WO2002103570A1 - Dynamic group generation and management - Google Patents
Dynamic group generation and management Download PDFInfo
- Publication number
- WO2002103570A1 WO2002103570A1 PCT/US2002/018344 US0218344W WO02103570A1 WO 2002103570 A1 WO2002103570 A1 WO 2002103570A1 US 0218344 W US0218344 W US 0218344W WO 02103570 A1 WO02103570 A1 WO 02103570A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- group
- user
- data structure
- dynamic
- group data
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/284—Relational databases
- G06F16/288—Entity relationship models
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10—TECHNICAL SUBJECTS COVERED BY FORMER USPC
- Y10S—TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10S707/00—Data processing: database and file management or data structures
- Y10S707/912—Applications of a database
- Y10S707/922—Communications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10—TECHNICAL SUBJECTS COVERED BY FORMER USPC
- Y10S—TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10S707/00—Data processing: database and file management or data structures
- Y10S707/912—Applications of a database
- Y10S707/944—Business related
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10—TECHNICAL SUBJECTS COVERED BY FORMER USPC
- Y10S—TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10S707/00—Data processing: database and file management or data structures
- Y10S707/99941—Database schema or data structure
- Y10S707/99942—Manipulating data structure, e.g. compression, compaction, compilation
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10—TECHNICAL SUBJECTS COVERED BY FORMER USPC
- Y10S—TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10S707/00—Data processing: database and file management or data structures
- Y10S707/99941—Database schema or data structure
- Y10S707/99943—Generating database or data structure, e.g. via user interface
Definitions
- the invention is generally related to the generation and management of groups of individuals within a data processing environment, e.g., for use in applications such as electronic messaging, content management, security access control and software distribution.
- a computer system When interacting with multiple individuals, a computer system typically requires some manner of identifying an individual, e.g., to determine where to send messages to that individual, to determine whether that individual is authorized to perform certain actions, etc.
- each individual that utilizes a computer system typically is associated with a set of data that is used by various computer systems to identify that individual.
- the data structures which are often referred to as user records, typically include information such as name, network address, authorizations, and other data about an individual that may be useful in performing whatever tasks a computer system is performing on behalf of that individual.
- the user record may contain any amount of information about an individual, e.g., from only nominal information to fairly comprehensive information.
- an email address may be tracked for certain individuals, hi contrast, for an enterprise-wide groupware application, individuals may be associated with information such as name, department, facility, email address, physical address, network address, security authorizations, telephone numbers, etc.
- While computers may interact with and perform tasks on behalf of individual users, in many instances, computers may be called upon to interact and/or perform tasks on behalf of multiple individuals.
- a number of computer environments support the concept of a "group," i.e., a logical representation of a collection of individuals.
- Groups find utility in a wide variety of computer applications. For example, in electronic messaging applications, groups may be used to facilitate message distribution to various related individuals with common interests, common positions within an enterprise, etc. For example, groups may be defined for the members of a team or project, members of a particular department or level of management, members that work in the same facility, etc.
- Groups also find utility in applications such as security management, content distribution and software distribution, where certain types of individuals may share common authorities, and thus be permitted to perform certain actions (or use or view certain content or software) that are not available to the entire set of individuals that may have access a particular computer system. For example, within a computer network environment, certain individuals that maintain and manage a computer network may be granted greater authority than other individuals to permit those "administrators" of the network to change settings and otherwise configure the network to fix errors or improve its performance. Also, in some instances, certain software applications or content may be restricted to viewing only by certain individuals, e.g., the members of a project or team. By placing all of these individuals into a common group, authorities maybe defined for the group as a whole, which facilitates managing the authorities granted to various individuals.
- groups are adequate for use in many applications, in some instances, the requirement to enumerate the members of a group becomes problematic, particularly for groups with large numbers of individuals, or within organizations having large numbers of users. For example, in a typical corporate enterprise, new employees are frequently hired, and current employees may leave the enterprise or change job descriptions with relative frequency. Moreover, employees may participate in a large number of different groups that span different aspects of an employee's standing within an enterprise. For example, groups may be defined based upon projects, management positions, human resources, facilities, accounting, geography, interests, skills, etc.
- delays in manually incorporating changes into a computer environment after an employment status change are often inevitable.
- individuals are granted authorities on a computer network based upon their employee status, or where groups are used for issuing critical communications to employees
- delays in updating groups to reflect changes in employment status can limit employee productivity and otherwise hamper employees' abilities to perform their jobs.
- any delays in adding that employee to the group effectively hamper the employee's ability to do the job.
- enumerated groups present additional concerns. For example, substantial resources are often devoted to mailing lists and other direct marketing databases to create groups of individuals that share common interests and might be receptive to particular marketing promotions. Creation of such lists is often labor intensive, and in some instances requires the manual addition of members to a group used for the mailing list. Automated tools have been developed to assist in "crawling" the Internet for potential group members; however, any members found by a crawler are often required to be individually added to the group. Given that mailing lists may have tens or hundreds of thousands of individual members, the use of enumerated groups in such instances can be unwieldy and complex.
- the invention addresses these and other problems associated with the prior art by providing an apparatus, program product, and method that utilize "dynamic" groups to represent collections of individuals in a computer environment.
- a group membership criterion and a set of member identifiers are associated with one another within a dynamic group data structure, such that the set of member identifiers identifies those users from a plurality of users that meet the group membership criterion for the dynamic group.
- the set of member identifiers for a dynamic group may be updated to reflect modifications to the plurality of users so as to maintain the identification of members in the dynamic group current, often with little or no manual intervention by an administrator or other computer user. Consequently, in the case of large groups and/or groups utilized in connection with user pools that frequently change, the use of dynamic groups as described herein greatly facilitates maintaining current group memberships.
- dynamic group data structures may be utilized in connection with multiple networked target computer environments having users that span multiple computer domains and/or enterprises.
- the target computer environments are networked with a hub computer upon which is resident a database that maintains a dynamic group data structure as described above, which may include users from multiple target computer environments.
- mirrored group data structures may be distributed and maintained, with each including at least a subset of member identifiers from the set of member identifiers associated with the dynamic group data structure.
- the target computer environments in some instances may be implemented using different underlying platforms, and/or maybe under the control of different enterprises.
- FIGURE 1 is a block diagram of a multi-platform, cross-enterprise networked computer system incorporating a dynamic group management system consistent with the invention.
- FIGURE 2 is a block diagram of the hub computer from the networked computer system of Fig 1.
- FIGURE 3 is a block diagram illustrating a user record utilized in the dynamic group management system of Fig. 1.
- FIGURE 4 is a flowchart that illustrates the program flow of an establish group hub routine executed by the hub group manager in the dynamic group management system of Fig. 1.
- FIGURE 5 is a flowchart that illustrates the program flow of an establish group spoke routine executed by the hub group manager in the dynamic group management system of Fig. 1.
- FIGURE 6 is a flowchart that illustrates the program flow of a create group routine executed by the hub group manager in the dynamic group management system of Fig. 1.
- FIGURE 7 is an object diagram illustrating an exemplary database schema utilized in connection with managing dynamic groups in an exemplary security management application of the dynamic group management system of Fig. 1.
- FIGURE 8 is a block diagram of the utilization of the exemplary security management application having the database schema of Fig. 7.
- FIGURE 9 is a block diagram of an exemplary content management application of the dynamic group management system of Fig. 1.
- FIGURE 10 is a block diagram of an exemplary electronic messaging application of the dynamic group management system of Fig. 1.
- FIGURE 11 is a block diagram of an exemplary software distribution application of the dynamic group management system of Fig. 1. Detailed Description
- the embodiments described herein utilize dynamic groups to maintain group information for collections of individuals in connection with computer tasks are performed.
- individuals are typically computer users, with a "user space" representing the set of users in a computer environment that are capable of being incorporated into groups.
- a user is considered to be a "member" of that group if that user is to be interacted with, or is to have a task performed on behalf of it, whenever a computer operation is to be performed on the group as a whole (e.g., when the operation identifies or operates on the group explicitly, rather than specific individuals).
- the members of a dynamic group are defined based upon a group membership criterion, which may be based upon practically any set of characteristics, attributes, or the like that are capable of distinguishing a set of users from among a user space that meet the group membership criterion.
- a group membership criterion may comprise one or more selected values of one or more "attributes" that identify various users within a user space.
- an attribute typically is represented as a field in a user record, with the value stored in that field representing the value of the attribute.
- a group membership criterion may include Boolean logic operations such as AND, OR, NOT, etc.
- a criterion may also be used in a negative fashion, e.g., to exclude certain users based upon certain characteristics of those users.
- the set of member identifiers associated with a dynamic group may be represented by any number of data structures, including linked lists, tables, and the like.
- various mechanisms for identifying users may be used as member identifiers, including, for example, user record ID's, email addresses, names, and other distinguishing user characteristics.
- pointers to user records may also be used in some implementations .
- Other modifications will be apparent to one of ordinary skill in the art having the benefit of the instant disclosure. Therefore, the invention is not limited to the particular implementations discussed herein.
- FIG. 1 illustrates a networked computer system 10 incorporating a dynamic group management system 12 consistent with the invention.
- Computer system 10 is illustrated as multi-platform, cross-enterprise computer system including one or more hub computers 14 coupled to one or more spoke computers 16 distributed among several enterprises (e.g., enterprises A-D).
- Each enterprise may represent any number of business organizations, whether non-profit or for-profit, and may represent an individual or a non-business organization as well.
- Each enterprise may represent a single geographical location or multiple geographical locations.
- dynamic group management may be limited to a single enterprise, whether in a single location or in multiple locations.
- a dynamic group management system may be implemented within one or more specific enterprises, the individuals represented within a dynamic group need not be associated or affiliated with any particular enterprise (e.g., in the case of direct marketing groups, where individuals may be unrelated to the enterprise(s) seeking to market to them).
- Hub and spoke computers 14, 16 may be interconnected via practically any known networking technology, including local-area, wide-area, public and/or private networks, and using any number and combination of known topologies and protocols.
- network interconnects 18 are illustrated as coupling different spoke computers 16 to hub computer 14, whether be it through private means (e.g., dial-up connections) or through public means (e.g., via the Internet, represented at 20).
- any number of additional computers and other devices may be networked into networked computer system 10 as is well known in the art.
- administration of dynamic group management system 12 may be performed via one or more group administration workstations 22 coupled to a hub or spoke computer 14, 16.
- individuals that participate as members of a dynamic group may be accessible via client computers distributed across one or more enterprises and/or over the Internet (not shown in Fig. 1).
- dynamic group management system 12 incorporates a hub group manager program 30 that accesses a user database 32 and a group database 34 resident on hub computer 14.
- Hub group manager program 30 manages the creation, modification, deletion and access to dynamic groups in a manner that will become more apparent below.
