CN100495397C - Document management system, document management device and document management method - Google Patents
Document management system, document management device and document management method Download PDFInfo
- Publication number
- CN100495397C CN100495397C CNB2006100640501A CN200610064050A CN100495397C CN 100495397 C CN100495397 C CN 100495397C CN B2006100640501 A CNB2006100640501 A CN B2006100640501A CN 200610064050 A CN200610064050 A CN 200610064050A CN 100495397 C CN100495397 C CN 100495397C
- Authority
- CN
- China
- Prior art keywords
- document
- document management
- user
- management apparatus
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000007726 management method Methods 0.000 title claims description 252
- 230000008676 import Effects 0.000 claims abstract description 27
- 238000009795 derivation Methods 0.000 claims 5
- 230000005540 biological transmission Effects 0.000 claims 3
- 238000010586 diagram Methods 0.000 description 30
- 238000012545 processing Methods 0.000 description 15
- 230000006835 compression Effects 0.000 description 11
- 238000007906 compression Methods 0.000 description 11
- 238000000034 method Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 4
- 238000006243 chemical reaction Methods 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 238000012552 review Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000010606 normalization Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 125000006850 spacer group Chemical group 0.000 description 1
Images
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Description
技术领域 technical field
本发明一般涉及文档管理系统,更具体地涉及具有多个独立文档管理装置的文档管理系统。本发明还涉及文档管理装置及文档管理系统使用的文档管理方法。The present invention relates generally to document management systems, and more particularly to document management systems having a plurality of independent document management devices. The invention also relates to a file management method used by the file management device and the file management system.
背景技术 Background technique
一种由在网络中提供的服务器等构成的文档管理装置,记录例如文献情报的文档管理信息。除了每个文档的标识(ID)外,该文档管理信息还包括创建者、读者、编者等的用户ID(UIDs)。例如,使用UID来管理访问文档的权限。A document management device constituted by a server provided on a network and records document management information such as document information. This document management information includes user IDs (UIDs) of creators, readers, editors, etc., in addition to identification (ID) of each document. For example, use UIDs to manage permissions to access documents.
在例如公司的相对大的组织中,通常存在多个独立的文档管理装置。In relatively large organizations, such as companies, there are often multiple independent document management devices.
图1为示出了常规的文档管理系统的示例的结构图。图1中示出的文档管理装置100具有用于管理UID的UID管理部分101、用于管理文档的文档管理部分102、构成用于存储文档的存储器的文档数据库(DB)103、记录与文档访问权相关的访问权信息的访问控制列表(ACL)104。文档管理装置200具有类似于文档管理装置100的结构的结构,并且具有UID管理部分201、文档管理部分202、文档DB 203及ACL表204。FIG. 1 is a structural diagram showing an example of a conventional document management system. The
例如,如果用户想要访问存储在图1中的文档管理装置100的文档DB103中的目标文档,则对于根据文档ID从文档DB103中检索的目标文档而言,文档管理部分102获取由UID管理部分101验证的用户的UID,并且通过参考ACL表104来查阅目标文档的访问权信息,并且允许用户在该用户被允许的范围内访问。For example, if a user wants to access a target document stored in the
另一方面,日本公开专利申请NO.2004-70416提出一种用于通过验证在网络系统的一个或多个验证系统注册的用户为目标服务的用户而向使用多个验证系统的网络系统中的用户提供服务的技术。On the other hand, Japanese Laid-Open Patent Application No. 2004-70416 proposes a method for providing services to a network system using multiple authentication systems by verifying that a user registered with one or more authentication systems of the network system is a user of a target service. The technology used by the user to provide the service.
