JP2005141642A - Information management system, information management method, information management program, and recording medium with the program recorded thereon - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an information management system by which access control for a file and a folder and access control for contents of the file are achieved in a common system, and to provide an information management method, an information management program, and a recording medium with the program recorded thereon. <P>SOLUTION: A request reception/reply means 21 receives an information provision request message from an information request main body 1. A consent determination means 22 determines consent conditions on the basis of information included in the information provision request message and consent condition information 23 to extract consent action. A reply content generation means 25 acquires necessary information from storage information 28 on the basis of the consent action being the result of consent determination, and generates reply contents to provide the reply contents, through the request reception/reply means 21, to the information request main body 1. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to an information management system that provides information via a network, an information management method, an information management program, and a recording medium that records the program, and in particular, access control for files and folders and access control for content elements of files. This is related to a technology that realizes the above in a common mechanism based on permission conditions.

  Conventionally, access control performed when information is provided and shared via a network is based on user information such as reading, writing, and executing operations on a file, such as a UNIX (registered trademark) file system. There is a technology to control. There is also a technique for performing access control on each content element of an XML file by XACML (eXtensible Access Control Markup Language) which is a language specification for access control. A system that enables flexible condition setting for such access control is also disclosed (see, for example, Patent Document 1). In this way, access control technology is indispensable in systems that provide information or share information over a network because it is important to provide information reflecting the information provider's intention to provide information. It has become.

JP 2001-184264 A (paragraphs [0010] to [0013])

  When providing information, access to files and folders may be controlled according to conditions, and content elements of files that are permitted to be read may be similarly controlled according to conditions. For example, when a condition is set for a reading operation of a certain document file and the reading is permitted, a part of the document as the content is further changed according to the condition.

  However, the above-described conventional techniques are a mechanism for restricting operations on files and folders on the file system and a mechanism for restricting operations such as reading XML elements that are the contents of XML files. Since these mechanisms are separate and independent technologies, it is difficult to realize access control simultaneously by mixing both mechanisms. On the other hand, from the viewpoint of convenience in information management, it has been required to simultaneously realize both access control to files and folders and access control to content elements of files by the same mechanism.

  Therefore, the present invention has been made in view of such a problem, and an object of the present invention is to provide an information management system and an information management system that realize access control for files and folders and access control for file contents in a common mechanism. A management method, an information management program, and a recording medium recording the program are provided.

  In order to achieve the above-described object, the invention of claim 1 sets the files, folders, and file elements on the file system as management targets in the same unit, and provides necessary information from the management targets in accordance with a request from the information provider. An information management system to be obtained and provided, wherein permission condition information in which access control for files, folders and file elements is defined, storage information in which information to be provided to the information request subject is stored, and the information request Permission determination means for determining permission of information provision to the information requesting body based on the information providing request and the permission condition information received from the body by the same processing for the file, folder and file element; Based on the result of the permission determination by the permission determination means, the necessary information is acquired from the stored information, and the information is used as the response content. To and a reply content generating means to be provided to generate and information requesting entity Te characterized. Accordingly, conditions can be set for access to individual files and folders on the file system, and conditions can be set for access to each element that is the contents of the file. In addition, since the control mechanism and condition setting method for files and folders and the control mechanism and condition setting method for each element that is the contents of the file are common, there is an advantage that information management becomes easy. There is an advantage that the range of information management implemented in the information management system is widened.

  The invention according to claim 2 is the information management system according to claim 1, further comprising communicating with the information requesting body, receiving an information providing request from the information requesting body, interpreting the content of the information providing request, Request acceptance / reply means is provided for requesting permission judgment from the permission judgment means, and for replying information of the response content generated by the response content generation means to the information requesting subject.

  The invention according to claim 3 is the information management system according to claim 1 or 2, wherein the permission condition information corresponds to a permission condition related to information provision and a permission condition for access control to files, folders, and file elements, respectively. It is defined by the description of the permission operation to be performed.

  The invention of claim 4 is the information management system according to any one of claims 1 to 3, further comprising a license information storage medium for storing the license condition information, wherein the license determination means The permission condition information stored in the information storage medium is accessed to determine permission for information provision.

  According to a fifth aspect of the present invention, in the information management system according to the fourth aspect, the permission determination means is based on an information provision request received from an information requesting entity and permission condition information stored in the permission information storage medium. The license condition and the license operation are specified, the license condition is determined, the license operation is extracted, and the license operation is passed to the response content generation unit as a result of the license determination.

  According to a sixth aspect of the present invention, in the information management system according to the fifth aspect, the permission judgment unit extracts a permission operation that is not permitted, and passes the permission operation that is not permitted to the response content generation unit as a result of the permission determination. In this case, the response content generation unit generates a response content indicating that the information provision request is not permitted without obtaining information from the stored information based on the result of the non-permission received from the permission determination unit. Provided to the information requesting entity.