- User database 32 includes a plurality of user records 36 that maintain information on individuals suitable for being incorporated into dynamic groups. User records 36 may also be used for other applications as is well known in the art. Any number of database environments and/or directory environments may be used to implement user database 32, e.g., Lotus Notes, Microsoft Exchange, Windows NT, an LDAP Directory, Novell NDS, other directory and/or address book databases, proprietary databases, etc.
- Group database 34 includes a plurality of master group records 38 that maintain information about the various dynamic groups managed by dynamic group management system 12. Any of the aforementioned database environments suitable for use with user database 32 may be used for group database 34. Moreover, in some implementations master group records 38 and user records 36 may be managed in the same database.
- LDAP Lightweight Directory Access Protocol
- Each spoke computer typically includes a spoke group manager 40 that is interfaced with a local user database 42 and group database 44, within which is respectively maintained user records 46 and group mirror records 48. While the principal dynamic group management components are illustrated in only one of spoke computers 16 in Fig. 1, it will be appreciated that generally all such computers 16 incorporate the same or similar components. Of course, in some implementations, the various spoke computers distributed within a system need not be identical in software or hardware design.
- some or all of the user records 46 maybe duplicates or mirrors of user records 36 stored in the hub computer.
- the user records 46 may be completely different, and correspond, for example, to only those users that are managed by the particular spoke computer or domain or enterprise within which such spoke computer resides.
- the group mirror records 48 in each spoke computer are mirrored (i.e., at least partially replicated) copies of the master group records 38.
- the group- related data in a master group record that is relevant to a particular dynamic group is typically replicated to all group mirror records.
- the group mirror records 48 may include only the identifications of the user records that are managed by that spoke computer. In other embodiments, however, the group mirror records may store the identifications of all user records that are members of a dynamic group, regardless of domain or enterprise. Groups may be local, i.e., unique to a single platform and not referenceable within another group, or they may be global, in which case they are universally available in the group management complex supported, and may be included within other groups.
- each of spoke databases 42, 44 may be implemented using any number of database environments, e.g., LDAP-compatible directory environments. Moreover, user and group mirror records 46, 48 may be maintained within the same database in a particular spoke computer. Furthermore, as will become more apparent below, the native environment for each database 42, 44 can vary between any given hub and spoke computers. Thus, for example, even if the hub computer or one or more spoke computers utilizes a Lotus Notes database, a spoke computer in another domain in the same enterprise, or even within another enterprise, may utilize another database environment, e.g., a Microsoft Windows NT LDAP Directory.
- a spoke computer in another domain in the same enterprise, or even within another enterprise may utilize another database environment, e.g., a Microsoft Windows NT LDAP Directory.
- dynamic group management system 12 may be limited to use in a single computer, within a single domain, utilizing a single database environment and controlled by a single enterprise, in other embodiments, such a system may be distributed among multiple hub and/or spoke computers and or may be multi-platform, multi- enterprise, and/or multi-domain in nature.
- a synchronizer program (e.g., synchronizer programs 50, 52 on hub and spoke computers 14, 16) is used.
- the synchronizer program(s) perform a number of useful functions, including maintaining synchronization between the respective user and group records on hub and spoke computers, as well as updating group memberships to reflect changes made to the user records in the user databases.
- the synchronizer program(s) may be configured to perform various tasks on a periodic basis, or may be configured to perform certain tasks in response to certain events. For example, an update to a dynamic group may be triggered by an addition or deletion of a user record in a user database.
- a number of commercially available database synchronization tools maybe used to implement the synchronizer program(s) 50.
- the InJoin Meta-Directory product from Critical Path of San Francisco, CA (among others) may be used to perform the necessary synchronization between the databases utilized by dynamic group management system 12.
- a proprietary solution may be used. In either event, configuration of a synchronizer program to perform the necessary synchronization functions described herein would be within the abilities of one of ordinary skill in the art having the benefit of the instant disclosure.
- Utilization of dynamic group management system 12 is typically via one or more application programs (e.g., application programs 54, 56 shown resident on hub and spoke computers 14, 16) having access to services provided by the group manager programs 30, 40.
- application programs e.g., application programs 54, 56 shown resident on hub and spoke computers 14, 16
- group manager programs 30, 40 may access group manager programs 30, 40, e.g., electronic messaging application programs, security management application programs, software distribution application programs, content management application programs, etc.
- various operating system components may access the aforementioned services consistent with the invention.
- An application program may access a dynamic group via a group manager service either on the same or a different computer from that which the application program resides.
- FIG. 2 illustrates in another way an exemplary hardware and software environment for an apparatus 60 consistent with the invention.
- apparatus 60 may represent practically any type of computer, computer system or other programmable electronic device, including a client or desktop computer, a workstation, a server computer, a portable computer, a handheld computer, an embedded controller, etc.
- Apparatus 60 will hereinafter also be referred to as a "computer", although it should be appreciated the term “apparatus” may also include other suitable programmable electronic devices consistent with the invention.
- Computer 60 typically includes at least one processor 61 coupled to a memory 62.
- Processor 61 may represent one or more processors (e.g., microprocessors), and memory 62 may represent the random access memory (RAM) devices comprising the main storage of computer 60, as well as any supplemental levels of memory, e.g., cache memories, non-volatile or backup memories (e.g., programmable or flash memories), read-only memories, etc.
- RAM random access memory
- memory 62 may be considered to include memory storage physically located elsewhere in computer 60, e.g., any cache memory in a processor 61, as well as any storage capacity used as a virtual memory, e.g., as stored on a mass storage device 65 or on another computer coupled to computer 60 via network interface 66.
- Computer 60 also typically receives a number of inputs and outputs for communicating information externally.
- computer 60 may include one or more user input/output devices 63 (e.g., a keyboard, a mouse, a trackball, a joystick, a touchpad, a display device such as a CRT monitor or LCD display panel, a speaker, etc.
- user input may be received via another computer interfaced with computer 60 through a workstation controller 64, or over a network via network interface 66.
- computer 60 may also include one or more mass storage devices 65, e.g., a floppy or other removable disk drive, a hard disk drive, a direct access storage device (DASD), an optical drive (e.g., a CD drive, a DVD drive, etc.), and/or a tape drive, among others.
- mass storage devices 65 e.g., a floppy or other removable disk drive, a hard disk drive, a direct access storage device (DASD), an optical drive (e.g., a CD drive, a DVD drive, etc.), and/or a tape drive, among others.
- computer 60 may include an interface 66 with one or more networks (e.g., a LAN and/or WAN 74, and/or the Internet 20, among others) to permit the communication of information with other computers.
- network e.g., a LAN and/or WAN 74, and/or the Internet 20, among others
- computer 60 typically includes suitable analog and/or digital interfaces between processor 61 and each of components
- Computer 60 operates under the control of an operating system 70, and executes or otherwise relies upon various computer software applications, components, programs, objects, modules, data structures, etc.
- Fig. 2 illustrates an application of computer 60 as a hub computer as described above (similar components would be resident in a spoke computer as described above in connection with Fig. 1), including for example, hub group manager program 30, synchronizer program 50 and application program 54 resident in memory 61, and user and group databases 32, 34 shown resident in mass storage 65 (and further shown implemented within a combined LDAP-compatible database 72).
- various applications, components, programs, objects, modules, etc. may also execute on one or more processors in another computer coupled to computer 60 via a network, e.g., in a distributed or client-server computing environment, whereby the processing required to implement the functions of a computer program may be allocated to multiple computers over a network.
- routines executed to implement the embodiments of the invention whether implemented as part of an operating system or a specific application, component, program, object, module or sequence of instructions will be referred to herein as "computer programs", or simply “programs".
- the computer programs typically comprise one or more instructions that are resident at various times in various memory and storage devices in a computer, and that, when read and executed by one or more processors in a computer, cause that computer to perform the steps necessary to execute steps or elements embodying the various aspects of the invention.
- signal bearing media include but are not limited to recordable type media such as volatile and non-volatile memory devices, floppy and other removable disks, hard disk drives, magnetic tape, optical disks (e.g., CD-ROM's, DVD's, etc.), among others, and transmission type media such as digital and analog communication links.
- signal bearing media include but are not limited to recordable type media such as volatile and non-volatile memory devices, floppy and other removable disks, hard disk drives, magnetic tape, optical disks (e.g., CD-ROM's, DVD's, etc.), among others, and transmission type media such as digital and analog communication links.
- various programs described hereinafter may be identified based upon the application for which they are implemented in a specific embodiment of the invention. However, it should be appreciated that any particular program nomenclature that follows is used merely for convenience, and thus the invention should not be limited to use solely in any specific application identified and/or implied by such nomenclature.
- User record 36 maybe implemented, for example, using an extended LDAP record object such as an extended object based upon the LDAP InetOrgPerson object class, which is well known in the art.
- the extended record object 36 therefore includes a plurality of LDAP-defined attributes 80, with the addition of one or more extension attributes 82 representing additional attributes suitable for use in networked computer system 10, in particular to support dynamic groups consistent with the invention.
- a conventional LDAP InetOrgPerson object may be extended with one or more attributes for which it is desirable to distinguish users and thus permit the selection of members from the user space.
- Figs. 4-6 next illustrate a number of routines executed by a dynamic group management system to install dynamic group functionality in a distributed, multi- enterprise computer environment, which will also be referred to hereinafter as an Extended Enterprise Community (EEC).
- EEC Extended Enterprise Community
- an extended community of users spanning multiple enterprises are capable of being linked together into groups that span the digital boundaries of different domains and enterprises.
- a group hub representing the master site from which groups are defined.
- Fig. 4 illustrates an establish group hub routine 140 which is executed to initialize dynamic groups on a hub computer.
- Routine 140 begins in block 142 by installing a hub group manager application on the hub computer.
- block 144 determines whether an LDAP directory is installed. If not, control passes to block 146 to install the LDAP directory. Control then passes to block 148 to add the aforementioned extension fields to the LDAP schema. Alternatively, if block 144 determines that the LDAP directory is already installed, block 146 is bypassed, and control passes directly to block 148.
- block 150 creates a group in the Group of Names object class defined by the LDAP standard to hold the name of hub administrators of the application at the hub computer.
- block 152 creates a spoke administrator group to be used to hold the names of the spoke administrators for the system.
- the hub and spoke administrator groups may be enumerated groups under the LDAP standard.
- block 154 adds one or more administrators to the hub administrator group, with such administrators granted the authority to create groups, add other group administrators and add spokes and spoke administrators.
- the administrators defined in block 154 are referred to as group hub administrators.
- Fig. 5 next illustrates the process for establishing a group spoke in another computer domain or enterprise.
- Fig. 5 illustrates an establish group spoke routine 160 that begins in block 162 by installing a spoke group manager application on a spoke computer within the target computer environment within which a group spoke is desired.
- block 164 determines whether an LDAP directory is currently installed on the spoke. If not, control passes to block 166 to install the LDAP directory. Otherwise, if the LDAP directory is already installed on the spoke, block 166 is bypassed.