在图1中示出的文档管理系统具有多个独立的文档管理装置,存在一些有必要使一个文档管理装置100中管理的一部分或所有文档向另一文档管理装置200分布、移动或结合的情况。在这些情况下,目标文档作为导出数据D1被从文档管理装置100分布至文档管理装置200,并且文档管理装置200接受该目标文档作为导入数据D2。The document management system shown in FIG. 1 has a plurality of independent document management apparatuses, and there are cases where it is necessary to distribute, move, or combine a part or all of documents managed in one
然而,文档管理装置100中的UID由UID管理部分101管理,并且文档管理装置200中的UID由UID管理部分201管理,且为每个文档管理装置独立地定义UID。因此,当被允许访问文档管理装置100中的目标文档的用户想要访问文档管理装置200中的同一目标文档时,可能发生一种情况,即:不允许该用户访问文档管理装置200中的目标文档,即使是同一用户访问同一目标文档。However, UIDs in the
如果这种情况发生,需要对文档管理装置200中的目标文档再次分配访问权。但是,当在文档管理装置100和200之间分布、移动或结合大量文档时,对文档访问权的再分配变成非常棘手的和复杂的操作,并且存在管理文档访问权的管理器的负荷将变得相当大的问题。If this happens, it is necessary to reassign the access right to the target document in the
发明内容 Contents of the invention
由此,本发明的一般目的是提供一种新颖的有用的文档管理系统、文档管理装置和文档管理方法,其中能够抑制上面描述的问题。Thus, it is a general object of the present invention to provide a novel and useful document management system, document management device and document management method in which the problems described above can be suppressed.
本发明的另一个更具体的目的是提供一种文档管理系统、文档管理装置及文档管理方法,其能够在文档管理系统的多个独立文档管理装置之间分布、移动或结合文档时,方便文档访问权的管理。Another more specific object of the present invention is to provide a document management system, document management device and document management method, which can facilitate document Management of Access Rights.
本发明的又一个目的是提供一种文档管理系统,该文档管理系统包括:多个文档管理装置,每个文档管理装置被配置为根据文档ID检索存储在存储器中的文档,并且根据关于每个文档管理装置所生成的用户ID来判断关于检索的文档的操作是否可能;用户ID生成装置,外部提供给文档管理装置,并被配置为生成在每个文档管理装置中公用的公用用户ID,其中每个文档管理装置具有被配置为导出和导入任意文档数据和访问控制列表(ACL)数据的导出和导入部分。根据本发明的文档管理系统,能够在文档管理系统的多个独立文档管理装置之间分布、移动或结合文档时,方便文档访问权的管理。Still another object of the present invention is to provide a document management system comprising: a plurality of document management devices, each configured to retrieve a document stored in a memory based on a document ID, and based on information about each The user ID generated by the document management device is used to judge whether the operation on the retrieved document is possible; the user ID generating device is externally provided to the document management device, and is configured to generate a public user ID common in each document management device, wherein Each document management apparatus has an export and import section configured to export and import arbitrary document data and access control list (ACL) data. According to the document management system of the present invention, it is possible to facilitate management of document access rights when documents are distributed, moved or combined among a plurality of independent document management devices of the document management system.
本发明的再一个目的是提供一种文档管理装置,该文档管理装置用于根据文档ID检索存储在存储器中的文档,并且根据关于每个文档管理装置所生成的用户ID来判断关于检索的文档的操作是否可能,该文档管理装置包括:用户ID管理部分,被配置为通过获取由外部用户ID生成装置生成并在包括该文档管理装置的多个文档管理装置中公用的公用用户ID,而在文档管理装置中管理用户ID;以及导出和导入部分,被配置为导出和导入任意文档数据和访问控制列表(ACL)数据。根据本发明的文档管理装置,能够在文档管理系统的多个独立文档管理装置之间分布、移动或结合文档时,方便文档访问权的管理。Still another object of the present invention is to provide a document management device for retrieving documents stored in a memory based on a document ID and judging about the retrieved document based on a user ID generated with respect to each document management device Whether the operation of the document management device is possible, the document management device includes: a user ID management section configured to, by acquiring a common user ID generated by an external user ID generation device and shared among a plurality of document management devices including the document management device, in A user ID is managed in the document management means; and an export and import section configured to export and import arbitrary document data and access control list (ACL) data. According to the document management device of the present invention, it is possible to facilitate the management of document access rights when documents are distributed, moved or combined among multiple independent document management devices of the document management system.
本发明的另一目的是提供一种用于文档管理系统的文档管理方法,在该文档管理系统中多个文档管理装置的每个被配置为根据文档ID检索存储在存储器中的文档,并且根据关于每个文档管理装置所生成的用户ID来判断关于检索的文档的操作是否可能,该文档管理方法包括:由外部提供给文档管理装置的用户ID生成装置生成在每个文档管理装置中公用的公用用户ID;以及响应用户指令,导出和导入任意文档数据和访问控制列表(ACL)数据。根据本发明的文档管理方法,能够在文档管理系统的多个独立文档管理装置之间分布、移动或结合文档时,方便文档访问权的管理。Another object of the present invention is to provide a document management method for a document management system in which each of a plurality of document management apparatuses is configured to retrieve a document stored in a memory based on a document ID, and based on Whether or not an operation is possible with respect to a retrieved document is judged with respect to a user ID generated by each document management device, the document management method includes: generating a user ID commonly used in each document management device by a user ID generating device externally provided to the document management device public user ID; and exporting and importing arbitrary document data and access control list (ACL) data in response to user instructions. According to the document management method of the present invention, it is possible to facilitate the management of document access rights when documents are distributed, moved or combined among multiple independent document management devices of the document management system.
