1. Technical Field
This invention generally relates to computer systems and more specifically relates to networked computer systems.
2. Background Art
Since the dawn of the computer age, computer systems have evolved into extremely sophisticated devices, and computer systems may be found in many different settings. The widespread proliferation of computers prompted the development of computer networks that allow computers to communicate with each other. With the introduction of the personal computer (PC), computing became accessible to large numbers of people. Networks for personal computers were developed that allow individual users to communicate with each other.
Over time, different computer platforms have developed with different operating systems and software requirements. Examples of modem computer platforms include I-Series 400, AIX, 390A, (all developed by IBM Corp.) and Windows 2000 (developed by Microsoft). Tools and mechanisms have been developed that allow these different computer platforms to communicate with each other, notwithstanding their different operating systems.
Because the requirements of each operating system differ, each operating system typically maintains its own user registry. A user registry is a list of users and information, such as a user ID and password, that are used to authenticate a user when the user requests access to the network. Note that a user may be a human user, or may be a software process that is assigned a local user identity, such as a print server. Each platform typically has its own administrative tools that allow a system administrator to add, delete, or modify user identities in the user registry. With a heterogenous network that has several different operating systems, this means that the system administrator must learn and become proficient in several different tools that each handle identity management in their respective realms (i.e., platforms). In addition, because each user must have a user identity in the user registry for each platform the user wants to access, the user must have several user IDs and passwords for the different platforms on the network. The result is managing multiple user identities for the same user using different administration tools. This is a very inefficient result.
One way to avoid having multiple user identities for the same user is to force all applications and operating systems to share a common user registry. This approach may be viable in a homogenous environment (i.e., in a network that only has computers of the same platform type). In fact, this approach has been adopted by Microsoft in the Windows 2000 operating system. All applications for Windows 2000 typically share the user information that is in the operating system's registry. However, implementing this approach on a heterogenous network that includes several different platforms would require that each operating system and each application be re-written to access some common user registry. This is simply not a workable solution. Instead of forcing all operating systems and applications to access a common user registry, it would be preferable to provide a way to correlate user identities in the different user registries so an administrator can see the correlation between a user's different identities in the different platforms. This would allow operating systems and applications to be used without affecting their core logic. Without an apparatus and method for correlating different user identities in different environments that describe the same user, system administrators will be required to continue the inefficient process of manually tracking all of the user's identities in the different environments with different administration tools, resulting in high costs of administrating heterogenous networks.