1.0 Field of the Invention
The invention relates generally to information processing technology and, more specifically, to a system and method that generally provides for management of access as a graph, management of identity as a graph, the intersection of the access graph and identity graph, the uniform representation and management of human and machine-automated functions, and the combination of human and machines functions as interpreters in a system of functional decomposition.
2.0 Related Art
Systems of today, before this disclosure, do not typically provide for derivation of multiple identity objects for actors, such as users and functions, and do not create a graph of linked identity objects so that each identity object, or node, in the graph may be assigned one or more access controls, may develop a separately evolving set of information, may be distributed across a multi-node system, and may interact with other identity objects for other actors, while maintaining it accessibility to the initial actor.
Systems of today before the disclosure also do not typically build a graph of derived access control that intersects with the graph of derived identity such that the granting of access to objects in a system may be tracked over time and attributed to the specific actors associated with the identity objects creating the access. The auditability of shared access is often critical in systems that manage proprietary or highly sensitive information.
Additionally, today's systems do not typically provide a uniform representation for human functions and machine functions so that any actor or any of the identity objects derived for an actor in a system may interpret a program, process, workflow, group, task by decomposing it into one or more subelements, for example subgroups, subfunctions, subprocesses and the like, so that each subelement itself becomes a member of the element it decomposes and may then further interpret the subelement. Human functions and machine functions of today are typically completed in separate systems or using codebases which provide duplicate functionality but that are delivered through a mechanism that can communicate with the disparately managed functions, requiring multiple systems or duplicative codebases, increasing the workload, redundancy, and inefficiency of systems.
Moreover, systems of today also do not layer identity and access graphs so that the interpretation may be constrained or expanded over time based on access controls, and the interpretation may evolve in the context of a specific identity object. These systems also do not record the temporal aspects of each decomposition, interpretation, identity derivation or access derivation such that the decomposition and implementation may not only vary over time, and the previous state of the system may be retrieved at any time by applying the temporal aspects.