1. Field of the Invention
The present invention is directed to technology for supporting multiple access mechanisms for accessing data stores.
2. Description of the Related Art
With the growth of the Internet, the use of networks and other information technologies, Identity Systems have become more popular. In general, an Identity System provides for the creation, removal, editing and other managing of identity information stored in various types of data stores. The identity information pertains to users, groups, organizations and/or things. For each entry in the data store, a set of attributes are stored. For example, the attributes stored for a user may include a name, address, employee number, telephone number, email address, user ID and password. The Identity System can also manage access privileges that govern what an entity can view, create, modify or use in the Identity System. Often, this management of access privileges is based on one or more specific attributes, membership in a group and/or association with an organization.
Some Identity Systems use directories to store data. Other systems use relational databases or other types of data stores. In some cases, all of the data is maintained in one data store. However, there are cases when multiple data stores are necessary. For example, if the amount of data is too big to fit in one data store, multiple data stores may be necessary. Additionally, some entities desire a back-up or shadow data store, which stores a replica of the main data store for fault tolerance reasons.
Some users of Identity Systems also use Access Systems. An Access System provides for the authentication and authorization of users attempting to access resources. For efficiency purposes, there is an advantage to integrating the Identity System and the Access System. For example, both systems can share the same set of data stores and identity information. Additionally, integrating the Identity System and the Access System allows for single sign-on functionality across multiple resources.
There have been previous systems that have provided support for multiple data stores. The data stores are accessed using an access mechanism. An access mechanism is a system, process, protocol, set of rules, interface, etc. that provides for access to a data store. There are many different access mechanisms in use. Each access mechanism has its advantages and disadvantages.
Some prior systems allow the owner (or administrator) of the system to choose an access mechanism. However, the chosen access mechanism is then used for all operations for a data store. While it is advantageous to be able to choose an access mechanism, it may not be efficient for all operations to be performed using the same access mechanism. Because each access mechanism has its advantages and disadvantages, some operations may be better suited for one access mechanism while other operations may be better suited for a different access mechanism.