WO2016060068A1 - Information sharing device and information sharing method - Google Patents

Information sharing device and information sharing method Download PDF

Info

Publication number
WO2016060068A1
WO2016060068A1 PCT/JP2015/078675 JP2015078675W WO2016060068A1 WO 2016060068 A1 WO2016060068 A1 WO 2016060068A1 JP 2015078675 W JP2015078675 W JP 2015078675W WO 2016060068 A1 WO2016060068 A1 WO 2016060068A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
attribute
access
request source
access request
Prior art date
Application number
PCT/JP2015/078675
Other languages
French (fr)
Japanese (ja)
Inventor
谷川 嘉伸
恒太 井手口
信隆 川口
Original Assignee
株式会社日立製作所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社日立製作所 filed Critical 株式会社日立製作所
Publication of WO2016060068A1 publication Critical patent/WO2016060068A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Definitions

  • the present invention relates to an information sharing apparatus and an information sharing method.
  • the electronic information includes management plan materials, research and development materials, materials containing resident information, and content that requires confidentiality such as application forms.
  • confidentiality In order to ensure the confidentiality of information, it is important that a person or system implements the policy of the disclosure range and handling restriction of electronic information. In order to achieve such confidentiality, access control technology has been used.
  • Patent Document 1 discloses an access control method when a confidential document is shared among a plurality of departments in an organization such as a company.
  • a disclosure range paying attention to the fact that it is difficult to clearly determine the subject name of the counterpart department in advance, a combination of direct access authority determination means and indirect access authority determination means is proposed.
  • the indirect access authority determination means designates the relationship of the subject such as the organizational structure and the seat layout. With this indirect access authority determination means, it is possible to add another subject name such as the boss of a specific subject or a person on the same seat island as the scope of disclosure without specifying a specific subject name. Become.
  • Patent Document 1 when sharing information among multiple organizations, it is important to eliminate differences in access control methods applied to each organization.
  • the prior art is premised on information sharing among a plurality of organizations to which the same access control model is applied. Therefore, when the technique of Patent Document 1 is used, a person who provides information cannot know the attribute definitions and access rules defined by the information system of the information sharing partner (the person to whom the information is provided). For this reason, it is difficult for an object providing information to set an appropriate access rule for the information provider.
  • an object of the present invention is to provide a system that enables information sharing among a plurality of information systems even when an access control model with different expressions is applied to the plurality of information systems.
  • the present invention is an information sharing apparatus, which has a processor and a memory, is connected to the first system and the second system, and permits or denies access to information. Used in the first system to determine the attribute of the first access requester, and used in the second system to determine permission or disapproval of access to the information.
  • a plurality of different systems can share information while maintaining the access control model.
  • the information sharing system provides a function for sharing information such as document files generated in a plurality of information management systems operated by a plurality of organizations with other information management systems.
  • the operation manager of the organization generates in advance access rules defined using attributes such as users and information, and registers them in the information management system.
  • access rules defined using attributes such as users and information
  • the access rule of this embodiment indicates a rule for determining permission or disapproval of access to information, and is defined by attributes. Further, the access rule of this embodiment indicates browsing or updating of information, which is a specific action of access.
  • Attribute of this embodiment includes a user attribute, an information attribute, and other attributes.
  • the user of this embodiment is a person who uses the information management system and the information sharing system, and is a person who has an intention to access information.
  • the user attribute is an attribute for identifying a person who accesses information.
  • the information attribute is an attribute for identifying information such as a document file and an image file to be accessed.
  • Other attributes include the environment (time, season, location, etc.) for accessing information.
  • FIG. 1 is a block diagram showing the configuration of the information sharing system of this embodiment.
  • the information sharing system includes at least two information management systems 100 (100-1 and 100-N), a communication network 190, and an information sharing server 160.
  • the information management system 100 and the information sharing server 160 are connected to each other via a communication network 190.
  • the information management system 100 includes a plurality of terminals 102, a communication network 120, and an information management server # 1 (104). When the user accesses information via the terminal 102, the information management system 100 applies the access control model defined by the attribute.
  • the terminal 102 and the information management server # 1 (104) are connected to each other via the communication network 120.
  • the terminal 102 and the information management server # 1 (104) are connected to the information sharing server 160 via the communication network 120 and the communication network 190.
  • the terminal 102 is an input device that receives an instruction from a person who operates or manages the operation management system # 1 (100-1) (hereinafter referred to as an operation manager), and outputs an output of a processing result to the operation manager. Device.
  • the terminal 102 receives a request for accessing the information 116 and the shared information 178 held by the information sharing server 160.
  • Information management server # 1 (104) is a computer having an arithmetic device and a storage device.
  • the information management server # 1 (104) has the operation management interface 110, the information management unit 106, and the linkage unit 108 as functional units, and the user attribute 112, the information attribute 114, the information 116, and the access rule 118 as a storage unit. Have.
  • the operation management interface 110 receives a request to access the information 116 received by the terminal 102.
  • the information management unit 106 refers to the access rule 118 and restricts access to the information 116.
  • the cooperation unit 108 provides a function of connecting to another information management system 100 and the information sharing server 160.
  • User attribute 112 stores a user attribute used in information management system # 1 (100-1).
  • the information attribute 114 stores an information attribute used in the information management system # 1 (100-1).
  • the information 116 stores at least information shared in the information sharing system.
  • the access rule 118 stores an access rule defined using attributes.
  • Information management system # 1 (100-1) and information management system #N (100-N) have similar functions.
  • the information management system #N (100-N) includes a plurality of terminals 132, a communication network 150, and an information management server #N (134).
  • the terminal 132 has the same function as the terminal 102, and the communication network 150 has the same function as the communication network 120.
  • the information management server #N (134) is a computer having an arithmetic device and a storage device.
  • the information management server #N (134) includes the operation management interface 140, the information management unit 136, and the cooperation unit 138 as functional units, and includes the user attribute 142, the information 144, and the access rule 146 as a storage unit.
  • the operation management interface 140 has the same function as the operation management interface 110, the information management unit 136 has the same function as the information management unit 106, and the linkage unit 138 has the same function as the linkage unit 108.
  • User attribute 142 stores a user attribute used in information management system #N (100-N).
  • the information 144 stores information shared within the information sharing system.
  • the access rule 146 stores an access rule.
  • the difference between the information management system # 1 (100-1) and the information management system #N (100-N) is a method of storing information and information attributes in itself (hereinafter referred to as attribute management method).
  • the information management system 100-1 uses a method of making information attributes independent from information and storing information attributes used in a plurality of access rules in a unified manner (hereinafter referred to as an independent management method).
  • the independent management method is a method of storing information attributes as, for example, an alternative data stream defined by a file system.
  • the information management system #N uses a management method for storing information attributes in the information 144 (hereinafter referred to as an integrated management method).
  • the integrated management method is, for example, a method of storing information attributes in the information 144 as application metadata defined by the file format of the word processor.
  • Application metadata includes, for example, a method of including an information attribute in a document file as a property of the document file including information.
  • an information management system 100 that employs a method for retaining information attributes outside information and an information management that employs a method for managing information attributes inside information. This is because the method of acquiring an information attribute for identifying information by an application included in the information management server differs depending on the application.
  • the information sharing server 160 is a computer having an arithmetic device and a storage device.
  • the information sharing server 160 includes an operation management interface 172, a sharing control unit 162, a connection system management unit 164, a shared information management unit 166, an access rule management unit 168, and a mapping management unit 170 as management units, and the connection system information 174,
  • the shared information 178, the access rule 180, the mapping information 182 and the attribute dictionary 184 are included as a storage unit.
  • the operation management interface 172 receives requests input from the terminal 102 and the terminal 132.
  • the sharing control unit 162 provides a connection function with the information management system 100.
  • the connection system management unit 164 manages the connection system information 174.
  • the shared information management unit 166 manages the shared information 178.
  • the access rule management unit 168 manages the access rule 180.
  • the mapping management unit 170 manages the mapping information 182 and the attribute dictionary 184.
  • the connection system information 174 includes information related to the information management system 100.
  • the shared information 178 includes information shared between the information management systems 100.
  • the shared information 178 has attribute information 176.
  • the attribute information 176 has a user attribute and an information attribute.
  • the access rule 180 has an access rule sent from the information management system 100.
  • the mapping information 182 is a corresponding storage area for storing user attributes and information attributes used in the information management system 100 such as user attributes and information attributes in association with each other.
  • the attribute dictionary 184 has reference attributes that serve as a reference for identifying user attributes, information attributes, and the like.
  • the communication network 120, the communication network 150, and the communication network 190 are a public network, a wired network such as the Internet, ISDN, a dedicated line, or a LAN, or a wireless network using a mobile communication base station or a communication artificial satellite. It may be a communication network.
  • a device included in the information sharing system communicates with another device using a preset address of another device that is a communication partner.
  • one apparatus may communicate with a plurality of apparatuses using broadcast communication or multicast communication.
  • devices included in the information sharing system may communicate in a position-transparent manner, such as publish / subscribe type communication.
  • FIG. 2 is a block diagram showing the hardware configuration of the computer of this embodiment.
  • the terminal 102, the terminal 132, the information management server 104, the information management server 134, and the information sharing server 160 have, for example, the same devices as the computer 200 shown in FIG.
  • the computer 200 includes a central processing unit (CPU) 202, an input device 210, an external storage device 206, a semiconductor memory (RAM) 204, an output device 212, a storage medium 216, an external media interface 214, a communication interface 208, and an internal communication line 250.
  • CPU central processing unit
  • RAM semiconductor memory
  • the CPU 202 is an arithmetic device and a control device, and may be a processor.
  • the terminal 102, the terminal 132, the information management server 104, the information management server 134, and the information sharing server 160 realize their functions as the CPU 202 executes the program.
  • the input device 210 is a device such as a keyboard and a mouse, and is a device for an operation manager to input an instruction.
  • the output device 212 is a device such as a CRT display, a liquid crystal display, or a printer, and is a device for providing a processing result to an operation manager or the like.
  • the external storage device 206 is a large-capacity non-volatile storage device such as a hard disk or a flash memory (SSD).
  • the external storage device 206 may store a program executed by the CPU 202 and data used when the program is executed. That is, the CPU 202 reads the program from the external storage device 206, loads the program into the RAM 204, and then executes the program.
  • the semiconductor memory (RAM) 204 is a high-speed and volatile storage element, and temporarily stores a program stored in the external storage device 206 and data used when the program is executed.
  • the semiconductor memory (RAM) 204 of the information sharing server 160 includes a sharing control unit 162, a connection system management unit 164, a shared information management unit 166, an access rule management unit 168, a mapping management unit 170, and an operation management interface 172.
  • External media interface 214 is an interface for reading and writing storage media 216 such as magneto-optical media.
  • the storage medium 216 is detachable, and is, for example, a removable medium such as a CD-ROM or a flash memory.
  • a program executed by the CPU 202 is provided to the computer 200 via a storage medium 216 or a carrier wave or a digital signal that propagates through the communication network (120, 150, 190), and is stored in the external storage device 206 that is a non-temporary storage medium. It may be stored. Therefore, the computer 200 acquires data via the external media interface 214.
  • the communication interface 208 is an interface for communicating with the communication network 190 or the like using a predetermined protocol.
  • the internal communication line 250 is, for example, a bus, and connects devices included in the computer 200 to each other.
  • the computer 200 may be physically one computer, or may be a computer system constituted by a plurality of computers logically or physically.
  • a program included in the computer 200 may be executed by a plurality of threads in one computer 200, or may be executed in a virtual computer constructed on resources of a plurality of physical computers.
  • the computer 200 need not have all the devices shown in FIG.
  • the terminal 102 and the terminal 132 may not have the external media interface 214.
  • FIG. 3 is an explanatory diagram showing the concept of mapping the user attributes, information attributes, attribute management method, and access rule expressions of this embodiment.
  • Expression 302 The user attributes, information attributes, attribute management methods, access rules, and the like applied to the information management system 100 are expressed differently between the information management systems 100.
  • Expression 302, expression 304, and expression 306 are user attributes and information applied to information management system # 1 (100-1), information management system # 2 (100-2), and information management system #N (100-N). It is a representation of attributes, information attribute management methods and access rules.
  • the expressions 302, 304, and 306 are mapped to the expression 300 included in the information sharing server 160 for each security level used. For this reason, when the information management system 100 is newly added, it is not necessary to directly associate the expressions of the plurality of existing information management systems 100 and the expressions of the new information management system 100 multiple times.
  • the information sharing system can represent the new representation of the information management system 100 and a plurality of existing information.
  • the expression of the management system 100 can be associated.
  • the representation 300 is stored in the mapping information 182 and the connection system information 174 of the information sharing server 160.
  • a processing procedure and a data structure embodying this concept will be described.
  • FIG. 4 is a flowchart showing processing of the information sharing server 160 of the present embodiment.
  • the sharing control unit 162 of the information sharing server 160 starts after starting the information sharing server 160 or at predetermined intervals (400). Further, the sharing control unit 162 may start the processing illustrated in FIG. 4 according to an instruction from an operation manager or the like.
  • the sharing control unit 162 determines whether an instruction to start the operation management process is received from the terminal 102 or the terminal 132 (402). When the share control unit 162 receives an instruction to start the operation management process, the sharing control unit 162 causes the mapping management unit 170 or the access rule management unit 168 to execute the instructed operation management process (404).
  • the operation management process of this embodiment includes an attribute mapping process and an access rule generation process which will be described later.
  • the instruction to start the operation management process includes information indicating the operation management process to be started.
  • the sharing control unit 162 determines whether the shared information has been received or the shared information needs to be transmitted (406).
  • the shared information is information transmitted from the information management system 100 to the information sharing server 160, and is information shared in the information sharing system of the present embodiment.
  • the sharing control unit 162 determines whether or not shared information has been received from the information management system 100. Further, the sharing control unit 162 may determine that the sharing information needs to be transmitted when the sharing information is requested from the information management system 100.
  • the sharing control unit 162 may determine that the shared information needs to be transmitted in Step 406 when it is determined that there is untransmitted shared information in the information management system 100 with reference to the connection system information 174. .
  • FIG. 5 is an explanatory diagram showing the connection system information 174 of this embodiment.
  • the connection system information 174 stores authentication information 500 and transmission / reception information 520.
  • the authentication information 500 has a plurality of areas (502, 504, 506, 508, 510, and 512).
  • the authentication information 500 is set in advance by the administrator of the information sharing system.
  • the area 502 includes an identifier for identifying the information management system 100.
  • An area 504 indicates system credentials, and indicates an authentication method used when the information management system 100 and the information sharing server 160 communicate with each other.
  • the area 506 is a storage area indicating how the information management system 100 indicated by the area 502 stores information and information attributes (attribute management method).
  • the area 506 may include a specific method for extracting information attributes included in the information from the information in order to apply the stand-alone management method indicated by the area 506, or the integrated management indicated by the area 506. In order to apply the method, a specific method of including information and information attributes that have been divided into information may be included.
  • the shared information management unit 166 can change the information sent to the information management system 100 to a state according to the attribute management method of the information management system 100 by referring to the area 506.
  • An area 508 indicates an identifier of the operation manager of the information management system 100.
  • An area 510 shows an authentication method for the operation manager of the information management system 100 to access the information sharing server 160.
  • the area 512 indicates an identifier for associating the transmission / reception information 520 with the authentication information 500. Specifically, the identifier of the transmission / reception information 520 is shown.
  • one information management system 100 corresponds to one entry in the authentication information 500 and one transmission / reception information 520.
  • the connection system management unit 164 updates the transmission / reception information 520 when the shared information is transmitted / received between the information management system 100 and the information sharing server 160.
  • the transmission / reception information 520 includes a plurality of areas (522, 524, 526, 528) as a communication log.
  • the area 522 includes an identifier for identifying the information management system 100 and corresponds to the area 502.
  • An area 524 indicates the date and time when the shared information is transmitted or received.
  • the area 526 indicates “reception” when the information sharing server 160 receives the shared information from the information management system 100 indicated by the area 522, and the information sharing server 160 transmits the shared information to the information management system 100 indicated by the area 522. Indicates “send”.
  • An area 528 shows an identifier for identifying the transmitted / received shared information.
  • the sharing control unit 162 has shared information that is not transmitted to all of the information management systems 100 other than the information management system 100 in which the area 526 indicates “reception” and the area 526 indicates “reception”. If there is, it may be determined in step 406 that the shared information needs to be transmitted.
  • step 406 If it is determined in step 406 that the shared information has been received or the shared information needs to be transmitted, the shared information management unit 166 receives or transmits the shared information through a process described later (408). If it is determined in step 406 that the shared information has not been received and it is not necessary to transmit the shared information, it is determined whether a shutdown instruction has been accepted (410).
  • the sharing control unit 162 ends (412). If it is determined that the shutdown instruction has not been received, the sharing control unit 162 returns to Step 402.
  • the attribute mapping process which is one of the operation management processes in step 404 is shown below. First, the procedure for the operation manager of the information management system # 1 (100-1) to perform the mapping process will be described.
  • step 404 the mapping management unit 170 of the information sharing server 160 transmits data for outputting the user interface 700 shown in FIG. 7 to the terminal 102 via the operation management interface 172. Accordingly, the mapping manager 170 provides the terminal 102 with the function of the attribute mapping editor.
  • mapping management unit 170 outputs the user interface 700 using the contents of the fields (504, 506, 508, and 510) of the connection system information 174 in order to output the user interface 700 from the display of the terminal 102 or the like.
  • the mapping management unit 170 imports the user attribute from the user attribute 112 stored in the information management server 104 and the attribute dictionary 184 stored in the information sharing server 160. Import user attributes. Further, the mapping management unit 170 imports the information attribute 114 stored in the information management server 104 and imports the information attribute of the attribute dictionary 184 stored in the information sharing server 160.
  • mapping management unit 170 may import the other attributes from the information management server 104 and import the other attributes from the attribute dictionary 184.
  • the user attributes, information attributes, and other attributes that are imported from the information management server 104 may be user attributes, information attributes, and other attributes that are instructed by the operation manager or the like via the terminal 102. Further, when the user attribute 112, the information attribute 114, and the like indicate whether or not mapping has been performed, the mapping management unit 170 identifies an attribute that is not mapped to a reference included in the attribute dictionary 184, and identifies the identified attribute as the information management server 104. You may import from
  • the user attribute 112 includes an attribute for identifying a user who accesses information in the information management system # 1 (100-1).
  • the user attribute 112 includes a user attribute uniquely defined by the expression 302 used in the information management system # 1 (100-1).
  • the user attribute 112 includes an identifier for identifying each user.
  • the identifier may be a user ID composed of alphanumeric characters, for example.
  • the user attribute 112 may include any attribute as long as it is an attribute used to specify a user who can access the information 116.
  • the user attributes 112 include, for example, specific names or identifiers such as departments, duties, titles, qualifications, e-mail addresses, and nationalities.
  • the user attribute 112 may include a secret handling category that is assigned to the user in advance. Further, the user attribute 112 may include, as information, a hierarchical structure for attributes having higher and lower assigned authority such as job title and qualification.
  • the information attribute 114 includes an attribute for identifying information stored in the information 116 of the information management system # 1 (100-1).
  • the information attribute 114 includes an information attribute uniquely defined by the expression 302 used in the information management system # 1 (100-1).
  • the information attribute 114 includes an identifier for identifying information of the information 116.
  • the information attribute 114 includes information indicating a file name and a storage location.
  • the information attribute 114 may include any attribute as long as it is an attribute of information stored in the information 116.
  • the information attribute 114 includes, for example, specific identifiers such as a creation department, a classification, a confidential level, a name, a creator, a management department, and an operation manager.
  • the information attribute 114 includes a secret handling category that is assigned in advance to information stored in the information 116.
  • the user attribute 112 may include, as information, a hierarchical structure for attributes having higher and lower assigned authority such as a confidential level.
  • the mapping management unit 170 stores the other attribute stored in the memory of the information management server 104. And other attributes stored in the attribute dictionary 184 may be imported.
  • Other attributes indicate the environment and conditions that can access the information.
  • the other attributes indicate, for example, time zone, temperature, emergency alert level, and location.
  • the attribute dictionary 184 includes standard user attributes and information attributes set in advance by an operator or administrator of the information sharing server 160, and user attributes and information attributes mapped to the user attributes and information attributes of the information management system 100. Contains information attributes.
  • the attribute dictionary 184 includes user attributes and information attributes defined by the expression 300 shown in FIG.
  • FIG. 6 is an explanatory diagram showing the attribute dictionary 184 of the present embodiment.
  • the attribute dictionary 184 indicates the expression of the reference attribute and includes a plurality of areas (600, 602, 604, 606).
  • An area 600 shows attribute classification.
  • the area 600 of this embodiment shows at least one of user attributes, information attributes, and other attributes.
  • the area 602 includes an identifier that represents an attribute item.
  • An area 604 includes an identifier representing a specific value of the attribute item. For example, when the area 602 indicates “title”, the area 604 indicates “section manager” or “leader”. Regions 602 and 604 show attributes defined by the representation 300.
  • the area 606 stores a description (usage guideline) output to the operation manager of the information management system 100 in the attribute mapping process.
  • the area 604 indicates “ ⁇ ”
  • the area 606 indicates the description of the item indicated by the area 602.
  • the explanatory text of the area 606 indicates the security level of the attribute definition indicated by the area 602 and the area 604.
  • the attribute dictionary 184 may include, as information, a hierarchical structure for attributes that have higher and lower levels of authority to be assigned. For example, when the area 602 is “title”, the authority to view the confidential level A is assigned to the “director” that is the value of the area 604, and the confidential level A is assigned to the “section manager” that is the value of the area 604. May be included, the attribute dictionary 184 may include a hierarchical structure indicating that “supervisor” is assigned a higher authority and “section manager” is assigned a lower authority.
  • the mapping management unit 170 imports at least one type of user attribute, information attribute, and other attribute from the information management server 104, and then generates data for displaying the attribute mapping editor based on the imported information. Then, the mapping management unit 170 sends the generated data to the terminal 102 that has instructed the attribute mapping process. The output program and output device 212 of the terminal 102 displays the user interface 700 of the attribute mapping editor based on the received data.
  • FIG. 7 is an explanatory diagram showing the user interface 700 of the attribute mapping editor of this embodiment.
  • a user interface 700 shown in FIG. 7 is an example of an attribute mapping editor, and the operation manager of the information management system 100 maps the attributes acquired from the information management system 100 and the reference attributes of the information sharing server 160. Any interface can be used.
  • the user interface 700 shown in FIG. 7 includes three display areas (702, 704, 710).
  • a display area 702 is an area for displaying a processing title.
  • the display area 704 is an area for displaying function buttons.
  • a display area 710 is an area for mapping attributes.
  • the display area 710 displays a plurality of buttons (720, 722, 724, 706, 760) and areas (730, 740, 750).