  According to a seventh aspect of the present invention, in the information management system according to the fifth aspect, when the permission determination unit extracts a permission operation of permission and passes the permission operation of the permission to the response content generation unit as a result of the permission determination In addition, the response content generation means acquires necessary information from the stored information based on the result of permission received from the permission determination means, generates the information as response content, and provides the information requesting entity with the information. Features.

  According to an eighth aspect of the present invention, in the information management system according to the fifth aspect, the license is determined based on the information provision request received from the information requesting body by the permission determination means and the license condition information stored in the license information storage medium. When the operation cannot be extracted, the permission determination means passes the permission permission operation to the response content generation means as a result of the permission determination, and the response content generation means, based on the permission result received from the permission determination means, Necessary information is acquired from the stored information, and the information is generated as a response content and provided to the information requesting subject.

  The invention of claim 9 is the information management system according to any one of claims 5 to 8, further comprising: an information storage medium for storing the storage information; and storage information stored in the information storage medium. And storing information access means for managing access.

  According to a tenth aspect of the present invention, in the information management system according to the ninth aspect, the storage information access means manages access to the storage information stored in the information storage medium, and according to a request from the response content generation means. Necessary information is acquired from the stored information, and the information is returned to the response content generation means.

  The invention according to claim 11 is the information management system according to claim 10, wherein when the information provision request from the information requesting subject is a request for obtaining a structured information file, the stored information access means generates a response content Obtaining a structured information file stored in an information storage medium in accordance with a request from the means, storing the structured information file in a memory, and returning element-by-element information in the structured information file to a response content generating means It is characterized by. As a result, conditions can be set for access to each element as the contents of the structured information file, and information can be handled in units.

  According to a twelfth aspect of the present invention, in the information management system according to the eleventh aspect, the storage information stored in the information storage medium is stored in units of elements in the structured information file from the stored information access means to the response content generation means. Flag information for discriminating between the provision of information and the provision of information collectively for the entire file, and the stored information access means returns necessary information to the response content generation means based on the flag information. It is characterized by. Thereby, the management object in the information management system can be expanded not only to the unit of the file or folder but also to the element unit of the structured file by the flag information.

  According to a thirteenth aspect of the present invention, in the information management system according to the eleventh aspect, the response content generation means requests the permission determination means for each element of the structured information file, and the result of the permission determination The license operation is received from the license determination unit, and information that is an element of the structured information file is acquired via the stored information access unit based on the license operation, and structured information is constructed in the memory, and the license determination is performed. It is characterized in that the structured information when the processing is completed for all elements is generated as the response content by repeating the processes of receiving the request, receiving the permission operation, acquiring the information, and constructing the structured information. This makes it possible to control structured information on an element-by-element basis, for example, refusal of a read operation for part of a content element in a structured information file or replacement of part of a content element with other information. Control can be performed. That is, it is possible to provide information after controlling not only the access control to the files and folders but also the contents of the structured information file.

  The invention according to claim 14 is the information management system according to claim 10, wherein the information provision request from the information requesting subject is a folder acquisition request, and has a file and another folder under the folder. The response content generation means requests the permission determination means for permission determination for each file and other folder under the folder, receives the permission operation as a result of the permission determination from the permission determination means, and performs the permission operation. The necessary information is acquired from the stored information access means based on the above, and the processing for all the files and other folders is completed by recursively repeating the processing for requesting permission determination, receiving permission operation, and acquiring information. Binary data that archived the folder including the subordinate files and other folders as the response content Characterized in that it formed. However, this is a case where the permission operation, which is the result of the permission determination received from the permission determination means, is a permission operation indicating an operation for acquiring necessary information.

  According to a fifteenth aspect of the present invention, in the information management system according to any one of the first to fourteenth aspects, the permission condition information is stored as user information whose access control for files, folders, and file elements is an information requesting entity. The information is defined as a condition, and the response content generation means generates different response content for the same information provision request from different information requesting entities.

  The invention of claim 16 is an information management method in which files, folders, and file elements on a file system are managed in the same unit, and necessary information is acquired from the management target according to a request from an information provider. Receiving an information provision request from the information requesting entity, and providing information to the information requesting entity based on the information providing request and permission condition information in which access control for files, folders and file elements is defined For the elements of the file, folder and file, and based on the result of the permission determination, obtain necessary information from the stored information storing the information to be provided to the information requesting entity, The acquired information is generated as a response content, and the generated response content is provided to the information requesting subject.

  According to a seventeenth aspect of the present invention, in the information management method according to the sixteenth aspect, the permission condition information is information that is defined on the condition that user control of an information requesting entity is access control for files, folders, and file elements, When the same information provision request from different information requesting bodies is received, different response contents are generated.