- block 168 grants authority to the group hub administrator for interacting with the group spoke infrastructure.
- the group administrator is granted read authority on the InetOrgPerson object class, and granted create/read/update/delete authority on the Group of Names object class.
- the aforementioned extension fields are added to the LDAP schema on the group spoke.
- the newly-created group spoke is added to the group spoke table in the group or application.
- the group spokes may be considered to be domains that hold users and attributes about the users, and that are the basis for providing user data that may be used in group inclusion rules. Additionally, as described above, each group spoke may have groups "pushed" to it by the group hub.
- one or more administrators are added to the spoke administration group.
- all group spoke administrators have full group management privileges for all group spoke computers registered to them.
- a prefix for each spoke computer is created and added to a master prefix table. It is intended that all groups created by the spoke administrator will have this prefix as a standard part of its group name.
- Routine 160 is then complete, resulting in the establishment of a group spoke on one of the spoke computers in the networked computer system. It will be appreciated that routine 160 may be executed for each domain or enterprise for which it is desired to add a group spoke.
- Fig. 6 next illustrates a create group routine 180 initiated by any user with group administrator privileges, whether a hub group administrator or a spoke group administrator.
- routine 180 is initiated through interaction by such authorized user with the appropriate hub or spoke group manager application running on the computer through which the user is interacting with the dynamic group management system.
- Routine 180 begins in block 182 by authorizing the user as a hub or spoke group administrator. It will be appreciated that if the user initiating routine 180 does not have sufficient authorization, routine 180 may be terminated prematurely. It should also be appreciated that block 182 may incorporate additional security features such as requiring the input of a password by the user to verify his or her administrator status.
- the administrator specifies the group membership rules for a new group. In the illustrated implementation, this may be performed in attribute- type/attribute- value pairs, e.g., through the selection of appropriate values from among a fixed set of available values for each attribute. As such the establishment of rules may be made through a graphical user interface incorporating controls such as radio buttons, list boxes, check boxes and the like.
- the membership rules defined in block 184 are a membership domain list and a membership criterion.
- the membership domain list includes the domains from which users can be selected. Typically, if no domain is specified, all users in the extended enterprise community will be available for inclusion, with the specified membership criterion applied to all domains.
- the membership criterion reflects the attribute types and values that are the basis for group inclusion by users. Any of the attributes, or a combination thereof, may be utilized in a group membership criterion consistent with the invention. Moreover, at this time logic rules, e.g., Boolean connectors, may be specified.
- block 186 defines the group distribution rules, which specifies where the group is to be distributed.
- the options may include leaving the group exclusively in the hub. It should be appreciated, that even with the group maintained within the hub, spoke computers, as well as other user computers distributed throughout a networked computer system, may still access the hub computer to utilize the created group.
- an administrator may specify that a group is distributed to all spokes in the EEC. Moreover, in some embodiments it may be desirable to permit an administrator to select to which specific spokes the group should be distributed.
- block 188 defines group synchronization rules, which specifies when a group is to be distributed and updated.
- group synchronization rules which specifies when a group is to be distributed and updated.
- an event-based synchronization may be selected to permit near real-time synchronization of hub and spoke group records in response to changes made throughout the system.
- synchronization may be triggered upon modifications to one or more user records in a hub and/or spoke user database.
- Synchronization may also be triggered based upon changes to a group data structure in either or both of a hub or spoke group record (e.g., changing the domain list, the synchronization and/or distribution rules, and/or the membership criterion).
- Other events for example a predetermined synchronization schedule, or realtime "synch now" command, may be used to trigger synchronization and dynamic update of a dynamic group consistent with the invention.
- Another alternative for group distribution is that of periodic distribution, whereby group records present on the hub and spoke computers are synchronized at predetermined intervals. Moreover, it should be appreciated that different periodic intervals may be specified for dynamically updating group membership and synchronizing hub and spoke group records.
- Another option for distributing groups is a one-time distribution, whereby spoke computers are initially pushed the initial group record for a dynamic group, with no further synchronization performed until manually specified by an administrator.
- Such a configuration may be desirable when dynamic group functionality is used solely to facilitate the initial creation of a large group.
- block 190 filters the LDAP directories in each of the group domains (hubs and spokes) using the membership criterion defined for the group, e.g., using a known filtering process to return identifiers or keys to the matching directory entries. As such, the person objects in the hub and selected spokes are scanned and filtered based upon the membership criterion.
- block 192 instantiates the group object in the hub, and populates the hub with the membership domain list, the membership criterion, the group distribution rules, the group synchronization rules, and a list of identifiers for the users that initially satisfy the membership criterion within the specified membership domains.
- block 194 replicates the group record to the designated spoke environments based upon the distribution and synchronization criteria.
- block 196 then creates any delegates for group administration as specified by the administrator that has created the group, and routine 180 is then complete. It should be appreciated that the designation of delegates for either group, hub or spoke administration may be optional in some environments.
- synchronization is performed at the intervals described above. Such synchronization may be performed via proprietary routines. In the alternative, the aforementioned synchronizer application may be utilized to perform such synchronization. As a component of synchronization, dynamic updates of the group and/or spoke group memberships may be performed simply by performing the aforementioned LDAP filtering and selection operation based upon the current settings for a particular group (e.g., as described above in connection with block 190 of Fig. 6).
- each group manager e.g., group managers 34, 40 of Fig. 1
- a dynamic group management system such that the dynamic functionality implemented within the herein-described dynamic groups is effectively hidden from end users.
- the dynamic groups may be used and interacted with in the same manner as enumerated groups.
- retrieval of group members, and other group-related functions known in the art may be performed by a user interacting with a dynamic group consistent with the invention.
- dynamic groups described herein have a wide variety of applications, a number of specific exemplary applications are described hereinafter, starting with a security management application in which authorization to computer resources is controlled based upon a user's membership in a dynamic group.
- Other applications including software distribution, content management, and electronic messaging, are also described hereinafter.
- Figs. 7-8 illustrate one exemplary application of dynamic groups in implementing security management functionality throughout a multi-enterprise/multi-domain computer environment.
- the LDAP InetOrgPerson object class is extended to incorporate the attributes listed below in Table I.
- the extended attributes are distinguished from conventional LDAP attributes by virtue of an "Ext" prefix on the attribute identifier.
- any number and combination of the listed attributes may be utilized in defining the membership criterion for a dynamic group, including attributes in areas such as location, user employment status, user interests, user capabilities, user education, etc.
- attributes in areas such as location, user employment status, user interests, user capabilities, user education, etc.
- other combinations of attributes may be added to an LDAP object depending upon the desired application and bases for selecting users into dynamic groups.
- the user and group databases are integrated into a common LDAP-based directory database.
- a database schema should be designed to support the concepts of users and groups.
- One such suitable database schema is
- Fig. 7 100, suitable for use in the security management application described hereinafter, is illustrated in Fig. 7, and includes a plurality of tables 102-134.
- Table 102 stores user information, and is formatted as shown in Table II:
- Table 104 stores information about which users are in which security groups, and is formatted as shown in Table III:
- Table 106 stores information about security groups, and is formatted as shown in Table IV:
- Table 108 stores information about which users are delegates of which security groups, and is formatted as shown in Table V:
- Table 110 stores information about which global groups are in which local groups, and is formatted as shown in Table VI:
- Table 112 stores information about domains, and is formatted as shown in Table VII. TABLE VII: gds__t_Domain
- Table 114 stores information about which security groups exist on which domains, and is formatted as shown in Table VIII:
- Table 116 stores information about security group definition criteria, and is formatted as shown in Table IX:
- Table 118 stores information about attribute types, e.g., "Organization,” and is formatted as shown in Table X:
- Table 120 stores information about which users can maintain attribute pick lists, and is formatted as shown in Table XI:
- Table 122 stores information about which attribute values are associated with which user, and is formatted as shown in Table XII:
- Table 124 stores information about valid attribute values associated with attribute type, and is formatted as shown in Table XIII:
- Table 126 stores audit information about which users/global group is added and deleted from which security group, and is formatted as shown in Table XIV: TABLE XIV: ds t Grou Membershi s Lo
- Table 128 stores auditing information about the creation and deletion of security groups on different domains, and is formatted as shown in Table XV:
- Table 130 stores information about error messages that need to be displayed by the application for different errors, and is formatted as shown in Table XVI:
- Table 132 stores system parameters that are used by the application, and is formatted as shown in Table XVII:
- Table 134 stores information on reports and reporting access, and is formatted as shown in Table XVIII:
- an LDAP hub directory 202 is populated with one or more group policies 204, representing the group configuration information described above, e.g., group membership criterion, domain selection criterion, distribution and synchronization rules, group ID, etc.
- group policies 204 representing the group configuration information described above, e.g., group membership criterion, domain selection criterion, distribution and synchronization rules, group ID, etc.
- Each group policy also includes security authorization information representative of the permitted and/or prohibited activities to be associated with the members of each group.
- user data 206 corresponding to one or more users is entered into the LDAP directory to create one or more user records representative of users capable of being authorized via security management.
- one or more groups are created based upon desired group policies, and selected users are dynamically added to the new groups based upon the membership criteria associated with the various new groups (as described above in connection with Fig. 6).
- the result of block 208 is the addition of new groups to the LDAP directory, now represented at 210.
- the dynamic groups maintained in directory 210 may be pushed to one or more application-specific directories, and/or to one or more spoke directories.
- direct lookups to the hub directory 210 may simply be supported, e.g., via remote procedure calls or remote object invocations.
- ACL Access Control List
- Each ACL typically includes a resource identifier, representing the resource(s) begin protected; a privilege identifier, representing what actions are permitted on the specified resource(s); and a list of authorized entities capable of accessing the specified resource(s) with the specified permitted actions.
- the list includes a group ID for the dynamic group(s) to be associated with the ACL.
- Other entities such as individuals and enumerated groups, may also be associated with an ACL as well.
- the application accesses the security management system to retrieve the ACL associated with that action.
- the requested action will be permitted if the user is authenticated as having the appropriate rights based upon the appropriate ACL.
- the rights will be based upon a determination that the user is a member of a dynamic group having the appropriate authorization on an associated ACL. Otherwise, permission for the requested action is denied.
- Fig. 9 next illustrates another exemplary implementation of the invention in a content management system 220, i.e., to control the distribution of content to a user based upon the user's membership within a dynamic group.
- an LDAP hub directory 222 is populated with one or more group policies 224, representing the group configuration information described above, e.g., group membership criterion, domain selection criterion, distribution and synchronization rules, group ID, etc.
- user data 226 corresponding to one or more users is entered into the LDAP directory to create one or more user records representative of users capable of being authorized via content management.
- one or more groups are created based upon desired group policies, and selected users are dynamically added to the new groups based upon the membership criteria associated with the various new groups.
- the result of block 228 is the addition of new groups to the LDAP directory, now represented at 230.
- the dynamic groups maintained in directory 230 may be pushed to one or more spoke directories.
