Larry George Fichtner

US Patent:

6356892, Mar 12, 2002

Filed:

Sep 24, 1998

Appl. No.:

09/160022

Inventors:

Cynthia Fleming Corn - Austin TX
Larry George Fichtner - Austin TX
Rodolfo Augusto Mancisidor - Austin TX

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 1730

US Classification:

707 3, 707 4, 707103

Abstract:

A method of hierarchical LDAP searching in an LDAP directory service having a relational database management system (DBMS) as a backing store. The method begins by parsing an LDAP filter-based query for elements and logical operators of the filter query. For each filter element, the method generates an SQL subquery according to a set of translation rules. For each SQL subquery, the method then generates a set of entry identifiers for the LDAP filter query. Then, the SQL subqueries are combined into a single SQL query according to a set of combination rules chosen corresponding to the logical operators of the LDAP filter query.

US Patent:

6801946, Oct 5, 2004

Filed:

Jun 15, 2000

Appl. No.:

09/594518

Inventors:

Garry Lee Child - Austin TX
Dah-Haur Lin - Austin TX
Larry Fichtner - Austin TX

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 1516

US Classification:

709230, 709219

Abstract:

A global sign-on mechanism (GSO) is implemented. The mechanism provides a GSO system and method for a networked data processing system within an open architecture framework. The system and method are constructed on a Lightweight Directory Access Protocol (LDAP) framework by defining a set of data structures, the GSO LDAP schema. GSO functionality is effected using protocol operations on the LDAP object and attribute instances as defined in accordance with the GSO schema.

US Patent:

7039804, May 2, 2006

Filed:

Jun 29, 2001

Appl. No.:

09/895230

Inventors:

Larry George Fichtner - Austin TX, US
Dah-Haur Lin - Austin TX, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 17/00

US Classification:

713169, 713168, 713150

Abstract:

A method and system for sharing existing user and group registry information between heterogeneous application servers is provided. The method and system make use of an adapter that communicates with each registry associated with each application server through a registry communication mechanism. In a preferred embodiment, the present invention provides an additional application-specific database to protect application-specific data that is required for each application server's operation but is not part of an existing database registry. Both the application-specific databases and existing user and group definitions in a user and group registry form a new registry abstraction which is required for each application server. As a result, each application server automatically shares user and group definitions with the existing database server. Furthermore, both the database server and each application server maintain a centralized user and group management model across different application domains.

US Patent:

7146637, Dec 5, 2006

Filed:

Jun 29, 2001

Appl. No.:

09/895978

Inventors:

Michael Bradford Ault - Austin TX, US
Garry Lee Child - Austin TX, US
Larry George Fichtner - Austin TX, US
Dah-Haur Lin - Austin TX, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 7/04
G06F 7/58
G06F 15/16
G06F 17/30
G06K 9/00
G06K 19/00
H04L 19/32

US Classification:

726 8

Abstract:

A method, computer program product, and data processing system, with which a unified security policy may be implemented using existing application components with disparate security mechanisms and user registries is disclosed. The present invention provides a generic application programming interface (API) that forms a framework for creating registry adapters. Registry adapters allow a policy director (an item of software for imposing a sitewide security policy) to operate with new or unfamiliar registry types by acting as a drop-in translator for converting generic registry-access commands into operations specific to the particular registry in question.

US Patent:

60851880, Jul 4, 2000

Filed:

Mar 30, 1998

Appl. No.:

9/050503

Inventors:

David W. Bachmann - Leander TX
Cynthia Fleming Corn - Austin TX
Larry George Fichtner - Austin TX
Rodolfo Augusto Mancisidor - Austin TX

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 1730

US Classification:

707 3

Abstract:

A method of hierarchical LDAP searching in an LDAP directory service having a relational database management system (DBMS) as a backing store. According to the invention, entries in a naming hierarchy are mapped into first and second relational tables: a parent table, and a descendant table. These tables are used to "filter" lists of entries returned from a search to ensure that only entries within a given search scope are retained for evaluation. Thus, for example, the parent table is used during an LDAP one level search, and the descendant table is used during an LDAP subtree search. In either case, use of the parent or descendant table obviates recursive queries through the naming directory.