  The invention according to claim 18 is a process in which files, folders, and file elements on a file system are managed in the same unit, and necessary information is acquired and provided from the management target according to a request from an information providing entity. An information management program to be executed by a computer constituting a management system, wherein a process for receiving an information provision request from the information requesting entity, and the information provision request and access control for files, folders, and file elements are defined Based on the condition information, a process for determining permission of information provision to the information requesting body in the same process for the file, folder, and file element, and the information request based on the result of the permission determination A process for acquiring necessary information from stored information in which information provided to the subject is stored, and the acquired information And generating as an answer contents, and processing for providing the reply thus generated to the information requesting entity and characterized by causing the computer to perform.

  The invention according to claim 19 is the information management program according to claim 18, wherein the permission condition information is defined on the condition that the access control for the elements of the file, folder and file is based on the user information of the information requesting subject. When the same information provision request from different information requesting bodies is received, the computer is caused to execute processing for generating different response contents.

  The invention of claim 20 is a recording medium on which the information management program according to claim 18 or 19 is recorded.

  According to the present invention, access control for files and folders and access control for file contents can be realized by a common mechanism. Thereby, the convenience in information management can be improved. In addition, when an information requesting entity having different user information makes an acquisition request for the same stored information, not only the access to the file or folder is controlled according to each information requesting entity, but also the contents element of the file Different information and different information can be provided to each information requesting entity. Thereby, the convenience in information management can be further improved.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
FIG. 1 is a block diagram showing a schematic configuration of an information management system according to an embodiment of the present invention. A series of processing will be described with reference to FIG. The information management system 2 stores request acceptance / response means 21, permission determination means 22, permission information storage medium 23 for storing permission condition information 24, response content generation means 25, stored information access means 26, and storage information 28. An information storage medium 27 is provided. The request reception / reply means 21 receives the information provision request message from the information requesting entity 1 via the network, and interprets the content of the information provision request message. The request receiving / replying unit 21 passes the information included in the information provision request message to the permission determining unit 22 and permits the operation of the stored information 28 by the information requesting entity 1 to the permission determining unit 22. Request judgment. Here, the information provision request message includes identification information for identifying storage information to be operated, request operation information (for example, storage information acquisition operation), and user information used for permission determination. The information requesting entity 1 is a computer that is operated by a user who requests information provision from the information management system 2 and communicates with the information management system 2 via a network.

  The permission determination unit 22 receives the identification information of the stored information, the request operation information, and the user information in the information provision request message from the request reception / reply unit 21. Based on the information, the permission determination unit 22 refers to the permission condition information 24 stored in the permission information storage medium 23 to identify the corresponding part, determines the permission condition satisfied by the user information, and determines the permission condition. The permission operation corresponding to is extracted. In addition, the permission determination unit 22 passes the extracted permission operation as a result to the response content generation unit 25.

  An example of the license condition information 24 stored in the license information storage medium 23 is shown in FIG. The license condition information 24 includes stored information identification information, request operation information for the stored information, license condition information, and license operation information to be performed by the response content generation unit 25 when the license exclusion condition is satisfied. Is described. It should be noted that a set of identification information and a requested operation is set for a set of identification information and a requested operation, such as “permission condition 1” and “permission operation 1” for “stored information identification information 1” “acquisition” shown in FIG. The license condition and the license operation may be described, or “license condition 2”, “license operation 2”, “license condition 3”, “license operation 3”, “license” with respect to “identification information 2 of stored information” “acquisition” As in “Condition 4” and “Permission Operation 4”, a plurality of sets of permission conditions and permission operations may be described for a set of identification information and a requested operation.

  Here, the permission operation is interpreted and executed by the response content generation means 25. For example, an operation of acquiring the stored information 28, or a structure in which the information under the stored information 28 is recursively acquired while passing the permission determination request to the permission determination means 22 and making the determination, and the acquired information is collected. There are operations such as building an information file and doing nothing. It should be noted that the operation range can be easily expanded by additionally defining operations that can be interpreted and executed by the response content generation means 25 in the license condition information 24 stored in the license information storage medium 23.

  The response content generation means 25 receives the permission operation from the permission determination means 22 and acquires the storage information 28 stored in the information storage medium 27 via the storage information access means 26 as necessary based on the permission operation. Then, the response content is generated, and the response content is returned to the information requesting entity 1 via the request reception / response means 21.

The response content generation processing by the response content generation means 25 will be described with a specific example.
[When storage information A is specified as a permission operation]
Upon receipt of the permission operation “acquisition of storage information A” from the permission determination means 22, the response content generation means 25 passes the storage information A acquisition request information to the storage information access means 26. The storage information access unit 26 receives the storage information A acquisition request information from the response content generation unit 25, and searches the storage information 28 from the storage information 28 stored in the information storage medium 27. When the storage information A is a folder, the storage information access unit 26 acquires a list of files and folders stored in the folder and returns the list to the response content generation unit 25. The response content generation means 25 generates the list as response content and returns it to the information requesting entity 1. Here, the information described as a list is information representing the identification information of the storage information 28 stored in the information storage medium 27 and is a file path. If the storage information A is a file, the storage information access unit 26 acquires the binary data of the file and returns it to the response content generation unit 25. The response content generation means 25 generates the binary data as response content and returns it to the information requesting entity 1.

