1. Field of the Invention
This invention relates to distributed computer systems and, more particularly, to condition defining data such as that used to control access to entries in a directory.
2. Description of the Related Art
In certain fields of technology, computer systems such as web networks include equipment and software of diverse types and having different manufacturers. This is true at both the hardware and the software level.
It is desirable that network users (“client components”) can access, upon query, to a large amount of data (“application software components”) making it possible for the network users to create their own dynamic web site or to consult a dynamic web site such as an e-commerce site on an multi-platform computer system (e.g., Solaris, Windows NT, AIX, HPUX). These queries are directed to a directory (e.g., an LDAP (Lightweight Data Access Protocol directory) and managed by a directory server. It is further desirable that this access be made possible rapidly for each query arriving after a first query.
Directories often have access control mechanisms to restrict access to certain portions of the directory. For example, some access control mechanisms may be designed so that regular users only have access to the information they need to know while other users (e.g., administrators) have access to larger segments (or all) of the directory. However, the access control mechanisms may have to be duplicated a large number of times (e.g., for each node in the directory), within a given directory structure. This may induce a supplementary load in many respects, including storage capability and the usual compromise in memory between data storage and program execution, in connection with the time needed for execution.