当结合附图阅读时,本发明的其他目的和进一步的特征将在下面的详细说明中变得明显。Other objects and further features of the present invention will become apparent from the following detailed description when read in conjunction with the accompanying drawings.
附图说明 Description of drawings
图1为示出了常规的文档管理系统的示例的结构的图;FIG. 1 is a diagram showing the structure of an example of a conventional document management system;
图2为示出了根据本发明的文档管理系统的第一实施例的结构的图;FIG. 2 is a diagram showing the structure of the first embodiment of the document management system according to the present invention;
图3为用于解释在文档管理系统的第一实施例中的文档分布的图;FIG. 3 is a diagram for explaining document distribution in the first embodiment of the document management system;
图4为示出了用于解释导出操作的图;FIG. 4 is a diagram showing an explanation of an export operation;
图5为示出了用于解释导入操作的图;FIG. 5 is a diagram showing an explanation of an import operation;
图6为示出了根据本发明的文档管理系统的第二实施例的结构的图;FIG. 6 is a diagram showing the structure of a second embodiment of the document management system according to the present invention;
图7A和7B为用于解释文档管理系统的第二实施例的UID生成处理的图;7A and 7B are diagrams for explaining UID generation processing of the second embodiment of the document management system;
图8为用于解释文档管理系统的第二实施例的ACL设置处理的图;FIG. 8 is a diagram for explaining ACL setting processing of the second embodiment of the document management system;
图9为示出ACL表的图;FIG. 9 is a diagram showing an ACL table;
图10为示出根据本发明的文档管理系统的第三实施例的结构的图;FIG. 10 is a diagram showing the structure of a third embodiment of the document management system according to the present invention;
图11为用于解释文档管理系统的第三实施例的UID生成处理的图;FIG. 11 is a diagram for explaining UID generation processing of the third embodiment of the document management system;
图12为用于解释文档管理系统的第三实施例的另一个UID生成处理的图;FIG. 12 is a diagram for explaining another UID generation process of the third embodiment of the document management system;
图13为示出根据本发明的文档管理系统的第四实施例的结构的图;以及FIG. 13 is a diagram showing the structure of a fourth embodiment of the document management system according to the present invention; and
图14为示出文档管理系统的第四实施例的UID生成处理的图。Fig. 14 is a diagram showing UID generation processing of the fourth embodiment of the document management system.
具体实施方式 Detailed ways
将参考图2及后续附图给出根据本发明的文档管理系统、文档管理装置及文档管理方法的实施例的描述。A description will be given of an embodiment of a document management system, a document management device, and a document management method according to the present invention with reference to FIG. 2 and subsequent figures.