  When the storage information A is a structured information file (for example, an XML file), the storage information access unit 26 acquires the file that is the storage information A, and raises the file on the memory (stores it in the memory). The contents are referred to, and a list of root elements of the structured information is returned to the response contents generating means 25. The response content generation unit 25 generates the list as return content and returns it to the information requesting entity 1. In this case, the stored information access unit 26 may raise the structured information file to the memory and return it to the response content generation unit 25 element by element, or may return the entire file as binary data at once. . These determinations, that is, the determination of element-by-element return and batch return of binary data, are performed based on flag information that is given in advance as identification information to the structured information file.

[If nothing is specified as the permission operation]
This operation is performed when the permission determining unit 22 determines a permission condition or the like and extracts a permission operation corresponding to the permission condition. For example, the permission operation is “non-permitted” and the information requesting request from the information requesting entity 1 is made. When rejected, it is passed to the response content generating means 25. When the response content generation means 25 receives the permission operation “Do nothing (no permission)” from the permission determination means 22, it generates an empty result as the response content without executing anything, and the response content of the empty result Is returned to the information requesting entity 1.

[When it is specified that the information under the stored information A is recursively acquired as a permission operation while making a permission determination request, and it is designated as a structured file.]
This operation is set in response to a structured information file acquisition request. Here, it is assumed that the permission determination unit 22 extracts the operation as a result of the permission determination regarding the acquisition request of the storage information A that is the structured information file. Further, it is assumed that the storage information A, which is a structured information file, is raised on the memory by the storage information access means 26 and provided in element units. First, when the response content generating unit 25 receives a permission operation “recursively acquiring information under storage information A while making a permission determination request and combining them into a structured file” from the permission determination unit 22, The acquisition request information of the storage information A is passed to the storage information access means 26. The stored information access means 26 retrieves the stored information A from the stored information 28 stored in the information storage medium 27, raises the stored information A, which is a structured information file, on the memory, and represents a list representing the root element of the content element Is returned to the response content generation means 25. The response content generation unit 25 generates and holds an instance of the structured information of the storage information A on the memory based on the list returned from the storage information access unit 26, and adds an element to the instance based on the list. .

  Next, the response content generation unit 25 passes the information on the permission determination request to the permission determination unit 22 based on the information described in the list. The request operation in this permission determination request is a request operation for acquisition similar to the request operation that has already been received from the information requesting entity 1 via the request reception / reply means 21. Upon receiving the permission determination request information from the response content generation means 25, the permission determination means 22 performs the same processing as the permission determination request processing from the request reception / reply means 21. That is, the permission determination means 22 identifies the corresponding part by referring to the permission condition information 24 stored in the permission information storage medium 23 based on the information of the permission determination request received from the response content generation means 25, Using the user information received from the information requesting entity 1 via the request receiving / replying means 21, the license condition satisfied by the user information is determined, and the license operation corresponding to the license condition is extracted. In addition, the permission determination unit 22 passes the permission operation extracted as a result of the permission determination to the response content generation unit 25. When the permission operation extracted as a result of the permission determination is acquisition of stored information, the response content generation means 25 makes a storage information acquisition request to the storage information access means 26 in accordance with the permission operation.

  As long as the list is returned as a result of the storage information acquisition request to the storage information access unit 26, the response content generation unit 25, as described above, creates the structured information based on the list returned from the storage information access unit 26. An instance is constructed, a permission determination is requested to the permission determination means 22 based on information described in the list, a permission operation is received from the permission determination means 22, and storage information based on the permission operation is acquired. That is, the response content generation unit 25 recursively repeats such processing. Then, the response content generation means 25 converts the instance of the structured information constructed on the memory into binary data at the time when the permission determination and the acquisition of the storage information accompanying the storage information under the storage information A are all completed. The response contents are generated by conversion, and the binary data is returned to the request reception / reply means 21 as a result of the acquisition request to the stored information A by the information requesting entity 1. The request reception / reply means 21 receives binary data from the reply content generation means 25 and returns the reply contents of the binary data to the information request subject 1 as a result of the information provision request by the information request subject 1.

  In the series of processes related to the structured information file described above, when the permission determination unit 22 determines permission for a storage information (structured information file element) acquisition request, storage information that differs depending on user information is acquired. Is set in the permission condition information 24 so as to be extracted as a permission operation, the instance of the structured information constructed by the response content generation means 25 can be made different depending on the user information. Therefore, even if each information requesting entity having different user information requests acquisition of the same stored information A and permits the storage information A to be acquired for both, the information management system 2 It is possible to control the content of the information (stored information A) provided to the information requesting subject to be partially different.

