Patents by Inventor Elisa Ferracane
Elisa Ferracane has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9582407Abstract: Mechanisms are provided for performing security role definition testing. An application is received in a container of a runtime environment of the data processing system. The application has methods and security role definitions associated with the methods. A properties object, which specifies a user identifier to security role mapping, is received in the container. A test application is executed, in the container, by the processor, on an execution of the methods of the application based on the user identifier to security role mapping and the security role definitions. The test application tests an operation of the application with regard to the security role definitions. A result of the execution of the test application on the execution of the methods of the application is then output.Type: GrantFiled: February 25, 2011Date of Patent: February 28, 2017Assignee: International Business Machines CorporationInventors: Paul W. Bennett, Elisa Ferracane, William J. O'Donnell, Michael C. Thompson
-
Patent number: 9292702Abstract: Disclosed is a computer implemented method, computer program product, and apparatus to switch security configurations. A data processing system accesses a first security configuration via a thread of execution, wherein a security configuration comprises at least one security parameter. The thread receives an incoming request. The thread switches to a second security configuration that specifies a resource, based on the incoming request, responsive to receiving the incoming request. The thread stores the second security configuration or a reference to the second security configuration to a stack. The thread authenticates the incoming request based on the second security configuration. The thread grants or denies access to the resource. The thread executes a method referenced in the incoming request. The thread restores to a first security configuration, responsive to completing the method.Type: GrantFiled: August 20, 2009Date of Patent: March 22, 2016Assignee: International Business Machines CorporationInventors: Paul W. Bennett, Elisa A. Ferracane, Daniel E. Morris, Michael C. Thompson
-
Patent number: 9147062Abstract: A method, data processing system, and computer program product for managing user identification information. A determination is made whether an instance of security information in use on the first application server and referenced by a token that has expired was generated by an application server compatible with a first application server in response to receiving the token. A determination is made whether the instance of the security information is managed by a set of rules for a group of users of the first application server. A determination is made whether a user identifier from the token is authorized to access the first application server. The token is renewed in response to determining that the user identifier is authorized to access the first application server.Type: GrantFiled: June 29, 2011Date of Patent: September 29, 2015Assignee: International Business Machines CorporationInventors: Paul W. Bennett, Christopher M. Dettlaff, Elisa Ferracane, William J. O'Donnell, Michael C. Thompson
-
Patent number: 8955052Abstract: A method, system and computer-usable medium are disclosed for managing identity authorizations to access information processing system resources. An application thread requiring access to target resources is initiated and associated with an authenticated client identity and a server identity. The resource authorization attribute of a resource required for execution of the application thread designates the use of a client identity, a server identity, or a client identity and server identity when attempting authorized access of the resource. The client identity, the server identity, or the client identity and server identity is then respectively used to access the target resource and the application thread is executed.Type: GrantFiled: May 27, 2010Date of Patent: February 10, 2015Assignee: International Business Machines CorporationInventors: William J. O'Donnell, Elisa Ferracane, Paul W. Bennett, Michael C. Thompson
-
Patent number: 8938791Abstract: A method for dynamically assigning a displayable realm name begins upon receipt of an authentication request to an application, such as a web application, being executed by an application server. In response, a determination is made whether an application realm name has been set in a configuration file associated with the application. If not, a custom display property is then evaluated. If the custom display property is set true, a realm name associated with an active authentication mechanism is retrieved and provided for display in an authentication panel. If the custom display property is set false, a default string is provided for display in the authentication panel. In this manner, an application server administrator can control what realm name is displayed to an end user in the event an application developer has not specified the realm name in the application configuration.Type: GrantFiled: June 10, 2011Date of Patent: January 20, 2015Assignee: International Business Machines CorporationInventors: William J. O'Donnell, Paul William Bennett, Elisa Ferracane, Ajay Reddy Karkala, Ut Van Le, Michael Craig Thompson
-
Patent number: 8707405Abstract: A method for selectively refreshing group membership for an identifier associated with an authenticated user. The identifier represents an application server security context, and it is generated to enable a user credential associated with the authenticated user to be persisted. Following such authentication, the client is provided with a time-bounded, renewable security token. The method begins by configuring an option whether group membership information is refreshed during renewal of an expired security token. During renewal of an expired security token, the method determines whether the option is set. If so, an attempt is made to refresh information. This attempt performs a set of checks to verify certain conditions. If these checks are valid, the identifier is refreshed and the security token renewed with updated group membership information. If any check is not valid, the identifier is refreshed and the security token renewed with existing information.Type: GrantFiled: January 11, 2012Date of Patent: April 22, 2014Assignee: International Business Machines CorporationInventors: William J. O'Donnell, Paul William Bennett, Elisa Ferracane, Michael Craig Thompson, Michael Dettlaff Christopher
-