[第一实施例][first embodiment]
图2为示出了根据本发明的文档管理系统的第一实施例的结构的图。图2中所示的文档管理系统具有第一文档管理装置1和第二文档管理装置2。第一文档管理装置1和第二文档管理装置2中的每个可以是用于专用的专用服务装置,或是例如具有除了文档管理功能之外的功能的多功能外围设备(MFP)的设备。FIG. 2 is a diagram showing the structure of the first embodiment of the document management system according to the present invention. The document management system shown in FIG. 2 has a first
第一文档管理装置1具有:用户标识(UID)管理部分11,用于管理UID;文档管理部分12,用于管理文档;文档数据库(DB)13,构成用于存储文档的存储器;访问控制列表(ACL)表14,其记录与文档的访问权相关的访问权信息;以及导出和导入部分15,导出和导入文档和ACL。类似地,第二文档管理装置2具有:用户标识(UID)管理部分21,用于管理UID;文档管理部分22,用于管理文档;文档数据库(DB)23,构成用于存储文档的存储器;访问控制列表(ACL)表24,其记录与文档的访问权相关的访问权信息;以及导出和导入部分25,导出和导入文档和ACL。该UID不仅限于在验证时导入的UID类型等,还可以是指示用户属性的任何适合的UID,例如岗位(组、部门等)、位置及职权(授予的权利或权力的限制)。The first
除了第一文档管理装置1和第二文档管理装置2外,文档管理系统具有用于生成在第一文档管理装置1和第二文档管理装置2中公用的UID的UID生成装置3。当然,在文档管理系统中提供的文档管理装置的数量当然并不限于两个。In addition to the first
当将文档存储在第一文档管理装置1的文档DB13中时,文档管理部分12从UID管理部分11获取UID,并且将获取的UID与文档ID相对应地设置在ACL表14中。这种情况下,UID管理部分11从UID生成装置3中获取第一文档管理装置1和第二文档管理装置2公用的公用UID,并且将该公用UID反映到ACL表14中。When storing a document in the
类似地,当将文档存储在第二文档管理装置2的文档DB23中时,文档管理部分22从UID管理部分21获取UID,并且将获取的UID与文档ID相对应地设置在ACL表24中。这种情况下,UID管理部分21从UID生成装置3中获取第一文档管理装置1和第二文档管理装置2公用的公用UID,并且将该公用UID反映到ACL表24中。Similarly, when storing a document in the
这样,即使当第一文档管理装置1和第二文档管理装置2彼此独立时,也可以使UID在第一文档管理装置1和第二文档管理装置2之间公用。因此,即使当在第一文档管理装置1和第二文档管理装置2之间分布、移动或结合文档时,也可能避免不方便的情况,即:被允许访问第一文档管理装置1和第二文档管理装置2之一中的目标文档的用户不能访问第一文档管理装置1和第二文档管理装置2中的另一个中的同一目标文档。In this way, even when the first
图3为用于解释在文档管理系统的该第一实施例中的文档分布的图。当从第一文档管理装置1向第二文档管理装置2分布文档时,第一文档管理装置1的导出和导入部分15,将文档的数据(即文档数据)和ACL数据作为导出数据D1分布。另一方面,第二文档管理装置2接收文档数据和ACL数据作为导入数据D2,并将文档数据存储在文档DB 23中并将ACL数据反映在ACL表24中(即,修改文档ID),从而保持访问权的一致性。FIG. 3 is a diagram for explaining document distribution in the first embodiment of the document management system. When distributing a document from the first
图4为示出了用于解释导出操作的图。在图4中,通过第一文档管理装置1的客户软件或MFP的操作面板选择将要导出的文档41,并且使用鼠标右键点击等选择显示的弹出菜单42中的“导出”按钮,以指示导出处理。然后,指定导出数据的存储位置,并指示执行导出处理。图3中示出的导出和导入部分15导入文档ID,并从文档DB 13中检索与文档ID相对应的文档数据。此外,导出和导入部分15从ACL表14中获取与文档ID相对应的ACL数据,并将获取的ACL数据中的文档ID改为不定值。FIG. 4 is a diagram showing a diagram for explaining an export operation. In FIG. 4, the
可以通过任何合适的方式将导出数据移动到第二文档管理装置2,所述任何合适的方式包括:例如(A)在网络中共享磁盘,(B)通过文件传输协议(ftp)等利用网络来传送导出数据,(C)利用可移动存储介质,例如通用串行总线(USB)存储手段(key)和外部硬盘驱动器(HDD)。The exported data can be moved to the second
图5为示出了用于解释导入操作的图。在图5中,通过第二文档管理装置2的客户软件或MFP的操作面板选择用于存储导入的文档的文档的逻辑存储位置51,例如文件夹,并且利用鼠标右键点击等选择显示的弹出菜单52中的“导入”按钮,以指示导入处理。然后指定导入数据,并指示执行导入处理。图3中示出的导出和导入部分25导入包括文档数据和ACL数据的导出数据,将文档数据登记在文档DB23中,并且获取新的文档ID。然后,导出和导入部分25利用新的文档ID更新ACL数据中的文档ID,并且将具有更新的文档ID的ACL数据登记在ACL表24中。FIG. 5 is a diagram showing a diagram for explaining an import operation. In FIG. 5, a
第一文档管理装置1可以直接执行分布操作,而不是执行导出操作。在这种情况下,通过第一文档管理装置1的客户软件或MFP的操作面板选择将要分布的文档,以指示分布处理。此外,第一文档管理装置1指定第二文档管理装置2为分布目的地并且指定第二文档管理装置2中的、文档的逻辑存储位置,例如文件夹,以指示执行分布操作。通过由第一文档管理装置1和第二文档管理装置2以这种方式连续地执行导出处理和导入处理,来实现上面描述的分布操作。The first