Examples of the present invention will be specifically described below.
In this embodiment, the information requesting entity 31, the information requesting entity 32, and the information requesting entity 33 corresponding to the information requesting entity 1 shown in FIG. When requesting acquisition, the information management system 2 disallows access to “File_a.xml” to the information requesting entity 31 and provides “File_a.xml” to the information requesting entity 32 as it is. It is assumed that a part of the contents of “File_a.xml” is changed and provided to the information requesting entity 33.

  FIG. 3 is a diagram illustrating a storage state of the storage information 28 stored in the information storage medium 27 that serves as a file system in the present embodiment. In the figure, the information storage medium 27 includes a folder named “Folder_A” and a folder named “Folder_B”. Under the folder, a file named “File_a.xml” and a file “File_b.txt”, respectively. A file named "" is stored. Each folder and file is designated in the same way as the path designation in the file system. For example, “File_a.xml” can be specified by “/Folder_A/File_a.xml”. Also, as shown in FIG. 3, “File_a.xml” has the contents of XML structured information, and “File_b.txt” has the contents of text information.

  FIG. 4 is a diagram for explaining the license condition information 24 stored in the license information storage medium 23 in the present embodiment. In the figure, the permission condition information 24 indicates that the operation requesting “/Folder_A/File_a.xml” is “non-permitted” if the information requesting entity 31 that requested acquisition of the information is the information requesting entity 31. In the case of the information requesting entity 32 or the information requesting entity 33, the operation is set to be “permitted” and “recursively obtain information under“ /Folder_A/File_a.xml ””. Also, regarding the acquisition operation of “/Folder_A/File_a.xml/element_a1/element_a3”, if the information requesting entity that requested acquisition of the information is the information requesting entity 33, the information ““ /Folder_B/File_b.txt ” Is set to "get". Further, when no permission condition is set, all the requested operations can be “permitted”.

A case where the information requesting bodies 31 to 33 request the information management system 2 to acquire “/Folder_A/File_a.xml” in a state where the permission condition information 24 illustrated in FIG. 4 is set will be described.
[When the information requesting entity 31 requests acquisition of “/Folder_A/File_a.xml”]
The request receiving / replying means 21 receives the request contents (identification information “/Folder_A/File_a.xml” of the stored information and “acquirement” of the requested operation) and user information (information requesting entity 31) from the information requesting entity 31. The received information provision request message is received, and the request contents and user information are passed to the permission judging means 22. Based on the received request content, the permission determination means 22 specifies a corresponding part from the permission condition information 24 stored in the permission information storage medium 23. In this specific part, regarding the “acquisition” request operation for “/Folder_A/File_a.xml”, when the operation source is the information requesting entity 31, the permission operation is “not permitted”. Accordingly, the permission determination unit 22 extracts the permission operation “non-permission” and passes the information on the permission operation to the response content generation unit 25. Upon receiving the permission operation “not permitted” from the permission determination means 22, the response content generation means 25 generates an empty result as the response content without executing anything, and receives the response result of the empty result as a request reception / response means. Return to 21. The request receiving / replying means 21 notifies the information requesting entity 31 that the requested operation has been rejected. As a result, the information management system 2 can restrict access to “/Folder_A/File_a.xml” to the information requesting entity 31.

[When the information requesting entity 32 requests acquisition of “/Folder_A/File_a.xml”]
The request reception / reply means 21 receives the request contents (identification information “/Folder_A/File_a.xml” of the stored information and the request operation information “acquisition”) and user information (information requesting entity 32) from the information requesting entity 32. The received information provision request message is received, and the request contents and user information are passed to the permission judging means 22. Based on the received request content, the permission determination means 22 specifies a corresponding part from the permission condition information 24 stored in the permission information storage medium 23. This specific part is for the request operation of “acquisition” for “/Folder_A/File_a.xml”. When the operation source is the information requesting entity 32, the permission operation recurses the information under “/Folder_A/File_a.xml”. Is "obtained automatically". Accordingly, the permission determination unit 22 extracts the permission operation “recursively obtains information under“ /Folder_A/File_a.xml ”” and passes the information on the permission operation to the response content generation unit 25.

  Upon receiving the permission operation from the permission determination means 22, the response content generation means 25 first passes the acquisition request information “/Folder_A/File_a.xml” to the storage information access means 26. The stored information access unit 26 raises “File_a.xml”, which is a structured information file (XML file), on the memory, refers to the file contents, and indicates “/ Folder_A / File_a” indicating “element_a1” which is the highest element. .xml / element_a1 ”as a list is returned to the response content generation means 25. The response content generation unit 25 receives the list from the stored information access unit 26, generates an instance of structured information on the memory, and adds “element_a1” in the list as an element of the structured information. Further, the response content generation means 25 continues to hold this instance until the generation of the response content is finally completed. Then, the response content generation unit 25 requests the permission determination unit 22 to determine permission for the acquisition request operation for “/Folder_A/File_a.xml/element_a1” in the list.