Patent number: 8645679Abstract: A method is described for merging security constraints associated with an application when using security annotations. The application comprises one or more servlets, such as a Java servlet. During application deployment, a list of role names is generated by merging static security constraints, for example, identified in a deployment descriptor, and in a static security annotation that defines a list containing the names of authorized roles for a servlet. Later, during application runtime in an application server, security constraints are retrieved from a plurality of sources, including both dynamic and static security annotations. Using the list of role names and the security constraints retrieved, a set of merged security constraints having a defined and proper order of precedence is generated. In particular, preferably one or more dynamic security annotations are first merged with one or more static security annotations to generate a set of runtime constraints.Type: GrantFiled: June 17, 2011Date of Patent: February 4, 2014Assignee: International Business Machines CorporationInventors: Elisa Ferracane, Paul William Bennett, William J. O'Donnell, Ajay Reddy Karkala, Ut Van Le, Michael Craig Thompson, Maxim Avery Moldenhauer
-
Patent number: 8522307Abstract: A method, system, and computer usable program product for flexibly assigning security configurations to applications are provided in the illustrative embodiments. An embodiment determines, forming a first determination, whether a first identifier identifying the application is mapped to the security configuration. The embodiment determines, forming a second determination, whether the application participates in a group by determining whether a second identifier identifying the group is mapped to the security configuration. The embodiment assigns, forming a first assignment, the security configuration to the application if either of the first and the second determinations is true. The embodiment assigns, forming a second assignment, the security configuration to the application using a determination by a first policy if the first and the second determinations are false.Type: GrantFiled: March 6, 2012Date of Patent: August 27, 2013Assignee: International Business Machines CorporationInventors: Paul W. Bennett, Elisa Ferracane, Daniel E. Morris, Michael C. Thompson
-
Publication number: 20130179952Abstract: A method for selectively refreshing group membership for an identifier associated with an authenticated user. The identifier represents an application server security context, and it is generated to enable a user credential associated with the authenticated user to be persisted. Following such authentication, the client is provided with a time-bounded, renewable security token. The method begins by configuring an option whether group membership information is refreshed during renewal of an expired security token. During renewal of an expired security token, the method determines whether the option is set. If so, an attempt is made to refresh information. This attempt performs a set of checks to verify certain conditions. If these checks are valid, the identifier is refreshed and the security token renewed with updated group membership information. If any check is not valid, the identifier is refreshed and the security token renewed with existing information.Type: ApplicationFiled: January 11, 2012Publication date: July 11, 2013Applicant: International Business Machines CorporationInventors: William J. O'Donnell, Paul William Bennett, Elisa Ferracane, Michael Craig Thompson, Christopher Michael Dettlaff
-
Publication number: 20130007856Abstract: A method, data processing system, and computer program product for managing user identification information. A determination is made whether an instance of security information in use on the first application server and referenced by a token that has expired was generated by an application server compatible with a first application server in response to receiving the token. A determination is made whether the instance of the security information is managed by a set of rules for a group of users of the first application server. A determination is made whether a user identifier from the token is authorized to access the first application server. The token is renewed in response to determining that the user identifier is authorized to access the first application server.Type: ApplicationFiled: June 29, 2011Publication date: January 3, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Paul W. Bennett, Christopher M. Dettlaff, Elisa Ferracane, William J. O'Donnell, Michael C. Thompson
-
Publication number: 20120324528Abstract: A method is described for merging security constraints associated with an application when using security annotations. The application comprises one or more servlets, such as a Java servlet. During application deployment, a list of role names is generated by merging static security constraints, for example, identified in a deployment descriptor, and in a static security annotation that defines a list containing the names of authorized roles for a servlet. Later, during application runtime in an application server, security constraints are retrieved from a plurality of sources, including both dynamic and static security annotations. Using the list of role names and the security constraints retrieved, a set of merged security constraints having a defined and proper order of precedence is generated. In particular, preferably one or more dynamic security annotations are first merged with one or more static security annotations to generate a set of runtime constraints.Type: ApplicationFiled: June 17, 2011Publication date: December 20, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Elisa Ferracane, Paul William Bennett, William J. O'Donnell, Ajay Reddy Karkala, Ut Van Le, Michael Craig Thompson, Maxim Avery Moldenhauer
-
Publication number: 20120317633Abstract: A method for dynamically assigning a displayable realm name begins upon receipt of an authentication request to an application, such as a web application, being executed by an application server. In response, a determination is made whether an application realm name has been set in a configuration file associated with the application. If not, a custom display property is then evaluated. If the custom display property is set true, a realm name associated with an active authentication mechanism is retrieved and provided for display in an authentication panel. If the custom display property is set false, a default string is provided for display in the authentication panel. In this manner, an application server administrator can control what realm name is displayed to an end user in the event an application developer has not specified the realm name in the application configuration.Type: ApplicationFiled: June 10, 2011Publication date: December 13, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: William J. O'Donnell, Paul William Bennett, Elisa Ferracane, Ajay Reddy Karkala, Ut Van Le, Michael Craig Thompson