  • a button 720 is a button operated when mapping information attributes.
  • the button 722 is a button operated when mapping user attributes.
  • a button 724 is a button operated when mapping other attributes.
  • mapping management unit 170 When the mapping management unit 170 detects that at least one of the button 720, the button 722, and the button 724 is operated, the mapping management unit 170 visually displays that the attribute to be mapped is selected. It may be displayed in a different color from other buttons.
  • the display area 730 displays the attributes imported from the information management system 100.
  • the mapping management unit 170 may display a tree structure indicating the hierarchical structure in the display area 730.
  • the display area 740 displays attribute items and value identifiers imported from the attribute dictionary 184.
  • the mapping management unit 170 may display a tree structure indicating the hierarchical structure in the display area 740.
  • the mapping management unit 170 acquires an attribute description corresponding to the operated display area from the display area 706 of the attribute dictionary 184 and displays it. It may be displayed in area 742.
  • the operation manager can identify the correspondence between the attribute security level in the information management system 100 and the security level of the reference attribute by referring to the explanatory text displayed in the display area 742.
  • attributes used in different information management systems 100 can be associated with each other.
  • mapping management unit 170 activates the drawing tool in the display area 710.
  • the operation manager uses the activated drawing tool to map the attribute of the information management system 100 and the attribute of the attribute dictionary 184 by visually connecting them with, for example, an arrow graphic object.
  • the mapping management unit 170 may activate any tool as long as mapping can be performed in the display area 710.
  • the display area 750 shows the attribute management method of the information management system 100.
  • the mapping management unit 170 acquires the attribute management method of the information management system 100 that is the transmission source of the attribute mapping processing instruction from the area 506 of the connection system information 174, and displays the acquired value in the display area 750.
  • the button 760 is a button for registering the mapping result in the information sharing server 160. After mapping between the display area 730 and the display area 740 is completed, when the mapping result is reflected on the information sharing server 160, the operation manager operates the button 760.
  • the operation manager presses the button 760, the information mapped in the display area 710 is stored in the information sharing server 160 with the data structure shown in FIG.
  • FIG. 8 is an explanatory diagram showing the mapping information 182 of this embodiment.
  • the mapping information 182 includes a plurality of areas (800, 802, 804, 806, 808, 810, 812 to 816).
  • the mapping information 182 has user attributes, information attributes, and other attributes.
  • the mapping information 182 illustrated in FIG. 8 includes information attribute mapping information regarding confidentiality and user attribute mapping information regarding user affiliation.
  • An area 800 indicates an identifier for identifying each information management system 100 and the information sharing server 160.
  • “Sys_global” illustrated in FIG. 8 indicates the information sharing server 160.
  • “Sys_no1” and “Sys_no2” indicate the information management system 100-1 and the information management system 100-2, respectively.
  • the mapping information 182 has a plurality of entries (817 to 822) for each system.
  • the entries 817 and 820 include the definition (that is, expression) of the reference attribute that the information sharing server 160 has.
  • the entries (818, 819, 821 and 822) contain attribute definitions (ie, representations) used in the information management system 100.
  • An area 802 and an area 813 indicate identifiers that define attribute items used in the information management system 100 indicated by the area 800.
  • An area (804, 806, 808, 810, and 812) indicates an identifier that defines an information attribute value used in the information management system 100 indicated by the area 800.
  • An area (814 to 816) indicates an identifier that defines a value of a user attribute used in the information management system 100 indicated by the area 800.
  • mapping information 182 an area indicating an identifier that defines an attribute item and an area indicating an identifier that defines an attribute value are set in advance.
  • the region (802, 804, 806, 808, 810, 812 to 816) includes an identifier represented by a word in FIG. 8, but may include any character string or number sequence as long as the attribute can be identified.
  • the mapping management unit 170 of the information sharing server 160 refers to the mapping information 182 to obtain the correspondence between the reference attribute defined in the attribute dictionary 184 and the attribute used in each of the information management systems 100. . As a result, an attribute conversion process used in an access rule generation process to be described later can be executed.
  • the mapping management unit 170 displays the reference attribute and the attribute used in the new information management system 100. Since it can be made to correspond, an attribute can be added easily.
  • the secret classification and the confidentiality handling classification are associated with each other as the mapping of the attribute name to the information. Also, as mapping of attribute values, top secret and confidentiality 5, secret and confidentiality 4, attention and confidentiality 3, and no classification and confidentiality 1 are associated.
  • the mapping management unit 170 may display a warning generated in the mapping process as the warning dialog 900 while the user interface 700 is displayed.
  • FIG. 9 is an explanatory diagram showing a warning dialog 900 displayed on the user interface 700 of this embodiment.
  • mapping management unit 170 When the mapping management unit 170 detects that the button 760 has been pressed, the mapping management unit 170 identifies the entry of the mapping information 182 corresponding to the information management system 100 that has imported the attribute, and searches for an area in which no value is stored. As a result of the search, when an area in which no value is stored is specified, the mapping management unit 170 may display a warning dialog 900 shown in FIG.
  • the warning dialog 900 warns that the attribute used in the information management system 100 displayed on the user interface 700 is not mapped to the reference attribute to which the attribute imported from the other information management system 100 is mapped. This is a display for instructing input of attributes.
  • warning dialog 900 By displaying the warning dialog 900, it becomes possible to prevent forgetting mapping to an attribute required in another information management system 100, and it is possible to remove a factor that hinders information sharing.
  • step 404 Another example of the operation management process in step 404 is an access rule generation process.
  • An example of the procedure for the operation manager of the information management system # 1 (100-1) to perform the access rule generation process is described below.
  • the sharing control unit 162 determines in step 402 that an instruction to start the operation management process of the access rule generation process has been received, the access rule management unit 168 starts the access rule generation process in step 404.
  • the access rule management unit 168 imports an access rule from the access rule 118 stored in the information management server 104.
  • the access rule 118 is composed of a plurality of records.
  • One record of the access rule 118 defines user attribute conditions, information attribute conditions, other attribute conditions, and permitted authority.
  • the access rule management unit 168 refers to the mapping information 182 that the information sharing server 160 has. Then, the access rule management unit 168 provides the function of the access rule editor having the user interface 1000 shown in FIG. 10 to the terminal 102 that has received the operation manager's operation via the operation management interface 172.
  • FIG. 10 is an explanatory diagram showing the user interface 1000 of the present embodiment.
  • the access rule editor user interface 1000 shown in FIG. 10 is composed of three display areas (1002, 1004, 1010).
  • a display area 1002 is an area for displaying a title.
  • a display area 1004 is an area for displaying function buttons.
  • a display area 1010 is an area for generating an access rule.
  • the display area 1004 displays function buttons for selecting an access rule definition imported from the information management system 100.
  • the display area 1004 includes a previous button 1006 and a next button 1008.
  • the previous button 1006 is an area for displaying the record of the previous access rule from the access rule currently displayed in the display area 1010
  • the next button 1008 is an area for displaying the record of the next access rule. .
  • the display area 1010 displays attribute names and conditions based on expressions used in the information management system 100. In the display area 1010, the imported access rules are displayed by default.
  • the display area 1010 includes a condition 1020, a condition 1030, a condition 1040, and an authorization action 1050.
  • Requirement 1020 is an area for inputting information attribute value conditions.
  • the condition 1030 is an area for inputting a user attribute value condition.
  • the condition 1040 is an area for inputting other attribute value conditions.
  • the authorization action 1050 indicates the operation content to the permitted shared information in the attributes defined in the conditions 1020, 1030, and 1040.
  • the conditions 1020, 1030, and 1040 include an attribute 1072, an operator 1074, a value 1076, and an option 1078, respectively.
  • the authorization action 1050 also includes a value 1076 and an option 1078.
  • Attribute 1072 indicates an item name of an attribute used in the information management system 100.
  • the attribute 1072 displays a value corresponding to the area 802 or the area 813 in the mapping information 182.
  • the operator 1074 indicates an attribute condition used in the information management system 100.
  • the operator 1074 is indicated by a logical operator such as an equal sign, an inequality sign, or a comparison operator, but may include any expression as long as an attribute condition is indicated.
  • the value displayed in the operator 1074 is a logical operator or the like expressed by a common method among the plurality of information management systems 100.
  • the mapping management unit uses the user interface 700 and the reference operator and each information management system, as with the user attributes and information attributes. One hundred operators may be mapped.
  • the value input in the value 1076 indicates the attribute value.
  • the value 1076 displays a value corresponding to the area (804, 806, 808, 810, 812, and 814 to 816) in the mapping information 182.
  • Option 1078 is an area for allowing the operation manager to select whether or not to adopt the access rule. Further, the operation manager can add and modify the authority by operating the value 1076 and the option 1078 in the authorization action 1050.
  • the access rule management unit 168 may also display attributes that are not included in the imported access rule in the display area 1010. Specifically, the access rule management unit 168 includes items of attributes that are not included in the access rules imported from the information management system 100 among the standard attributes (entries 817 and 820) defined in the mapping information 182. May be extracted. Then, the access rule management unit 168 may display the extracted items in the display area 1010.
  • the access rule management unit 168 displays “location” and “time”, which are attribute items not included in the access rule imported from the information management system 100. As a result, the access rule management unit 168 can suppress omission of input by the operation manager using the attribute information of the information sharing server 160.
  • the operation manager of the information management system 100 generates an access rule to be registered in the information sharing server 160 by changing, deleting and adding the access rule displayed in the display area 1010. Then, the same access rule can be used among a plurality of information management systems 100 by assigning an access rule to the shared information by a process described later.
  • the display area 1010 includes a rule registration button 1060.
  • the access rule management unit 168 stores the access rule generated in the display area 1010 in the access rule 180.
  • FIG. 11 is an explanatory diagram showing the access rule 180 of this embodiment.
  • the access rule 180 includes a plurality of areas (1102, 1104, 1106, 1108, 1110 and 1112).
  • An area 1102 indicates an identifier for identifying each of the information management systems 100 and the information sharing server 160.
  • An area 1104 shows an identifier for identifying an access rule.
  • An area 1106 indicates a user attribute condition set in the condition 1030.
  • An area 1108 indicates the information attribute condition set in the condition 1020.
  • An area 1110 indicates other attribute conditions set in the condition 1040.
  • An area 1112 indicates the authority set in the authorization action 1050.
  • the conditions indicated by the area 1106, the area 1108, and the area 1112 shown in FIG. 11 are expressed using a logical operator or a comparison operator.
  • An area 1112 shows the operation details for the permitted shared information.
  • time 9: 00-17: 00” is stored as a condition of other attributes.
  • browsing is stored as the authority.
  • Each entry in the access rule 180 is expressed by an attribute definition used in the information management system 100 indicated by the area 1102.
  • FIG. 12 is a sequence diagram showing processing for transmitting shared information from the information management server # 1 (104) of the present embodiment to the information sharing server 160.
  • the information management unit 106 of the information management server # 1 (104) performs the first sharing including the shared information to be shared.
  • An information package is generated (1210).
  • the first shared information package includes information to be shared (shared information) included in the information 116.
  • the information management unit 106 transmits the first shared information package to the information sharing server 160 (1212).
  • the shared information management unit 166 assigns a unique identifier in the information sharing server 160 to the received shared information of the first shared information package.
  • FIG. 13 is an explanatory diagram showing the first shared information package accepted by the information sharing server 160 of the present embodiment.
  • the first shared information package includes a plurality of areas (1304, 1306, 1308, 1310, 1312, and 1314).
  • the shared information management unit 166 adds an area 1302 to the first shared information package.
  • the area 1302 is an identifier that uniquely indicates shared information included in the first shared information package.
  • the identifier indicated by the area 1302 is, for example, an identifier obtained by combining the identifier of the file including the shared information and the identifier of the information management system # 1 (100-1).
  • the area 1304 stores the binary data of the shared information indicated by the area 1302.
  • An area 1306 shows information attributes of the shared information stored in the area 1304.
  • the first shared information package shown in FIG. 13 is a package generated when the information management system # 1 (100-1) manages the information attribute of the information 116 by the independent management method.
  • the area 1306 includes, for example, a null value
  • the area 1304 includes the information attribute.
  • An area 1308 indicates user attributes of users who can perform the operation indicated by the area 1314 on the shared information stored in the area 1304.
  • An area 1310 indicates information attributes of shared information that can be operated by the area 1314. For this reason, the area 1306 includes at least the information attribute indicated by the area 1310.
  • the other attribute condition 1312 indicates an attribute such as a situation where the operation indicated by the area 1314 can be performed on the shared information stored in the area 1304.
  • An area 1314 indicates operations permitted for the shared information stored in the area 1304.
  • Areas (1308, 1310, 1312, and 1314) indicate access rules for the shared information indicated by the area 1304.
  • the areas (1308, 1310, 1312, and 1314) shown in FIG. 13 store null values.
  • the information management unit 106 does not need to store the access rule in the area (1308, 1310, 1312, and 1314) of the first shared information package.
  • the information sharing server 160 may assign an access rule to the shared information by a process described later.
  • the shared information management unit 166 obtains the shared information, information attributes, and access rules stored in the areas (1304, 1306, 1308, 1310, 1312, and 1314) from the received first shared information package. Extract (1222).
  • the shared information management unit 166 accesses the access that has been registered in advance in the information sharing server 160 in the sequence 1222. From the rule 180, access rules corresponding to the areas (1308, 1310, 1312, and 1314) are extracted. Then, the shared information management unit 166 assigns the extracted access rule to the shared information included in the first shared information package.
  • the shared information management unit 166 indicates the information management system 100 in which the area 1102 has transmitted the first shared information package, and the area 1108 includes an entry of the access rule 180 including at least the information attribute of the area 1306. Identify. Then, the shared information management unit 166 extracts the value of the specified entry area (1106, 1108, 1110, and 1112) as an access rule for the shared information included in the first shared information package.
  • the information management system 100 does not need to transmit the access rule applied to the shared information to the information sharing server 160 every time the first shared information package is transmitted. Further, by assigning access rules registered in the information sharing server 160 to shared information, when a plurality of information management systems 100 receive shared information to which the same access rules are assigned, the same access rules can be used.
  • the first shared information package includes an attribute based on a unique expression of the information management system 100 that transmits information.
  • the shared information management unit 166 refers to the mapping information 182. Then, the shared information management unit 166 converts the expression of the attribute included in the extracted area (1304, 1306, 1308, 1310, 1312, and 1314) into the reference attribute expression based on the mapping information 182 (1224). ).
  • the information management system 100 that has transmitted the first shared information package manages information attributes by the integrated management method (that is, when the area 506 of the connection system information 174 indicates “alternative data stream”)
  • the information attribute expression included in the shared information extracted from the area 1304 is converted into a reference information attribute expression.
  • the shared information management unit 166 uses the shared information package defined by the reference attribute as an area (1304, 1306, 1308, 1310, 1312, and 1314) in which the included attribute is converted into the reference attribute. Is stored in the shared information 178 (1226). Further, the shared information management unit 166 stores the shared information identifier assigned in the sequence 1220 in the shared information 178.
  • FIG. 14 is an explanatory diagram showing the shared information 178 of this embodiment.
  • the shared information 178 includes a plurality of areas (1402, 1404, 1406, 1408, 1410, 1412 and 1414).
  • the entry of the shared information 178 includes the contents of the first shared information package. Therefore, the areas (1402, 1404, 1406, 1408, 1410, 1412 and 1414) correspond to the areas (1302, 1304, 1306, 1308, 1310, 1312 and 1314).
  • the attribute of the area (1406, 1408, 1410, 1412 and 1414) of the shared information 178 is expressed by a standard attribute defined in the attribute dictionary 184.
  • Shared information 178 shown in FIG. 14 includes an entry 1416.
  • the entry 1416 corresponds to the first shared information package shown in FIG.
  • connection system management unit 164 updates the connection system information 174 based on the received first shared information package in order to record that the shared information has been received. Specifically, the connection system management unit 164 stores an identifier indicating the information management system 100 that has transmitted the first shared information package in the area 522, and stores the date and time when the first shared information package is received in the area 524. Store.
  • connection system management unit 164 stores a character string or identifier indicating reception in the area 526, and stores a value of the area 1402 of the shared information 178 in which the first shared information package is stored in the area 528.
  • the shared information management unit 166 can determine whether or not new shared information has been received by referring to the connection system information 174.
  • the shared information management unit 166 may store the attributes included in the areas (1406, 1408, 1410, 1412, and 1414) in the attribute information 176 in the sequence 1226.
  • FIG. 15 is a sequence diagram illustrating processing in which the information management server #N (134) according to the present embodiment acquires the shared information 178 from the information sharing server 160.
  • the information management unit 136 of the information management server #N (134) requests access to the shared information at predetermined time intervals or when the operation manager or the user instructs. Specifically, the information management unit 136 requests the information sharing server 160 for newly registered shared information 178 or updated shared information 178 (1510).
  • the information management unit 136 of the information management server #N requests access to the shared information.
  • the information management unit 136 of the information management server # 1 (104) accesses the shared information. You may request access.
  • the shared information management unit 166 of the information sharing server 160 refers to the areas (522, 524, 526, and 528) included in the connection system information 174.
  • the shared information that has not been transmitted to the information management server #N (134) is specified.
  • the shared information management unit 166 specifies the shared information identifier of the area 528 of the entry in which the area 526 indicates “reception”. Then, the shared information management unit 166 stores the specified shared information identifier in the area 528, the area 526 indicates “transmission”, and the area 522 indicates an entry (hereinafter referred to as information management system #N (100-N)). , Described as entry A). If there is no entry A, the shared information management unit 166 specifies that the shared information with the specified shared information identifier is shared information that has not been transmitted to the information management system #N (100-N) (1514).
  • the shared information management unit 166 extracts an entry (hereinafter referred to as entry B) of the shared information 178 including untransmitted shared information. Then, in the information management system #N (100-N), the attribute expression (reference attribute expression) included in the extracted entry B area (1406, 1408, 1410, and 1412) is mapped using the mapping information 182. It converts into the expression of the attribute used (1516).
  • shared information management section 166 refers to area 506 of connection system information 174, and shares information and information attributes included in entry B according to the attribute management method of information management system 100 that is the transmission destination of shared information. And update.
  • the attribute management method of the information management system #N is an integrated management method (for example, when the area 506 indicates “application metadata”), and the area 1406 of the shared information 178 If the Null value is not stored, the shared information management unit 166 updates the shared information included in the area 1404 so that the information attribute of the area 1406 is included in the shared information of the area 1404 in accordance with the method indicated by the area 506. .
  • the attribute management method of the information management system #N (100-N) is an independent management method (for example, when the area 506 indicates “alternative data stream”), and the area of the shared information 178
  • the shared information management unit 166 extracts information attributes from the shared information in the area 1404 according to the method indicated by the area 506. Then, the shared information management unit 166 stores the extracted information attribute in the area 1406.
  • the information management system 100 sets the information attribute to the user according to the method in its own system without changing the received shared information. You can browse. As a result, information can be easily shared between the information management systems 100.
  • the shared information management unit 166 determines whether or not the information management system #N (100-N) can comply with the access rule of the untransmitted shared information using the mapping information 182 (1518). . Specifically, the determination is made by the following method.
  • the shared information management unit 166 includes all the reference attributes included in the access rule indicated by the entry B area (1408, 1410, 1412, and 1414) as attributes of the information management system #N (100-N). If conversion is possible, the information management system #N (100-N) determines that the access rule for the untransmitted shared information can be observed.
  • the shared information The management unit 166 determines that compliance is possible.
  • the shared information management unit 166 determines that the information management system #N (100 -N) determines that the access rule for unsent shared information cannot be observed.
  • the shared information management unit 166 changes the contents of the entry B to the information management system #N (100-N). N) is determined not to transmit, and the process shown in FIG. 15 is terminated (1520).
  • the information sharing server 160 can maintain the security level required for the shared information of the entry B.
  • the shared information management unit 166 includes the second shared information package including the contents of the entry B. Is generated (1522).
  • FIG. 16 is an explanatory diagram showing a second shared information package of the present embodiment.
  • the second shared information package is provided information for providing shared information and access rules applied to the shared information to the information management system 100 that has requested access to the shared information.
  • the second shared information package includes a plurality of areas (1602, 1604, 1606, 1608, 1610, 1612 and 1614).
  • the second shared information package includes the contents of the shared information 178 entry. Therefore, the areas (1602, 1604, 1606, 1608, 1610, 1612 and 1614) store the values of the areas (1402, 1404, 1406, 1408, 1410, 1412 and 1414).
  • the second shared information package shown in FIG. 16 is the result of converting the attributes included in the entry 1416 of the shared information 178 shown in FIG. 14 into attributes used in the information management system #N (100-N).
  • the second shared information package shown in FIG. 16 is transmitted to the information management system #N (100-N). Since the information management system #N (100-N) manages the information attribute by the integrated management method, the information attribute is not stored in the area 1606 of the second shared information package shown in FIG. Information attributes are stored in the shared information 1604.
  • the shared information management unit 166 transmits the second shared information package to the information management server #N (134) (1524).
  • the shared information management unit 166 updates the connection system information 174.
  • the shared information management unit 166 stores the identifier of the information management system 100 that is the transmission destination of the second shared information package in the area 522, and the date and time when the second shared information package is transmitted in the area 524. Then, a value indicating “transmission” is stored in the area 526, and a new entry storing the shared information identifier added to the second shared information package in the area 528 is added to the connection system information 174.
  • the information management unit 136 of the information management server #N receives the second shared information package from the information sharing server 160 (1526).
  • the shared information management unit 166 deletes the area 1602 in the sequence 1524 and then executes the second shared information package. May be sent.
  • the information management unit 136 stores the received content of the second shared information package in the user attribute 142, the information 144, and the access rule 146. Specifically, the information management unit 136 stores the contents of the area 1604 in the information 144. Further, the information management unit 136 stores the contents of the areas (1608, 1610, 1612 and 1614) in the access rule 146 (1528).
  • the shared information management unit 166 executes the sequence 1514 and subsequent steps shown in FIG. 15 and is connected to the information sharing server 160.
  • the shared information may be transmitted to the information management server.
  • a method for converting the difference in expression of attribute information and access rules in information sharing between a plurality of information management systems 100 adopting an access control model defined by different attributes thereby, information can be shared between the information management systems 100, and security for the shared information can be maintained.
  • the operation manager converts attributes for each information management system 100 that shares information, converts an expression of an access rule, converts an attribute management method for information attributes added to shared information, etc.
  • the operation time can be saved.
  • the above-mentioned attribute management method showed the management method of the information attribute, you may show the management method of a user attribute.
  • the shared information may be updated so that the user attribute is included in the shared information, or another file may be generated by extracting the user attribute from the shared information.
  • a part of the configuration of one embodiment can be replaced with the configuration of another embodiment, and the configuration of another embodiment can be added to the configuration of one embodiment. Further, it is possible to add, delete, and replace other configurations for a part of the configuration of each embodiment.
  • each of the above-described configurations, functions, processing units, processing procedures, etc. may be realized in hardware by designing a part or all of them, for example, with an integrated circuit.
  • Each of the above-described configurations, functions, and the like may be realized by software by interpreting and executing a program that realizes each function by the processor.
  • Information such as a program, a table, or a file that realizes each function can be stored in a recording device such as a memory, a hard disk, or an SSD (Solid State Drive), or a recording medium such as an IC card, an SD card, or a DVD.
  • control lines or information lines indicate what is considered necessary for the explanation, and not all control lines or information lines on the product are necessarily shown. In practice, almost all the components are connected to each other.