因此,通过提供在第一文档管理装置1和第二文档管理装置2外部并独立于第一文档管理装置1和第二文档管理装置2的UID生成装置3,第一文档管理装置1和第二文档管理装置2可以共享由UID生成装置3提供的服务。因此,有可能生成第一文档管理装置1和第二文档管理装置2公用的公用UID(即,多个文档管理装置公用),并且有可能对同一用户提供同一UID。这样,当在多个文档管理装置之间分布、移动或结合文档时,不需要再分配文档的访问权。Therefore, by providing the UID generating means 3 outside the first
[第二实施例][Second embodiment]
图6为示出了根据本发明的文档管理系统的第二实施例的结构的图。在图6中,给与图2中那些对应部分相同的那些部分指派相同的附图标记,因此省略了对那些部分的说明。在该第二实施例中,由轻量级目录访问协议(LDAP)服务器构成UID生成装置3,并且由用户目录的用户验证(UADU)部分相应地构成第一文档管理装置1和第二文档管理装置2的UID管理部分11和21。FIG. 6 is a diagram showing the structure of a second embodiment of the document management system according to the present invention. In FIG. 6 , those parts that are the same as those corresponding parts in FIG. 2 are assigned the same reference numerals, and thus descriptions of those parts are omitted. In this second embodiment, the UID generation means 3 is constituted by a Lightweight Directory Access Protocol (LDAP) server, and the first document management means 1 and the second document management means 1 are correspondingly constituted by the User Authentication (UADU) part of the user directory. The
图7A和7B为用于解释文档管理系统的该第二实施例的UID生成处理的图。在图7A中示出的步骤S1中,当指定用户并且从文档管理装置1(或2)的UID管理部分11(或21)向UID生成装置3请求UID获取时,构成UID生成装置3的LDAP服务器在步骤S2中返回完全限制区别名称(fully qualifieddistinguish name FQDN),其是用户的全局唯一名称(global unique name)。然后,UID管理部分11(或21)在步骤S3中由FQDN生成UID。7A and 7B are diagrams for explaining UID generation processing of this second embodiment of the document management system. In step S1 shown in FIG. 7A, when a user is specified and UID acquisition is requested from the UID management section 11 (or 21) of the document management device 1 (or 2) to the
图7B示出了本实施例的UID的逻辑格式。图7B中示出的UID具有用于指示用户或用户组的类型的标识、用于识别存储用户信息的数据库的类型的用户空间、以及从LDAP服务器中获取的FQDN。FIG. 7B shows the logical format of the UID of this embodiment. The UID shown in FIG. 7B has an identification for indicating the type of user or user group, a user space for identifying the type of database storing user information, and an FQDN acquired from the LDAP server.
图8为用于解释文档管理系统的该第二实施例的ACL设置处理的图。UID管理部分11(或21)在图8中所示的步骤S3中生成UID之后,UID管理部分11(或21)在步骤S4中将该UID传送至文档管理部分12(或22)。文档管理部分12(或22)在步骤S5中从文档DB13中获取文档ID,并且在步骤S6中在ACL表14(或24)中设置获取的文档ID。FIG. 8 is a diagram for explaining ACL setting processing of this second embodiment of the document management system. After the UID management section 11 (or 21) generates the UID in step S3 shown in FIG. 8, the UID management section 11 (or 21) transmits the UID to the document management section 12 (or 22) in step S4. The document management section 12 (or 22) acquires the document ID from the
图9为示出ACL表14(或24)的图。在图9中示出的ACL表14(或24)中,UID和访问权与文档ID相对应地记录在ACL表14(或24)中。在图9中,RW指示进行查阅或更新访问的权利,而R指示进行查阅访问的权利。FIG. 9 is a diagram showing the ACL table 14 (or 24). In the ACL table 14 (or 24) shown in FIG. 9, UIDs and access rights are recorded in the ACL table 14 (or 24) in correspondence with document IDs. In FIG. 9, RW indicates the right to perform review or update access, and R indicates the right to perform review access.
