1. Field of the Invention
The present invention is directed to a method for granting accesses to information in a distributed computer system.
2. Description of the Related Art
The currently most important distributed computer systems are the Internet and--for business concerns--Intranets. The network security is a critical factor for the success of these systems in these systems.
Computer networks are terminals, controllers, periphery devices and processors and their connections to one another. Such configurations are defined as logical units that have a relationship to physical units of a network and specify the rules for interaction between these logical units. The components of a network are disclosed for example in European Patent Document EP 0 362 105 B1, columns 1 and 2. Many other network systems that, depending on their configuration and their employment, are generally operated as local or super-local networks, what are referred to as Local Area Networks or, respectively, Wide Area Networks, these being described corresponding to the network in European Patent Document EP 0 362 105 B1. All of these networks can be connected to one another by employing standardized protocols. The connection of a plurality of such systems is called a distributed computer system. What is referred to as the World Wide Web (WWW) is a permanent representative of such a computer system.
A few transfer protocols have become established for communication of the computer systems to one another as well as within these computer systems. An important transfer protocol is the TCP/IP (Transmission Control Protocol/Internet Protocol).
Within the networks, some computers work as what are referred to as servers that can be addressed by the actual users, which are referred to as the clients. The servers can offer different computing resources, documents, programs, etc. In particular, the servers make what are referred to as hypertext documents available to the clients. Hypertext documents are generated with what is referred to as a "Hypertext Markup Language" (HTML). HTML is a language that generates documents that can be displayed at the client independent of the platform. HTML is an application of the ISO Standard 8879: 1986 Information Processing Text and Office Systems; Standard Generalized Markup Language (SGML). SGML documents are sequence of characters that are physically organized as a set of entities and are logically organized in a hierarchy of elements. A SGML document contains data in the form of characters and what are referred to as "Markups". These markups describe the structure of the information and reproduce an example of this structure.
In addition to texts, graphics, video and the like, hypertext documents often contain references, what are referred to as links, to other hypertext documents. These links are commands in which instructions are embedded that make it possible for the system of the client to search for the target document. The target document can be allocated to a different server that can be located in a different network that is a component of the distributed computer system. When the HTML standard is employed for the hypertext document, then the link contains what is referred to as a Uniform Resource Locator (URL) that indicates the actual name of a document and the server system from which the document can be accessed.
The HTML pages are transmitted between the server and the client with a specific transfer protocol. An example of such a protocol is the Hypertext Transfer Protocol HTTP that is specified in the Internet Request for Comments 1945 (RFC1945). Such a protocol contains messages that are to be interpreted either as a request of a document or are interpreted as a reply to such a request. Requests and replies can be classified dependent on their content. For example, the HTTP protocol defines two requests types: what is referred to as a GET request that merely contains the requested URL and, thus, the sought document and the server system thereof, and a POST Request that also contains data added by the client in addition to the URL.
The client computers, with which hypertext documents can be displayed and processed, have a corresponding application program available to them, that is referred to as a browser. The browser can be available by itself or embedded in another application program on the client computer. This browser reproduces the contents of the hypertext document, potentially upon involvement of further application programs, at the client in the form of texts, images, sounds, and video sequences. In addition, a browser allows the links contained in the hypertext document to be followed. This branching to the links ensues from the point of view of the user--by a simple click with a computer mouse or with some other pointer instrument on a correspondingly marked location in the displayed hypertext document.
The hypertext documents are offered by servers. To that end, the servers directly access a document or generate it dynamically. In the dynamic generation, the servers employ application programs that, similar to a client, in turn implement a data exchange with a data bank on the basis of network protocol. The data read from the data bank are edited as a hypertext document and sent to the client.
Hypertext documents can contain fields that are to be filled in by the client. The filled-in fields supply the server with the required information. For example, a hypertext document looks like a form that the user is supposed to fill out. This form is sent from the client to the server, whereat the received information are processed in an application program. The application program can thereby run directly on the server or in a further data processing means outside the server. Given employment of this functionality, it is possible to make only the browser available at a client computer. The hypertext document then serves as a user interface for an application program. This application program then no longer has to be installed at the client; rather, it suffices to offer this user program at the server and to access this with a hypertext document and a standard browser.