Abstract

When an access rule including an attribute of a first access requester, and information to which the access rule is to be applied, have been received, the present invention converts the attribute of the first access requester into an attribute of a second access requester and generates information to be provided including the received information and the converted access rule in order to transmit the information to be provided.

Description

情報共有装置、及び、情報共有方法Information sharing apparatus and information sharing method 参照による取り込みImport by reference
 本出願は、平成26年(2014年)10月15日に出願された日本出願である特願2014-210897の優先権を主張し、その内容を参照することにより、本出願に取り込む。 This application claims the priority of Japanese Patent Application No. 2014-210897, which was filed on October 15, 2014, and is incorporated herein by reference.
 本発明は、情報共有装置、及び、情報共有方法に関する。 The present invention relates to an information sharing apparatus and an information sharing method.
 企業、又は、官公庁若しくは自治体では、パソコンなどを使ったIT環境が普及し、電子的な文書を扱う業務が一般的になっている。さらに、電子的な情報が、複数の企業間、又は、企業と官公庁又は自治体との間など、複数の組織間において通信ネットワークを介して交換されており、これによって、複数の組織が、協調しながら業務を進めている。 In enterprises, government offices or local governments, IT environments using personal computers have become widespread, and business dealing with electronic documents has become common. In addition, electronic information is exchanged between a plurality of organizations, such as between a plurality of companies, or between a company and a public office or a local government, via a communication network. While working.
 電子的な情報の中には、経営計画資料、研究開発資料、住民情報が記載された資料、及び、申請書など機密性の確保が必要な内容が含まれている。情報の機密性を確保するためには、電子的な情報の開示範囲及び取扱制限のポリシーを決めて、そのポリシーを、人又はシステムが実行することが重要である。このような機密性確保を実現するために、アクセス制御技術が使われてきた。 The electronic information includes management plan materials, research and development materials, materials containing resident information, and content that requires confidentiality such as application forms. In order to ensure the confidentiality of information, it is important that a person or system implements the policy of the disclosure range and handling restriction of electronic information. In order to achieve such confidentiality, access control technology has been used.
 特許文献1は、企業等の組織における複数部門の間で機密文書を共有する時のアクセス制御方法を開示している。ここでは、開示範囲として、相手部門の主体名を事前に全てを明確に決め難いことに注目し、直接アクセス権限判定手段と間接アクセス権限判定手段の組合せを提案している。 Patent Document 1 discloses an access control method when a confidential document is shared among a plurality of departments in an organization such as a company. Here, as a disclosure range, paying attention to the fact that it is difficult to clearly determine the subject name of the counterpart department in advance, a combination of direct access authority determination means and indirect access authority determination means is proposed.
 直接アクセス権限判定手段では、特定の主体名を指定する。次に、間接アクセス権限判定手段では、組織構造や座席レイアウト等の主体の関係性を指定する。この間接アクセス権限判定手段により、具体的な主体名を指定することなく、ある特定の主体の上司や同じ座席の島にいる者、などの別の主体名を開示範囲として追加することが可能になる。 In the direct access authority judgment means, specify a specific subject name. Next, the indirect access authority determination means designates the relationship of the subject such as the organizational structure and the seat layout. With this indirect access authority determination means, it is possible to add another subject name such as the boss of a specific subject or a person on the same seat island as the scope of disclosure without specifying a specific subject name. Become.
特開2006-323535号公報JP 2006-323535 A
 組織毎に設置される情報システムには、異なるアクセス制御モデルが適用される。そして、複数の組織が電子的な情報を共有する場合、このような情報システムが相互に連携する状況が考えられる。 Different access control models are applied to information systems installed in each organization. When a plurality of organizations share electronic information, a situation where such information systems cooperate with each other can be considered.
 アクセス制御モデルを適用するためには、ユーザ属性(情報にアクセスする側の属性)又は情報属性(アクセスされる情報の属性)などの定義及びアクセスルールが必要である。そして、同じアクセス制御モデルを複数の情報システムに適用した場合も、定義及びアクセスルールを表現する名前又は番号等の識別子、及び、関係性を示す言葉等が、組織毎に異なる可能性がある。 In order to apply the access control model, it is necessary to define user attributes (attributes for accessing information) or information attributes (accessed information attributes) and access rules. Even when the same access control model is applied to a plurality of information systems, identifiers such as names or numbers expressing definitions and access rules, and words indicating relationships may differ from organization to organization.
 一般的に、複数の組織間で情報を共有する場合、組織毎に適用されるアクセス制御方法の違いを解消することが重要である。従来技術は、同一のアクセス制御モデルが適用される複数の組織間での情報共有を前提としている。そのため、特許文献1の技術を使った場合、情報を提供する者は、情報共有する相手(情報が提供される者)の情報システムが定義する属性の定義及びアクセスルールを知ることは出来ない。このため、情報を提供する物が、情報が提供される者にとって適切なアクセスルールを、情報に設定することは困難である。 Generally, when sharing information among multiple organizations, it is important to eliminate differences in access control methods applied to each organization. The prior art is premised on information sharing among a plurality of organizations to which the same access control model is applied. Therefore, when the technique of Patent Document 1 is used, a person who provides information cannot know the attribute definitions and access rules defined by the information system of the information sharing partner (the person to whom the information is provided). For this reason, it is difficult for an object providing information to set an appropriate access rule for the information provider.
 本発明は、上記のような問題点を解決するためのものである。すなわち、複数の情報システムに異なる表現によるアクセス制御モデルが適用されている場合においても、複数の情報システム間の情報共有を可能にするシステムの提供を目的とする。 The present invention is for solving the above problems. That is, an object of the present invention is to provide a system that enables information sharing among a plurality of information systems even when an access control model with different expressions is applied to the plurality of information systems.
 上記課題を解決するために、本発明は、情報共有装置であって、プロセッサ及びメモリを有し、第1のシステムと、第2のシステムとに接続され、情報へのアクセスの許可又は不許可を判定するために前記第1のシステムにおいて用いられる、第1アクセス要求元の属性を取得し、情報へのアクセスの許可又は不許可を判定するために前記第2のシステムにおいて用いられる、第2アクセス要求元の属性を取得し、前記第1アクセス要求元の属性と前記第2アクセス要求元の属性とを対応させて、前記メモリが有する対応記憶領域に格納し、前記第1アクセス要求元の属性を含むアクセスルールと、当該アクセスルールが適用される情報とを、前記第1のシステムから受信した場合、前記アクセスルールに含まれる第1アクセス要求元の属性を前記対応記憶領域を参照して、前記第2アクセス要求元の属性に変換し、前記受信した情報と前記変換後のアクセスルールとを含む提供情報を、前記第2のシステムに送信するために生成する。 In order to solve the above-mentioned problems, the present invention is an information sharing apparatus, which has a processor and a memory, is connected to the first system and the second system, and permits or denies access to information. Used in the first system to determine the attribute of the first access requester, and used in the second system to determine permission or disapproval of access to the information. Obtaining an attribute of the access request source, associating the attribute of the first access request source with the attribute of the second access request source, and storing the attribute in the corresponding storage area of the memory; When an access rule including an attribute and information to which the access rule is applied are received from the first system, the attribute of the first access request source included in the access rule Is converted to the attribute of the second access request source with reference to the corresponding storage area, and the provision information including the received information and the converted access rule is transmitted to the second system. Generate.
 本発明によれば、複数の異なるシステムがアクセス制御モデルを維持しつつ情報を共有できる。 According to the present invention, a plurality of different systems can share information while maintaining the access control model.
 上記した以外の課題、構成及び効果は、以下の実施形態の説明により明らかにされる。 Issues, configurations, and effects other than those described above will be clarified by the following description of the embodiments.
本実施例の情報共有システムの構成を示すブロック図である。It is a block diagram which shows the structure of the information sharing system of a present Example. 本実施例の計算機のハードウェア構成を示すブロック図である。It is a block diagram which shows the hardware constitutions of the computer of a present Example. 本実施例のユーザ属性、情報属性、属性管理方法、及び、アクセスルールの表現をマッピングする概念を示す説明図である。It is explanatory drawing which shows the concept which maps the user attribute of this Example, an information attribute, the attribute management method, and the expression of an access rule. 本実施例の情報共有サーバの処理を示すフローチャートである。It is a flowchart which shows the process of the information sharing server of a present Example. 本実施例の接続システム情報を示す説明図である。It is explanatory drawing which shows the connection system information of a present Example. 本実施例の属性辞書を示す説明図である。It is explanatory drawing which shows the attribute dictionary of a present Example. 本実施例の属性マッピングエディタのユーザインタフェースを示す説明図である。It is explanatory drawing which shows the user interface of the attribute mapping editor of a present Example. 本実施例のマッピング情報を示す説明図である。It is explanatory drawing which shows the mapping information of a present Example. 本実施例のユーザインタフェースに表示される警告ダイアログを示す説明図である。It is explanatory drawing which shows the warning dialog displayed on the user interface of a present Example. 本実施例のユーザインタフェースを示す説明図である。It is explanatory drawing which shows the user interface of a present Example. 本実施例のアクセスルールを示す説明図である。It is explanatory drawing which shows the access rule of a present Example. 本実施例の情報管理サーバから情報共有サーバに共有情報を送信する処理を示すシーケンス図である。It is a sequence diagram which shows the process which transmits shared information to the information sharing server from the information management server of a present Example. 本実施例の第1の共有情報パッケージを示す説明図である。It is explanatory drawing which shows the 1st shared information package of a present Example. 本実施例の共有情報を示す説明図である。It is explanatory drawing which shows the shared information of a present Example. 本実施例の情報管理サーバが、情報共有サーバから共有情報を取得する処理を示すシーケンス図である。It is a sequence diagram which shows the process in which the information management server of a present Example acquires shared information from an information sharing server. 本実施例の第2の共有情報パッケージを示す説明図である。It is explanatory drawing which shows the 2nd shared information package of a present Example.
 以下、本発明の実施形態を、図面を用いて説明する。 Hereinafter, embodiments of the present invention will be described with reference to the drawings.
 本実施例の情報共有システムは、複数の組織がそれぞれ運用する複数の情報管理システムにおいて生成された文書ファイルなどの情報を、他の情報管理システムと横断的に共有するための機能を提供する。 The information sharing system according to the present embodiment provides a function for sharing information such as document files generated in a plurality of information management systems operated by a plurality of organizations with other information management systems.
 組織の運用管理者は、ユーザ及び情報等の属性を用いて定義されたアクセスルールを事前に生成し、情報管理システムに登録する。情報共有システムによって共有される情報が情報管理システムにおいて生成された場合、登録されたアクセスルールに基づいてその情報の取り扱いが制限される。 The operation manager of the organization generates in advance access rules defined using attributes such as users and information, and registers them in the information management system. When information shared by the information sharing system is generated in the information management system, the handling of the information is restricted based on the registered access rules.
 本実施例のアクセスルールは、情報へのアクセスの許可又は不許可を判定するためのルールを示し、属性によって定義される。また、本実施例のアクセスルールは、アクセスの具体的な行為である、情報への閲覧又は更新等を示す。 The access rule of this embodiment indicates a rule for determining permission or disapproval of access to information, and is defined by attributes. Further, the access rule of this embodiment indicates browsing or updating of information, which is a specific action of access.
 本実施例の属性は、ユーザ属性、情報属性、及びその他属性を含む。本実施例のユーザとは、情報管理システム及び情報共有システムを利用する者であり、情報にアクセスする意思を持つ者である。ユーザ属性は、情報にアクセスする者を識別するための属性である。 Attribute of this embodiment includes a user attribute, an information attribute, and other attributes. The user of this embodiment is a person who uses the information management system and the information sharing system, and is a person who has an intention to access information. The user attribute is an attribute for identifying a person who accesses information.
 情報属性は、アクセスされる文書ファイル及び画像ファイル等の情報を識別するための属性である。その他属性には、情報にアクセスする環境(時間、季節、及び場所等)が含まれる。 The information attribute is an attribute for identifying information such as a document file and an image file to be accessed. Other attributes include the environment (time, season, location, etc.) for accessing information.
 図1は、本実施例の情報共有システムの構成を示すブロック図である。 FIG. 1 is a block diagram showing the configuration of the information sharing system of this embodiment.
 本実施例の情報共有システムは、少なくとも二つ以上の情報管理システム100(100-1、100-N)と、通信ネットワーク190と、情報共有サーバ160とから構成される。情報管理システム100及び情報共有サーバ160は、通信ネットワーク190を介して相互に接続される。 The information sharing system according to this embodiment includes at least two information management systems 100 (100-1 and 100-N), a communication network 190, and an information sharing server 160. The information management system 100 and the information sharing server 160 are connected to each other via a communication network 190.
 情報管理システム100は、複数の端末102と、通信ネットワーク120と、情報管理サーバ#1(104)とから構成される。情報管理システム100は、利用者が端末102を介して情報にアクセスする場合、属性によって定義されるアクセス制御モデルを適用する。 The information management system 100 includes a plurality of terminals 102, a communication network 120, and an information management server # 1 (104). When the user accesses information via the terminal 102, the information management system 100 applies the access control model defined by the attribute.
 また、端末102及び情報管理サーバ#1(104)は、通信ネットワーク120を介して相互に接続される。端末102及び情報管理サーバ#1(104)は、通信ネットワーク120及び通信ネットワーク190を介して情報共有サーバ160と接続する。 The terminal 102 and the information management server # 1 (104) are connected to each other via the communication network 120. The terminal 102 and the information management server # 1 (104) are connected to the information sharing server 160 via the communication network 120 and the communication network 190.
 端末102は、運用管理システム#1(100-1)の運用又は管理を行う者(以下、運用管理者)からの指示を受け付ける入力装置であり、また、運用管理者に処理結果を出力する出力装置である。端末102は、情報116、及び、情報共有サーバ160が持つ共有情報178へアクセスする要求を受け付ける。 The terminal 102 is an input device that receives an instruction from a person who operates or manages the operation management system # 1 (100-1) (hereinafter referred to as an operation manager), and outputs an output of a processing result to the operation manager. Device. The terminal 102 receives a request for accessing the information 116 and the shared information 178 held by the information sharing server 160.
 情報管理サーバ#1(104)は、演算装置及び記憶装置を有する計算機である。情報管理サーバ#1(104)は、運用管理インタフェース110、情報管理部106、及び連携部108を機能部として有し、ユーザ属性112、情報属性114、情報116、及びアクセスルール118を記憶部として有する。 Information management server # 1 (104) is a computer having an arithmetic device and a storage device. The information management server # 1 (104) has the operation management interface 110, the information management unit 106, and the linkage unit 108 as functional units, and the user attribute 112, the information attribute 114, the information 116, and the access rule 118 as a storage unit. Have.
 運用管理インタフェース110は、端末102が受け付けた情報116へアクセスする要求を受信する。情報管理部106は、アクセスルール118等を参照し、情報116へのアクセスを制限する。連携部108は、他の情報管理システム100及び情報共有サーバ160と接続する機能を提供する。 The operation management interface 110 receives a request to access the information 116 received by the terminal 102. The information management unit 106 refers to the access rule 118 and restricts access to the information 116. The cooperation unit 108 provides a function of connecting to another information management system 100 and the information sharing server 160.
 ユーザ属性112は、情報管理システム#1(100-1)において用いられるユーザ属性を格納する。情報属性114は、情報管理システム#1(100-1)において用いられる情報属性を格納する。情報116は、情報共有システム内で共有する情報を、少なくとも格納する。アクセスルール118は、属性を用いて定義されたアクセスルールを格納する。 User attribute 112 stores a user attribute used in information management system # 1 (100-1). The information attribute 114 stores an information attribute used in the information management system # 1 (100-1). The information 116 stores at least information shared in the information sharing system. The access rule 118 stores an access rule defined using attributes.
 情報管理システム#1(100-1)と情報管理システム#N(100-N)とは、同様の機能を有する。情報管理システム#N(100-N)は、複数の端末132と、通信ネットワーク150と、情報管理サーバ#N(134)とから構成される。 Information management system # 1 (100-1) and information management system #N (100-N) have similar functions. The information management system #N (100-N) includes a plurality of terminals 132, a communication network 150, and an information management server #N (134).
 端末132は、端末102と同じ機能を有し、通信ネットワーク150は、通信ネットワーク120と同じ機能を有する。 The terminal 132 has the same function as the terminal 102, and the communication network 150 has the same function as the communication network 120.
 情報管理サーバ#N(134)は、演算装置及び記憶装置を有する計算機である。情報管理サーバ#N(134)は、運用管理インタフェース140、及び、情報管理部136、連携部138を機能部として有し、ユーザ属性142、情報144及びアクセスルール146を記憶部として有する。 The information management server #N (134) is a computer having an arithmetic device and a storage device. The information management server #N (134) includes the operation management interface 140, the information management unit 136, and the cooperation unit 138 as functional units, and includes the user attribute 142, the information 144, and the access rule 146 as a storage unit.
 運用管理インタフェース140は、運用管理インタフェース110と同じ機能を有し、情報管理部136は、情報管理部106と同じ機能を有し、連携部138は、連携部108と同じ機能を有する。 The operation management interface 140 has the same function as the operation management interface 110, the information management unit 136 has the same function as the information management unit 106, and the linkage unit 138 has the same function as the linkage unit 108.
 ユーザ属性142は、情報管理システム#N(100-N)において用いられるユーザ属性を格納する。情報144は、情報共有システム内で共有する情報を格納する。アクセスルール146は、アクセスルールを格納する。 User attribute 142 stores a user attribute used in information management system #N (100-N). The information 144 stores information shared within the information sharing system. The access rule 146 stores an access rule.
 情報管理システム#1(100-1)と情報管理システム#N(100-N)との違いは、情報と情報属性とを自らに格納する方法(以下、属性管理方法)の違いである。情報管理システム100-1は、情報属性を情報から独立させ、複数のアクセスルールにおいて用いられる情報属性を一元的に格納する方法を用いる(以下、独立型管理方法と記載)。独立型管理方法は、例えば、ファイルシステムで規定された代替データストリームとして情報属性を格納する方法である。 The difference between the information management system # 1 (100-1) and the information management system #N (100-N) is a method of storing information and information attributes in itself (hereinafter referred to as attribute management method). The information management system 100-1 uses a method of making information attributes independent from information and storing information attributes used in a plurality of access rules in a unified manner (hereinafter referred to as an independent management method). The independent management method is a method of storing information attributes as, for example, an alternative data stream defined by a file system.
 一方、情報管理システム#N(100-N)は、情報144の中に情報属性を格納する管理方法を用いる(以下、一体型管理方法と記載)。一体型管理方法は、例えば、ワードプロセッサのファイルフォーマットで規定されたアプリケーションメタデータとして、情報属性を情報144の中に格納する方法である。アプリケーションメタデータには、例えば、情報を含む文書ファイルのプロパティとして文書ファイルに情報属性を含める方法がある。 On the other hand, the information management system #N (100-N) uses a management method for storing information attributes in the information 144 (hereinafter referred to as an integrated management method). The integrated management method is, for example, a method of storing information attributes in the information 144 as application metadata defined by the file format of the word processor. Application metadata includes, for example, a method of including an information attribute in a document file as a property of the document file including information.
 このように情報共有システムには、情報属性を情報の外部に保持する方法を採用する情報管理システム100と、情報属性を情報の内部で管理する方法とを採用する情報管理が混在している。これは、情報管理サーバが有するアプリケーションが、情報を識別するための情報属性を取得する方法が、アプリケーションによって相違するためである。 Thus, in the information sharing system, there are a mixture of an information management system 100 that employs a method for retaining information attributes outside information and an information management that employs a method for managing information attributes inside information. This is because the method of acquiring an information attribute for identifying information by an application included in the information management server differs depending on the application.
 情報共有サーバ160は、演算装置及び記憶装置を有する計算機である。情報共有サーバ160は、運用管理インタフェース172、共有制御部162、接続システム管理部164、共有情報管理部166、アクセスルール管理部168及びマッピング管理部170を管理部として有し、接続システム情報174、共有情報178、アクセスルール180、マッピング情報182、及び属性辞書184を記憶部として有する。 The information sharing server 160 is a computer having an arithmetic device and a storage device. The information sharing server 160 includes an operation management interface 172, a sharing control unit 162, a connection system management unit 164, a shared information management unit 166, an access rule management unit 168, and a mapping management unit 170 as management units, and the connection system information 174, The shared information 178, the access rule 180, the mapping information 182 and the attribute dictionary 184 are included as a storage unit.
 運用管理インタフェース172は、端末102及び端末132から入力された要求を受け付ける。共有制御部162は、情報管理システム100との接続機能を提供する。接続システム管理部164は、接続システム情報174を管理する。 The operation management interface 172 receives requests input from the terminal 102 and the terminal 132. The sharing control unit 162 provides a connection function with the information management system 100. The connection system management unit 164 manages the connection system information 174.
 共有情報管理部166は、共有情報178を管理する。アクセスルール管理部168は、アクセスルール180を管理する。マッピング管理部170は、マッピング情報182及び属性辞書184を管理する。 The shared information management unit 166 manages the shared information 178. The access rule management unit 168 manages the access rule 180. The mapping management unit 170 manages the mapping information 182 and the attribute dictionary 184.
 接続システム情報174は、情報管理システム100に関する情報を有する。共有情報178は、情報管理システム100間で共有する情報を含む。共有情報178は、属性情報176を有する。属性情報176は、ユーザ属性及び情報属性を有する。 The connection system information 174 includes information related to the information management system 100. The shared information 178 includes information shared between the information management systems 100. The shared information 178 has attribute information 176. The attribute information 176 has a user attribute and an information attribute.
 アクセスルール180は、情報管理システム100から送られたアクセスルールを有する。マッピング情報182は、ユーザ属性及び情報属性等、情報管理システム100において用いられるユーザ属性及び情報属性等を対応させて格納する対応記憶領域である。属性辞書184は、ユーザ属性及び情報属性等を識別するための基準となる基準属性を有する。 The access rule 180 has an access rule sent from the information management system 100. The mapping information 182 is a corresponding storage area for storing user attributes and information attributes used in the information management system 100 such as user attributes and information attributes in association with each other. The attribute dictionary 184 has reference attributes that serve as a reference for identifying user attributes, information attributes, and the like.
 なお、通信ネットワーク120、通信ネットワーク150及び通信ネットワーク190は、公衆網、インターネット、ISDN、専用線若しくはLANなどの有線網、又は、移動通信用基地局若しくは通信用人工衛星を利用した無線網などの通信ネットワークであってもよい。 The communication network 120, the communication network 150, and the communication network 190 are a public network, a wired network such as the Internet, ISDN, a dedicated line, or a LAN, or a wireless network using a mobile communication base station or a communication artificial satellite. It may be a communication network.
 また、情報共有システムが有する装置は、予め設定された通信相手となる他の装置のアドレスを用いて、他の装置と通信する。また、一つの装置が、ブロードキャスト通信又はマルチキャスト通信などを使って、複数の装置と同報的に通信してもよい。さらに、情報共有システムが有する装置は、パブリッシュ/サブスクライブ型の通信のように、位置透過的に通信してもよい。 In addition, a device included in the information sharing system communicates with another device using a preset address of another device that is a communication partner. In addition, one apparatus may communicate with a plurality of apparatuses using broadcast communication or multicast communication. Further, devices included in the information sharing system may communicate in a position-transparent manner, such as publish / subscribe type communication.
 図2は、本実施例の計算機のハードウェア構成を示すブロック図である。 FIG. 2 is a block diagram showing the hardware configuration of the computer of this embodiment.
 端末102、端末132、情報管理サーバ104、情報管理サーバ134、及び情報共有サーバ160は、例えば、図2に示す計算機200と同じ装置を有する。計算機200は、中央演算装置(CPU)202、入力装置210、外部記憶装置206、半導体メモリ(RAM)204、出力装置212、記憶媒体216、外部メディアインタフェース214、通信インタフェース208、及び内部通信線250を有する。 The terminal 102, the terminal 132, the information management server 104, the information management server 134, and the information sharing server 160 have, for example, the same devices as the computer 200 shown in FIG. The computer 200 includes a central processing unit (CPU) 202, an input device 210, an external storage device 206, a semiconductor memory (RAM) 204, an output device 212, a storage medium 216, an external media interface 214, a communication interface 208, and an internal communication line 250. Have
 CPU202は、演算装置及び制御装置であり、プロセッサであってもよい。端末102、端末132、情報管理サーバ104、情報管理サーバ134、及び情報共有サーバ160は、CPU202がプログラムを実行することによって、各々の機能を実現する。 The CPU 202 is an arithmetic device and a control device, and may be a processor. The terminal 102, the terminal 132, the information management server 104, the information management server 134, and the information sharing server 160 realize their functions as the CPU 202 executes the program.
 入力装置210は、キーボード及びマウスなどの装置であり、運用管理者が指示を入力するための装置である。出力装置212は、CRTディスプレイ、液晶ディスプレイ及びプリンタなどの装置であり、運用管理者等に処理結果を提供するための装置である。 The input device 210 is a device such as a keyboard and a mouse, and is a device for an operation manager to input an instruction. The output device 212 is a device such as a CRT display, a liquid crystal display, or a printer, and is a device for providing a processing result to an operation manager or the like.
 外部記憶装置206は、ハードディスク又はフラッシュメモリ(SSD)等の大容量かつ不揮発性の記憶装置である。外部記憶装置206は、CPU202が実行するプログラム及びプログラムの実行時に使用されるデータを格納してもよい。すなわち、CPU202は、外部記憶装置206からプログラムを読み出し、RAM204にプログラムをロードした後、プログラムを実行する。 The external storage device 206 is a large-capacity non-volatile storage device such as a hard disk or a flash memory (SSD). The external storage device 206 may store a program executed by the CPU 202 and data used when the program is executed. That is, the CPU 202 reads the program from the external storage device 206, loads the program into the RAM 204, and then executes the program.