[第三实施例][Third embodiment]
图10为示出根据本发明的文档管理系统的第三实施例的结构的图。在图10中,给与图6中的那些对应部分相同的那些部分指派相同的附图标记,并且省略了对那些部分的描述。在图10中,区别名称(DN)压缩和展开部分16和26被分别额外地提供在第一文档管理装置1和第二文档管理装置2中。DN压缩和展开部分16压缩和展开在ACL表14中设置的UID,DN压缩和展开部分26压缩和展开在ACL表24中设置的UID。此外,该第三实施例的结构与图6中示出的第二实施例的结构相同。FIG. 10 is a diagram showing the structure of a third embodiment of the document management system according to the present invention. In FIG. 10 , those parts that are the same as those corresponding parts in FIG. 6 are assigned the same reference numerals, and descriptions of those parts are omitted. In FIG. 10, Distinguished Name (DN) compression and
当利用LDAP服务器作为UID生成装置3时,不能预先规定从其中获得的FQDN数据的最大长度。另一方面,为了使文档管理装置能够创建管理ACL的ACL表,从规定ACL表的格式的角度来看,如果不能规定用户的全局唯一名称的最大长度,如FQDN数据的情况,是不方便的。When an LDAP server is utilized as the UID generating means 3, the maximum length of FQDN data obtained therefrom cannot be prescribed in advance. On the other hand, in order for the document management device to create an ACL table for managing ACLs, it is inconvenient if the maximum length of the user's globally unique name cannot be specified, as in the case of FQDN data, from the viewpoint of specifying the format of the ACL table .
因此,在该第三实施例中,从UID生成装置3中获取的FQDN不被按照生成UID时的原样使用,而是被压缩成替代的FQDN,即使是在相对长的FQDN的情况下其也可以放在ACL表中。换句话说,有可能扩大可记录在ACL表中的FQDN的最大长度的限制。Therefore, in this third embodiment, the FQDN acquired from the UID generating means 3 is not used as it is when generating the UID, but is compressed into a substitute FQDN, which can be used even in the case of a relatively long FQDN. Can be placed in the ACL table. In other words, it is possible to expand the limit of the maximum length of the FQDN that can be recorded in the ACL table.
图11为用于解释文档管理系统的该第三实施例的UID生成处理的图。在图11中,通过文档管理装置1(或2)的UID管理部分11(或21)从UID生成装置3中获取的FQDN,在步骤S11中被DN压缩和展开部分16(或26)压缩成二进制数据状态的压缩的FQDN。可以利用任何适合的已知的压缩技术用于FQDN的压缩,但是一般地说,有可能获得属于近似70%量级的压缩率(效率)。FIG. 11 is a diagram for explaining UID generation processing of this third embodiment of the document management system. In Fig. 11, the FQDN obtained from the
然后,DN压缩和展开部分16(或26)在步骤S12,通过将该压缩的FQDN转换成诸如Base64的文本,而生成替代的FQDN,这样文本数据状态的替代的FQDN可以被用作UID的一部分。通过这种到文本的转换,数据大小有一些增加,但是通过压缩和到文本的转换的结合,可以预期属于近似50%量级的压缩率(或效率)。Then, the DN compression and expansion part 16 (or 26) generates an alternative FQDN at step S12 by converting the compressed FQDN into text such as Base64, so that the alternative FQDN of the text data state can be used as a part of the UID . With this conversion to text, there is some increase in data size, but with the combination of compression and conversion to text, compression ratios (or efficiencies) of the order of approximately 50% can be expected.
图12为用于解释文档管理系统的该第三实施例的UID生成处理的图。在这种情况下,不是直接压缩从UID生成装置3获取的FQDN,而是在步骤S21中执行标准化处理以移除可能在FQDN中包含的分隔符前后的间隔(其原本就应该被忽略的)。此后执行的步骤S22至S24与图11中所示的步骤S11至S13相同,除了步骤S22压缩已经被移除了间隔的FQDN。FIG. 12 is a diagram for explaining UID generation processing of this third embodiment of the document management system. In this case, instead of directly compressing the FQDN obtained from the UID generating means 3, normalization processing is performed in step S21 to remove the space before and after the delimiter that may be contained in the FQDN (it should be ignored originally) . Steps S22 to S24 performed thereafter are the same as steps S11 to S13 shown in FIG. 11 except that step S22 compresses the FQDN from which the gap has been removed.
