Leanne L Chen

US Patent:

8631477, Jan 14, 2014

Filed:

Jul 23, 2009

Appl. No.:

12/508102

Inventors:

Leanne L. Chen - Laguna Niguel CA, US
Alexander P. Ames - Irvine CA, US
Prema Vivekanandan - Kansas City MO, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

H04L 29/06

US Classification:

726 6, 726 7, 726 8, 726 9

Abstract:

Managing a lifecycle of a shared privileged account via a proxy service which comprises an Identity Management (IdM) system that defines and manages identity services, which in turn manage privileged accounts used to access managed targets. Each of the identity services is mapped to a privilege group of the proxy service and an ID pool manager is implemented to manage sharing of the privileged accounts. A request is generated to access a managed target with a privileged account. A shared privileges module generates a shared ID authorization account and associates it with the requestor. The shared ID authorization account is populated with sign out information for a shared privileged account, which the requestor uses to access the corresponding managed target. When use of the shared privileged account is ended, the shared privileges module disassociates the requestor with the shared privileged account by deleting the shared ID authorization account.

US Patent:

20090150981, Jun 11, 2009

Filed:

Dec 6, 2007

Appl. No.:

11/951980

Inventors:

Alexander Phillip Amies - Irvine CA, US
Sadanand Rajaram Bajekal - Austin TX, US
Christopher Michael Bauserman - Austin TX, US
Leanne L. Chen - Laguna Niguel CA, US
Sridhar R. Muppidi - Austin TX, US

International Classification:

H04L 9/32

US Classification:

726 5

Abstract:

A computer implemented method, data processing system, and computer program product for logical management and provisioning of business applications within the framework of an identity management system. The illustrative embodiments providing an interface layer to map respective attributes, permissions, and resource accounts in a data repository needed to represent access to business applications via a managed service in the identity management system. The illustrative embodiments define user entitlements on a user account associated with the managed service. The illustrative embodiments provision user access to the business applications via the managed service in the identity management system upon user request.