 半導体メモリ(RAM)204は、高速かつ揮発性の記憶素子であり、外部記憶装置206に格納されたプログラム及びプログラムの実行時に使用されるデータを一時的に格納する。例えば、情報共有サーバ160の半導体メモリ(RAM)204は、共有制御部162、接続システム管理部164、共有情報管理部166、アクセスルール管理部168、マッピング管理部170及び運用管理インタフェース172を実装するためのプログラムを格納する。 The semiconductor memory (RAM) 204 is a high-speed and volatile storage element, and temporarily stores a program stored in the external storage device 206 and data used when the program is executed. For example, the semiconductor memory (RAM) 204 of the information sharing server 160 includes a sharing control unit 162, a connection system management unit 164, a shared information management unit 166, an access rule management unit 168, a mapping management unit 170, and an operation management interface 172. Store the program for
 外部メディアインタフェース214は、光磁気メディアなどの記憶媒体216を読み書きするためのインタフェースである。記憶媒体216は、着脱可能であり、例えば、CD-ROM又はフラッシュメモリなどのリムーバブルメディアである。 External media interface 214 is an interface for reading and writing storage media 216 such as magneto-optical media. The storage medium 216 is detachable, and is, for example, a removable medium such as a CD-ROM or a flash memory.
 CPU202が実行するプログラムは、記憶媒体216、又は、通信ネットワーク(120、150、190)を伝搬する搬送波又はデジタル信号を介して計算機200に提供され、非一時的記憶媒体である外部記憶装置206に格納されてもよい。このため、計算機200は、外部メディアインタフェース214を介して、データを取得する。 A program executed by the CPU 202 is provided to the computer 200 via a storage medium 216 or a carrier wave or a digital signal that propagates through the communication network (120, 150, 190), and is stored in the external storage device 206 that is a non-temporary storage medium. It may be stored. Therefore, the computer 200 acquires data via the external media interface 214.
 通信インタフェース208は、通信ネットワーク190等と所定のプロトコルによって通信するためのインタフェースである。内部通信線250は、例えばバスであり、計算機200に備わる装置を相互に接続する。 The communication interface 208 is an interface for communicating with the communication network 190 or the like using a predetermined protocol. The internal communication line 250 is, for example, a bus, and connects devices included in the computer 200 to each other.
 計算機200は、物理的に一つの計算機であってもよく、又は、論理的又は物理的に複数の計算機によって構成される計算機システムであってもよい。また、計算機200が有するプログラムは、一つの計算機200において複数のスレッドによって実行されてもよく、また、複数の物理的計算機の資源上に構築された仮想計算機において実行されてもよい。 The computer 200 may be physically one computer, or may be a computer system constituted by a plurality of computers logically or physically. A program included in the computer 200 may be executed by a plurality of threads in one computer 200, or may be executed in a virtual computer constructed on resources of a plurality of physical computers.
 また、計算機200は、図2に示すすべての装置を有する必要はない。例えば、端末102及び端末132は、外部メディアインタフェース214を有さなくてもよい。 Further, the computer 200 need not have all the devices shown in FIG. For example, the terminal 102 and the terminal 132 may not have the external media interface 214.
 図3は、本実施例のユーザ属性、情報属性、属性管理方法、及び、アクセスルールの表現をマッピングする概念を示す説明図である。 FIG. 3 is an explanatory diagram showing the concept of mapping the user attributes, information attributes, attribute management method, and access rule expressions of this embodiment.
 情報管理システム100に適用されるユーザ属性、情報属性、属性管理方法、及び、アクセスルール等は、情報管理システム100間で表現が異なる。表現302、表現304及び表現306は、情報管理システム#1(100-1)、情報管理システム#2(100-2)及び情報管理システム#N(100-N)に適用されるユーザ属性、情報属性、情報属性管理方法及びアクセスルールの表現である。 The user attributes, information attributes, attribute management methods, access rules, and the like applied to the information management system 100 are expressed differently between the information management systems 100. Expression 302, expression 304, and expression 306 are user attributes and information applied to information management system # 1 (100-1), information management system # 2 (100-2), and information management system #N (100-N). It is a representation of attributes, information attribute management methods and access rules.
 そして、表現302、表現304及び表現306は、用いられるセキュリティレベルごとに、情報共有サーバ160が有する表現300にマッピングされる。このため、情報管理システム100が新たに追加された場合、既存の複数の情報管理システム100の表現と、新たな情報管理システム100の表現とを直接複数回対応づける必要がない。 Then, the expressions 302, 304, and 306 are mapped to the expression 300 included in the information sharing server 160 for each security level used. For this reason, when the information management system 100 is newly added, it is not necessary to directly associate the expressions of the plurality of existing information management systems 100 and the expressions of the new information management system 100 multiple times.
 そして、情報共有サーバ160の表現300と、新たな情報管理システム100とを1回のみマッピングすれば、本実施例の情報共有システムは、新たな情報管理システム100の表現と、既存の複数の情報管理システム100の表現とを対応づけることができる。 Then, if the representation 300 of the information sharing server 160 and the new information management system 100 are mapped only once, the information sharing system according to the present embodiment can represent the new representation of the information management system 100 and a plurality of existing information. The expression of the management system 100 can be associated.
 表現300は、情報共有サーバ160のマッピング情報182及び接続システム情報174に格納される。以降において、この概念を具現化した処理手順及びデータ構造を説明する。 The representation 300 is stored in the mapping information 182 and the connection system information 174 of the information sharing server 160. Hereinafter, a processing procedure and a data structure embodying this concept will be described.
 図4は、本実施例の情報共有サーバ160の処理を示すフローチャートである。 FIG. 4 is a flowchart showing processing of the information sharing server 160 of the present embodiment.
 情報共有サーバ160の共有制御部162は、情報共有サーバ160の起動後、又は、所定の期間ごとに図4に示す開始する(400)。また、共有制御部162は、運用管理者等の指示により、図4に示す処理を開始してもよい。 The sharing control unit 162 of the information sharing server 160 starts after starting the information sharing server 160 or at predetermined intervals (400). Further, the sharing control unit 162 may start the processing illustrated in FIG. 4 according to an instruction from an operation manager or the like.
 共有制御部162は、端末102又は端末132から運用管理処理を開始する指示を受け付けたか否かを判定する(402)。共有制御部162は、運用管理処理を開始する指示を受け付けた場合、指示された運用管理処理を、マッピング管理部170又はアクセスルール管理部168に実行させる(404)。 The sharing control unit 162 determines whether an instruction to start the operation management process is received from the terminal 102 or the terminal 132 (402). When the share control unit 162 receives an instruction to start the operation management process, the sharing control unit 162 causes the mapping management unit 170 or the access rule management unit 168 to execute the instructed operation management process (404).
 本実施例の運用管理処理は、後述する属性マッピング処理、及び、アクセスルール生成処理を含む。運用管理処理を開始する指示には、開始する運用管理処理を示す情報が含まれる。 The operation management process of this embodiment includes an attribute mapping process and an access rule generation process which will be described later. The instruction to start the operation management process includes information indicating the operation management process to be started.
 共有制御部162は、運用管理処理を開始する指示を受け付けていないと判定した場合、共有情報を受信したか、又は、共有情報を送信する必要があるかを判定する(406)。共有情報とは、情報管理システム100から情報共有サーバ160に送信された情報であり、本実施例の情報共有システムにおいて共有する情報である。 When it is determined that the instruction to start the operation management process is not accepted, the sharing control unit 162 determines whether the shared information has been received or the shared information needs to be transmitted (406). The shared information is information transmitted from the information management system 100 to the information sharing server 160, and is information shared in the information sharing system of the present embodiment.
 共有制御部162は、情報管理システム100から共有情報を受信したか否かを判定する。また、共有制御部162は、情報管理システム100から共有情報が要求された場合、共有情報を送信する必要があると判定してもよい。 The sharing control unit 162 determines whether or not shared information has been received from the information management system 100. Further, the sharing control unit 162 may determine that the sharing information needs to be transmitted when the sharing information is requested from the information management system 100.
 なお、共有制御部162は、接続システム情報174を参照し、情報管理システム100に未送信の共有情報があると判定した場合、ステップ406において共有情報を送信する必要があると判定してもよい。 The sharing control unit 162 may determine that the shared information needs to be transmitted in Step 406 when it is determined that there is untransmitted shared information in the information management system 100 with reference to the connection system information 174. .
 図5は、本実施例の接続システム情報174を示す説明図である。 FIG. 5 is an explanatory diagram showing the connection system information 174 of this embodiment.
 接続システム情報174は、認証情報500及び送受信情報520を格納する。認証情報500は、複数の領域(502、504、506、508、510及び512)を有する。認証情報500は、情報共有システムの管理者によってあらかじめ設定される。 The connection system information 174 stores authentication information 500 and transmission / reception information 520. The authentication information 500 has a plurality of areas (502, 504, 506, 508, 510, and 512). The authentication information 500 is set in advance by the administrator of the information sharing system.
 領域502は、情報管理システム100を識別するための識別子を含む。領域504は、システムクレデンシャルを示し、情報管理システム100と情報共有サーバ160とが相互に通信する際、用いられる認証方法を示す。 The area 502 includes an identifier for identifying the information management system 100. An area 504 indicates system credentials, and indicates an authentication method used when the information management system 100 and the information sharing server 160 communicate with each other.
 領域506は、領域502が示す情報管理システム100が、情報と情報属性とを格納する方法(属性管理方法)を示す記憶領域である。領域506は、領域506が示す独立型管理方法を適用するために、情報に含まれていた情報属性を情報から抽出する具体的な方法を含んでもよいし、また、領域506が示す一体型管理方法を適用するために、情報と分割されていた情報属性を情報に含める具体的な方法を含んでもよい。 The area 506 is a storage area indicating how the information management system 100 indicated by the area 502 stores information and information attributes (attribute management method). The area 506 may include a specific method for extracting information attributes included in the information from the information in order to apply the stand-alone management method indicated by the area 506, or the integrated management indicated by the area 506. In order to apply the method, a specific method of including information and information attributes that have been divided into information may be included.
 共有情報管理部166は、領域506を参照することによって、情報管理システム100に送る情報を、情報管理システム100の属性管理方法に従った状態に変更することができる。 The shared information management unit 166 can change the information sent to the information management system 100 to a state according to the attribute management method of the information management system 100 by referring to the area 506.
 領域508は、情報管理システム100の運用管理者の識別子を示す。領域510は、情報管理システム100の運用管理者が情報共有サーバ160にアクセスするための認証方法を示す。 An area 508 indicates an identifier of the operation manager of the information management system 100. An area 510 shows an authentication method for the operation manager of the information management system 100 to access the information sharing server 160.
 領域512は、送受信情報520と認証情報500とを関連づけるための識別子を示す。具体的には、送受信情報520の識別子を示す。図5において、一つの情報管理システム100は、認証情報500の中の一つのエントリに対応し、一つの送受信情報520に対応する。 The area 512 indicates an identifier for associating the transmission / reception information 520 with the authentication information 500. Specifically, the identifier of the transmission / reception information 520 is shown. In FIG. 5, one information management system 100 corresponds to one entry in the authentication information 500 and one transmission / reception information 520.
 接続システム管理部164は、情報管理システム100と情報共有サーバ160との間で、共有情報が送受信された場合に送受信情報520を更新する。送受信情報520は、通信ログとして、複数の領域(522、524、526、528)を含む。 The connection system management unit 164 updates the transmission / reception information 520 when the shared information is transmitted / received between the information management system 100 and the information sharing server 160. The transmission / reception information 520 includes a plurality of areas (522, 524, 526, 528) as a communication log.
 領域522は、情報管理システム100を識別するための識別子を含み、領域502に対応する。領域524は、共有情報を送信又は受信した日時を示す。 The area 522 includes an identifier for identifying the information management system 100 and corresponds to the area 502. An area 524 indicates the date and time when the shared information is transmitted or received.
 領域526は、領域522が示す情報管理システム100から情報共有サーバ160が共有情報を受信した場合「受信」を示し、領域522が示す情報管理システム100に情報共有サーバ160が共有情報を送信した場合「送信」を示す。領域528は、送受信した共有情報を識別するための識別子を示す。 The area 526 indicates “reception” when the information sharing server 160 receives the shared information from the information management system 100 indicated by the area 522, and the information sharing server 160 transmits the shared information to the information management system 100 indicated by the area 522. Indicates “send”. An area 528 shows an identifier for identifying the transmitted / received shared information.
 共有制御部162は、領域526が「受信」を示し共有情報の中から、かつ、領域526が「受信」を示す情報管理システム100以外の情報管理システム100のすべてに送信されていない共有情報がある場合、ステップ406において共有情報を送信する必要があると判定してよい。 The sharing control unit 162 has shared information that is not transmitted to all of the information management systems 100 other than the information management system 100 in which the area 526 indicates “reception” and the area 526 indicates “reception”. If there is, it may be determined in step 406 that the shared information needs to be transmitted.
 ステップ406において、共有情報を受信したか、又は、共有情報を送信する必要があると判定した場合、共有情報管理部166は、後述する処理によって共有情報を受信、又は、送信する(408)。ステップ406において、共有情報を受信しておらず、かつ、共有情報を送信する必要はないと判定した場合、シャットダウンの指示を受け付けたか否かを判定する(410)。 If it is determined in step 406 that the shared information has been received or the shared information needs to be transmitted, the shared information management unit 166 receives or transmits the shared information through a process described later (408). If it is determined in step 406 that the shared information has not been received and it is not necessary to transmit the shared information, it is determined whether a shutdown instruction has been accepted (410).
 シャットダウンの指示を受け付けたと判定した場合、共有制御部162は、終了する(412)。シャットダウンの指示を受け付けていないと判定した場合、共有制御部162は、ステップ402に戻る。 If it is determined that the shutdown instruction has been received, the sharing control unit 162 ends (412). If it is determined that the shutdown instruction has not been received, the sharing control unit 162 returns to Step 402.
 ステップ404における運用管理処理の一つである属性マッピング処理を以下に示す。まず、情報管理システム#1(100-1)の運用管理者がマッピング処理を行う手順を説明する。 The attribute mapping process which is one of the operation management processes in step 404 is shown below. First, the procedure for the operation manager of the information management system # 1 (100-1) to perform the mapping process will be described.
 情報共有サーバ160のマッピング管理部170は、ステップ404において、運用管理インタフェース172を介して端末102に、図7に示すユーザインタフェース700を出力するためのデータを送信する。これによってマッピング管理部170は、端末102に、属性マッピングエディタの機能を提供する。 In step 404, the mapping management unit 170 of the information sharing server 160 transmits data for outputting the user interface 700 shown in FIG. 7 to the terminal 102 via the operation management interface 172. Accordingly, the mapping manager 170 provides the terminal 102 with the function of the attribute mapping editor.
 なお、マッピング管理部170は、ユーザインタフェース700を端末102のディスプレイ等から出力させるために、接続システム情報174のフィールド(504、506、508及び510)の内容を用いて出力させる。 Note that the mapping management unit 170 outputs the user interface 700 using the contents of the fields (504, 506, 508, and 510) of the connection system information 174 in order to output the user interface 700 from the display of the terminal 102 or the like.
 ステップ404の運用管理処理において属性マッピング処理が開始した場合、マッピング管理部170は、情報管理サーバ104に格納されたユーザ属性112からユーザ属性をインポートし、情報共有サーバ160に格納された属性辞書184のユーザ属性をインポートする。また、マッピング管理部170は、情報管理サーバ104に格納された情報属性114をインポートし、情報共有サーバ160に格納された属性辞書184の情報属性をインポートする。 When the attribute mapping process is started in the operation management process in step 404, the mapping management unit 170 imports the user attribute from the user attribute 112 stored in the information management server 104 and the attribute dictionary 184 stored in the information sharing server 160. Import user attributes. Further, the mapping management unit 170 imports the information attribute 114 stored in the information management server 104 and imports the information attribute of the attribute dictionary 184 stored in the information sharing server 160.
 また、マッピング管理部170は、その他属性が情報管理サーバ104に格納される場合、その他属性を情報管理サーバ104からインポートし、属性辞書184からその他属性をインポートしてもよい。 Further, when other attributes are stored in the information management server 104, the mapping management unit 170 may import the other attributes from the information management server 104 and import the other attributes from the attribute dictionary 184.
 ここで、情報管理サーバ104からインポートするユーザ属性、情報属性、及び、その他属性は、端末102を介して運用管理者等から指示されたユーザ属性、情報属性、及び、その他属性であってよい。また、ユーザ属性112及び情報属性114等がマッピング済みか否かを示す場合、マッピング管理部170は、属性辞書184が有する基準とマッピングされていない属性を特定し、特定した属性を情報管理サーバ104からインポートしてもよい。 Here, the user attributes, information attributes, and other attributes that are imported from the information management server 104 may be user attributes, information attributes, and other attributes that are instructed by the operation manager or the like via the terminal 102. Further, when the user attribute 112, the information attribute 114, and the like indicate whether or not mapping has been performed, the mapping management unit 170 identifies an attribute that is not mapped to a reference included in the attribute dictionary 184, and identifies the identified attribute as the information management server 104. You may import from
 ユーザ属性112は、情報管理システム#1(100-1)において情報にアクセスするユーザを、識別するための属性を含む。また、ユーザ属性112は、情報管理システム#1(100-1)において用いられる表現302によって固有に定義されたユーザ属性を含む。ユーザ属性112は、ユーザの各々を識別するための識別子を含む。識別子は、例えば、英数字から構成されるユーザIDでもよい。 The user attribute 112 includes an attribute for identifying a user who accesses information in the information management system # 1 (100-1). The user attribute 112 includes a user attribute uniquely defined by the expression 302 used in the information management system # 1 (100-1). The user attribute 112 includes an identifier for identifying each user. The identifier may be a user ID composed of alphanumeric characters, for example.
 また、ユーザ属性112は、情報116にアクセスできるユーザを特定するために用いられる属性であればいかなる属性を含んでよい。ユーザ属性112は、例えば、所属部署、職務、役職、資格、メールアドレス、及び、国籍などの具体的な名称又は識別子を含む。 Further, the user attribute 112 may include any attribute as long as it is an attribute used to specify a user who can access the information 116. The user attributes 112 include, for example, specific names or identifiers such as departments, duties, titles, qualifications, e-mail addresses, and nationalities.
 また、ユーザ属性112は、ユーザにあらかじめ割り当てられる秘密取り扱い区分を含んでもよい。さらに、ユーザ属性112は、役職及び資格など、割り当てられる権限に上位及び下位がある属性についての階層構造を、情報として含んでもよい。 In addition, the user attribute 112 may include a secret handling category that is assigned to the user in advance. Further, the user attribute 112 may include, as information, a hierarchical structure for attributes having higher and lower assigned authority such as job title and qualification.
 情報属性114は、情報管理システム#1(100-1)の情報116に格納された情報を識別するための属性を含む。情報属性114は、情報管理システム#1(100-1)において用いられる表現302によって固有に定義された情報属性を含む。情報属性114は、情報116の情報を識別するための識別子を含む。例えば、情報属性114は、ファイル名及び格納場所を示す情報を含む。 The information attribute 114 includes an attribute for identifying information stored in the information 116 of the information management system # 1 (100-1). The information attribute 114 includes an information attribute uniquely defined by the expression 302 used in the information management system # 1 (100-1). The information attribute 114 includes an identifier for identifying information of the information 116. For example, the information attribute 114 includes information indicating a file name and a storage location.
 情報属性114は、情報116に格納される情報の属性であればいかなる属性を含んでもよい。情報属性114は、例えば、作成部署、分類、機密レベル、名称、作成者、管理部署及び運用管理者などの具体的な識別子を含む。 The information attribute 114 may include any attribute as long as it is an attribute of information stored in the information 116. The information attribute 114 includes, for example, specific identifiers such as a creation department, a classification, a confidential level, a name, a creator, a management department, and an operation manager.
 また、情報属性114は、情報116に格納される情報にあらかじめ割り当てられる秘密取り扱い区分も含む。さらに、ユーザ属性112は、機密レベルなど、割り当てられる権限に上位及び下位がある属性についての階層構造を、情報として含んでもよい。 In addition, the information attribute 114 includes a secret handling category that is assigned in advance to information stored in the information 116. Further, the user attribute 112 may include, as information, a hierarchical structure for attributes having higher and lower assigned authority such as a confidential level.
 なお、端末102を介して運用管理者から、ユーザ属性112及び情報属性114以外のその他属性(後述)を指定された場合、マッピング管理部170は、情報管理サーバ104のメモリに格納されたその他属性と、属性辞書184に格納されたその他属性とをインポートしてもよい。 When the operation manager designates other attributes (described later) other than the user attribute 112 and the information attribute 114 via the terminal 102, the mapping management unit 170 stores the other attribute stored in the memory of the information management server 104. And other attributes stored in the attribute dictionary 184 may be imported.
 その他属性は、情報にアクセスできる、環境及び条件等を示す。その他属性は、例えば、時間帯、気温、非常警戒レベル及び場所等を示す。 Other attributes indicate the environment and conditions that can access the information. The other attributes indicate, for example, time zone, temperature, emergency alert level, and location.
 一方、属性辞書184は、情報共有サーバ160の運用者又は管理者等によってあらかじめ設定された基準のユーザ属性及び情報属性を含み、情報管理システム100のユーザ属性及び情報属性とマッピングされるユーザ属性及び情報属性を含む。属性辞書184は、図3に示す表現300によって定義されたユーザ属性及び情報属性を含む。 On the other hand, the attribute dictionary 184 includes standard user attributes and information attributes set in advance by an operator or administrator of the information sharing server 160, and user attributes and information attributes mapped to the user attributes and information attributes of the information management system 100. Contains information attributes. The attribute dictionary 184 includes user attributes and information attributes defined by the expression 300 shown in FIG.
 図6は、本実施例の属性辞書184を示す説明図である。 FIG. 6 is an explanatory diagram showing the attribute dictionary 184 of the present embodiment.
 属性辞書184は、基準の属性の表現を示し、複数の領域(600、602、604、606)を含む。領域600は、属性の分類を示す。本実施例の領域600は、ユーザ属性、情報属性、その他属性の少なくとも一つを示す。 The attribute dictionary 184 indicates the expression of the reference attribute and includes a plurality of areas (600, 602, 604, 606). An area 600 shows attribute classification. The area 600 of this embodiment shows at least one of user attributes, information attributes, and other attributes.
 領域602は、属性の項目を表現する識別子を含む。領域604は、属性の項目の具体的な値を表現する識別子を含む。例えば、領域602が「役職」を示す場合、領域604は、「課長」又は「リーダー」等を示す。領域602及び領域604は、表現300によって定義される属性を示す。 The area 602 includes an identifier that represents an attribute item. An area 604 includes an identifier representing a specific value of the attribute item. For example, when the area 602 indicates “title”, the area 604 indicates “section manager” or “leader”. Regions 602 and 604 show attributes defined by the representation 300.
 領域606は、属性マッピング処理において、情報管理システム100の運用管理者に出力する説明文(使用ガイドライン)を格納する。領域604が「-」を示す場合、領域606は、領域602が示す項目の説明を示す。また、領域606の説明文は、領域602及び領域604が示す属性の定義のセキュリティレベルを示す。 The area 606 stores a description (usage guideline) output to the operation manager of the information management system 100 in the attribute mapping process. When the area 604 indicates “−”, the area 606 indicates the description of the item indicated by the area 602. The explanatory text of the area 606 indicates the security level of the attribute definition indicated by the area 602 and the area 604.
 なお、属性辞書184は、割り当てられる権限に上位及び下位がある属性についての階層構造を、情報として含んでもよい。例えば、領域602が「役職」である場合、領域604の値である「部長」には、機密レベルAを閲覧できる権限が割り当てられ、領域604の値である「課長」には、機密レベルAを閲覧できない権限が割り当てられる場合、属性辞書184は、「部長」には上位の権限が割り当てられ、「課長」には下位の権限が割り当てられることを示す階層構造を含んでもよい。 Note that the attribute dictionary 184 may include, as information, a hierarchical structure for attributes that have higher and lower levels of authority to be assigned. For example, when the area 602 is “title”, the authority to view the confidential level A is assigned to the “director” that is the value of the area 604, and the confidential level A is assigned to the “section manager” that is the value of the area 604. May be included, the attribute dictionary 184 may include a hierarchical structure indicating that “supervisor” is assigned a higher authority and “section manager” is assigned a lower authority.
 マッピング管理部170は、ユーザ属性、情報属性及びその他属性の少なくとも1種類を情報管理サーバ104からインポートした後、インポートした情報に基づいて、属性マッピングエディタを表示するためのデータを生成する。そして、マッピング管理部170は、属性マッピング処理を指示した端末102に、生成したデータを送る。端末102の出力プログラム及び出力装置212は、受信したデータに基づいて属性マッピングエディタのユーザインタフェース700を表示する。 The mapping management unit 170 imports at least one type of user attribute, information attribute, and other attribute from the information management server 104, and then generates data for displaying the attribute mapping editor based on the imported information. Then, the mapping management unit 170 sends the generated data to the terminal 102 that has instructed the attribute mapping process. The output program and output device 212 of the terminal 102 displays the user interface 700 of the attribute mapping editor based on the received data.
 図7は、本実施例の属性マッピングエディタのユーザインタフェース700を示す説明図である。 FIG. 7 is an explanatory diagram showing the user interface 700 of the attribute mapping editor of this embodiment.
 図7に示すユーザインタフェース700は、属性マッピングエディタの例であり、情報管理システム100から取得した属性と、情報共有サーバ160が有する基準の属性とを、情報管理システム100の運用管理者がマッピングするインタフェースであれば、いかなるインタフェースでもよい。 A user interface 700 shown in FIG. 7 is an example of an attribute mapping editor, and the operation manager of the information management system 100 maps the attributes acquired from the information management system 100 and the reference attributes of the information sharing server 160. Any interface can be used.
 図7に示すユーザインタフェース700は、三つの表示領域(702、704、710)から構成される。表示領域702は、処理のタイトルを表示する領域である。 The user interface 700 shown in FIG. 7 includes three display areas (702, 704, 710). A display area 702 is an area for displaying a processing title.
 表示領域704は、機能ボタンを表示する領域である。表示領域710は、属性をマッピングする領域である。 The display area 704 is an area for displaying function buttons. A display area 710 is an area for mapping attributes.