由此,通过如图11或图12中所示地压缩FQDN,有可能延长ACL可用的FQDN的最大长度的限制。Thus, by compressing the FQDN as shown in FIG. 11 or FIG. 12, it is possible to extend the limit of the maximum length of the FQDN usable by the ACL.
此外,有可能在UID管理部分11(或21)的控制下,通过在DN压缩和展开部分16(或26)中执行展开操作以展开替代的FQDN,从而获取原始的FQDN。由此,文档管理装置1(或2)可以以正常的方式对构成UID生成装置3的LDAP进行访问。In addition, it is possible to acquire the original FQDN by performing an expansion operation in the DN compression and expansion section 16 (or 26) to expand a substitute FQDN under the control of the UID management section 11 (or 21). Thereby, the document management apparatus 1 (or 2) can access LDAP constituting the
[第四实施例][Fourth Embodiment]
图13为示出根据本发明文档管理系统的第四实施例的结构的图。在图13中,给与图6中的那些对应部分相同的那些部分指派相同的附图标记,并且省略了对那些部分的描述。在图13中,分别在第一文档管理装置1和第二文档管理装置2中额外地提供散列表17和27。在该第四实施例中,从UID生成装置3中获取的FQDN不被按照生成UID时的原样使用,类似于上述第三实施例的情况,该FQDN经过散列处理,这样即使是在相对长的FQDN的情况下FQDN也能够放在ACL表中。更具体的,文档管理装置1(或2)的UID管理部分11(或21)对FQDN执行散列处理,并且将散列值和原始FQDN相互对应地记录在散列表17(或27)中。此外,将FQDN数据的散列值(或散列码)以及FQDN数据的预定数目的首标(或开始)字节作为替代UID设置在ACL表14(或24)中。FIG. 13 is a diagram showing the structure of a fourth embodiment of the document management system according to the present invention. In FIG. 13 , those parts that are the same as those corresponding parts in FIG. 6 are assigned the same reference numerals, and descriptions of those parts are omitted. In FIG. 13, hash tables 17 and 27 are additionally provided in the first
图14为示出文档管理系统的该第四实施例的UID生成处理的图。在图14中,文档管理装置1(或2)的UID管理部分11(或21),在步骤S31中,利用例如MD5的算法,基于从UID生成装置3中获得的FQDN计算散列值,并且将计算的散列值与原始FQDN相对应地设置在散列表17(或27)中。在这种情况下,从同一FQDN获取的散列值相同,但是为了保持散列值的大小较小,允许多个FQDN对应同一散列值。假设在执行散列处理之前,FQDN被标准化以删除非必要的间隔。FIG. 14 is a diagram showing UID generation processing of this fourth embodiment of the document management system. In FIG. 14, the UID management part 11 (or 21) of the document management device 1 (or 2), in step S31, utilizes an algorithm such as MD5 to calculate a hash value based on the FQDN obtained from the
然后,在步骤S32中,UID管理部分11(或21)将原始FQDN的N个报头(或前导)字节、间隔符(#)和散列值认作替代的FQDN,并通过将标识符和用户空间组合而生成UID。为了使FQDN能够被指定,由于允许多个FQDN对应同一个散列值,所以将原始FQDN的N个报头(或前导)字节包括在替代的FQDN中。FQDN由按如下顺序的用户名、主机名、子域名、域名、组织类型和国家代码规定。对这个顺序的后面部分来说,FQDN的识别更加困难,但是由于FQDN的标题部分没有信息重叠(即,FQDN的标题部分的信息不匹配),所以有可能通过标题部分来指定FQDN。Then, in step S32, the UID management section 11 (or 21) considers N header (or leading) bytes, a spacer (#) and a hash value of the original FQDN as an alternative FQDN, and by combining the identifier and User space combination to generate UID. In order to enable the FQDN to be specified, since multiple FQDNs are allowed to correspond to the same hash value, N header (or leading) bytes of the original FQDN are included in the substitute FQDN. The FQDN is specified by username, hostname, subdomain, domain name, organization type, and country code in the following order. Identification of the FQDN is more difficult for later parts of the sequence, but since there is no information overlap in the header part of the FQDN (ie, the information in the header part of the FQDN does not match), it is possible to specify the FQDN by the header part.
通过到散列值的转换而从FQDN生成UID,具有任意长度的该散列值可以作为唯一对应FQDN并被用作替代的UID。The UID is generated from the FQDN by conversion to a hash value which, with any length, can be uniquely corresponding to the FQDN and used as an alternative UID.