  Based on the permission determination request from the response content generation means 25, the permission determination means 22 specifies the corresponding part from the permission condition information 24 stored in the permission information storage medium 23. This specific part is not set for the “acquire” request operation for “/Folder_A/File_a.xml/element_a1”. Accordingly, the permission determination unit 22 passes the information on the permission operation “permission” to the response content generation unit 25. The response content generation means 25 receives the information on the permission operation “permission” from the permission determination means 22 and passes the acquisition request information “/Folder_A/File_a.xml/element_a1” to the storage information access means 26. Based on the acquisition request, the stored information access means 26 refers to the contents of “File_a.xml” stored in the memory, and “/ Folder_A” indicates an “element_a2” element that is a child element of the “element_a1” element. /File_a.xml/element_a1/element_a2 ”and“ /Folder_A/File_a.xml/element_a1/element_a3 ”indicating the“ element_a3 ”element are returned to the response content generation means 25 as a list.

  The response content generation means 25 receives the list from the stored information access means 26, and adds “element_a2” and “element_a3” in the list to the child of the “element_a1” element in the structured information held as an instance on the memory. Add as an element. The response content generation means 25, in the same procedure, sequentially determines the permission judgment of the acquisition request operation for “/Folder_A/File_a.xml/element_a1/element_a2” and “/Folder_A/File_a.xml/element_a1/element_a3” in the list. A request is made to the permission determination means 22. The permission condition information 24 shown in FIG. 4 includes an operation request source for an “acquire” request operation for “/Folder_A/File_a.xml/element_a1/element_a2” and “/Folder_A/File_a.xml/element_a1/element_a3”. When the information requesting entity 32 is selected, it is not set. Accordingly, the permission determination unit 22 passes the information on the permission operation “permission” to the response content generation unit 25. The response content generation means 25 receives the permission operation “permission” information from the permission determination means 22 and obtains the request for obtaining “/Folder_A/File_a.xml/element_a1/element_a2” and “/Folder_A/File_a.xml/element_a1/element_a3”. The information is passed to the stored information access means 26, respectively. The response content generation means 25 receives binary data representing “ABC” and binary data representing “DEF” from the storage information access means 26.

  The response content generation means 25 adds these binary data to the structured information held as an instance. In this case, binary data is converted into a character string and added as element contents. That is, “ABC” is added as the element content of the “element_a2” element, and “DEF” is added as the element content of the “element_a3” element. When all the recursive acquisitions are completed, the response content generation means 25 converts the structured information constructed as an instance into binary data, and the binary data is acquired for “/Folder_A/File_a.xml” by the information requesting entity 32. As a result of the request, it is returned to the request reception / reply means 21. The request reception / reply means 21 returns the binary data received as a result of the acquisition request to the information requesting entity 32. The information requesting entity 32 saves the returned binary data as a file named “File_a.xml”. Thereby, the information management system 2 can provide information to the information requesting entity 32 after performing control based on the permission condition information.

[When the information requesting entity 33 requests acquisition of “/Folder_A/File_a.xml”]
Here, among the processing when the information requesting entity 32 requests acquisition of “/Folder_A/File_a.xml” as described above, the response content generation means 25 acquires for “/Folder_A/File_a.xml/element_a1/element_a3”. The same processing as the processing until the permission determination means 22 is requested for permission determination of the requested operation is performed. In the permission condition information 24 shown in FIG. 4, regarding the “acquire” request operation for “/Folder_A/File_a.xml/element_a1/element_a3”, the permission operation when the operation source is the information requesting entity 33 is “Folder_B "Acquisition of /File_b.txt" is set. Accordingly, the permission determination means 22 requested to determine permission for the acquisition request operation for "/Folder_A/File_a.xml/element_a1/element_a3", the permission operation "" Folder_B / Information on “acquisition of File_b.txt” is passed to the response content generation means 25. The response content generation means 25 receives the information on the permission operation from the permission determination means 22 and passes the acquisition request information of “Folder_B / File_b.txt” to the storage information access means 26. The storage information access means 26 reads “File_b.txt. Since “is a text file, the contents are returned to the stored information access means 26 as binary data.

  The response content generation means 25 receives the binary data, converts it into a character string, and adds it to the structured information held as an instance. In this case, the converted character string is added as the element content of the “element_a3” element. That is, “XYZ” is added to the element content of the “element_a3” element. When all the recursive acquisitions are completed, the response content generation unit 25 converts the structured information constructed as an instance into binary data, and the binary data is acquired for “/Folder_A/File_a.xml” by the information requesting entity 33. As a result of the request, it is returned to the request reception / reply means 21. The request reception / reply means 21 returns the binary data received as a result of the acquisition request to the information requesting entity 33. The information requesting entity 33 saves the returned binary data as a file named “File_a.xml”. Thereby, the information management system 2 can provide information to the information requesting entity 33 after performing control based on the permission condition information.