 表示領域710は、複数のボタン(720、722、724、706、760)、及び、領域(730、740、750)を表示する。ボタン720は、情報属性をマッピングする際に操作するボタンである。ボタン722は、ユーザ属性をマッピングする際に操作するボタンである。ボタン724は、その他属性をマッピングする際に操作するボタンである。 The display area 710 displays a plurality of buttons (720, 722, 724, 706, 760) and areas (730, 740, 750). A button 720 is a button operated when mapping information attributes. The button 722 is a button operated when mapping user attributes. A button 724 is a button operated when mapping other attributes.
 マッピング管理部170は、ボタン720、ボタン722及びボタン724の少なくとも一つが操作されたことを検知した場合、マッピングする属性が選択されたことを可視的に表示するため、例えば、操作されたボタンを他のボタンと違う色に着色して表示してもよい。 When the mapping management unit 170 detects that at least one of the button 720, the button 722, and the button 724 is operated, the mapping management unit 170 visually displays that the attribute to be mapped is selected. It may be displayed in a different color from other buttons.
 表示領域730は、情報管理システム100からインポートした属性を表示する。マッピング管理部170は、情報管理システム100から属性の階層構造が取得できる場合、階層構造を示すツリー構造を表示領域730に表示してもよい。 The display area 730 displays the attributes imported from the information management system 100. When the attribute management hierarchical structure can be acquired from the information management system 100, the mapping management unit 170 may display a tree structure indicating the hierarchical structure in the display area 730.
 表示領域740は、属性辞書184からインポートした属性の項目及び値の識別子を表示する。属性辞書184が属性の階層構造を保持する場合、マッピング管理部170は、階層構造を示すツリー構造を表示領域740に表示してもよい。 The display area 740 displays attribute items and value identifiers imported from the attribute dictionary 184. When the attribute dictionary 184 holds a hierarchical structure of attributes, the mapping management unit 170 may display a tree structure indicating the hierarchical structure in the display area 740.
 また、マッピング管理部170は、属性の識別子を示す表示領域に所定の操作がされた場合、操作された表示領域に対応する属性の説明文を、属性辞書184の表示領域706から取得し、表示領域742に表示してもよい。 In addition, when a predetermined operation is performed on the display area indicating the attribute identifier, the mapping management unit 170 acquires an attribute description corresponding to the operated display area from the display area 706 of the attribute dictionary 184 and displays it. It may be displayed in area 742.
 運用管理者は、表示領域742に表示された説明文を参照することで、情報管理システム100における属性のセキュリティレベルと、基準の属性のセキュリティレベルとの対応関係を識別することができる。そして、これによって、異なる情報管理システム100において各々用いられている属性を対応づけることができる。 The operation manager can identify the correspondence between the attribute security level in the information management system 100 and the security level of the reference attribute by referring to the explanatory text displayed in the display area 742. Thus, attributes used in different information management systems 100 can be associated with each other.
 情報管理システム100の運用管理者が表示領域706を押下した場合、マッピング管理部170は、表示領域710における描画ツールを起動する。 When the operation manager of the information management system 100 presses the display area 706, the mapping management unit 170 activates the drawing tool in the display area 710.
 運用管理者は、起動した描画ツールを使って、情報管理システム100の属性と、属性辞書184の属性とを、例えば矢印の図形オブジェクトによって視覚的に接続することにより、マッピングする。マッピング管理部170は、表示領域710においてマッピングができれば、いかなるツールを起動してもよい。 The operation manager uses the activated drawing tool to map the attribute of the information management system 100 and the attribute of the attribute dictionary 184 by visually connecting them with, for example, an arrow graphic object. The mapping management unit 170 may activate any tool as long as mapping can be performed in the display area 710.
 表示領域750は、情報管理システム100の属性管理方法を示す。マッピング管理部170は、属性マッピング処理の指示の送信元である情報管理システム100の属性管理方法を接続システム情報174の領域506から取得し、取得した値を表示領域750に表示する。 The display area 750 shows the attribute management method of the information management system 100. The mapping management unit 170 acquires the attribute management method of the information management system 100 that is the transmission source of the attribute mapping processing instruction from the area 506 of the connection system information 174, and displays the acquired value in the display area 750.
 ボタン760は、マッピング結果を情報共有サーバ160に登録するためのボタンである。表示領域730及び表示領域740間のマッピングが終了した後、マッピング結果を情報共有サーバ160に反映する場合、運用管理者は、ボタン760を操作する。 The button 760 is a button for registering the mapping result in the information sharing server 160. After mapping between the display area 730 and the display area 740 is completed, when the mapping result is reflected on the information sharing server 160, the operation manager operates the button 760.
 運用管理者が、ボタン760を押下した場合、表示領域710においてマッピングされた情報は、図8に示すデータ構造で情報共有サーバ160に格納される。 When the operation manager presses the button 760, the information mapped in the display area 710 is stored in the information sharing server 160 with the data structure shown in FIG.
 図8は、本実施例のマッピング情報182を示す説明図である。 FIG. 8 is an explanatory diagram showing the mapping information 182 of this embodiment.
 マッピング情報182は、複数の領域(800、802、804、806、808、810、812~816)を含む。マッピング情報182は、ユーザ属性、情報属性、及び、その他属性を有する。図8に示すマッピング情報182は、機密性に関する情報属性のマッピング情報と、ユーザの所属に関するユーザ属性のマッピング情報とを含む。 The mapping information 182 includes a plurality of areas (800, 802, 804, 806, 808, 810, 812 to 816). The mapping information 182 has user attributes, information attributes, and other attributes. The mapping information 182 illustrated in FIG. 8 includes information attribute mapping information regarding confidentiality and user attribute mapping information regarding user affiliation.
 領域800は、情報管理システム100の各々と情報共有サーバ160とを特定するための識別子を示す。図8に示す”Sys_global”は、情報共有サーバ160を示す。”Sys_no1”と”Sys_no2”とは、それぞれ情報管理システム100-1と情報管理システム100-2とを示す。 An area 800 indicates an identifier for identifying each information management system 100 and the information sharing server 160. “Sys_global” illustrated in FIG. 8 indicates the information sharing server 160. “Sys_no1” and “Sys_no2” indicate the information management system 100-1 and the information management system 100-2, respectively.
 マッピング情報182は、システムごとに複数のエントリ(817~822)を有する。エントリ817及び820は、情報共有サーバ160が有する基準の属性の定義(すなわち表現)を含む。エントリ(818、819、821及び822)は、情報管理システム100において用いられる属性の定義(すなわち表現)を含む。 The mapping information 182 has a plurality of entries (817 to 822) for each system. The entries 817 and 820 include the definition (that is, expression) of the reference attribute that the information sharing server 160 has. The entries (818, 819, 821 and 822) contain attribute definitions (ie, representations) used in the information management system 100.
 領域802及び領域813は、領域800が示す情報管理システム100において用いられる、属性の項目を定義する識別子を示す。領域(804、806、808、810及び812)は、領域800が示す情報管理システム100において用いられる、情報属性の値を定義する識別子を示す。また、領域(814~816)は、領域800が示す情報管理システム100において用いられる、ユーザ属性の値を定義する識別子を示す。 An area 802 and an area 813 indicate identifiers that define attribute items used in the information management system 100 indicated by the area 800. An area (804, 806, 808, 810, and 812) indicates an identifier that defines an information attribute value used in the information management system 100 indicated by the area 800. An area (814 to 816) indicates an identifier that defines a value of a user attribute used in the information management system 100 indicated by the area 800.
 マッピング情報182には、属性の項目を定義する識別子を示す領域と、属性の値を定義する識別子を示す領域とが、あらかじめ設定される。 In the mapping information 182, an area indicating an identifier that defines an attribute item and an area indicating an identifier that defines an attribute value are set in advance.
 領域(802、804、806、808、810、812~816)は、図8において、単語によって表現される識別子を含むが、属性を識別できればいかなる文字列又は数列を含んでもよい。 The region (802, 804, 806, 808, 810, 812 to 816) includes an identifier represented by a word in FIG. 8, but may include any character string or number sequence as long as the attribute can be identified.
 情報共有サーバ160のマッピング管理部170等は、マッピング情報182を参照することによって、属性辞書184において定義された基準の属性と、情報管理システム100の各々で用いられる属性との対応関係を取得する。そして、これにより、後述するアクセスルール生成処理において用いられる属性の変換処理を実行することができる。 The mapping management unit 170 of the information sharing server 160 refers to the mapping information 182 to obtain the correspondence between the reference attribute defined in the attribute dictionary 184 and the attribute used in each of the information management systems 100. . As a result, an attribute conversion process used in an access rule generation process to be described later can be executed.
 また、属性辞書184が基準の属性を保持することにより、新たな情報管理システム100が追加した場合にも、マッピング管理部170は、基準の属性と新たな情報管理システム100において用いられる属性とを対応させることができるため、属性を容易に追加できる。 Further, when the attribute dictionary 184 holds the reference attribute, even when a new information management system 100 adds, the mapping management unit 170 displays the reference attribute and the attribute used in the new information management system 100. Since it can be made to correspond, an attribute can be added easily.
 図7の例では、情報に対する属性名のマッピングとして、秘密区分と機密性取扱区分が対応付けられている。また、属性の値のマッピングとして、極秘と機密度5、秘と機密度4、注意と機密度3、区分無と機密度1が対応付けられている。 In the example of FIG. 7, the secret classification and the confidentiality handling classification are associated with each other as the mapping of the attribute name to the information. Also, as mapping of attribute values, top secret and confidentiality 5, secret and confidentiality 4, attention and confidentiality 3, and no classification and confidentiality 1 are associated.
 なお、マッピング管理部170は、ユーザインタフェース700を表示している間、マッピング処理において発生する警告を、警告ダイアログ900として表示してもよい。 The mapping management unit 170 may display a warning generated in the mapping process as the warning dialog 900 while the user interface 700 is displayed.
 図9は、本実施例のユーザインタフェース700に表示される警告ダイアログ900を示す説明図である。 FIG. 9 is an explanatory diagram showing a warning dialog 900 displayed on the user interface 700 of this embodiment.
 マッピング管理部170は、ボタン760が押下されたことを検知した場合、属性をインポートした情報管理システム100に対応するマッピング情報182のエントリを特定し、値が格納されていない領域を検索する。検索の結果、値が格納されていない領域が特定された場合、マッピング管理部170は、図9に示す警告ダイアログ900を表示してもよい。 When the mapping management unit 170 detects that the button 760 has been pressed, the mapping management unit 170 identifies the entry of the mapping information 182 corresponding to the information management system 100 that has imported the attribute, and searches for an area in which no value is stored. As a result of the search, when an area in which no value is stored is specified, the mapping management unit 170 may display a warning dialog 900 shown in FIG.
 警告ダイアログ900は、他の情報管理システム100からインポートされた属性がマッピングされた基準の属性に、ユーザインタフェース700に表示された情報管理システム100において用いられる属性がマッピングされていないことを警告し、属性の入力を指示する表示である。 The warning dialog 900 warns that the attribute used in the information management system 100 displayed on the user interface 700 is not mapped to the reference attribute to which the attribute imported from the other information management system 100 is mapped. This is a display for instructing input of attributes.
 警告ダイアログ900を表示することにより、他の情報管理システム100において必要な属性への、マッピング忘れを防ぐことが可能になり、情報の共有を阻害する要因を取り除くことができる。 By displaying the warning dialog 900, it becomes possible to prevent forgetting mapping to an attribute required in another information management system 100, and it is possible to remove a factor that hinders information sharing.
 ステップ404における運用管理処理の他の例は、アクセスルール生成処理である。情報管理システム#1(100-1)の運用管理者がアクセスルール生成処理を行う手順を、例として以下に記載する。 Another example of the operation management process in step 404 is an access rule generation process. An example of the procedure for the operation manager of the information management system # 1 (100-1) to perform the access rule generation process is described below.
 共有制御部162がステップ402において、アクセスルール生成処理の運用管理処理を開始する指示を受け付けたと判定した場合、アクセスルール管理部168は、ステップ404において、アクセスルール生成処理を開始する。 If the sharing control unit 162 determines in step 402 that an instruction to start the operation management process of the access rule generation process has been received, the access rule management unit 168 starts the access rule generation process in step 404.
 アクセスルール生成処理を開始後、アクセスルール管理部168は、情報管理サーバ104に格納されたアクセスルール118からアクセスルールをインポートする。アクセスルール118は、複数のレコードから構成される。アクセスルール118の1レコードには、ユーザ属性の条件、情報属性の条件、その他属性の条件、及び、許可される権限が定義される。 After starting the access rule generation process, the access rule management unit 168 imports an access rule from the access rule 118 stored in the information management server 104. The access rule 118 is composed of a plurality of records. One record of the access rule 118 defines user attribute conditions, information attribute conditions, other attribute conditions, and permitted authority.
 そして、アクセスルール管理部168は、情報共有サーバ160が有するマッピング情報182を参照する。そして、アクセスルール管理部168は、運用管理インタフェース172を介して、運用管理者の操作を受け付けた端末102に、図10に示すユーザインタフェース1000を持つアクセスルールエディタの機能を提供する。 Then, the access rule management unit 168 refers to the mapping information 182 that the information sharing server 160 has. Then, the access rule management unit 168 provides the function of the access rule editor having the user interface 1000 shown in FIG. 10 to the terminal 102 that has received the operation manager's operation via the operation management interface 172.
 図10は、本実施例のユーザインタフェース1000を示す説明図である。 FIG. 10 is an explanatory diagram showing the user interface 1000 of the present embodiment.
 図10で示すアクセスルールエディタのユーザインタフェース1000は、三つの表示領域(1002、1004、1010)から構成される。表示領域1002は、タイトルを表示する領域である。表示領域1004は、機能ボタンを表示する領域である。表示領域1010は、アクセスルールを生成する領域である。 The access rule editor user interface 1000 shown in FIG. 10 is composed of three display areas (1002, 1004, 1010). A display area 1002 is an area for displaying a title. A display area 1004 is an area for displaying function buttons. A display area 1010 is an area for generating an access rule.
 表示領域1004は、情報管理システム100からインポートしたアクセスルールの定義を、選択するための機能ボタンを表示する。表示領域1004は、前ボタン1006及び次ボタン1008を含む。前ボタン1006は、表示領域1010に表示中のアクセスルールより、前のアクセスルールのレコードを表示するための領域であり、次ボタン1008は、次のアクセスルールのレコードを表示するための領域である。 The display area 1004 displays function buttons for selecting an access rule definition imported from the information management system 100. The display area 1004 includes a previous button 1006 and a next button 1008. The previous button 1006 is an area for displaying the record of the previous access rule from the access rule currently displayed in the display area 1010, and the next button 1008 is an area for displaying the record of the next access rule. .
 表示領域1010は、情報管理システム100において用いられる表現による属性の名称及び条件を表示する。また、表示領域1010には、インポートされたアクセスルールがデフォルトで表示される。表示領域1010には、条件1020、条件1030、条件1040及び認可アクション1050を含む。 The display area 1010 displays attribute names and conditions based on expressions used in the information management system 100. In the display area 1010, the imported access rules are displayed by default. The display area 1010 includes a condition 1020, a condition 1030, a condition 1040, and an authorization action 1050.
 条件1020は、情報属性の値の条件を入力する領域である。条件1030は、ユーザ属性の値の条件を入力する領域である。条件1040は、その他属性の値の条件を入力する領域である。認可アクション1050は、条件1020、条件1030及び条件1040において定義された属性に、許可される共有情報への操作内容を示す。 Requirement 1020 is an area for inputting information attribute value conditions. The condition 1030 is an area for inputting a user attribute value condition. The condition 1040 is an area for inputting other attribute value conditions. The authorization action 1050 indicates the operation content to the permitted shared information in the attributes defined in the conditions 1020, 1030, and 1040.
 条件1020、条件1030、及び条件1040は、属性1072、演算子1074、値1076、及び選択肢1078を各々含む。また、認可アクション1050は、値1076及び選択肢1078を含む。 The conditions 1020, 1030, and 1040 include an attribute 1072, an operator 1074, a value 1076, and an option 1078, respectively. The authorization action 1050 also includes a value 1076 and an option 1078.
 属性1072は、情報管理システム100において用いられる属性の項目名を示す。属性1072は、マッピング情報182において、領域802又は領域813に相当する値を表示する。 Attribute 1072 indicates an item name of an attribute used in the information management system 100. The attribute 1072 displays a value corresponding to the area 802 or the area 813 in the mapping information 182.
 演算子1074は、情報管理システム100において用いられる属性の条件を示す。図10において演算子1074は、等号不等号等の論理演算子又は比較演算子によって示されるが、属性の条件を示せば、いかなる表現を含んでもよい。 The operator 1074 indicates an attribute condition used in the information management system 100. In FIG. 10, the operator 1074 is indicated by a logical operator such as an equal sign, an inequality sign, or a comparison operator, but may include any expression as long as an attribute condition is indicated.
 また、本実施例において、演算子1074に表示される値は、複数の情報管理システム100間において共通の方法によって表現される論理演算子等である。しかし、演算子1074に表示される値が複数の情報管理システム100間において異なる場合、マッピング管理部は、ユーザ属性及び情報属性と同じく、ユーザインタフェース700を用いて基準の演算子と各情報管理システム100の演算子とをマッピングしてもよい。 In this embodiment, the value displayed in the operator 1074 is a logical operator or the like expressed by a common method among the plurality of information management systems 100. However, when the values displayed in the operator 1074 are different among the plurality of information management systems 100, the mapping management unit uses the user interface 700 and the reference operator and each information management system, as with the user attributes and information attributes. One hundred operators may be mapped.
 値1076に入力される値は、属性の値を示す。値1076は、マッピング情報182において、領域(804、806、808、810、812、及び、814~816)に相当する値を表示する。 The value input in the value 1076 indicates the attribute value. The value 1076 displays a value corresponding to the area (804, 806, 808, 810, 812, and 814 to 816) in the mapping information 182.
 選択肢1078は、アクセスルールとして採用するか否かを運用管理者に選択させる領域である。また、運用管理者は、認可アクション1050における値1076及び選択肢1078を操作することによって、権限を追加及び修正することが可能である。 Option 1078 is an area for allowing the operation manager to select whether or not to adopt the access rule. Further, the operation manager can add and modify the authority by operating the value 1076 and the option 1078 in the authorization action 1050.
 アクセスルール管理部168は、インポートされたアクセスルールに含まれない属性も、表示領域1010に表示してもよい。具体的には、アクセスルール管理部168は、マッピング情報182に定義されている基準の属性(エントリ817、820)の中から、情報管理システム100からインポートしたアクセスルールには含まれない属性の項目を抽出してもよい。そして、アクセスルール管理部168は、抽出した項目を表示領域1010に表示してもよい。 The access rule management unit 168 may also display attributes that are not included in the imported access rule in the display area 1010. Specifically, the access rule management unit 168 includes items of attributes that are not included in the access rules imported from the information management system 100 among the standard attributes (entries 817 and 820) defined in the mapping information 182. May be extracted. Then, the access rule management unit 168 may display the extracted items in the display area 1010.
 図10に示す条件1040の属性1072において、アクセスルール管理部168は、情報管理システム100からインポートしたアクセスルールには含まれない属性の項目である、「場所」と「時間」とを表示する。これによって、アクセスルール管理部168は、情報共有サーバ160が持っている属性情報を用いて、運用管理者による入力漏れを抑制することができる。 10, in the attribute 1072 of the condition 1040 shown in FIG. 10, the access rule management unit 168 displays “location” and “time”, which are attribute items not included in the access rule imported from the information management system 100. As a result, the access rule management unit 168 can suppress omission of input by the operation manager using the attribute information of the information sharing server 160.
 情報管理システム100の運用管理者は、表示領域1010に表示されたアクセスルールを変更、削除及び追加することによって、情報共有サーバ160に登録するアクセスルールを生成する。そして、後述の処理によって共有情報にアクセスルールを割り当てることによって、複数の情報管理システム100間で同じアクセスルールを用いることができる。 The operation manager of the information management system 100 generates an access rule to be registered in the information sharing server 160 by changing, deleting and adding the access rule displayed in the display area 1010. Then, the same access rule can be used among a plurality of information management systems 100 by assigning an access rule to the shared information by a process described later.
 表示領域1010は、ルール登録ボタン1060を含む。アクセスルール管理部168は、ルール登録ボタン1060が操作された場合、表示領域1010において生成されたアクセスルールをアクセスルール180に格納する。 The display area 1010 includes a rule registration button 1060. When the rule registration button 1060 is operated, the access rule management unit 168 stores the access rule generated in the display area 1010 in the access rule 180.
 図11は、本実施例のアクセスルール180を示す説明図である。 FIG. 11 is an explanatory diagram showing the access rule 180 of this embodiment.
 アクセスルール180は、複数の領域(1102、1104、1106、1108、1110及び1112)を含む。 The access rule 180 includes a plurality of areas (1102, 1104, 1106, 1108, 1110 and 1112).
 領域1102は、情報管理システム100の各々と情報共有サーバ160とを特定するための識別子を示す。領域1104は、アクセスルールを識別するための識別子を示す。 An area 1102 indicates an identifier for identifying each of the information management systems 100 and the information sharing server 160. An area 1104 shows an identifier for identifying an access rule.
 領域1106は、条件1030において設定されたユーザ属性の条件を示す。領域1108は、条件1020において設定された情報属性の条件を示す。領域1110は、条件1040において設定されたその他属性の条件を示す。領域1112は、認可アクション1050において設定された権限を示す。 An area 1106 indicates a user attribute condition set in the condition 1030. An area 1108 indicates the information attribute condition set in the condition 1020. An area 1110 indicates other attribute conditions set in the condition 1040. An area 1112 indicates the authority set in the authorization action 1050.
 図11に示す領域1106、領域1108及び領域1112が示す条件は、論理演算子又は比較演算子等を用いて表現される。領域1112は、許可される共有情報への操作内容を示す。 The conditions indicated by the area 1106, the area 1108, and the area 1112 shown in FIG. 11 are expressed using a logical operator or a comparison operator. An area 1112 shows the operation details for the permitted shared information.
 例えば、図11に示す領域1106には、ユーザ属性の条件として、「秘密区分>=秘 and 所属部署=A部署」が格納される。また、図11に示す領域1108には、情報属性の条件として、「秘密区分=秘 and 分類=統計資料」が格納される。図11に示す領域1110には、その他属性の条件として、「時間=9:00-17:00」が格納される。図11に示す領域1112には、権限として「閲覧」が格納される。 For example, in the area 1106 shown in FIG. 11, “secret classification> = secret and belonging department = A department” is stored as a condition of the user attribute. Also, in the area 1108 shown in FIG. 11, “secret classification = secret and classification = statistical material” is stored as an information attribute condition. In the area 1110 shown in FIG. 11, “time = 9: 00-17: 00” is stored as a condition of other attributes. In the area 1112 shown in FIG. 11, “browsing” is stored as the authority.
 アクセスルール180における各エントリは、領域1102が示す情報管理システム100において用いられた属性の定義によって表現される。 Each entry in the access rule 180 is expressed by an attribute definition used in the information management system 100 indicated by the area 1102.
 図12は、本実施例の情報管理サーバ#1(104)から情報共有サーバ160に共有情報を送信する処理を示すシーケンス図である。 FIG. 12 is a sequence diagram showing processing for transmitting shared information from the information management server # 1 (104) of the present embodiment to the information sharing server 160.
 情報116が更新された場合、又は、運用管理者から情報116を共有する指示を受け付けた場合、情報管理サーバ#1(104)の情報管理部106は、共有する共有情報を含む第1の共有情報パッケージを生成する(1210)。第1の共有情報パッケージは、情報116に含まれる共有する情報(共有情報)を含む。 When the information 116 is updated or when an instruction to share the information 116 is received from the operation manager, the information management unit 106 of the information management server # 1 (104) performs the first sharing including the shared information to be shared. An information package is generated (1210). The first shared information package includes information to be shared (shared information) included in the information 116.
 シーケンス1210の後、情報管理部106は、第1の共有情報パッケージを情報共有サーバ160に送信する(1212)。情報共有サーバ160が第1の共有情報パッケージを受信した場合(1220)、共有情報管理部166は、受信した第1の共有情報パッケージの共有情報に、情報共有サーバ160において一意な識別子を割り当てる。 After the sequence 1210, the information management unit 106 transmits the first shared information package to the information sharing server 160 (1212). When the information sharing server 160 receives the first shared information package (1220), the shared information management unit 166 assigns a unique identifier in the information sharing server 160 to the received shared information of the first shared information package.
 図13は、本実施例の情報共有サーバ160が受け付けた第1の共有情報パッケージを示す説明図である。 FIG. 13 is an explanatory diagram showing the first shared information package accepted by the information sharing server 160 of the present embodiment.
 第1の共有情報パッケージは、複数の領域(1304、1306、1308、1310、1312、及び1314)を含む。また、共有情報管理部166は、第1の共有情報パッケージに領域1302を付加する。 The first shared information package includes a plurality of areas (1304, 1306, 1308, 1310, 1312, and 1314). In addition, the shared information management unit 166 adds an area 1302 to the first shared information package.
 領域1302は、第1の共有情報パッケージに含まれる共有情報を一意に示す識別子である。領域1302が示す識別子は、例えば、共有情報が含まれるファイルの識別子と、情報管理システム#1(100-1)の識別子とを結合した識別子である。 The area 1302 is an identifier that uniquely indicates shared information included in the first shared information package. The identifier indicated by the area 1302 is, for example, an identifier obtained by combining the identifier of the file including the shared information and the identifier of the information management system # 1 (100-1).
 領域1304は、領域1302が示す共有情報のバイナリデータを格納する。領域1306は、領域1304に格納された共有情報の、情報属性を示す。 The area 1304 stores the binary data of the shared information indicated by the area 1302. An area 1306 shows information attributes of the shared information stored in the area 1304.
 なお、図13に示す第1の共有情報パッケージは、情報管理システム#1(100-1)が独立型管理方法によって情報116の情報属性を管理する場合に生成されたパッケージである。情報管理システム#1(100-1)が一体型管理方法によって情報116の情報属性を管理する場合、領域1306は、例えばnull値を含み、領域1304が情報属性を含む。 Note that the first shared information package shown in FIG. 13 is a package generated when the information management system # 1 (100-1) manages the information attribute of the information 116 by the independent management method. When the information management system # 1 (100-1) manages the information attribute of the information 116 by the integrated management method, the area 1306 includes, for example, a null value, and the area 1304 includes the information attribute.
 領域1308は、領域1304に格納された共有情報に、領域1314が示す操作を行うことが可能なユーザのユーザ属性を示す。領域1310は、領域1314が示す操作を行うことが可能な共有情報の、情報属性を示す。このため、領域1306は、領域1310が示す情報属性を少なくとも含む。 An area 1308 indicates user attributes of users who can perform the operation indicated by the area 1314 on the shared information stored in the area 1304. An area 1310 indicates information attributes of shared information that can be operated by the area 1314. For this reason, the area 1306 includes at least the information attribute indicated by the area 1310.