此外,UID管理部分11(或21)可以通过对替代的FQDN执行检索操作,而从散列表17(或27)获取原始的FQDN。因此,文档管理装置1(或2)可以以一般方式对构成UID生成装置3的LDAP服务器进行访问。Furthermore, the UID management section 11 (or 21) can acquire the original FQDN from the hash table 17 (or 27) by performing a retrieval operation on the substituted FQDN. Therefore, the document management apparatus 1 (or 2) can access the LDAP server constituting the
本申请要求2005年10月28日向日本专利局提交的日本专利申请No.2005-315056以及2006年10月11日向日本专利局提交的日本专利申请No.2006-278079的优先权,其公开内容在此引入作为参考。This application claims priority to Japanese Patent Application No. 2005-315056 filed with the Japan Patent Office on October 28, 2005 and Japanese Patent Application No. 2006-278079 filed to the Japan Patent Office on October 11, 2006, the disclosure of which is at This is incorporated by reference.
此外本发明不仅限于这些实施例,并且在不背离本发明的范围的条件下可以作出各种改变和修改。Also the present invention is not limited to these embodiments, and various changes and modifications can be made without departing from the scope of the present invention.
Claims (3)
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2005315056 | 2005-10-28 | ||
JP315056/05 | 2005-10-28 | ||
JP278079/06 | 2006-10-11 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101004745A CN101004745A (en) | 2007-07-25 |
CN100495397C true CN100495397C (en) | 2009-06-03 |
Family
ID=38703889
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB2006100640501A Expired - Fee Related CN100495397C (en) | 2005-10-28 | 2006-10-30 | Document management system, document management device and document management method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN100495397C (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101965709B (en) * | 2008-03-10 | 2013-12-11 | 三菱电机株式会社 | Secret information management apparatus, information processing apparatus, and secret information management system |
CN103854116A (en) * | 2012-12-03 | 2014-06-11 | 四川电力超高压建设管理公司 | Distributed remote drawing method implementation |
-
2006
- 2006-10-30 CN CNB2006100640501A patent/CN100495397C/en not_active Expired - Fee Related
Non-Patent Citations (1)
Title |
---|
数字校园中基于LDAP的统一用户身份管理技术研究. 张辉,杨岳湘,汪诗林.计算机工程与科学,第27卷第1期. 2005 * |
Also Published As
Publication number | Publication date |
---|---|
CN101004745A (en) | 2007-07-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7664829B2 (en) | Document managing system, document managing apparatus and document managing method | |
US12118541B2 (en) | Recordation of device usage to blockchains | |
US11228597B2 (en) | Providing control to tenants over user access of content hosted in cloud infrastructures | |
EP3255567B1 (en) | Method and apparatus for content sharing | |
US8370910B2 (en) | File server for translating user identifier | |
US10771261B1 (en) | Extensible unified multi-service certificate and certificate revocation list management | |
JP6573044B1 (en) | Data management system | |
US8090853B2 (en) | Data access control | |
US8510860B2 (en) | Local storage of information pedigrees | |
JP2008186330A (en) | Use authorization managing device, content sharing system, content sharing method and content sharing program | |
US9355270B2 (en) | Security configuration systems and methods for portal users in a multi-tenant database environment | |
US20240061825A1 (en) | Method and system for using external content type object types | |
EP4307153A1 (en) | Tamper-evident storage of media streams | |
US7882130B2 (en) | Method and apparatus for requestor sensitive role membership lookup | |
US20020019822A1 (en) | Database management system, method and program | |
CN100495397C (en) | Document management system, document management device and document management method | |
KR20180033069A (en) | Image processing apparatus, control method therefor, and storage medium | |
CN116886758B (en) | Cloud storage information security management method, device, system and storage medium | |
KR20070038665A (en) | Distributed File System and Its Operation Method | |
JP6229997B2 (en) | Data management system and program | |
JP6809581B2 (en) | Data management system | |
JP4492569B2 (en) | File operation control device, file operation control system, file operation control method, and file operation control program | |
JP2008204413A (en) | Information processing system and information processing program | |
CN116886758A (en) | Cloud storage information security management method, device, system and storage medium | |
CN115269538A (en) | A file processing method, device, device and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090603 Termination date: 20181030 |
|
CF01 | Termination of patent right due to non-payment of annual fee |