  As described above, according to the information management system 2 according to the embodiment of the present invention, the permission determination means 22 defines the permission condition information 24 that defines the conditions for controlling access to the content elements of the file, folder, and structured information file. The response content generation means 25 generates the response content for the information requesting entities 1, 31 to 33 based on the permission operation that is the result of the permission determination. That is, under the information management system 2 that manages the content elements of files, folders, and structured information files in the same unit, the permission determination means 22 determines the permission by handling them equally at the same level. As a result, access control for files and folders and access control for content elements of structured information files can be realized by a common mechanism.

  Further, according to the information management system 2 according to the embodiment of the present invention, the user information of the information requesting entities 1, 31 to 33 can be defined in the permission condition information 24 as a condition for controlling access to a file or the like. The permission determination means 22 makes a permission determination based on the permission condition information 24, and the response content generation means 25 generates response contents for the information requesting entities 1, 31 to 33 based on the permission operation as a result of the permission determination. I did it. Thereby, when different information requesting bodies 32 and 33 request acquisition of the same stored information 28 (“/Folder_A/File_a.xml”), the information management system 2 responds to the information requesting bodies 32 and 33, respectively. In addition to controlling access to files and folders, the contents of the structured information file can be controlled to be partially different, and different information can be provided to the information requesting bodies 32 and 33, respectively.

  Further, the information management system 2 according to the embodiment of the present invention includes a request receiving / replying means 21, a permission determining means 22, a permission information storage medium 23, a response content generating means 25, a stored information access means 26, and an information storage medium 27. The information management system 2 can be configured as two or more devices by arranging the request receiving / replying means 21 etc. as separate devices on the network. You may make it comprise.

  In addition, the information management provided with the request receiving / replying means 21, the permission determining means 22, the permission information storage medium 23, the response content generating means 25, the stored information access means 26, and the information storage medium 27 according to the embodiment of the present invention. The system 2 is configured by a computer incorporating software for executing each process. These software can be stored and distributed in a storage medium such as a magnetic disk (floppy disk, hard disk, etc.), optical disk (CD-ROM, DVD, etc.), semiconductor memory, etc. as a program that can be executed by a computer. . When the information management system 2 is composed of two or more devices by separating the request reception / response means 21 and the like, the information management system 2 includes a plurality of computers incorporating software for executing the respective processes. Consists of.

It is a block diagram explaining the schematic structure of the information management system which concerns on embodiment of this invention. It is a figure explaining the permission condition information stored in the permission information storage medium of the information management system of FIG. It is a figure explaining the stored information stored in the information storage medium in the Example of an information management system. It is a figure explaining the permission condition information stored in the permission information storage medium in the Example of an information management system.

Explanation of symbols

1, 31-33 Information requesting entity 2 Information management system 21 Request accepting / replying means 22 Permission judging means 23 Permission information storage medium 24 Permission condition information 25 Response content generating means 26 Stored information access means 27 Information storage medium 28 Stored information

Claims (20)