 その他属性の条件1312は、領域1304に格納された共有情報に、領域1314が示す操作を行うことが可能な状況等の属性を示す。領域1314は、領域1304に格納された共有情報に許可される操作を示す。領域(1308、1310、1312、及び1314)は、領域1304が示す共有情報へのアクセスルールを示す。 The other attribute condition 1312 indicates an attribute such as a situation where the operation indicated by the area 1314 can be performed on the shared information stored in the area 1304. An area 1314 indicates operations permitted for the shared information stored in the area 1304. Areas (1308, 1310, 1312, and 1314) indicate access rules for the shared information indicated by the area 1304.
 図13に示す領域(1308、1310、1312、及び1314)は、null値を格納する。本実施例の情報管理部106は、第1の共有情報パッケージの領域(1308、1310、1312、及び1314)に、アクセスルールを格納しなくてもよい。そして、この場合、情報共有サーバ160が、後述する処理により共有情報にアクセスルールを割り当ててもよい。 The areas (1308, 1310, 1312, and 1314) shown in FIG. 13 store null values. The information management unit 106 according to the present exemplary embodiment does not need to store the access rule in the area (1308, 1310, 1312, and 1314) of the first shared information package. In this case, the information sharing server 160 may assign an access rule to the shared information by a process described later.
 シーケンス1220の後、共有情報管理部166は、受信した第1の共有情報パッケージから、領域(1304、1306、1308、1310、1312及び1314)に格納された共有情報、情報属性、及びアクセスルールを抽出する(1222)。 After the sequence 1220, the shared information management unit 166 obtains the shared information, information attributes, and access rules stored in the areas (1304, 1306, 1308, 1310, 1312, and 1314) from the received first shared information package. Extract (1222).
 また、第1の共有情報パッケージの領域(1308、1310、1312、及び1314)がnull値である場合、共有情報管理部166は、シーケンス1222において、情報共有サーバ160に事前に登録されていたアクセスルール180から、領域(1308、1310、1312、及び1314)に対応するアクセスルールを抽出する。そして、共有情報管理部166は、抽出したアクセスルールを第1の共有情報パッケージに含まれる共有情報に割り当てる。 If the first shared information package area (1308, 1310, 1312, and 1314) has a null value, the shared information management unit 166 accesses the access that has been registered in advance in the information sharing server 160 in the sequence 1222. From the rule 180, access rules corresponding to the areas (1308, 1310, 1312, and 1314) are extracted. Then, the shared information management unit 166 assigns the extracted access rule to the shared information included in the first shared information package.
 具体的には、共有情報管理部166は、領域1102が第1の共有情報パッケージを送信した情報管理システム100を示し、かつ、領域1108が領域1306の情報属性を少なくとも含むアクセスルール180のエントリを特定する。そして、共有情報管理部166は、特定したエントリの領域(1106、1108、1110及び1112)の値を、第1の共有情報パッケージに含まれる共有情報のアクセスルールとして抽出する。 Specifically, the shared information management unit 166 indicates the information management system 100 in which the area 1102 has transmitted the first shared information package, and the area 1108 includes an entry of the access rule 180 including at least the information attribute of the area 1306. Identify. Then, the shared information management unit 166 extracts the value of the specified entry area (1106, 1108, 1110, and 1112) as an access rule for the shared information included in the first shared information package.
 これにより、情報管理システム100は、第1の共有情報パッケージを送信する毎に、共有情報に適用するアクセスルールを情報共有サーバ160に送信する必要がない。また、情報共有サーバ160に登録済みのアクセスルールを共有情報に割り当てることによって、複数の情報管理システム100が同じアクセスルールを割り当てられた共有情報を受信した場合、同じアクセスルールを用いることができる。 Thereby, the information management system 100 does not need to transmit the access rule applied to the shared information to the information sharing server 160 every time the first shared information package is transmitted. Further, by assigning access rules registered in the information sharing server 160 to shared information, when a plurality of information management systems 100 receive shared information to which the same access rules are assigned, the same access rules can be used.
 なお、第1の共有情報パッケージは、情報を送信する情報管理システム100の固有な表現による属性を含む。 Note that the first shared information package includes an attribute based on a unique expression of the information management system 100 that transmits information.
 シーケンス1222の後、共有情報管理部166は、マッピング情報182を参照する。そして、共有情報管理部166は、抽出した領域(1304、1306、1308、1310、1312及び1314)に含まれる属性の表現を、マッピング情報182に基づいて、基準の属性の表現に変換する(1224)。 After the sequence 1222, the shared information management unit 166 refers to the mapping information 182. Then, the shared information management unit 166 converts the expression of the attribute included in the extracted area (1304, 1306, 1308, 1310, 1312, and 1314) into the reference attribute expression based on the mapping information 182 (1224). ).
 ここで、第1の共有情報パッケージを送信した情報管理システム100が、一体型管理方法によって情報属性を管理する場合(すなわち、接続システム情報174の領域506が「代替データストリーム」を示す場合)、領域1304から抽出した共有情報に含まれる情報属性の表現を、基準の情報属性の表現に変換する。 Here, when the information management system 100 that has transmitted the first shared information package manages information attributes by the integrated management method (that is, when the area 506 of the connection system information 174 indicates “alternative data stream”), The information attribute expression included in the shared information extracted from the area 1304 is converted into a reference information attribute expression.
 シーケンス1224の後、共有情報管理部166は、含んでいる属性を基準の属性に変換された領域(1304、1306、1308、1310、1312及び1314)を、基準の属性によって定義された共有情報パッケージとして、共有情報178に格納する(1226)。また、共有情報管理部166は、シーケンス1220において割り当てられた共有情報の識別子を、共有情報178に格納する。 After the sequence 1224, the shared information management unit 166 uses the shared information package defined by the reference attribute as an area (1304, 1306, 1308, 1310, 1312, and 1314) in which the included attribute is converted into the reference attribute. Is stored in the shared information 178 (1226). Further, the shared information management unit 166 stores the shared information identifier assigned in the sequence 1220 in the shared information 178.
 図14は、本実施例の共有情報178を示す説明図である。 FIG. 14 is an explanatory diagram showing the shared information 178 of this embodiment.
 共有情報178は、複数の領域(1402、1404、1406、1408、1410、1412及び1414)を含む。共有情報178のエントリは、第1の共有情報パッケージの内容を含む。このため、領域(1402、1404、1406、1408、1410、1412及び1414)は、領域(1302、1304、1306、1308、1310、1312、及び1314)に対応する。 The shared information 178 includes a plurality of areas (1402, 1404, 1406, 1408, 1410, 1412 and 1414). The entry of the shared information 178 includes the contents of the first shared information package. Therefore, the areas (1402, 1404, 1406, 1408, 1410, 1412 and 1414) correspond to the areas (1302, 1304, 1306, 1308, 1310, 1312 and 1314).
 共有情報178の領域(1406、1408、1410、1412及び1414)の属性は、属性辞書184で定義される基準の属性によって表現される。図14に示す共有情報178は、エントリ1416を含む。エントリ1416は、図13に示す第1の共有情報パッケージに対応する。 The attribute of the area (1406, 1408, 1410, 1412 and 1414) of the shared information 178 is expressed by a standard attribute defined in the attribute dictionary 184. Shared information 178 shown in FIG. 14 includes an entry 1416. The entry 1416 corresponds to the first shared information package shown in FIG.
 なお、シーケンス1226において、接続システム管理部164は、共有情報を受信したことを記録するため、受信した第1の共有情報パッケージに基づいて接続システム情報174を更新する。具体的には、接続システム管理部164は、第1の共有情報パッケージを送信した情報管理システム100を示す識別子を、領域522に格納し、第1の共有情報パッケージを受信した日時を領域524に格納する。 In sequence 1226, the connection system management unit 164 updates the connection system information 174 based on the received first shared information package in order to record that the shared information has been received. Specifically, the connection system management unit 164 stores an identifier indicating the information management system 100 that has transmitted the first shared information package in the area 522, and stores the date and time when the first shared information package is received in the area 524. Store.
 また、接続システム管理部164は、受信を示す文字列又は識別子を領域526に格納し、第1の共有情報パッケージが格納された共有情報178の領域1402の値を領域528に格納する。 Further, the connection system management unit 164 stores a character string or identifier indicating reception in the area 526, and stores a value of the area 1402 of the shared information 178 in which the first shared information package is stored in the area 528.
 これにより、共有情報管理部166は、接続システム情報174を参照することによって、新たな共有情報を受け付けたか否かを判定できる。 Thereby, the shared information management unit 166 can determine whether or not new shared information has been received by referring to the connection system information 174.
 また、共有情報管理部166は、シーケンス1226において、領域(1406、1408、1410、1412及び1414)に含まれる属性を属性情報176に格納してもよい。 Also, the shared information management unit 166 may store the attributes included in the areas (1406, 1408, 1410, 1412, and 1414) in the attribute information 176 in the sequence 1226.
 図15は、本実施例の情報管理サーバ#N(134)が、情報共有サーバ160から共有情報178を取得する処理を示すシーケンス図である。 FIG. 15 is a sequence diagram illustrating processing in which the information management server #N (134) according to the present embodiment acquires the shared information 178 from the information sharing server 160.
 情報管理サーバ#N(134)の情報管理部136は、あらかじめ設定された一定時間毎、又は、運用管理者若しくは利用者が指示した際、共有情報へのアクセスを要求する。具体的には、情報管理部136は、新規登録された共有情報178、又は、更新された共有情報178を、情報共有サーバ160に要求する(1510)。 The information management unit 136 of the information management server #N (134) requests access to the shared information at predetermined time intervals or when the operation manager or the user instructs. Specifically, the information management unit 136 requests the information sharing server 160 for newly registered shared information 178 or updated shared information 178 (1510).
 図15において、情報管理サーバ#N(134)の情報管理部136が共有情報へのアクセスを要求したが、本実施例において情報管理サーバ#1(104)の情報管理部136が共有情報へのアクセスを要求してもよい。 In FIG. 15, the information management unit 136 of the information management server #N (134) requests access to the shared information. In this embodiment, the information management unit 136 of the information management server # 1 (104) accesses the shared information. You may request access.
 情報管理サーバ#N(134)から要求を受け付けた場合(1512)、情報共有サーバ160の共有情報管理部166は、接続システム情報174に含まれる領域(522、524、526及び528)を参照し、情報管理サーバ#N(134)に未送信の共有情報を特定する。 When a request is received from the information management server #N (134) (1512), the shared information management unit 166 of the information sharing server 160 refers to the areas (522, 524, 526, and 528) included in the connection system information 174. The shared information that has not been transmitted to the information management server #N (134) is specified.
 具体的には、共有情報管理部166は、領域526が「受信」を示すエントリの領域528の共有情報識別子を特定する。そして、共有情報管理部166は、特定した共有情報識別子を領域528に格納し、領域526が「送信」を示し、かつ、領域522が情報管理システム#N(100-N)を示すエントリ(以下、エントリAと記載)があるか否かを判定する。エントリAがない場合、共有情報管理部166は、特定した共有情報識別子の共有情報を、情報管理システム#N(100-N)に未送信の共有情報であると特定する(1514)。 Specifically, the shared information management unit 166 specifies the shared information identifier of the area 528 of the entry in which the area 526 indicates “reception”. Then, the shared information management unit 166 stores the specified shared information identifier in the area 528, the area 526 indicates “transmission”, and the area 522 indicates an entry (hereinafter referred to as information management system #N (100-N)). , Described as entry A). If there is no entry A, the shared information management unit 166 specifies that the shared information with the specified shared information identifier is shared information that has not been transmitted to the information management system #N (100-N) (1514).
 シーケンス1514の後、共有情報管理部166は、未送信の共有情報を含む共有情報178のエントリ(以下、エントリBと記載)を抽出する。そして、抽出したエントリBの領域(1406、1408、1410及び1412)に含まれる属性の表現(基準の属性の表現)を、マッピング情報182を用いて、情報管理システム#N(100-N)において用いられる属性の表現に変換する(1516)。 After the sequence 1514, the shared information management unit 166 extracts an entry (hereinafter referred to as entry B) of the shared information 178 including untransmitted shared information. Then, in the information management system #N (100-N), the attribute expression (reference attribute expression) included in the extracted entry B area (1406, 1408, 1410, and 1412) is mapped using the mapping information 182. It converts into the expression of the attribute used (1516).
 なお、シーケンス1516において、共有情報管理部166は、接続システム情報174の領域506を参照し、共有情報の送信先の情報管理システム100の属性管理方法に従って、エントリBに含まれる共有情報と情報属性とを更新する。 In sequence 1516, shared information management section 166 refers to area 506 of connection system information 174, and shares information and information attributes included in entry B according to the attribute management method of information management system 100 that is the transmission destination of shared information. And update.
 具体的には、情報管理システム#N(100-N)の属性管理方法が一体型管理方法であり(例えば、領域506が「アプリケーションメタデータ」を示す場合)、かつ、共有情報178の領域1406がNull値を格納しない場合、共有情報管理部166は、領域506が示す方法に従って、領域1404の共有情報の中に領域1406の情報属性を含めるように、領域1404に含まれる共有情報を更新する。 Specifically, the attribute management method of the information management system #N (100-N) is an integrated management method (for example, when the area 506 indicates “application metadata”), and the area 1406 of the shared information 178 If the Null value is not stored, the shared information management unit 166 updates the shared information included in the area 1404 so that the information attribute of the area 1406 is included in the shared information of the area 1404 in accordance with the method indicated by the area 506. .
 また、シーケンス1516において、情報管理システム#N(100-N)の属性管理方法が独立型管理方法であり(例えば、領域506が「代替データストリーム」を示す場合)、かつ、共有情報178の領域1406がNull値を格納する場合、共有情報管理部166は、領域506が示す方法に従って、領域1404の共有情報の中から情報属性を抽出する。そして、共有情報管理部166は、抽出した情報属性を領域1406に格納する。 In the sequence 1516, the attribute management method of the information management system #N (100-N) is an independent management method (for example, when the area 506 indicates “alternative data stream”), and the area of the shared information 178 When 1406 stores a null value, the shared information management unit 166 extracts information attributes from the shared information in the area 1404 according to the method indicated by the area 506. Then, the shared information management unit 166 stores the extracted information attribute in the area 1406.
 これにより、エントリBの内容が含まれる後述の第2の共有情報パッケージを受信した場合、情報管理システム100は、受信した共有情報を変更することなく、自システムにおける方法に従って情報属性を利用者に閲覧させることができる。そして、これにより情報管理システム100間において情報を容易に共有できる。 As a result, when a second shared information package described later including the contents of the entry B is received, the information management system 100 sets the information attribute to the user according to the method in its own system without changing the received shared information. You can browse. As a result, information can be easily shared between the information management systems 100.
 シーケンス1516の後、共有情報管理部166は、情報管理システム#N(100-N)が未送信の共有情報のアクセスルールを順守可能か否かを、マッピング情報182を用いて判定する(1518)。具体的には、以下の方法により判定する。 After the sequence 1516, the shared information management unit 166 determines whether or not the information management system #N (100-N) can comply with the access rule of the untransmitted shared information using the mapping information 182 (1518). . Specifically, the determination is made by the following method.
 共有情報管理部166は、エントリBの領域(1408、1410、1412及び1414)が示すアクセスルールに、構成要素として含まれる基準の属性の全てが情報管理システム#N(100-N)の属性に変換できた場合、情報管理システム#N(100-N)が未送信の共有情報のアクセスルールを順守可能であると判定する。 The shared information management unit 166 includes all the reference attributes included in the access rule indicated by the entry B area (1408, 1410, 1412, and 1414) as attributes of the information management system #N (100-N). If conversion is possible, the information management system #N (100-N) determines that the access rule for the untransmitted shared information can be observed.
 より具体的には、エントリBの領域(1408、1410、1412及び1414)に含まれる基準の属性に、情報管理システム#N(100-N)において用いられる属性がマッピングされている場合、共有情報管理部166は、順守可能であると判定する。 More specifically, when the attribute used in the information management system #N (100-N) is mapped to the reference attribute included in the area (1408, 1410, 1412 and 1414) of the entry B, the shared information The management unit 166 determines that compliance is possible.
 そして、エントリBのアクセスルールに含まれる少なくとも一つの属性が情報管理システム#N(100-N)において用いられる属性にマッピングされていない場合、共有情報管理部166は、情報管理システム#N(100-N)が未送信の共有情報のアクセスルールを順守不可能であると判定する。 If at least one attribute included in the access rule of entry B is not mapped to an attribute used in the information management system #N (100-N), the shared information management unit 166 determines that the information management system #N (100 -N) determines that the access rule for unsent shared information cannot be observed.
 情報管理システム#N(100-N)が未送信の共有情報のアクセスルールを順守不可能であると判定した場合、共有情報管理部166は、エントリBの内容を情報管理システム#N(100-N)に送信しないことを決定し、図15に示す処理を終了する(1520)。 When the information management system #N (100-N) determines that the access rule for the unsent shared information cannot be observed, the shared information management unit 166 changes the contents of the entry B to the information management system #N (100-N). N) is determined not to transmit, and the process shown in FIG. 15 is terminated (1520).
 これは、エントリBの共有情報に求められるアクセスルールは、情報管理システム#N(100-N)において共有情報に適用できないためである。これにより、情報共有サーバ160は、エントリBの共有情報に求められるセキュリティレベルを維持することができる。 This is because the access rule required for the shared information of the entry B cannot be applied to the shared information in the information management system #N (100-N). Thereby, the information sharing server 160 can maintain the security level required for the shared information of the entry B.
 一方、情報管理システム#N(100-N)が未送信の共有情報のアクセスルールを順守可能であると判定した場合、共有情報管理部166は、エントリBの内容を含む第2の共有情報パッケージを生成する(1522)。 On the other hand, when the information management system #N (100-N) determines that the access rule for the unsent shared information can be observed, the shared information management unit 166 includes the second shared information package including the contents of the entry B. Is generated (1522).
 図16は、本実施例の第2の共有情報パッケージを示す説明図である。 FIG. 16 is an explanatory diagram showing a second shared information package of the present embodiment.
 第2の共有情報パッケージは、共有情報へのアクセスを要求してきた情報管理システム100に、共有情報と、当該共有情報に適用されるアクセスルールとを提供するための提供情報である。 The second shared information package is provided information for providing shared information and access rules applied to the shared information to the information management system 100 that has requested access to the shared information.
 第2の共有情報パッケージは、複数の領域(1602、1604、1606、1608、1610、1612及び1614)を含む。第2の共有情報パッケージは、共有情報178のエントリの内容を含む。このため、領域(1602、1604、1606、1608、1610、1612及び1614)は、領域(1402、1404、1406、1408、1410、1412及び1414)の値を格納する。 The second shared information package includes a plurality of areas (1602, 1604, 1606, 1608, 1610, 1612 and 1614). The second shared information package includes the contents of the shared information 178 entry. Therefore, the areas (1602, 1604, 1606, 1608, 1610, 1612 and 1614) store the values of the areas (1402, 1404, 1406, 1408, 1410, 1412 and 1414).
 図16に示す第2の共有情報パッケージは、図14に示す共有情報178のエントリ1416に含まれる属性を、情報管理システム#N(100-N)において用いられる属性に変換した結果である。 The second shared information package shown in FIG. 16 is the result of converting the attributes included in the entry 1416 of the shared information 178 shown in FIG. 14 into attributes used in the information management system #N (100-N).
 また、図16に示す第2の共有情報パッケージは、情報管理システム#N(100-N)に送信される。その情報管理システム#N(100-N)は、一体型管理方法によって情報属性を管理するため、図16に示す第2の共有情報パッケージの領域1606には情報属性が格納されておらず、領域1604の共有情報内に情報属性が格納される。 Also, the second shared information package shown in FIG. 16 is transmitted to the information management system #N (100-N). Since the information management system #N (100-N) manages the information attribute by the integrated management method, the information attribute is not stored in the area 1606 of the second shared information package shown in FIG. Information attributes are stored in the shared information 1604.
 シーケンス1522の後、共有情報管理部166は、第2の共有情報パッケージを情報管理サーバ#N(134)へ送信する(1524)。第2の共有情報パッケージを送信した場合、共有情報管理部166は、接続システム情報174を更新する。具体的には、共有情報管理部166は、第2の共有情報パッケージの送信先である情報管理システム100の識別子を領域522に格納し、第2の共有情報パッケージを送信した日時を領域524に格納し、領域526に「送信」を示す値を格納し、第2の共有情報パッケージに付加されていた共有情報識別子を領域528に格納した新たなエントリを、接続システム情報174に追加する。 After the sequence 1522, the shared information management unit 166 transmits the second shared information package to the information management server #N (134) (1524). When the second shared information package is transmitted, the shared information management unit 166 updates the connection system information 174. Specifically, the shared information management unit 166 stores the identifier of the information management system 100 that is the transmission destination of the second shared information package in the area 522, and the date and time when the second shared information package is transmitted in the area 524. Then, a value indicating “transmission” is stored in the area 526, and a new entry storing the shared information identifier added to the second shared information package in the area 528 is added to the connection system information 174.
 シーケンス1522の後、情報管理サーバ#N(134)の情報管理部136は、情報共有サーバ160から第2の共有情報パッケージを受信する(1526)。 After the sequence 1522, the information management unit 136 of the information management server #N (134) receives the second shared information package from the information sharing server 160 (1526).
 なお、共有情報管理部166は、送信先の情報管理システム#N(100-N)が領域1602の識別子を必要としない場合、シーケンス1524において領域1602を削除したうえで、第2の共有情報パッケージを送信してもよい。 If the destination information management system #N (100-N) does not need the identifier of the area 1602, the shared information management unit 166 deletes the area 1602 in the sequence 1524 and then executes the second shared information package. May be sent.
 シーケンス1526の後、情報管理部136は、受信した第2の共有情報パッケージの内容を、ユーザ属性142、情報144及びアクセスルール146に格納する。具体的には、情報管理部136は、領域1604の内容を情報144に格納する。また、情報管理部136は、領域(1608、1610、1612及び1614)の内容をアクセスルール146に格納する(1528)。 After the sequence 1526, the information management unit 136 stores the received content of the second shared information package in the user attribute 142, the information 144, and the access rule 146. Specifically, the information management unit 136 stores the contents of the area 1604 in the information 144. Further, the information management unit 136 stores the contents of the areas (1608, 1610, 1612 and 1614) in the access rule 146 (1528).
 なお、情報共有サーバ160において新規の共有情報、又は、修正された共有情報が登録された場合、共有情報管理部166は、図15に示すシーケンス1514以降を実行し、情報共有サーバ160に接続されている情報管理サーバに共有情報を送信してもよい。 When new shared information or modified shared information is registered in the information sharing server 160, the shared information management unit 166 executes the sequence 1514 and subsequent steps shown in FIG. 15 and is connected to the information sharing server 160. The shared information may be transmitted to the information management server.
 本実施例によれば、異なる属性によって定義されたアクセス制御モデルを採用する複数の情報管理システム100間の情報共有において、属性情報及びアクセスルールの表現の違いを変換する方法を提供する。これにより、情報管理システム100間において情報を共有することができ、かつ、共有された情報へのセキュリティを保つことができる。 According to the present embodiment, there is provided a method for converting the difference in expression of attribute information and access rules in information sharing between a plurality of information management systems 100 adopting an access control model defined by different attributes. Thereby, information can be shared between the information management systems 100, and security for the shared information can be maintained.
 また、運用管理者が、情報を共有する情報管理システム100毎に属性を変換したり、アクセスルールの表現を変換したり、共有情報に付加する情報属性の属性管理方法を変換したりするなどの運用の手間を省略することができる。 In addition, the operation manager converts attributes for each information management system 100 that shares information, converts an expression of an access rule, converts an attribute management method for information attributes added to shared information, etc. The operation time can be saved.
 なお、前述の属性管理方法は、情報属性の管理方法を示したが、ユーザ属性の管理方法を示してもよい。具体的には、ユーザ属性を共有情報に含めるように共有情報を更新してもよいし、ユーザ属性を共有情報から抽出して別のフィイルを生成してもよい。 In addition, although the above-mentioned attribute management method showed the management method of the information attribute, you may show the management method of a user attribute. Specifically, the shared information may be updated so that the user attribute is included in the shared information, or another file may be generated by extracting the user attribute from the shared information.
 本発明は上記した実施例に限定されるものではなく、様々な変形例が含まれる。例えば、上記した実施例は本発明を分かりやすく説明するために詳細に説明したものであり、必ずしも説明した全ての構成を備えるものに限定されるものではない。 The present invention is not limited to the above-described embodiments, and includes various modifications. For example, the above-described embodiments have been described in detail for easy understanding of the present invention, and are not necessarily limited to those having all the configurations described.
 また、ある実施例の構成の一部を他の実施例の構成に置き換えることが可能であり、また、ある実施例の構成に他の実施例の構成を加えることも可能である。また、各実施例の構成の一部について、他の構成の追加・削除・置換をすることが可能である。 Further, a part of the configuration of one embodiment can be replaced with the configuration of another embodiment, and the configuration of another embodiment can be added to the configuration of one embodiment. Further, it is possible to add, delete, and replace other configurations for a part of the configuration of each embodiment.
 また、上記の各構成、機能、処理部、処理手順等は、それらの一部又は全部を、例えば集積回路で設計する等によりハードウェアで実現してもよい。また、上記の各構成、機能等は、プロセッサがそれぞれの機能を実現するプログラムを解釈し、実行することによりソフトウェアで実現してもよい。各機能を実現するプログラム、テーブル、又はファイル等の情報は、メモリ、ハードディスク若しくはSSD(Solid State Drive)等の記録装置、又は、ICカード、SDカード若しくはDVD等の記録媒体に置くことができる。 Also, each of the above-described configurations, functions, processing units, processing procedures, etc. may be realized in hardware by designing a part or all of them, for example, with an integrated circuit. Each of the above-described configurations, functions, and the like may be realized by software by interpreting and executing a program that realizes each function by the processor. Information such as a program, a table, or a file that realizes each function can be stored in a recording device such as a memory, a hard disk, or an SSD (Solid State Drive), or a recording medium such as an IC card, an SD card, or a DVD.
 また、制御線又は情報線は説明上必要と考えられるものを示しており、製品上必ずしも全ての制御線又は情報線を示しているとは限らない。実際には殆ど全ての構成が相互に接続されている。 Also, the control lines or information lines indicate what is considered necessary for the explanation, and not all control lines or information lines on the product are necessarily shown. In practice, almost all the components are connected to each other.