-
Publication number: 20120222015Abstract: Mechanisms are provided for performing security role definition testing. An application is received in a container of a runtime environment of the data processing system. The application has methods and security role definitions associated with the methods. A properties object, which specifies a user identifier to security role mapping, is received in the container. A test application is executed, in the container, by the processor, on an execution of the methods of the application based on the user identifier to security role mapping and the security role definitions. The test application tests an operation of the application with regard to the security role definitions. A result of the execution of the test application on the execution of the methods of the application is then output.Type: ApplicationFiled: February 25, 2011Publication date: August 30, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Paul W. Bennett, Elisa Ferracane, William J. O'Donnell, Michael C. Thompson
-
Publication number: 20120198515Abstract: A method, system, and computer usable program product for flexibly assigning security configurations to applications are provided in the illustrative embodiments. An embodiment determines, forming a first determination, whether a first identifier identifying the application is mapped to the security configuration. The embodiment determines, forming a second determination, whether the application participates in a group by determining whether a second identifier identifying the group is mapped to the security configuration. The embodiment assigns, forming a first assignment, the security configuration to the application if either of the first and the second determinations is true. The embodiment assigns, forming a second assignment, the security configuration to the application using a determination by a first policy if the first and the second determinations are false.Type: ApplicationFiled: March 6, 2012Publication date: August 2, 2012Applicant: New Orchard RoadInventors: PAUL W. BENNETT, Elisa Ferracane, Daniel E. Morris, Michael C. Thompson
-
Patent number: 8230478Abstract: A method, system, and computer usable program product for flexibly assigning security configurations to applications are provided in the illustrative embodiments. An embodiment determines, forming a first determination, whether a first identifier identifying the application is mapped to the security configuration. The embodiment determines, forming a second determination, whether the application participates in a group by determining whether a second identifier identifying the group is mapped to the security configuration. The embodiment assigns, forming a first assignment, the security configuration to the application if either of the first and the second determinations is true. The embodiment assigns, forming a second assignment, the security configuration to the application using a determination by a first policy if the first and the second determinations are false.Type: GrantFiled: August 27, 2009Date of Patent: July 24, 2012Assignee: International Business Machines CorporationInventors: Paul W. Bennett, Elisa Ferracane, Daniel E. Morris, Michael C. Thompson
-
Publication number: 20110296496Abstract: A method, system and computer-usable medium are disclosed for managing identity authorizations to access information processing system resources. An application thread requiring access to target resources is initiated and associated with an authenticated client identity and a server identity. The resource authorization attribute of a resource required for execution of the application thread designates the use of a client identity, a server identity, or a client identity and server identity when attempting authorized access of the resource. The client identity, the server identity, or the client identity and server identity is then respectively used to access the target resource and the application thread is executed.Type: ApplicationFiled: May 27, 2010Publication date: December 1, 2011Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: William J. O'Donnell, Elisa Ferracane, Paul W. Bennett, Michael C. Thompson
-
Publication number: 20110055926Abstract: A method, system, and computer usable program product for flexibly assigning security configurations to applications are provided in the illustrative embodiments. An embodiment determines, forming a first determination, whether a first identifier identifying the application is mapped to the security configuration. The embodiment determines, forming a second determination, whether the application participates in a group by determining whether a second identifier identifying the group is mapped to the security configuration. The embodiment assigns, forming a first assignment, the security configuration to the application if either of the first and the second determinations is true. The embodiment assigns, forming a second assignment, the security configuration to the application using a determination by a first policy if the first and the second determinations are false.Type: ApplicationFiled: August 27, 2009Publication date: March 3, 2011Applicant: International Business Machines CorporationInventors: Paul W. Bennett, Elisa Ferracane, Daniel E. Morris, Michael C. Thompson
-
Publication number: 20110047589Abstract: Disclosed is a computer implemented method, computer program product, and apparatus to switch security configurations. A data processing system accesses a first security configuration via a thread of execution, wherein a security configuration comprises at least one security parameter. The thread receives an incoming request. The thread switches to a second security configuration that specifies a resource, based on the incoming request, responsive to receiving the incoming request. The thread stores the second security configuration or a reference to the second security configuration to a stack. The thread authenticates the incoming request based on the second security configuration. The thread grants or denies access to the resource. The thread executes a method referenced in the incoming request. The thread restores to a first security configuration, responsive to completing the method.Type: ApplicationFiled: August 20, 2009Publication date: February 24, 2011Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Paul W. Bennett, Elisa A. Ferracane, Daniel E. Morris, Michael C. Thompson