- direct lookups to the hub directory 230 may simply be supported, e.g., via remote procedure calls or remote object invocations.
- a content subscription process 234 that maps various content items to various dynamic groups. Each mapping may also include the specified permitted and restricted actions for the content.
- the application accesses the content management system to determine whether the specified user is a member of a dynamic group mapping to the specified content. If so, the content is distributed. Otherwise, distribution is prohibited.
- Fig. 10 next illustrates yet another exemplary implementation of the invention in an electronic messaging or groupware system 240, i.e., to address messages to multiple users based upon those users' membership within a dynamic group.
- an LDAP hub directory 242 is populated with one or more group policies 244, representing the group configuration information described above, e.g., group membership criterion, domain selection criterion, distribution and synchronization rules, group ID, etc.
- user data 246 corresponding to one or more users is entered into the LDAP directory to create one or more user records representative of users capable of being authorized via content management.
- one or more groups are created based upon desired group policies, and selected users are dynamically added to the new groups based upon the membership criteria associated with the various new groups.
- the result of block 248 is the addition of new groups to the LDAP directory, now represented at 250.
- the dynamic groups maintained in directory 250 may be pushed to one or more spoke or e-mail directories.
- direct lookups to the hub directory 250 may simply be supported, e.g., via remote procedure calls or remote object invocations.
- an e-mail tool 254 may select one or more groups and/or users from the directory for inclusion in an electronic message, in a manner generally known in the art.
- the e-mail administrator may also configure the dynamic group management system to do direct LDAP lookups or have the dynamic groups pushed into the email directory.
- Fig. 11 next illustrates another exemplary implementation of the invention in a software distribution system 260, i.e., to control the distribution of software to a user based upon the user's membership within a dynamic group.
- an LDAP hub directory 262 is populated with one or more group policies 264, representing the group configuration information described above, e.g., group membership criterion, domain selection criterion, distribution and synchronization rules, group ID, etc.
- user data 266 corresponding to one or more users is entered into the LDAP directory to create one or more user records representative of users capable of being authorized via content management.
- one or more groups are created based upon desired group policies, and selected users are dynamically added to the new groups based upon the membership criteria associated with the various new groups.
- the result of block 268 is the addition of new groups to the LDAP directory, now represented at 270.
- the dynamic groups maintained in directory 270 may be pushed to one or more spoke directories.
- direct lookups to the hub directory 270 may simply be supported, e.g., via remote procedure calls or remote object invocations.
- mappings are provided to an electronic software distribution database 276, which is accessible by software distribution logic 278 that distributes software to individuals by resolving group memberships through directory group lookups via directory 272.
- Dynamic groups may therefore comprise extended bases of users, e.g., to link together various users such as buyers, purchasing agents, distributors, manufacturers, retailers, business partners, competitors, etc. to facilitate different business processes.
- Other end-use applications of dynamic groups will be apparent to one of ordinary skill in the art having the benefit of the instant disclosure. Therefore, the invention is not limited to the particular applications disclosed herein.
- One specific security management application of a dynamic group management system may be configured to have the following functionality, and may be based upon the aforementioned architecture:
- Directory services may have capability to generate and maintain groups and group memberships based on user attributes.
- the groups and memberships may be propagated to 'domains' (Notes servers, NT servers, or other 'Spoke' servers which must support LDAP) including development and production environments.
- Global group may be added to a local group by using "Global Group Name" as an attribute in group definition criteria while creating/modifying a local group definition.
- security classifications may apply to security groups:
- OPEN List group memberships for all users.
- Groups and membership may be created and maintained via a scheduled batch process, or near real time.
- Groups may be left in the 'hub' where they can be read directly, or they can be pushed to 'spoke' directories, which can exist anywhere (intranets, extranets, WWW, inside other enterprises, etc.)
- Group memberships may always be same on all domains only with the exception of a non-existent user on a particular domain.
- the following synchronization functionality may be available for synchronizing groups and memberships, created from directory, across domains and directory databases:
- the Hub Directory may be the Master for synchronization logic.
- Groups may get deleted in the directory only after they are deleted from all domains.
- Security groups may not be effective dated. But attribute changes for effective dated attributes from an organization structure may automatically alter group definitions and group memberships. 16. Group Definition Criteria:
- Group definition criteria may be based on one or more (any number) of user attributes.
- Group definition criteria may be a combination of multiple attributes with all "AND” or all “OR” conditions.
- All attributes and their values for defining criteria may be selected from predefined values.
- Partial success in creation of a group may be acceptable provided manual synchronization procedures are followed to salvage partially successful group creation scenarios.
- Partial success in group creation may be defined as (1) group is created at least on one domain and in the directory database for all domain; and (2) Creation of complete memberships in directory. If memberships are not successfully created on all domains, then synchronization tool may get memberships synchronized on different domains.
- Global groups may need to be created on all master NT and Notes domains.
- Global groups may be created only on NT master domains and can cause group creation on Notes domains.
- Local groups may be created only on NT Resource domains and can cause group creation on other domains.
- Group Admins can also specify that groups be pushed to 'spoke' directory servers.
- the InetOrgPerson Schema maybe used as a mechanism for selecting users for inclusion in a group (manual or automatic). This implies that the Hub directory has read accesses to 'spoke' directories, and may be managed as a manual work process.
- the GroupofNames Object Class may be used as the target for creating groups. This implies that the Hub directory has write accesses to 'spoke' directories, which may be managed as a manual work process.
- Modifying group definition criteria may change group memberships accordingly.
- Modifying group definition criteria may generate audit log reflecting all the changes caused by changing the group definition criteria.
- Modifying or deleting an attribute value associated with a user may result in changing group membership during a batch transaction for that user.
- Changing global group definition criteria may generate a report of local groups affected by the change. This report and new rule for the global group definition may be communicated to group owners and delegates of the affected local group.
- Groups may not be deleted from directory database until deleted from all domains.
- Deleting a global group may generate a report of local groups affected by the deletion. This report will may be communicated to group owners and delegates of the affected local groups.
- Deleting memberships may delete memberships in directory first and then on the domains. Synchronization maybe done in case of partial success in deleting memberships. 20. Attribute Types and Attribute Values:
- attribute type owner may own attribute types and the pick list values associated with the attribute types he/she owns.
- attribute type owner may modify or delete attribute types and pick list values that he/she owns.
- HR may assign or remove HR-related attribute values associated with users.
- Attribute types and attribute values may be deleted even if they are assigned to a user.
- Group membership may be adjustable accordingly for the user via a batch process.
- Attribute types or attribute values may be deleted even if they are used in the group definition criteria.
- the group definition and group memberships for the groups using the deleted attribute type/value may then be altered.
- the group may not be deleted even if there does not exist any members in the group. Notification may need to be sent to owners and delegates of altered groups.
- security groups may be created for following criteria:
- Transferring group ownership may retain the delegates on the group.
- Delegates may not manage other delegates.
- the aforementioned exemplary security management application may include a Group Management Service (GMS) program and a Group Synchronizer Service (GSSYNC) program that cooperatively are used to dynamically update dynamic groups consistent with the invention.
- the GMS program may be responsible for maintenance of groups, and may generally operate by reading command-requests in a Global Directory Services (GDS) database functioning as a hub directory, and acting upon the commands, making group changes against the hub directory. Such changes may then be pushed out, selectively, to specific domains (e.g. Windows NT, Lotus Domino, ORACLE, or other LDAP directories functioning as spoke directories.
- GDS Global Directory Services
- Commands to the GMS program may be made by users via a thin-client (user- interface) component of the GDS system. Command-requests may be read, in turn, by GMS and transformed or deleted to acknowledge acceptance of the commands.
- the GMS may modify the groups and group membership on platforms (e.g., Notes and NT domains) as well as spoke directory servers, and record their states in the GDS database. For example, the status attributes discussed above in connection with Fig. 7 may be used to identify records to be operated upon by the GMS program, e.g., with a status of 0 when active and processed, and a status o 0 when some processing is required.
- the GMS program may be scheduled or near real-time, and may be implemented as a multi-threaded service that processes group changes and group memberships based on configurable parameters.
- the GSSYNC program may be configured as a process that operates in conjunction with the GMS program, but at a lower priority, running only run when the GMS program is not running. If the GSSYNC program is running when the GMS program begins execution, it may request that the GSSYNC program suspend or terminate itself to prevent potential group and membership conflicts between the two processes.
- a principal responsibility of the GSSYNC program may be to ensure that groups and their memberships are consistent with respect to the GDS database and the attendant domains.
- the GSSYNC program may be a configurable, multi-threaded service that processes an unlimited number of group and group membership changes per hour, by scaling that service through replication.
- the GMS logic typically executes sequentially. However, for certain operations, the GMS program may spawn and synchronize multiple threads of execution to hasten adjustment of group membership lists. Additional worker threads may also be spawned to adjust group membership.
- the GMS program may be configured to execute the following steps each time it is scheduled to run:
- the GMS program typically runs more frequently than the GSSYNC program, e.g,. once per hour vs. once per week.
- the GMS and GSSYNC programs are typically mutually exclusive, with the GMS program having higher priority.
- the GMS program wishes to run but finds that the GSSYNC program is running, it should issue a request for the GSSYNC program to either suspend or shut down, and then retry the operation.
- this logic prevents multiple instances of the GMS program from executing simultaneously.
- del grp definition del grp members del grp delegates if local grp del grp hierarchy (global grps that may belong) endif for domains in which grp exists if grp global for any local grps possessing global grp del global group membership on domain endif del grp from domain del grp mapping for domain log delete/result code next if no errors del grp del grp hierarchy endif next
- This section honors command requests to remove a group from a domain, where a domain is a target platform(e.g. NT or Notes Domino, or a spoke directory based on LDAP or other technologies). This task applies to both global and local groups.
- a domain is a target platform(e.g. NT or Notes Domino, or a spoke directory based on LDAP or other technologies). This task applies to both global and local groups.
- the membership generation process is initiated by a set of 'deltas' (or changes to the desired group membership). Members to be removed are signified by a group membership status value of 2; members to be added are denoted by a group membership status of 1.
- This section honors requests to add a group to a domain. This task applies to both global and local groups.
- Global groups may be permitted to be members of local groups (the converse is typically not true, however); it may be desirable to remove global groups from local groups, as follows.
- the GMS program may release its 'lock' for GSSYNC program.
- the GSSYNC program is permitted to execute, honoring only active groups and memberships (status value set to 0).
- GSSYNC logic may execute sequentially. However, for certain operations, GSSYNC program may be configured to spawn and synchronize multiple threads of execution to hasten adjustment of group membership lists. As needed, worker threads can be spawned to adjust group membership.
- the GSSYNC process may be configured to execute the following steps each time it is scheduled to run:
- the GSSYNC program is required to verify the GMS program is not currently running.