Claims (14)

  1.  情報共有装置であって、
     プロセッサ及びメモリを有し、
     第1のシステムと、第2のシステムとに接続され、
     情報へのアクセスの許可又は不許可を判定するために前記第1のシステムにおいて用いられる、第1アクセス要求元の属性を取得し、
     情報へのアクセスの許可又は不許可を判定するために前記第2のシステムにおいて用いられる、第2アクセス要求元の属性を取得し、
     前記第1アクセス要求元の属性と前記第2アクセス要求元の属性とを対応させて、前記メモリが有する対応記憶領域に格納し、
     前記第1アクセス要求元の属性を含むアクセスルールと、当該アクセスルールが適用される情報とを、前記第1のシステムから受信した場合、前記アクセスルールに含まれる第1アクセス要求元の属性を前記対応記憶領域を参照して、前記第2アクセス要求元の属性に変換し、
     前記受信した情報と前記変換後のアクセスルールとを含む提供情報を、前記第2のシステムに送信するために生成することを特徴とする情報共有装置。     An information sharing device,
    A processor and a memory;
    Connected to the first system and the second system;
    Obtaining an attribute of a first access request source used in the first system to determine permission or disapproval of access to information;
    Obtaining an attribute of a second access request source used in the second system to determine permission or disapproval of access to information;
    Associating the attributes of the first access request source with the attributes of the second access request source and storing them in a corresponding storage area of the memory;
    When the access rule including the attribute of the first access request source and the information to which the access rule is applied are received from the first system, the attribute of the first access request source included in the access rule is Refer to the corresponding storage area and convert to the attribute of the second access request source,
    An information sharing apparatus, characterized in that provision information including the received information and the converted access rule is generated for transmission to the second system.
  2.  請求項1に記載の情報共有装置であって、
     入力インタフェースを有し、
     情報へのアクセスの許可又は不許可を判定するためのセキュリティレベルが割り当てられた基準属性を、前記メモリに格納し、
     前記基準属性に対応する前記第1アクセス要求元の属性を、前記入力インタフェースを介して取得し、
     前記基準属性に対応する前記第2アクセス要求元の属性を、前記入力インタフェースを介して取得した場合、前記基準属性を用いて、前記取得した第1アクセス要求元の属性と前記取得した第2アクセス要求元の属性とを対応させて前記対応記憶領域に格納することを特徴とする情報共有装置。     The information sharing apparatus according to claim 1,
    Has an input interface,
    Storing a reference attribute to which a security level for determining permission or non-permission of access to information is assigned in the memory;
    Obtaining the attribute of the first access request source corresponding to the reference attribute via the input interface;
    When the attribute of the second access request source corresponding to the reference attribute is acquired via the input interface, the acquired attribute of the first access request source and the acquired second access are acquired using the reference attribute. An information sharing apparatus, wherein attributes of a request source are stored in the corresponding storage area in association with each other.
  3.  請求項1に記載の情報共有装置であって、
     前記第2のシステムが前記受信した情報と前記第2アクセス要求元の属性とを格納する方法を、管理情報として前記メモリが有する方法記憶領域に格納し、
     前記第1アクセス要求元の属性を含むアクセスルールと、当該アクセスルールが適用される情報と、前記第1アクセス要求元の属性とを、前記第1アクセス要求元から受信した場合、
     前記受信した第1アクセス要求元の属性を、前記対応記憶領域に基づいて前記第2アクセス要求元の属性に変換し、
     前記方法記憶領域が示す方法によって前記第2のシステムが、前記受信した情報と前記変換後のアクセス第2要求元の属性とを格納するように、前記受信した情報と前記変換後の第2アクセス要求元の属性と前記変換後のアクセスルールとを含む前記提供情報を生成し、
     前記生成した提供情報を前記第2のシステムに送信することを特徴とする情報共有装置。     The information sharing apparatus according to claim 1,
    A method in which the second system stores the received information and the attribute of the second access request source in a method storage area of the memory as management information;
    When the access rule including the attribute of the first access request source, the information to which the access rule is applied, and the attribute of the first access request source are received from the first access request source,
    Converting the received attribute of the first access request source to the attribute of the second access request source based on the corresponding storage area;
    The received information and the converted second access so that the second system stores the received information and the attribute of the converted access second request source by the method indicated by the method storage area. Generating the provision information including a request source attribute and the converted access rule;
    An information sharing apparatus that transmits the generated provision information to the second system.
  4.  請求項1に記載の情報共有装置であって、
     前記第1アクセス要求元の属性を含むアクセスルールと、当該アクセスルールが適用される情報とを、前記第1のシステムから受信した場合、前記アクセスルールに含まれる第1アクセス要求元の属性に対応する前記第2アクセス要求元の属性が前記対応記憶領域に格納されているか否かを判定し、
     前記アクセスルールに含まれる第1アクセス要求元の属性に対応する前記第2アクセス要求元の属性が前記対応記憶領域に格納されている場合、前記第2のシステムに前記受信した情報を送信することを決定することを特徴とする情報共有装置。     The information sharing apparatus according to claim 1,
    When an access rule including the attribute of the first access request source and information to which the access rule is applied are received from the first system, it corresponds to the attribute of the first access request source included in the access rule. Determining whether the attribute of the second access request source to be stored in the corresponding storage area;
    When the attribute of the second access request source corresponding to the attribute of the first access request source included in the access rule is stored in the corresponding storage area, the received information is transmitted to the second system. Determining an information sharing apparatus.
  5.  請求項2に記載の情報共有装置であって、
     出力インタフェースを有し、
     前記基準属性と前記セキュリティレベルとを示す画面を表示するための画面データを、前記出力インタフェースを介して出力し、
     前記入力インタフェースを介して入力された、前記基準属性に対応する第1アクセス要求元の属性、及び、前記基準属性に対応する第2アクセス要求元の属性を取得することを特徴とする情報共有装置。     The information sharing apparatus according to claim 2,
    Has an output interface,
    Screen data for displaying a screen showing the reference attribute and the security level is output via the output interface;
    An information sharing apparatus that acquires the attribute of the first access request source corresponding to the reference attribute and the attribute of the second access request source corresponding to the reference attribute, which are input via the input interface .
  6.  請求項5に記載の情報共有装置であって、
     前記出力インタフェースを介して、前記第2アクセス要求元の属性を入力する指示を示す画像を出力することを特徴とする情報共有装置。     The information sharing apparatus according to claim 5,
    An information sharing apparatus that outputs an image indicating an instruction to input an attribute of the second access request source via the output interface.
  7.  請求項1に記載の情報共有装置であって、
     前記属性は、前記情報へのアクセスを要求するユーザを識別するための属性、及び、前記アクセスが要求される情報を識別するための属性の少なくとも一つであることを特徴とする情報共有装置。     The information sharing apparatus according to claim 1,
    The information sharing apparatus according to claim 1, wherein the attribute is at least one of an attribute for identifying a user who requests access to the information and an attribute for identifying information requested to be accessed.
  8.  情報共有装置による情報共有方法であって、
     前記情報共有装置は、
     プロセッサ及びメモリを有し、
     第1のシステムと、第2のシステムとに接続され、
     前記方法は、
     前記プロセッサが、情報へのアクセスの許可又は不許可を判定するために前記第1のシステムにおいて用いられる、第1アクセス要求元の属性を取得する手順と、
     前記プロセッサが、情報へのアクセスの許可又は不許可を判定するために前記第2のシステムにおいて用いられる、第2アクセス要求元の属性を取得する手順と、
     前記プロセッサが、前記第1アクセス要求元の属性と前記第2アクセス要求元の属性とを対応させて、前記メモリが有する対応記憶領域に格納する手順と、
     前記プロセッサが、前記第1アクセス要求元の属性を含むアクセスルールと、当該アクセスルールが適用される情報とを、前記第1のシステムから受信した場合、前記アクセスルールに含まれる第1アクセス要求元の属性を前記対応記憶領域を参照して、前記第2アクセス要求元の属性に変換する手順と、
     前記プロセッサが、前記受信した情報と前記変換後のアクセスルールとを含む提供情報を、前記第2のシステムに送信するために生成する手順とを含むことを特徴とする情報共有方法。     An information sharing method by an information sharing device,
    The information sharing device includes:
    A processor and a memory;
    Connected to the first system and the second system;
    The method
    Obtaining a first access requester attribute, wherein the processor is used in the first system to determine permission or disapproval of access to information;
    The processor obtaining a second access requester attribute used in the second system to determine permission or disapproval of access to information;
    A procedure in which the processor associates the attribute of the first access request source with the attribute of the second access request source and stores the attribute in the corresponding storage area of the memory;
    When the processor receives an access rule including the attribute of the first access request source and information to which the access rule is applied from the first system, the first access request source included in the access rule A procedure for referring to the corresponding storage area and converting the attribute to the attribute of the second access request source;
    An information sharing method comprising: a step of generating, in order for the processor to transmit provision information including the received information and the converted access rule to the second system.
  9.  請求項8に記載の情報共有方法であって、
     前記情報共有装置は、入力インタフェースを有し、
     前記方法は、
     前記プロセッサが、情報へのアクセスの許可又は不許可を判定するためのセキュリティレベルが割り当てられた基準属性を、前記メモリに格納する手順と、
     前記プロセッサが、前記基準属性に対応する前記第1アクセス要求元の属性を、前記入力インタフェースを介して取得する手順と、
     前記プロセッサが、前記基準属性に対応する前記第2アクセス要求元の属性を、前記入力インタフェースを介して取得した場合、前記基準属性を用いて、前記取得した第1アクセス要求元の属性と前記取得した第2アクセス要求元の属性とを対応させて前記対応記憶領域に格納する手順とを含むことを特徴とする情報共有方法。     The information sharing method according to claim 8,
    The information sharing device has an input interface;
    The method
    A procedure for storing, in the memory, a reference attribute to which the processor is assigned a security level for determining permission or disapproval of access to information;
    The processor obtaining the attribute of the first access request source corresponding to the reference attribute via the input interface;
    When the processor acquires the attribute of the second access request source corresponding to the reference attribute via the input interface, the processor acquires the attribute of the acquired first access request source and the acquisition using the reference attribute. And a procedure for storing the attribute of the second access request source in correspondence with the attribute of the second access request source.
  10.  請求項8に記載の情報共有方法であって、
     前記プロセッサが、前記第2のシステムが前記受信した情報と前記第2アクセス要求元の属性とを格納する方法を、管理情報として前記メモリが有する方法記憶領域に格納する手順と、
     前記プロセッサが、前記第1アクセス要求元の属性を含むアクセスルールと、当該アクセスルールが適用される情報と、前記第1アクセス要求元の属性とを、前記第1アクセス要求元から受信した場合、
     前記プロセッサが、前記受信した第1アクセス要求元の属性を、前記対応記憶領域に基づいて前記第2アクセス要求元の属性に変換する手順と、
     前記プロセッサが、前記方法記憶領域が示す方法によって前記第2のシステムが、前記受信した情報と前記変換後のアクセス第2要求元の属性とを格納するように、前記受信した情報と前記変換後の第2アクセス要求元の属性と前記変換後のアクセスルールとを含む前記提供情報を生成する手順と、
     前記プロセッサが、前記生成した提供情報を前記第2のシステムに送信する手順とを含むことを特徴とする情報共有方法。     The information sharing method according to claim 8,
    A procedure in which the processor stores, in the method storage area of the memory as management information, a method for storing the received information and the attribute of the second access request source by the second system;
    When the processor receives an access rule including an attribute of the first access request source, information to which the access rule is applied, and an attribute of the first access request source from the first access request source,
    The processor converts the received attribute of the first access request source to the attribute of the second access request source based on the corresponding storage area;
    In accordance with the method indicated by the method storage area, the processor stores the received information and the converted information so that the received information and the attribute of the converted access second request source are stored. Generating the provision information including the attribute of the second access request source and the converted access rule;
    The information sharing method further comprising: a procedure in which the processor transmits the generated provision information to the second system.
  11.  請求項8に記載の情報共有方法であって、
     前記プロセッサが、前記第1アクセス要求元の属性を含むアクセスルールと、当該アクセスルールが適用される情報とを、前記第1のシステムから受信した場合、前記アクセスルールに含まれる第1アクセス要求元の属性に対応する前記第2アクセス要求元の属性が前記対応記憶領域に格納されているか否かを判定する手順と、
     前記プロセッサが、前記アクセスルールに含まれる第1アクセス要求元の属性に対応する前記第2アクセス要求元の属性が前記対応記憶領域に格納されている場合、前記第2のシステムに前記受信した情報を送信することを決定する手順とを含むことを特徴とする情報共有方法。     The information sharing method according to claim 8,
    When the processor receives an access rule including the attribute of the first access request source and information to which the access rule is applied from the first system, the first access request source included in the access rule Determining whether the attribute of the second access request source corresponding to the attribute of the second storage is stored in the corresponding storage area;
    If the attribute of the second access request source corresponding to the attribute of the first access request source included in the access rule is stored in the corresponding storage area, the processor receives the received information in the second system. And a procedure for determining to transmit the information.
  12.  請求項9に記載の情報共有方法であって、
     前記情報共有装置は、出力インタフェースを有し、
     前記方法は、
     前記プロセッサが、前記基準属性と前記セキュリティレベルとを示す画面を表示するための画面データを、前記出力インタフェースを介して出力する手順と、
     前記プロセッサが、前記入力インタフェースを介して入力された、前記基準属性に対応する第1アクセス要求元の属性、及び、前記基準属性に対応する第2アクセス要求元の属性を取得する手順とを含むことを特徴とする情報共有方法。     The information sharing method according to claim 9,
    The information sharing apparatus has an output interface;
    The method
    A step of outputting, via the output interface, screen data for displaying a screen indicating the reference attribute and the security level by the processor;
    The processor obtaining a first access request source attribute corresponding to the reference attribute and a second access request source attribute corresponding to the reference attribute, which are input via the input interface. An information sharing method characterized by the above.
  13.  請求項12に記載の情報共有方法であって、
     前記プロセッサが、前記出力インタフェースを介して、前記第2アクセス要求元の属性を入力する指示を示す画像を出力する手順を含むことを特徴とする情報共有方法。     The information sharing method according to claim 12, comprising:
    The information sharing method characterized by including the procedure in which the said processor outputs the image which shows the instruction | indication which inputs the attribute of the said 2nd access request source via the said output interface.
  14.  請求項8に記載の情報共有方法であって、
     前記属性は、前記情報へのアクセスを要求するユーザを識別するための属性、及び、前記アクセスが要求される情報を識別するための属性の少なくとも一つであることを特徴とする情報共有方法。     The information sharing method according to claim 8,
    The information sharing method, wherein the attribute is at least one of an attribute for identifying a user who requests access to the information and an attribute for identifying information required to access the information.
PCT/JP2015/078675 2014-10-15 2015-10-08 Information sharing device and information sharing method WO2016060068A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2014-210897 2014-10-15
JP2014210897A JP6366457B2 (en) 2014-10-15 2014-10-15 Information sharing apparatus and information sharing method

