VIRTUAL REPRESENTATION

20100057746

12/201836

August 29, 2008

A computer implemented method provides a way of storing custom access control rules with information to which they apply. The rules can be associated with individual pieces of information, to provide a finer grained level of access without the need for prior knowledge of all potential entities that may access the information. The stored data and access control rules may be associated with a virtual representation of an entity, which may be one of many virtual representations of different entities managed within a globally accessible and federated information store. The access control rules can be based on querying information associated with the virtual representation of a requesting party, or information accessible by navigating relationships associated with that virtual representation, thereby providing great flexibility.

BROWN, Gary (Hitchin, GB); BROWN, Vivien (Hitchin, GB); BROWN, Pauline (Northleach, GB); BROWN, David (Northleach, GB)

1. A computer implemented method of governing access to data stored in an electronic data store, comprising the steps of: receiving from a first entity the data and a set of access control rules to govern access rights to the data; and, storing the data together with the set of access control rules in the electronic data store, such that any subsequent attempt to access the stored data is governed by access control rules in the stored set associated with the stored data.

2. A method according to claim 1, further comprising the steps of: subsequently receiving a request from a second entity for access to the data in the data store; and, granting to the second entity access rights to the data in accordance with access control rules in the stored set associated with the data in dependence on information associated with the second entity.

3. A method according to claim 2, wherein the information associated with the second entity is directly associated with the second entity.

4. A method according to claim 2, wherein the information associated with the second entity is indirectly accessible via relationships associated with the second entity.

5. A method according to claim 2, wherein the second entity is the first entity and full access rights are granted to the first entity.

6. A method according to claim 1, wherein the access rights to the data governed by the set of access control rules include data read, update and delete rights.

7. A method according to claim 1, wherein the set of access control rules is recorded with a record in a relational database (RDBMS).

8. A method according to claim 1, wherein the set of access control rules is bound to an object stored within an object database (ODBMS).

9. A method according to claim 1, wherein the stored data and access control rules are associated with a virtual representation of a third entity.

10. A method according to claim 9, wherein the third entity is an individual person.

11. A method according to claim 9, wherein the third entity is an organisation.

12. A method according to claim 9, further comprising the steps of: subsequently receiving a request from the third entity for access to the data in the data store; and, granting to the third entity access rights to the data in accordance with access control rules in the stored set associated with the data in dependence on information associated with the third entity.

13. A method according to claim 9, wherein the virtual representation is referenced by means of a unique identifier.

14. A method according to claim 13, wherein the virtual representation is referenced by means of a universal resource locator (URL) over a communications network.

15. A method according to claim 13, wherein the unique identifier is obtainable by means of a query based on public information in the virtual representation of the third entity.

16. A method according to claim 9, wherein the stored data represents relationships between the virtual representation of a third entity and virtual representations of other entities.

17. A method according to claim 9, wherein the virtual representation of the third entity is one of many virtual representations of different entities managed by a fourth entity within a globally accessible and federated information store.

18. A method according to claim 9, wherein the virtual representation of the third entity is created by an official agency.

19. A method according to claim 9, further comprising the steps of: subsequently receiving a request from another entity to associate further data with the virtual representation of the third entity; and, granting to the other entity create rights to associate the further data and any related access control rules with the virtual representation of the third entity in accordance with create rules associated with the virtual representation of the third entity.

20. A method according to claim 19, wherein the further data represents relationships between the virtual representation of the third entity and virtual representations of other entities.

21. A method according to claim 19, wherein if no create rules apply the method further comprises the step of contacting the third party for manual approval to associate the further data and any related access control rules with the virtual representation of the third party.

22. A system for managing and providing access to virtual representations of entities, the system comprising: a plurality of globally federated and replicated servers, the servers being located in one or more different domains; a plurality of data stores associated with the servers, the data stores being located in the one or more different domains, wherein the plurality of servers and data stores are adapted to implement the method according to claim 17.

23. A system according to claim 22, wherein the different domains are different national jurisdictions and the servers and data stores located in each different national jurisdiction are managed by an official agency of that national jurisdiction.

707/10

06

edspap.20100057746