It is an information management system in which files, folders, and file elements on a file system are managed in the same unit, and necessary information is acquired and provided from the management target according to a request from an information provider.
Permission condition information in which access control to files, folders and file elements is defined;
Stored information in which information to be provided to the information request subject is stored;
Permission judging means for judging permission of information provision to the information requesting body based on the information providing request received from the information requesting body and the permission condition information for the file, folder and file element in the same process. When,
A response content generating unit that obtains necessary information from the stored information based on a result of the permission determination by the permission determination unit, generates the information as a response content, and provides the response request to the information requesting subject. A featured information management system. In the information management system according to claim 1,
Further, it communicates with the information requesting body, receives an information provision request from the information requesting body, interprets the contents of the information provision request, requests a permission judgment from the permission judging means, and generates the response contents generating means An information management system comprising request acceptance / reply means for replying information on the content of the reply to the information requesting subject. In the information management system according to claim 1 or 2,
In the permission condition information, an access control for a file, a folder, and a file element is defined by a permission condition related to information provision and a description of a permission operation corresponding to the permission condition. In the information management system according to any one of claims 1 to 3,
A license information storage medium for storing the license condition information;
The information management system, wherein the permission determination means determines permission to provide information by accessing permission condition information stored in a permission information storage medium. In the information management system according to claim 4,
The permission determining means identifies a permission condition and a permission action based on an information provision request received from an information requesting body and a permission condition information stored in the permission information storage medium, determines a permission condition, and performs a permission action. An information management system that extracts and passes the permission operation as a result of permission determination to a response content generation unit. In the information management system according to claim 5,
When the permission determination unit extracts a permission operation that is not permitted, and passes the permission operation that is not permitted to the response content generation unit as a result of the permission determination,
The response content generating means generates, based on the result of non-permission received from the permission determination means, a response content indicating that the information provision request is not permitted without obtaining information from the stored information, An information management system characterized by being provided to. In the information management system according to claim 5,
When the permission determination unit extracts a permission operation of permission and passes the permission operation of the permission to the response content generation unit as a result of the permission determination,
The response content generation means acquires necessary information from the stored information based on the result of permission received from the permission determination means, generates the information as response content, and provides it to the information requesting subject. Information management system. In the information management system according to claim 5,
Based on the information provision request received from the information requesting entity and the license condition information stored in the license information storage medium, the license determination unit cannot extract the license operation.
The permission determination means passes the permission operation as a result of the permission determination to the response content generation means,
The response content generation means acquires necessary information from the stored information based on the result of permission received from the permission determination means, generates the information as response content, and provides it to the information requesting subject. Information management system. In the information management system according to any one of claims 5 to 8,
An information storage medium for storing the storage information;
An information management system comprising storage information access means for managing access to stored information stored in the information storage medium. In the information management system according to claim 9,
The stored information access means manages access to the stored information stored in the information storage medium, acquires necessary information from the stored information in accordance with a request from the response content generation means, and sends the information to the response content generation means. Information management system characterized by returning. The information management system according to claim 10,
When the information provision request from the information request subject is a request for obtaining a structured information file,
The stored information access means acquires a structured information file stored in the information storage medium in accordance with a request from the response content generating means, stores the structured information file in a memory, and stores each structured information file in the structured information file. An information management system characterized in that information is returned to a response content generation means. The information management system according to claim 11,
The storage information stored in the information storage medium is used for the storage information access means to determine the provision of information in element units in the structured information file and the provision of information in the entire file to the response content generation means. Flag information,
The stored information access unit returns necessary information to the response content generation unit based on the flag information. The information management system according to claim 11,
The response content generation means requests the permission determination means for permission determination for each element of the structured information file, receives a permission operation as a result of the permission determination from the permission determination means, and based on the permission operation Acquires information that is an element of the structured information file via the stored information access means and constructs the structured information in the memory, receives the permission determination request, receives the permission operation, acquires the information, and constructs the structured information. An information management system that generates structured information as response content when processing is completed for all elements by repeating each processing. The information management system according to claim 10,
When the information provision request from the information requesting subject is a folder acquisition request and has a file and another folder under the folder,
The response content generation means requests permission determination from the permission determination means for each file and other folder under the folder, receives a permission operation as a result of the permission determination from the permission determination means, and based on the permission operation The necessary information is acquired from the stored information access means, and the processing for all the files and other folders is completed by recursively repeating the processing for requesting permission determination, receiving permission operation, and acquiring information. Sometimes, the information management system is characterized in that binary data obtained by archiving a folder including the subordinate file and another folder is generated as a response content. In the information management system according to any one of claims 1 to 14,
The permission condition information is information that is defined on the condition that the user control of the information requesting subject is access control to the elements of the file, folder, and file,
The response content generating means generates different response contents for the same information provision request from different information requesting entities. An information management method in which files, folders, and file elements on a file system are managed in the same unit, and necessary information is acquired and provided from the management target according to a request from an information provider.
Receiving an information provision request from the information requesting entity;
Based on the information provision request and permission condition information in which access control for the file, folder, and file element is defined, the information provision to the information requesting entity is the same for the file, folder, and file element. Judgment by processing,
Based on the result of the permission determination, the necessary information is acquired from the stored information in which the information provided to the information requesting entity is stored,
Generate the acquired information as response contents,
An information management method comprising: providing the generated response content to the information requesting subject. The information management method according to claim 16, wherein
The permission condition information is information that is defined on the condition that the user control of the information requesting subject is access control to the elements of the file, folder, and file,
An information management method comprising generating different response contents when receiving the same information provision request from different information requesting entities. A computer that constitutes the information management system performs processing for obtaining the necessary information from the management target in accordance with a request from the information providing entity and providing the files, folders, and file elements on the file system in the same unit. An information management program to be executed,
A process of receiving an information provision request from the information requesting entity;
Based on the information provision request and permission condition information in which access control for the file, folder, and file element is defined, permission of information provision to the information requesting subject is granted to the file, folder, and file element. The process of judging by the same process,
A process of obtaining necessary information from stored information in which information to be provided to the information requesting body is stored based on the result of the permission determination;
Processing to generate the acquired information as a response content;
An information management program for causing the computer to execute processing for providing the generated response content to the information requesting subject. The information management program according to claim 18, wherein
The permission condition information is information that is defined on the condition that the user control of the information requesting subject is access control to the elements of the file, folder, and file,
An information management program for causing the computer to execute processing for generating different response contents when receiving the same information provision request from different information requesting entities.   A recording medium on which the information management program according to claim 18 is recorded.

Images