Publications (1)

Publication Number Publication Date
WO2016060068A1 true WO2016060068A1 (en) 2016-04-21

Family

ID=55746614

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2015/078675 WO2016060068A1 (en) 2014-10-15 2015-10-08 Information sharing device and information sharing method

Country Status (2)

Country Link
JP (1) JP6366457B2 (en)
WO (1) WO2016060068A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017187552A1 (en) * 2016-04-27 2017-11-02 三菱電機株式会社 Attribute cooperation device, transfer system, attribute cooperation method, and attribute cooperation program

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH06250946A (en) * 1993-02-22 1994-09-09 Matsushita Electric Ind Co Ltd Distrubed electronic bulletine board device
JP2000112891A (en) * 1998-10-09 2000-04-21 Toshiba Corp Access control setting system and storage medium
WO2009113483A1 (en) * 2008-03-10 2009-09-17 日本電気株式会社 Access control system, access control method, and recording medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU1940601A (en) * 1999-12-02 2001-06-12 Secure Computing Corporation Locally adaptable security management framework for networks
US20050015674A1 (en) * 2003-07-01 2005-01-20 International Business Machines Corporation Method, apparatus, and program for converting, administering, and maintaining access control lists between differing filesystem types
US8381306B2 (en) * 2006-05-30 2013-02-19 Microsoft Corporation Translating role-based access control policy to resource authorization policy
JP4977565B2 (en) * 2007-09-18 2012-07-18 株式会社日立製作所 An access controller that controls access to files using an access control list

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH06250946A (en) * 1993-02-22 1994-09-09 Matsushita Electric Ind Co Ltd Distrubed electronic bulletine board device
JP2000112891A (en) * 1998-10-09 2000-04-21 Toshiba Corp Access control setting system and storage medium
WO2009113483A1 (en) * 2008-03-10 2009-09-17 日本電気株式会社 Access control system, access control method, and recording medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017187552A1 (en) * 2016-04-27 2017-11-02 三菱電機株式会社 Attribute cooperation device, transfer system, attribute cooperation method, and attribute cooperation program
JPWO2017187552A1 (en) * 2016-04-27 2018-10-11 三菱電機株式会社 Attribute linkage device, transfer system, attribute linkage method, and attribute linkage program

Also Published As

Publication number Publication date
JP2016081243A (en) 2016-05-16
JP6366457B2 (en) 2018-08-01

Similar Documents

Publication Publication Date Title
US8032569B2 (en) Information management system, display system, management apparatus and program
US9268802B2 (en) System and method for end-to-end exposure of exported representations of native data types to third-party applications
US8719691B2 (en) Document providing system and computer-readable storage medium
US9699193B2 (en) Enterprise-specific functionality watermarking and management
US20060031923A1 (en) Access control list attaching system, original content creator terminal, policy server, original content data management server, program and computer readable information recording medium
JP2005259112A (en) Information processor, information processing method, information processing program, storage medium, and information management device
JP2009042856A (en) Document management device, document management system, and program
US10938902B2 (en) Dynamic routing of file system objects
JP2007087128A (en) Data processor, composite multifunction terminal, and data processing method
JP2002117215A (en) Patent management system
US20130332989A1 (en) Watermarking Detection and Management
US10200455B2 (en) Information processing system and method
WO2023246723A1 (en) Object access method and apparatus, and electronic device, storage medium and program product
JP2006313484A (en) Document management system, document management method, information processor, program and storage medium
JP6366457B2 (en) Information sharing apparatus and information sharing method
US20160055346A1 (en) Functionality watermarking and management
JP2009110241A (en) Electronic file management device
JP2009104646A (en) Database system and data management method
US9552463B2 (en) Functionality watermarking and management
JP6454440B1 (en) Document creation support system
JP5430618B2 (en) Dynamic icon overlay system and method for creating a dynamic overlay
JP2003030029A (en) Data managing device
JP2010073012A (en) Document management apparatus, document management system and program
US20220300457A1 (en) Information processing apparatus and non-transitory computer readable medium storing information processing program
US11824842B2 (en) Computer method for secure disclosure of information

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15850161

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15850161

Country of ref document: EP

Kind code of ref document: A1