- This section determines whether all GDS global groups actually exist on all master domains. If they are not all present, GSSYNC program will create the groups on the appropriate domains.
- This section determines whether all GDS local groups actually exist on the specified domains. If they are not all present, the GSSYNC program may create the local groups on the appropriate domains.
- This section synchronizes the membership of global groups based upon the membership lists maintained by the GDS.
- This section synchronizes the membership of local groups based upon the membership lists maintained by the GDS.
- the GSSYNC program After executing the sequence of operations, the GSSYNC program will release its 'lock' for GMS.
- the GSSYNC program may execute a background thread that polls the GMS program synchronizer lock. If the GMS program synchronizer lock is set (indicating that the GMS program is requesting that GSSYNC program terminate), the GSSYNC program may terminate itself after safely finishing its current operation.
- the GMS and GSSYNC modules may not be configured to talk to the domains or directory services database directly. Instead, they may share domain and GDS database services which reside in a separate API.
- the following API functions may be provided for shared use by the GMS and GSSYNC modules:
- High-Level Services Group_ins - creates a group from any domain, records in GDS Group_del - deletes a group from any domain, records in GDS Member_ins - adds a member to a group, records in GDS Member_del - deletes a member from a group, records in GDS Group_list - lists groups present on any domain Member_list - lists members present on any domain
- SQL - retrieves information based upon a SQL query from GDS
- NO_group_ins - adds a group to a Notes domain
- NO_group_del - deletes a group from a Notes domain
- NO_group_list - retrieves list of groups from Notes domain
- NO_member_ins - adds a member to a Notes domain
- NO_member_del - deletes a member from a Notes domain
- NO_meniber_list - retrieves list of group members from Notes domain
- NT_group__ins adds a group to an NT domain NT_group_del - deletes a group from an NT domain NT_group__list - retrieves list of groups from NT domain NT_member_ins - adds a member to an NT domain NT_member_del - deletes a member from an NT domain NT_member_list - retrieves list of group members from NT domain
- SPT_group_ins - adds a group to a spoke directory
- SPT_group_del - deletes a group from a spoke directory
- SPT_group_list - retrieves list of groups a spoke directory
- SPT_member_ins - adds a member to a spoke directory
- SPT_member_del - deletes a member from a spoke directory
- SPT_member_list - retrieves list of group members from a spoke directory
- Arguments for the API functions typically vary based upon domain and required functionality (e.g., NT group functions will take a BOOL flag indicating global/local group status).
- Notes functions will typically automatically compensate for canonical naming issues (e.g., adding a member via NO_member_ins will automatically add a short and a long - canonical - name to the membership list).
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP02739805A EP1405218A1 (en) | 2001-06-18 | 2002-06-11 | Dynamic group generation and management |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/883,732 | 2001-06-18 | ||
US09/883,732 US6671695B2 (en) | 2001-06-18 | 2001-06-18 | Dynamic group generation and management |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2002103570A1 true WO2002103570A1 (en) | 2002-12-27 |
Family
ID=25383219
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2002/018344 WO2002103570A1 (en) | 2001-06-18 | 2002-06-11 | Dynamic group generation and management |
Country Status (3)
Country | Link |
---|---|
US (1) | US6671695B2 (en) |
EP (1) | EP1405218A1 (en) |
WO (1) | WO2002103570A1 (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005004005A1 (en) * | 2003-07-07 | 2005-01-13 | Simworks International Limited | System and method for determining relationships between users of a network system |
WO2005116882A1 (en) | 2004-05-25 | 2005-12-08 | International Business Machines Corporation | Method and system for information distribution |
DE102005053914A1 (en) | 2005-11-11 | 2007-07-12 | Infineon Technologies Ag | Push-to-talk over cellular communication system for taxi central office, has server unit to transmit list of additional communication service client units that fulfill criterion to client unit, which provides service e.g. taxi service |
WO2008044225A2 (en) * | 2006-10-13 | 2008-04-17 | Alcatel Lucent | Network service usage management systems and methods using a group manager |
AU2003213262B2 (en) * | 2002-04-08 | 2009-06-11 | Oracle International Corporation | Hierarchical org-chart based email mailing list maintenance |
US7653711B2 (en) | 2003-05-23 | 2010-01-26 | International Business Machines Corporation | Method and system for information distribution |
US8190642B2 (en) | 2004-11-18 | 2012-05-29 | International Business Machines Corporation | Method, system, and storage medium for implementing intelligent team management services |
US8892747B2 (en) | 2005-02-17 | 2014-11-18 | Intel Mobile Communications GmbH | Management of dynamic groups in a communication system |
US10594775B2 (en) | 2013-10-14 | 2020-03-17 | International Business Machines Corporation | Groupware management |
US11032356B2 (en) | 2013-10-14 | 2021-06-08 | International Business Machines Corporation | Groupware management |
Families Citing this family (220)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7389351B2 (en) * | 2001-03-15 | 2008-06-17 | Microsoft Corporation | System and method for identifying and establishing preferred modalities or channels for communications based on participants' preferences and contexts |
US7103806B1 (en) | 1999-06-04 | 2006-09-05 | Microsoft Corporation | System for performing context-sensitive decisions about ideal communication modalities considering information about channel reliability |
US7117239B1 (en) | 2000-07-28 | 2006-10-03 | Axeda Corporation | Reporting the state of an apparatus to a remote computer |
US7197555B1 (en) * | 2000-09-13 | 2007-03-27 | Canon Kabushiki Kaisha | Directory server tracking tool |
US8108543B2 (en) | 2000-09-22 | 2012-01-31 | Axeda Corporation | Retrieving data from a server |
US7185014B1 (en) | 2000-09-22 | 2007-02-27 | Axeda Corporation | Retrieving data from a server |
US7937655B2 (en) | 2000-12-22 | 2011-05-03 | Oracle International Corporation | Workflows with associated processes |
US7363339B2 (en) | 2000-12-22 | 2008-04-22 | Oracle International Corporation | Determining group membership |
US7349912B2 (en) | 2000-12-22 | 2008-03-25 | Oracle International Corporation | Runtime modification of entries in an identity system |
US8015600B2 (en) | 2000-12-22 | 2011-09-06 | Oracle International Corporation | Employing electronic certificate workflows |
US7213249B2 (en) | 2000-12-22 | 2007-05-01 | Oracle International Corporation | Blocking cache flush requests until completing current pending requests in a local server and remote server |
US7802174B2 (en) | 2000-12-22 | 2010-09-21 | Oracle International Corporation | Domain based workflows |
US7711818B2 (en) | 2000-12-22 | 2010-05-04 | Oracle International Corporation | Support for multiple data stores |
US7475151B2 (en) * | 2000-12-22 | 2009-01-06 | Oracle International Corporation | Policies for modifying group membership |
US7251696B1 (en) | 2001-03-15 | 2007-07-31 | Microsoft Corporation | System and methods enabling a mix of human and automated initiatives in the control of communication policies |
US6988132B2 (en) * | 2001-03-15 | 2006-01-17 | Microsoft Corporation | System and method for identifying and establishing preferred modalities or channels for communications based on participants' preferences and contexts |
US7330895B1 (en) | 2001-03-15 | 2008-02-12 | Microsoft Corporation | Representation, decision models, and user interface for encoding managing preferences, and performing automated decision making about the timing and modalities of interpersonal communications |
US6785686B2 (en) * | 2001-05-29 | 2004-08-31 | Sun Microsystems, Inc. | Method and system for creating and utilizing managed roles in a directory system |
GB2378349A (en) * | 2001-07-28 | 2003-02-05 | Dresdner Kleinwort Wasserstein | A system for managing a computer network |
JP2003085345A (en) * | 2001-09-07 | 2003-03-20 | Ricoh Co Ltd | Device and method for supporting decision making, recording medium, and computer program |
US20030050986A1 (en) * | 2001-09-13 | 2003-03-13 | Matthews Charles R. | System and method for community interfaces |
EP1298515A3 (en) * | 2001-09-26 | 2004-02-04 | Siemens Aktiengesellschaft | Method for controlling access to resources of a data processing system |
US7617529B1 (en) * | 2001-11-02 | 2009-11-10 | Cisco Technology, Inc. | Robust and flexible group structure |
US7024412B1 (en) * | 2001-11-07 | 2006-04-04 | Bellsouth Intellectual Property Corp. | Systems and methods for database configuration migration |
US7433897B1 (en) | 2001-11-07 | 2008-10-07 | At&T Intellectual Property I, L.P. | Systems and methods for database registration |
US7225256B2 (en) | 2001-11-30 | 2007-05-29 | Oracle International Corporation | Impersonation in an access system |
US7254601B2 (en) | 2001-12-20 | 2007-08-07 | Questra Corporation | Method and apparatus for managing intelligent assets in a distributed environment |
US7644144B1 (en) * | 2001-12-21 | 2010-01-05 | Microsoft Corporation | Methods, tools, and interfaces for the dynamic assignment of people to groups to enable enhanced communication and collaboration |
US7305700B2 (en) | 2002-01-08 | 2007-12-04 | Seven Networks, Inc. | Secure transport for mobile communication network |
US7178149B2 (en) | 2002-04-17 | 2007-02-13 | Axeda Corporation | XML scripting of soap commands |
US7840658B2 (en) | 2002-05-15 | 2010-11-23 | Oracle International Corporation | Employing job code attributes in provisioning |
US7216163B2 (en) | 2002-05-15 | 2007-05-08 | Oracle International Corporation | Method and apparatus for provisioning tasks using a provisioning bridge server |
US20030236823A1 (en) * | 2002-06-19 | 2003-12-25 | Robert Patzer | Information sharing groups, server and client group applications, and methods therefor |
WO2004001647A1 (en) * | 2002-06-25 | 2003-12-31 | Chien Liang Chua | Networking system |
US7870240B1 (en) | 2002-06-28 | 2011-01-11 | Microsoft Corporation | Metadata schema for interpersonal communications management systems |
US7206851B2 (en) * | 2002-07-11 | 2007-04-17 | Oracle International Corporation | Identifying dynamic groups |
US7478407B2 (en) | 2002-07-11 | 2009-01-13 | Oracle International Corporation | Supporting multiple application program interfaces |
