1. Field of the Invention
The present invention is directed to technology for modifying entries in an Identity System after those entries have been created.
2. Description of the Related Art
With the growth of the Internet, the use of networks and other information technologies, Identity Systems have become more popular. In general, an Identity System provides for the creation, removal, editing and other managing of identity information stored in various types of data stores. The identity information pertains to users, groups, organizations and/or things. For each entry in the data store, a set of attributes are stored. For example, the attributes stored for a user may include a name, address, employee number, telephone number, email address, user ID and password. The Identity System can also manage access privileges that govern what an entity can view, create, modify or use in the Identity System. Often, this management of access privileges is based on one or more specific attributes.
Groups can be very useful for managing access privileges. For example, if five persons at a company have similar job responsibilities, they are likely to need similar access privileges. Rather than configure each person separately, a group can be created and each of the five persons can be added to the group. An administrator then need only configure the system for the single group's access privileges, instead of five separate persons. Groups can be used for any subset of access privileges. Groups are also popular for mailing lists.
One drawback of the use of groups in prior Identity Systems is that, once created, the set of attributes cannot be modified. In some systems, when a group is created, the creator can specify which attributes will be used for the group. For example, the creator may decide that the group should have a name, a description, a list of members, a dynamic membership rule and an owner. The dynamic membership rule specifies a test for allowing an entity to join the group automatically without seeking approval from the owner of the group. After creation, values can be stored and changed for these attributes. However, none of the attributes can be removed from the group entry and no new attributes can be added.
As an example, consider a group that has been created with a dynamic membership rule that allows a person to join a group if that person has a certain business title or works in a certain department. Over time, an administrator may discover that using a dynamic membership rule is a mistake for this group because the number of members is growing too fast. The administrator may also prefer that one person decide manually who can be a member and, therefore, the administrator may want to remove the ability to have a dynamic membership rule for this group. However, since the group has already been created and used, prior systems do not allow for the modification of the group by removing the attribute for storing a dynamic membership rule.
Therefore, there is a need for a system that allows for the removal and addition of attributes to an existing group or other type of entry.