11). The space system that has received this service request transfers the service request to the service provider (step Sb11). The service provider that has received the service request acquires the shared information in the same manner as in the above embodiment (step Sc1 and step Sb6). Then, the service provider returns a personalized response for the service user. This response is returned to the space system as a response to the service request in step Sb11 (step Sc11). The space system returns this response to the service user as a response to the service request in step Sa11 (step Sb12).
Thus, in the sequence shown in FIG. 16, the space system also has a function of mediating the service provision itself, and the space system mediates all information exchange between the service user and the service provider.

FIG. 17 is a diagram showing a second modification of the sequence for providing a service from a service provider to a service user. In addition, the same code | symbol is attached | subjected and shown to the process similar to FIG.
In this sequence, the service user who has received the one-time ID notification from the space system sends a shared information request indicating the one-time ID (may be a permanent ID) to the space system (step Sa21). In response to this shared information request, the space system sends the shared information to the service user (step Sb21). The service user sends a service request indicating the one-time ID and the shared information to the service provider (step Sa22). As a response to this service request, the service provider returns a response personalized for the service user in step Sc2 as in the above embodiment, but this response is created based on the shared information indicated in the service request. The
Thus, in the sequence shown in FIG. 17, the service user acquires from the space system the shared information used for providing the personalized service.

FIG. 18 is a diagram showing a third modification of the sequence for providing a service from a service provider to a service user. In addition, the same code | symbol is attached | subjected and shown to the process similar to FIG.
In this sequence, the service user sends a service request to the service provider prior to obtaining the one-time ID (step Sa31). The service provider who received the service request redirects to the login screen of the space system. At this time, the service provider passes a session ID so that the service provider can be identified after login (step Sc31). Thereafter, the service user obtains a one-time ID as in the above embodiment. Then, the service user redirects showing the one-time ID and the session ID (step STSa32). Upon receiving this redirection, the service provider sends a shared information request to the space system, and thereafter, the same sequence as in the above embodiment is executed.
Thus, in the sequence shown in FIG. 18, redirection is used for switching the access destination by the service user.

  Note that the present invention is not limited to the above-described embodiment as it is, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage. Moreover, various inventions can be formed by appropriately combining a plurality of constituent elements disclosed in the embodiment. For example, some components may be deleted from all the components shown in the embodiment. Furthermore, constituent elements over different embodiments may be appropriately combined.

The block diagram which shows the structure of the space system which concerns on one Embodiment of this invention. The figure which shows an example of the content of the space directory 6 in FIG. The figure which shows the logical structure of the space storage part 5 and the meta information storage part 7 in FIG. The figure which shows an example of the content of ontology information 72 in FIG. The figure which shows the example which described the data structure of the information area 51 in FIG. 1 using XML. The figure which shows the example of a description which gives an effective period and an expiration date to the information area 51 in FIG. The figure which shows the example of a description which defines the meta information block 513 in the information area 51 in FIG. The figure which shows the example which described the meta access control information block 711 and the meta shared information block 712 of the information area meta information 71 in FIG. 1 using XML. The figure which shows the example of a description of the access control information block 511 of the information area 51 in FIG. The figure which shows the process and sequence of the space management part 4 in FIG. 1 after permitting the access by a space owner. The flowchart of the shared information update process by the space management part 4 in FIG. The figure which shows the example of a screen shown to a space owner by the access control information editing part 8 in FIG. The figure which shows the example which provided one time ID to the link to the website used as a service provider. The figure which shows an example of the information for requesting user information. The figure which shows the example of a description of the shared information registered into the information area 51 in FIG. The figure which shows the 1st modification of the sequence for providing a service from a service provider to a service user. The figure which shows the 2nd modification of the sequence for providing a service from a service provider to a service user. The figure which shows the 3rd modification of the sequence for providing a service from a service provider to a service user.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 ... Space system access control management part, 2 ... Space access control management part, 3 ... Access control information storage part, 4 ... Space management part, 5 ... Space storage part, 6 ... Space directory, 7 ... Meta information storage part, 8 ... access control information editing unit, 41 ... ID issue management unit, 42 ... ID storage unit, 43 ... signature issue management unit, 44 ... signature storage unit, 45 ... information area management unit, 51 ... information area, 71 ... information area meta information 72 ... Ontology information, 451 ... Information area access control management unit, 452 ... Meta information management unit, 453 ... Shared information management unit, 511 ... Access control information block, 512 ... Shared information block, 513 ... Meta information block, 711 ... Meta access control information block, 712... Meta shared information block.

Claims (16)

In an information sharing service providing apparatus that can access a first storage medium that stores shared information,
Means for issuing a time-limited ID in response to an issue request from an issue requester that designates an indefinite ID for permitting access to the shared information;
Means for managing the indefinite ID and the time-limited ID in association with each other;
The shared information that is permitted to be accessed with the indefinite ID that is managed in association with the designated term-limited ID in response to a provision request from the provision requester that designates the term-limited ID that is within the term Provided to the requesting party. An information sharing service providing apparatus characterized by comprising: Issuing a time-limited ID in response to an issuance request from an issuance requester that designates an indefinite ID that permits access to the shared information stored in the first storage medium,
Managing the indefinite ID and the time-limited ID in association with each other;
The shared information that is permitted to be accessed with the indefinite ID that is managed in association with the designated term-limited ID in response to a provision request from the provision requester that designates the term-limited ID that is within the term Is provided to the providing requester. An information sharing service providing method comprising: A computer capable of accessing a first storage medium storing shared information;
Means for issuing a time-limited ID in response to an issue request from an issue requester that designates an indefinite ID for permitting access to the shared information;
Means for managing the indefinite ID and the time-limited ID in association with each other;
The shared information that is permitted to be accessed with the indefinite ID that is managed in association with the designated term-limited ID in response to a provision request from the provision requester that designates the term-limited ID that is within the term Is read out from the first storage medium and functions as means for providing the request to the provision requester. The computer,
The shared information that is permitted to be accessed with the indefinite ID that is managed in association with the specified time-limited ID in response to an update request from the update requester that specifies the time-limited ID that is within the time limit The information sharing service providing program according to claim 3, wherein the information sharing service providing program is further made to function as an update means for updating the request according to the update request. The updating means includes
Means for temporarily storing the shared information updated in response to the update request in the first storage medium while the shared information requested to be updated by the update request is stored in the first storage medium; ,
The shared information that is temporarily stored in the shared information that is requested to be updated by the update request in response to the approval of the shared information that is temporarily stored by the owner of the shared information that is requested to be updated by the update request 5. The information sharing service providing program according to claim 4, comprising means for updating to information. The computer accessible to a second storage medium storing meta information defining a range of values of the shared information;
The update means functions to read the meta information stored in the second storage medium and update the shared information within a range of values determined by the read meta information. The information sharing service providing program according to claim 4. The computer,
5. The information sharing service according to claim 4, wherein when the shared information is updated by the updating means, the information sharing service further functions as an adding means for giving a signature indicating the update requester to the updated shared information. Offer program. The computer,
5. The information according to claim 4, wherein when the shared information is updated by the update means, the information is further made to function as an assigning means for assigning a signature indicating the attribute of the update requester to the updated shared information. Shared service provision program. A computer capable of accessing a third storage medium that stores meta information that determines whether or not a signature is required for the shared information;
When the meta information stored in the third storage medium is read out as the assigning means, and the shared information that is determined to need a signature with the read meta information is updated by the updating means 9. The information sharing service providing program according to claim 7, wherein the information sharing service providing program is made to function so as to give the signature only. The computer capable of accessing a fourth storage medium for storing an access control condition determined for the time-limited ID;
The access control condition set for the time-limited ID specified by the provision requester or the update requester is read, and the shared information to the provision requester is read according to the read access control condition. 5. The information sharing service providing program according to claim 3, wherein the information sharing service providing program further functions as a restricting unit that restricts updating of the shared information in response to the provision or the update request. 5th which memorize | stores the access control condition defined with respect to the information item contained in the said shared information, the information area which memorize | stores the said shared information in the said 1st storage medium, or the space which included the said information area in multiple numbers The computer capable of accessing a storage medium;
The access control condition stored in the fifth storage medium is read, and according to the read access control condition, the provision of the shared information to the provision requester or the sharing information in response to the update request 5. The information sharing service providing program according to claim 3 or 4, wherein the information sharing service providing program further functions as a restricting means for restricting updating. The access control condition provides information corresponding to an information item included in the shared information, an information area where the shared information is stored in the first storage medium, or a space including a plurality of the information areas. Alternatively, whether or not renewal is possible is determined for the provision requester or the renewal requester,
The restriction unit restricts the provision of the shared information to the provision requester or the update of the shared information according to the update request according to the provision requester or the update requester and the access control condition. The information sharing service providing program according to claim 11, wherein: The access control condition provides information corresponding to an information item included in the shared information, an information area where the shared information is stored in the first storage medium, or a space including a plurality of the information areas. Alternatively, whether or not updating is possible is defined for the provision requester or the attribute of the update requester,
The restriction means provides the shared information to the provision requester according to the attribute of the provision requester or the update requester and the access control condition, or updates the shared information according to the update request. 12. The information sharing service providing program according to claim 11, wherein the program is limited.   The restriction means restricts the provision of the shared information to the requester of provision, and restricts the update of the shared information in response to the update request, and restricts these restrictions to the individual access control conditions. The information sharing service providing program according to claim 10 or 11, wherein the information sharing service providing program is performed according to the method.   12. The information sharing service providing program according to claim 10, further causing the computer to function as a changing unit that changes the access control condition.   The changing unit reinforces restrictions when changing the access control condition determined by a person other than the owner for the shared information of the owner in response to a request from the owner of the shared information. The information sharing service providing program according to claim 15, wherein the access control condition is changed only as described above.

Images