US7428592B2 (en) | 2002-07-11 | 2008-09-23 | Oracle International Corporation | Securely persisting network resource identifiers |
US7447701B2 (en) | 2002-07-11 | 2008-11-04 | Oracle International Corporation | Automatic configuration of attribute sets |
US7428523B2 (en) * | 2002-07-11 | 2008-09-23 | Oracle International Corporation | Portal bridge |
US7512585B2 (en) * | 2002-07-11 | 2009-03-31 | Oracle International Corporation | Support for multiple mechanisms for accessing data stores |
US7467142B2 (en) * | 2002-07-11 | 2008-12-16 | Oracle International Corporation | Rule based data management |
US8375113B2 (en) | 2002-07-11 | 2013-02-12 | Oracle International Corporation | Employing wrapper profiles |
US7047488B2 (en) * | 2002-07-19 | 2006-05-16 | Open Invention Network | Registry driven interoperability and exchange of documents |
US7444522B1 (en) * | 2002-09-18 | 2008-10-28 | Open Invention Network, Llc | Dynamic negotiation of security arrangements between web services |
US7636719B2 (en) * | 2002-12-19 | 2009-12-22 | Microsoft Corporation | Contact schema |
US7418663B2 (en) * | 2002-12-19 | 2008-08-26 | Microsoft Corporation | Contact picker interface |
US7240298B2 (en) | 2002-12-19 | 2007-07-03 | Microsoft Corporation | Contact page |
US7533157B2 (en) * | 2002-12-24 | 2009-05-12 | International Business Machines Corporation | Method for delegation of administrative operations in user enrollment tasks |
US7454622B2 (en) * | 2002-12-31 | 2008-11-18 | American Express Travel Related Services Company, Inc. | Method and system for modular authentication and session management |
US7853563B2 (en) | 2005-08-01 | 2010-12-14 | Seven Networks, Inc. | Universal data aggregation |
US8468126B2 (en) | 2005-08-01 | 2013-06-18 | Seven Networks, Inc. | Publishing data in an information community |
US7917468B2 (en) | 2005-08-01 | 2011-03-29 | Seven Networks, Inc. | Linking of personal information management data |
US20040135805A1 (en) * | 2003-01-10 | 2004-07-15 | Gottsacker Neal F. | Document composition system and method |
US7966418B2 (en) | 2003-02-21 | 2011-06-21 | Axeda Corporation | Establishing a virtual tunnel between two computer programs |
US20050050064A1 (en) * | 2003-08-28 | 2005-03-03 | Udo Klein | Synchronizing time-constrained data |
US7882132B2 (en) | 2003-10-09 | 2011-02-01 | Oracle International Corporation | Support for RDBMS in LDAP system |
US7904487B2 (en) | 2003-10-09 | 2011-03-08 | Oracle International Corporation | Translating data access requests |
US8453196B2 (en) | 2003-10-14 | 2013-05-28 | Salesforce.Com, Inc. | Policy management in an interoperability network |
US7409463B2 (en) * | 2003-12-04 | 2008-08-05 | International Business Machines Corporation | On-demand active role-based software provisioning |
KR100521742B1 (en) * | 2003-12-17 | 2005-10-17 | 한국전자통신연구원 | Xml database duplicating apparatus for copying xml document to remote server without loss of structure and attribute information of xml document and method therefor |
US8775654B2 (en) | 2003-12-19 | 2014-07-08 | Salesforce.Com, Inc. | Apparatus and methods for mediating messages |
JP2005259111A (en) * | 2004-01-26 | 2005-09-22 | Ricoh Co Ltd | Program, recording medium and apparatus for handling user information |
JP4643278B2 (en) * | 2004-02-04 | 2011-03-02 | 株式会社リコー | Information providing apparatus, information providing method, information providing program, and recording medium |
US7953759B2 (en) * | 2004-02-17 | 2011-05-31 | Microsoft Corporation | Simplifying application access to schematized contact data |
US7908663B2 (en) | 2004-04-20 | 2011-03-15 | Microsoft Corporation | Abstractions and automation for enhanced sharing and collaboration |
US7660824B2 (en) * | 2004-05-20 | 2010-02-09 | Bea Systems, Inc. | System and method for performing batch configuration changes |
US7529818B2 (en) * | 2004-05-20 | 2009-05-05 | Bea Systems, Inc. | System and method for performing validation of a configuration |
US8769126B2 (en) * | 2004-06-24 | 2014-07-01 | International Business Machines Corporation | Expanded membership access control in a collaborative environment |
US7340463B1 (en) * | 2004-06-25 | 2008-03-04 | Apple Inc. | Caching permissions information |
US7725605B2 (en) | 2004-08-06 | 2010-05-25 | Salesforce.Com, Inc. | Providing on-demand access to services in a wide area network |
US20060041624A1 (en) * | 2004-08-18 | 2006-02-23 | International Business Machines Corporation | System and method for distributing an electronic message |
US9645712B2 (en) | 2004-10-01 | 2017-05-09 | Grand Central Communications, Inc. | Multiple stakeholders for a single business process |
US8010082B2 (en) | 2004-10-20 | 2011-08-30 | Seven Networks, Inc. | Flexible billing architecture |
US7441271B2 (en) | 2004-10-20 | 2008-10-21 | Seven Networks | Method and apparatus for intercepting events in a communication system |
US20060095460A1 (en) * | 2004-10-29 | 2006-05-04 | International Business Machines Corporation | Systems and methods for efficiently clustering objects based on access patterns |
US7702758B2 (en) * | 2004-11-18 | 2010-04-20 | Oracle International Corporation | Method and apparatus for securely deploying and managing applications in a distributed computing infrastructure |
US7706781B2 (en) | 2004-11-22 | 2010-04-27 | Seven Networks International Oy | Data security in a mobile e-mail service |
FI117152B (en) | 2004-12-03 | 2006-06-30 | Seven Networks Internat Oy | E-mail service provisioning method for mobile terminal, involves using domain part and further parameters to generate new parameter set in list of setting parameter sets, if provisioning of e-mail service is successful |
US7395277B2 (en) * | 2005-01-25 | 2008-07-01 | International Business Machines Corporation | Content framework method |
US7685159B2 (en) * | 2005-01-25 | 2010-03-23 | International Business Machines Corporation | Creating content associations through visual techniques in a content framework system |
US7310643B2 (en) * | 2005-01-25 | 2007-12-18 | International Business Machines Corporation | Automatic capture of associations between content within a content framework system |
US20060179321A1 (en) * | 2005-02-07 | 2006-08-10 | Nigel Dawson | Method and system of applying user permissions to an application program environment |
US7877703B1 (en) | 2005-03-14 | 2011-01-25 | Seven Networks, Inc. | Intelligent rendering of information in a limited display environment |
US7793284B2 (en) * | 2005-03-25 | 2010-09-07 | Microsoft Corporation | Role based server installation and configuration |
US7353034B2 (en) | 2005-04-04 | 2008-04-01 | X One, Inc. | Location sharing and tracking using mobile phones or other wireless devices |
US8055744B2 (en) * | 2005-04-07 | 2011-11-08 | International Business Machines Corporation | Resolution of group membership for resources |
US8438633B1 (en) | 2005-04-21 | 2013-05-07 | Seven Networks, Inc. | Flexible real-time inbox access |
US7796742B1 (en) | 2005-04-21 | 2010-09-14 | Seven Networks, Inc. | Systems and methods for simplified provisioning |
US20060288050A1 (en) * | 2005-06-15 | 2006-12-21 | International Business Machines Corporation | Method, system, and computer program product for correlating directory changes to access control modifications |
WO2006136660A1 (en) | 2005-06-21 | 2006-12-28 | Seven Networks International Oy | Maintaining an ip connection in a mobile network |
US7613280B1 (en) * | 2005-07-08 | 2009-11-03 | Csg Interactive Messaging, Inc. | System and method for transmitting critical communications to a plurality of communication recipients |
US8069166B2 (en) | 2005-08-01 | 2011-11-29 | Seven Networks, Inc. | Managing user-to-user contact with inferred presence information |
US20070074225A1 (en) * | 2005-09-22 | 2007-03-29 | Frends Technology Inc. | Apparatus, method and computer program product providing integration environment having an integration control functionality coupled to an integration broker |
US7792871B1 (en) | 2005-12-29 | 2010-09-07 | United Services Automobile Association | Workflow administration tools and user interfaces |
US7822706B1 (en) | 2005-12-29 | 2010-10-26 | United Services Automobile Association (Usaa) | Workflow administration tools and user interfaces |
US7792872B1 (en) | 2005-12-29 | 2010-09-07 | United Services Automobile Association | Workflow administration tools and user interfaces |
US7840526B1 (en) | 2005-12-29 | 2010-11-23 | United Services Automobile Association (Usaa) | Workflow administration tools and user interfaces |
US7769395B2 (en) | 2006-06-20 | 2010-08-03 | Seven Networks, Inc. | Location-based operations and messaging |
US9519399B1 (en) | 2006-03-07 | 2016-12-13 | Emc Corporation | Providing a visual indication that stored content is associated with a collaboration environment |
US9754119B1 (en) | 2006-03-07 | 2017-09-05 | Emc Corporation | Containerized security for managed content |
US8555403B1 (en) * | 2006-03-30 | 2013-10-08 | Emc Corporation | Privileged access to managed content |
US7984066B1 (en) * | 2006-03-30 | 2011-07-19 | Emc Corporation | Mandatory access control list for managed content |
US7512578B2 (en) * | 2006-03-30 | 2009-03-31 | Emc Corporation | Smart containers |
US7895639B2 (en) * | 2006-05-04 | 2011-02-22 | Citrix Online, Llc | Methods and systems for specifying and enforcing access control in a distributed system |
JP4893108B2 (en) * | 2006-05-31 | 2012-03-07 | 富士ゼロックス株式会社 | Information processing apparatus, information processing method, and computer program |
US7739339B2 (en) * | 2006-06-28 | 2010-06-15 | The Boeing Company | System and method of communications within a virtual environment |
US20080027960A1 (en) * | 2006-07-28 | 2008-01-31 | Lehman Brothers Inc. | Systems and methods for managing distribution lists |
US8370479B2 (en) | 2006-10-03 | 2013-02-05 | Axeda Acquisition Corporation | System and method for dynamically grouping devices based on present device conditions |
US7950049B2 (en) * | 2006-10-24 | 2011-05-24 | Avatier Corporation | Hybrid meta-directory |
US7707623B2 (en) | 2006-10-24 | 2010-04-27 | Avatier Corporation | Self-service resource provisioning having collaborative compliance enforcement |
US8931057B2 (en) | 2006-10-24 | 2015-01-06 | Avatier Corporation | Apparatus and method for access validation |
US8606832B2 (en) * | 2006-10-24 | 2013-12-10 | Red Hat, Inc. | Dynamic management of groups |
US20080117839A1 (en) * | 2006-11-16 | 2008-05-22 | Firsthand Technologies Inc. | Method and system for managing integrated media group communications |
US8065397B2 (en) | 2006-12-26 | 2011-11-22 | Axeda Acquisition Corporation | Managing configurations of distributed devices |
US8095970B2 (en) * | 2007-02-16 | 2012-01-10 | Microsoft Corporation | Dynamically associating attribute values with objects |