What are referred to as proxy servers represent a special group of servers. These proxy servers merely forward the requests and replies that reach them to their destination location. Moreover, the proxy servers are in the position to intermediately store a few replies in a cache memory. This is particularly expedient given replies that contain hypertext documents that are frequently requested. This functionality reduces the network bandwidth that is required, since the quantity of data to be transmitted is reduced. A further important job of the proxy servers is the implementation of security routines. Proxy servers are utilized for handling incoming messages in security-oriented terms in that, for example, they encode these messages.
A few security demands arose when hypertext documents and hypertext user interfaces of applications were made available via distributed networks. These demands relate, first, to the security in the data transmission and, second, to the access to individual documents or groups of documents. Various encryption methods with which the transmitted data are made difficult to read or completely illegible for third parties are made use of with respect to the data transmission. Given an access protection to documents, an access is allowed or rejected in a user-specific fashion.
A general access protection is described, for example, in Internet Request for Comments 1508 (RFC1508) for what is referred to as the Generic Security Services Application Program Interface (GSS-API). A user/client communicates data to the server that document his identify. This ensues, for example, via an exchange of passwords or by employing specific cryptographic methods. When the identity of the client has been determined, the result can be deposited in a list and can be utilized for following access decisions.
A method for the exchange of passwords according to the hypertext transfer protocol HTTP is described in Internet Request For Comments 1945 (RFC1945). A cryptographic method for data security is described in the Secure Socket Layer Protocol (the SSL protocol, Version 3.0 Internet Draft, March 1996). An asymmetrical method, that is referred to as a Public Key Method (RSA), is proposed for mutual authentification between the server and the client.
The known methods exhibit the disadvantages listed below:
1. Problems governing situations wherein a plurality of clients whose access wishes must be controlled wish to access a plurality of servers. One reason for this is the administration outlay that must be exerted when the decision about granting an access is based on the specific right of a client. This type of assignment of rights means that each data source (for example, a server) must possess an access control list in which all clients having access rights must be contained. Such lists are extremely extensive and difficult to maintain so that they always have a current status. It therefore frequently occurs that clients whose access rights have already lapsed still have access to protected data because some time passes since the access control list has been updated. PA0 2. The assigning of rights typically ensues by the administrator of the server. Often, however, it would be better to transfer this task to a security administrator or to leave this task in the hands of the owner of the data. PA0 3. The servers always confirm the existence of a hypertext document, even when access thereto is subject to access control and is not granted. This confirmation can already inherently denote the publication of security-relevant information. PA0 4. The access decision is made exclusively on the basis of the identity of the client. PA0 5. The identity of the client is always disclosed to the server. In some instances, this approach harbors an infraction of the rules with respect to data protection since the administrator of the server can determine which client has access to which document. PA0 6. As described above, many hypertext documents are dynamically generated at the server. To that end, the server accesses a different system via the network protocol, the actual content of the document being stored at this different system. In these cases, currently employed security methods cannot guarantee a secured connection between the server and the data base in the background which applies the security methods that are based on the security attributes of the actual client browser. PA0 7. Frequently, the actual content of documents must be modified in order to assure reliable access to them. For example, the SSL method requires that the URL of a document exhibits a specific type.
The prior art has disclosed solutions for a few of these problems in conjunction with specific security application programs. In its technical report ECMA TR/46, for example, the European Computer Manufacturers Association (ECMA) has defined a security architecture whose access control is based on attributes that are assigned to the client.
A specific embodiment of this method was developed under the name SESAME (Security Europeans Systems for Applications in a Multivendor Environment). SESAME is defined in the corresponding standard ECMA 235.
A standard method for the integration of security functionality into an application program was defined in the RFC 1508 in conjunction with RFC 2048. The definition of what is referred to as an Application Program Interface (API) is contained therein, this being known as what is referred to as a Generic Security Services API (GSS-API).