US20080208926A1 (en) * | 2007-02-22 | 2008-08-28 | Smoot Peter L | Data management in a data storage system using data sets |
US7725500B2 (en) * | 2007-02-27 | 2010-05-25 | Red Hat, Inc. | Role based groups |
US7720881B2 (en) * | 2007-02-27 | 2010-05-18 | Red Hat, Inc. | Role based groups |
US7711716B2 (en) | 2007-03-06 | 2010-05-04 | Microsoft Corporation | Optimizations for a background database consistency check |
US8386653B2 (en) | 2007-03-27 | 2013-02-26 | Microsoft Corporation | Instrumenting configuration and system settings |
US20080263035A1 (en) * | 2007-04-23 | 2008-10-23 | Episale James D | Grouping business partners in e-business transaction |
US8805425B2 (en) | 2007-06-01 | 2014-08-12 | Seven Networks, Inc. | Integrated messaging |
US8693494B2 (en) | 2007-06-01 | 2014-04-08 | Seven Networks, Inc. | Polling |
US7734828B2 (en) * | 2007-06-12 | 2010-06-08 | Palm, Inc. | Data synchronization transparent to application |
US20080319998A1 (en) * | 2007-06-20 | 2008-12-25 | Michael Bender | System and method for dynamic authorization to database objects |
US7987193B2 (en) * | 2007-06-29 | 2011-07-26 | Sap Ag | System and method for setting status flags for mobile data distribution based on distribution rules |
US8266671B2 (en) * | 2007-08-02 | 2012-09-11 | Alcatel Lucent | Policy-enabled aggregation of IM user communities |
US20090059922A1 (en) * | 2007-08-30 | 2009-03-05 | Barry Appelman | Systems and Methods for Multicast Communication |
US7702694B1 (en) | 2007-09-07 | 2010-04-20 | Southern Company Services, Inc. | System and method for organizing managing and accessing large quantities of data from non-homogenous data sources |
US8539568B1 (en) | 2007-10-03 | 2013-09-17 | Courion Corporation | Identity map creation |
US8756318B1 (en) * | 2007-10-09 | 2014-06-17 | Microsoft Corporation | Software deployment using client location |
US20090150494A1 (en) * | 2007-12-05 | 2009-06-11 | International Business Machines Corporation | Just-in time mailing list traffic indicator |
WO2009076447A1 (en) * | 2007-12-10 | 2009-06-18 | Courion Corporaton | Policy enforcement using esso |
US8364181B2 (en) | 2007-12-10 | 2013-01-29 | Seven Networks, Inc. | Electronic-mail filtering for mobile devices |
US8793305B2 (en) | 2007-12-13 | 2014-07-29 | Seven Networks, Inc. | Content delivery to a mobile device from a content service |
US9002828B2 (en) | 2007-12-13 | 2015-04-07 | Seven Networks, Inc. | Predictive content delivery |
US8107921B2 (en) | 2008-01-11 | 2012-01-31 | Seven Networks, Inc. | Mobile virtual network operator |
US8862657B2 (en) | 2008-01-25 | 2014-10-14 | Seven Networks, Inc. | Policy based content service |
US20090193338A1 (en) | 2008-01-28 | 2009-07-30 | Trevor Fiatal | Reducing network and battery consumption during content delivery and playback |
US8689292B2 (en) * | 2008-04-21 | 2014-04-01 | Api Technologies Corp. | Method and systems for dynamically providing communities of interest on an end user workstation |
US8787947B2 (en) | 2008-06-18 | 2014-07-22 | Seven Networks, Inc. | Application discovery on mobile devices |
US8078158B2 (en) | 2008-06-26 | 2011-12-13 | Seven Networks, Inc. | Provisioning applications for a mobile device |
KR20100002907A (en) * | 2008-06-30 | 2010-01-07 | 경희대학교 산학협력단 | System for controlling access to hospital information and method for controlling the same |
US8423905B2 (en) | 2008-07-17 | 2013-04-16 | International Business Machines Corporation | Automatically populating recipients in an instant messaging or other computer communication system |
US8909759B2 (en) | 2008-10-10 | 2014-12-09 | Seven Networks, Inc. | Bandwidth measurement |
US20100235217A1 (en) * | 2008-12-04 | 2010-09-16 | Tru-Say | Jury selection systems and methods |
US8150876B2 (en) * | 2009-02-11 | 2012-04-03 | Oracle International Corporation | Simplifying determination of the groups to which users belong when using dynamic groups |
US20100241668A1 (en) * | 2009-03-17 | 2010-09-23 | Microsoft Corporation | Local Computer Account Management at Domain Level |
KR101649764B1 (en) * | 2009-04-10 | 2016-08-19 | 삼성전자주식회사 | Method and apparatus for providing mobile advertising service in mobile advertising system |
US8271434B2 (en) * | 2009-10-01 | 2012-09-18 | Verizon Patent And Licensing Inc. | Central data store process configuration |
US9043731B2 (en) | 2010-03-30 | 2015-05-26 | Seven Networks, Inc. | 3D mobile user interface with configurable workspace management |
US8290900B2 (en) * | 2010-04-24 | 2012-10-16 | Research In Motion Limited | Apparatus, and associated method, for synchronizing directory services |
US9384112B2 (en) * | 2010-07-01 | 2016-07-05 | Logrhythm, Inc. | Log collection, structuring and processing |
US9043433B2 (en) | 2010-07-26 | 2015-05-26 | Seven Networks, Inc. | Mobile network traffic coordination across multiple applications |
US9077630B2 (en) | 2010-07-26 | 2015-07-07 | Seven Networks, Inc. | Distributed implementation of dynamic wireless traffic policy |
JP5676762B2 (en) | 2010-07-26 | 2015-02-25 | セブン ネットワークス インコーポレイテッド | Mobile application traffic optimization |
US8838783B2 (en) | 2010-07-26 | 2014-09-16 | Seven Networks, Inc. | Distributed caching for resource and mobile network traffic management |
US8843153B2 (en) | 2010-11-01 | 2014-09-23 | Seven Networks, Inc. | Mobile traffic categorization and policy for network use optimization while preserving user experience |
WO2012060996A2 (en) | 2010-11-01 | 2012-05-10 | Michael Luna | Caching adapted for mobile application behavior and network conditions |
US9060032B2 (en) | 2010-11-01 | 2015-06-16 | Seven Networks, Inc. | Selective data compression by a distributed traffic management system to reduce mobile data traffic and signaling traffic |
US9330196B2 (en) | 2010-11-01 | 2016-05-03 | Seven Networks, Llc | Wireless traffic management system cache optimization using http headers |
WO2012061430A2 (en) | 2010-11-01 | 2012-05-10 | Michael Luna | Distributed management of keep-alive message signaling for mobile network resource conservation and optimization |
US8204953B2 (en) | 2010-11-01 | 2012-06-19 | Seven Networks, Inc. | Distributed system for cache defeat detection and caching of content addressed by identifiers intended to defeat cache |
WO2012060995A2 (en) | 2010-11-01 | 2012-05-10 | Michael Luna | Distributed caching in a wireless network of content delivered for a mobile application over a long-held request |
US8166164B1 (en) | 2010-11-01 | 2012-04-24 | Seven Networks, Inc. | Application and network-based long poll request detection and cacheability assessment therefor |
US8484314B2 (en) | 2010-11-01 | 2013-07-09 | Seven Networks, Inc. | Distributed caching in a wireless network of content delivered for a mobile application over a long-held request |
CN103404193B (en) | 2010-11-22 | 2018-06-05 | 七网络有限责任公司 | The connection that adjustment data transmission is established with the transmission being optimized for through wireless network |
EP2636268B1 (en) | 2010-11-22 | 2019-02-27 | Seven Networks, LLC | Optimization of resource polling intervals to satisfy mobile device requests |
US20120166534A1 (en) * | 2010-12-27 | 2012-06-28 | Avaya Inc. | System and method for grouping conference participants |
EP2661697B1 (en) | 2011-01-07 | 2018-11-21 | Seven Networks, LLC | System and method for reduction of mobile network traffic used for domain name system (dns) queries |
US20120180107A1 (en) * | 2011-01-07 | 2012-07-12 | Microsoft Corporation | Group-associated content recommendation |
US9084105B2 (en) | 2011-04-19 | 2015-07-14 | Seven Networks, Inc. | Device resources sharing for network resource conservation |
EP2621144B1 (en) | 2011-04-27 | 2014-06-25 | Seven Networks, Inc. | System and method for making requests on behalf of a mobile device based on atomic processes for mobile network traffic relief |
EP2702500B1 (en) | 2011-04-27 | 2017-07-19 | Seven Networks, LLC | Detecting and preserving state for satisfying application requests in a distributed proxy and cache system |
CA2743849C (en) * | 2011-06-20 | 2019-03-05 | Ibm Canada Limited - Ibm Canada Limitee | Scalable group synthesis |
US9239800B2 (en) | 2011-07-27 | 2016-01-19 | Seven Networks, Llc | Automatic generation and distribution of policy information regarding malicious mobile traffic in a wireless network |
US8849819B2 (en) | 2011-08-05 | 2014-09-30 | Deacon Johnson | System and method for controlling and organizing metadata associated with on-line content |
KR101858608B1 (en) * | 2011-10-28 | 2018-05-17 | 엘지전자 주식회사 | Mobile terminal and control method for mobile terminal |
US8918503B2 (en) | 2011-12-06 | 2014-12-23 | Seven Networks, Inc. | Optimization of mobile traffic directed to private networks and operator configurability thereof |
WO2013086214A1 (en) | 2011-12-06 | 2013-06-13 | Seven Networks, Inc. | A system of redundantly clustered machines to provide failover mechanisms for mobile traffic management and network resource conservation |
WO2013086447A1 (en) | 2011-12-07 | 2013-06-13 | Seven Networks, Inc. | Radio-awareness of mobile device for sending server-side control signals using a wireless network optimized transport protocol |
EP2788889A4 (en) | 2011-12-07 | 2015-08-12 | Seven Networks Inc | Flexible and dynamic integration schemas of a traffic management system with various network operators for network traffic alleviation |
WO2013090834A1 (en) | 2011-12-14 | 2013-06-20 | Seven Networks, Inc. | Operation modes for mobile traffic optimization and concurrent management of optimized and non-optimized traffic |
WO2013090212A1 (en) | 2011-12-14 | 2013-06-20 | Seven Networks, Inc. | Mobile network reporting and usage analytics system and method using aggregation of data in a distributed traffic optimization system |
US8861354B2 (en) | 2011-12-14 | 2014-10-14 | Seven Networks, Inc. | Hierarchies and categories for management and deployment of policies for distributed wireless traffic optimization |
EP2801236A4 (en) | 2012-01-05 | 2015-10-21 | Seven Networks Inc | Detection and management of user interactions with foreground applications on a mobile device in distributed caching |
US9203864B2 (en) | 2012-02-02 | 2015-12-01 | Seven Networks, Llc | Dynamic categorization of applications for network access in a mobile network |
WO2013116852A1 (en) | 2012-02-03 | 2013-08-08 | Seven Networks, Inc. | User as an end point for profiling and optimizing the delivery of content and data in a wireless network |
US8812695B2 (en) | 2012-04-09 | 2014-08-19 | Seven Networks, Inc. | Method and system for management of a virtual network connection without heartbeat messages |
WO2013155208A1 (en) | 2012-04-10 | 2013-10-17 | Seven Networks, Inc. | Intelligent customer service/call center services enhanced using real-time and historical mobile application and traffic-related statistics collected by a distributed caching system in a mobile network |
WO2014011216A1 (en) | 2012-07-13 | 2014-01-16 | Seven Networks, Inc. | Dynamic bandwidth adjustment for browsing or streaming activity in a wireless network based on prediction of user behavior when interacting with mobile applications |
US11151515B2 (en) * | 2012-07-31 | 2021-10-19 | Varonis Systems, Inc. | Email distribution list membership governance method and system |
US9161258B2 (en) | 2012-10-24 | 2015-10-13 | Seven Networks, Llc | Optimized and selective management of policy deployment to mobile clients in a congested network to prevent further aggravation of network congestion |
US9807575B2 (en) * | 2012-11-02 | 2017-10-31 | Blackberry Limited | System and method for forming electronic groups |
US9307493B2 (en) | 2012-12-20 | 2016-04-05 | Seven Networks, Llc | Systems and methods for application management of mobile device radio state promotion and demotion |
US9241314B2 (en) | 2013-01-23 | 2016-01-19 | Seven Networks, Llc | Mobile device with application or context aware fast dormancy |
US8874761B2 (en) | 2013-01-25 | 2014-10-28 | Seven Networks, Inc. | Signaling optimization in a wireless network for traffic utilizing proprietary and non-proprietary protocols |
US9326185B2 (en) | 2013-03-11 | 2016-04-26 | Seven Networks, Llc | Mobile network congestion recognition for optimization of mobile traffic |
US9065765B2 (en) | 2013-07-22 | 2015-06-23 | Seven Networks, Inc. | Proxy server associated with a mobile carrier for enhancing mobile traffic management in a mobile network |
US10349225B2 (en) * | 2013-08-27 | 2019-07-09 | Verizon Patent And Licensing Inc. | Private multicast networks |
JP6252739B2 (en) * | 2013-09-13 | 2017-12-27 | 株式会社リコー | Transmission management system, management method and program |
US9391942B2 (en) | 2013-10-17 | 2016-07-12 | International Business Machines Corporation | Symbolic variables within email addresses |
US8904483B1 (en) * | 2014-03-26 | 2014-12-02 | Iboss, Inc. | Serving approved resources |
US9998914B2 (en) | 2014-04-16 | 2018-06-12 | Jamf Software, Llc | Using a mobile device to restrict focus and perform operations at another mobile device |
US9910880B2 (en) * | 2014-07-16 | 2018-03-06 | Wipro Limited | System and method for managing enterprise user group |
US9647897B2 (en) * | 2014-08-20 | 2017-05-09 | Jamf Software, Llc | Dynamic grouping of managed devices |
US20160277269A1 (en) * | 2015-03-19 | 2016-09-22 | International Business Machines Corporation | Dynamic community support |
US10198182B2 (en) | 2015-05-31 | 2019-02-05 | Apple Inc. | Synchronization and verification groups among related devices |
US11586651B2 (en) * | 2015-07-28 | 2023-02-21 | Airwatch Llc | Multiple domain directory integration |
US20170154296A1 (en) * | 2015-12-01 | 2017-06-01 | International Business Machines Corporation | Prioritizing contextual information system, method, and recording medium |
US20170278206A1 (en) * | 2016-03-24 | 2017-09-28 | Adobe Systems Incorporated | Digital Rights Management and Updates |
US10454911B2 (en) * | 2016-05-27 | 2019-10-22 | Happeo Oy | Integrated intranet workspace |
US10404631B2 (en) | 2017-01-13 | 2019-09-03 | Microsoft Technology Licensing, Llc | Creating groups in a messaging system |
US10841321B1 (en) * | 2017-03-28 | 2020-11-17 | Veritas Technologies Llc | Systems and methods for detecting suspicious users on networks |
US11271970B2 (en) | 2019-07-25 | 2022-03-08 | Palo Alto Networks, Inc. | Multi-perspective security context per actor |
US11140223B2 (en) * | 2020-01-14 | 2021-10-05 | Servicenow, Inc. | Systems and methods for synchronizing data between hub and spoke environments |
US11303646B2 (en) * | 2020-03-16 | 2022-04-12 | Oracle International Corporation | Dynamic membership assignment to users using dynamic rules |
WO2022213080A1 (en) * | 2021-03-30 | 2022-10-06 | Cira Apps Limited | Hub and spoke architecture for cloud-based synchronization |
US20230144632A1 (en) * | 2021-11-09 | 2023-05-11 | At&T Intellectual Property I, L.P. | Message routing for partner carrier subscribers |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5193152A (en) * | 1989-11-03 | 1993-03-09 | Racal-Datacom, Inc. | Network management system with group naming |
US5819263A (en) * | 1996-07-19 | 1998-10-06 | American Express Financial Corporation | Financial planning system incorporating relationship and group management |
US6195751B1 (en) * | 1998-01-20 | 2001-02-27 | Sun Microsystems, Inc. | Efficient, secure multicasting with minimal knowledge |
US6263434B1 (en) * | 1999-09-21 | 2001-07-17 | Sun Microsystems, Inc. | Signed group criteria |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5884035A (en) * | 1997-03-24 | 1999-03-16 | Pfn, Inc. | Dynamic distributed group registry apparatus and method for collaboration and selective sharing of information |
US6026430A (en) * | 1997-03-24 | 2000-02-15 | Butman; Ronald A. | Dynamic client registry apparatus and method |
US6366913B1 (en) * | 1998-10-21 | 2002-04-02 | Netscape Communications Corporation | Centralized directory services supporting dynamic group membership |
-
2001
- 2001-06-18 US US09/883,732 patent/US6671695B2/en not_active Expired - Lifetime
-
2002
- 2002-06-11 WO PCT/US2002/018344 patent/WO2002103570A1/en not_active Application Discontinuation
- 2002-06-11 EP EP02739805A patent/EP1405218A1/en not_active Withdrawn
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5193152A (en) * | 1989-11-03 | 1993-03-09 | Racal-Datacom, Inc. | Network management system with group naming |
US5819263A (en) * | 1996-07-19 | 1998-10-06 | American Express Financial Corporation | Financial planning system incorporating relationship and group management |
US6195751B1 (en) * | 1998-01-20 | 2001-02-27 | Sun Microsystems, Inc. | Efficient, secure multicasting with minimal knowledge |
US6263434B1 (en) * | 1999-09-21 | 2001-07-17 | Sun Microsystems, Inc. | Signed group criteria |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7734696B2 (en) | 2002-04-08 | 2010-06-08 | Oracle International Corporation | Hierarchical org-chart based email mailing list maintenance |
AU2003213262B2 (en) * | 2002-04-08 | 2009-06-11 | Oracle International Corporation | Hierarchical org-chart based email mailing list maintenance |
US7653711B2 (en) | 2003-05-23 | 2010-01-26 | International Business Machines Corporation | Method and system for information distribution |
WO2005004005A1 (en) * | 2003-07-07 | 2005-01-13 | Simworks International Limited | System and method for determining relationships between users of a network system |
WO2005116882A1 (en) | 2004-05-25 | 2005-12-08 | International Business Machines Corporation | Method and system for information distribution |
CN1957584B (en) * | 2004-05-25 | 2010-09-29 | 国际商业机器公司 | Method and system for information distribution |
US8190642B2 (en) | 2004-11-18 | 2012-05-29 | International Business Machines Corporation | Method, system, and storage medium for implementing intelligent team management services |
US8892747B2 (en) | 2005-02-17 | 2014-11-18 | Intel Mobile Communications GmbH | Management of dynamic groups in a communication system |
DE102005053914A1 (en) | 2005-11-11 | 2007-07-12 | Infineon Technologies Ag | Push-to-talk over cellular communication system for taxi central office, has server unit to transmit list of additional communication service client units that fulfill criterion to client unit, which provides service e.g. taxi service |
WO2008044225A3 (en) * | 2006-10-13 | 2008-08-14 | Alcatel Lucent | Network service usage management systems and methods using a group manager |
WO2008044225A2 (en) * | 2006-10-13 | 2008-04-17 | Alcatel Lucent | Network service usage management systems and methods using a group manager |
EP2479928A1 (en) * | 2006-10-13 | 2012-07-25 | Alcatel Lucent | Network service use managment systems and methods |
US10594775B2 (en) | 2013-10-14 | 2020-03-17 | International Business Machines Corporation | Groupware management |
US11032356B2 (en) | 2013-10-14 | 2021-06-08 | International Business Machines Corporation | Groupware management |
Also Published As
Publication number | Publication date |
---|---|
US6671695B2 (en) | 2003-12-30 |
EP1405218A1 (en) | 2004-04-07 |
US20030126137A1 (en) | 2003-07-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6671695B2 (en) | Dynamic group generation and management | |
US6240416B1 (en) | Distributed metadata system and method | |
US7114037B2 (en) | Employing local data stores to maintain data during workflows | |
US7231378B2 (en) | System and method for managing user profiles | |
US6141778A (en) | Method and apparatus for automating security functions in a computer system | |
US8706692B1 (en) | Corporate infrastructure management system | |
US6058426A (en) | System and method for automatically managing computing resources in a distributed computing environment | |
US8375113B2 (en) | Employing wrapper profiles | |
US7512585B2 (en) | Support for multiple mechanisms for accessing data stores | |
US7167874B2 (en) | System and method for command line administration of project spaces using XML objects | |
US6105069A (en) | Licensing controller using network directory services | |
US7096222B2 (en) | Methods and systems for auto-instantiation of storage hierarchy for project plan | |
US7574413B2 (en) | System and method of discovering information | |
EP2059881B1 (en) | Method for managing simultaneous modification of database objects during development | |
US20030037263A1 (en) | Dynamic rules-based secure data access system for business computer platforms | |
US20070043716A1 (en) | Methods, systems and computer program products for changing objects in a directory system | |
US20110040793A1 (en) | Administration Groups | |
GB2346716A (en) | Distribution of applications to intermittently connected clients | |
US20040010791A1 (en) | Supporting multiple application program interfaces | |
WO2005022367A1 (en) | System and method for managing access entitlements in a computing network | |
WO2004023311A1 (en) | System and method for dynamically caching dynamic multi-sourced persisted ejbs | |
Cheng | An object-oriented organizational model to support dynamic role-based access control in electronic commerce applications | |
CN111079131A (en) | Method and system for authorization and control of authority of cross-company service | |
US6947942B1 (en) | Methods of managing user and computer objects in directory service | |
US7047234B2 (en) | System and method for managing database access |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ CZ DE DE DK DK DM DZ EC EE EE ES FI FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SK SL TJ TM TN TR TT TZ UA UG UZ VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2002739805 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2002739805 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2002739805 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |