US2005138412A1PendingUtilityA1

Resource management with policies

33
Priority: Feb 14, 2003Filed: Feb 7, 2005Published: Jun 23, 2005
Est. expiryFeb 14, 2023(expired)· nominal 20-yr term from priority
Y10S707/99939G06F 9/50
33
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A system, method and media for controlling access to a resource in a distributed computing environment, comprising: receiving a request for a principal to access the resource; determining a policy that is appropriate for the principal given the resource; determining whether access to the resource is allowed given the policy.

Claims

exact text as granted — not AI-modified
1 . A method for controlling access to a resource in a distributed computing environment, comprising: 
 receiving a request for a principal to access the resource;    determining a policy that is appropriate for the principal given the resource;    determining whether access to the resource is allowed given the policy;    wherein the policy is associated with a first resource in a hierarchy of resources; and    wherein the policy can supersede a second policy associated with a parent of the resource in the hierarchy of resources.    
     
     
         2 . The method of  claim 1  wherein: 
 a policy includes one or more expressions.    
     
     
         3 . The method of  claim 1  wherein the step of determining whether to allow access to the resource includes: 
 evaluating the policy.    
     
     
         4 . The method of  claim 1  wherein: 
 a resource is part of an enterprise application.    
     
     
         5 . The method of  claim 1  wherein: 
 a resource can inherit a policy.    
     
     
         6 . The method of  claim 1  wherein: 
 the policy evaluates to true or false for the principal.    
     
     
         7 . The method of  claim 1  wherein: 
 a policy includes one or more predicates.    
     
     
         8 . The method of  claim 1 , further comprising: 
 responding to the request.    
     
     
         9 . A machine readable medium having instructions stored thereon to cause a system to: 
 receive a request for a principal to access a resource;    determine a policy that is appropriate for the principal given the resource;    determine whether access to the resource is allowed given the policy;    wherein the policy is associated with a first resource in a hierarchy of resources; and    wherein the policy can supersede a second policy associated with a parent of the resource in the hierarchy of resources.    
     
     
         10 . A system for controlling access to a resource in a distributed computing environment, comprising: 
 a security framework capable of receiving a request for a principal to access the resource;    a component coupled to the security framework and capable of determining whether access to the resource is allowed given the policy;    wherein the policy is associated with a first resource in a hierarchy of resources; and    wherein the policy can supersede a second policy associated with a parent of the resource in the hierarchy of resources.    
     
     
         11 . The system of  claim 10  wherein: 
 a policy includes one or more expressions.    
     
     
         12 . The system of  claim 10  wherein: 
 determining whether to allow access to the resource includes evaluating the policy.    
     
     
         13 . The system of  claim 10  wherein: 
 a resource is part of an enterprise application.    
     
     
         14 . The system of  claim 10  wherein: 
 a resource can inherit a policy.    
     
     
         15 . The system of  claim 10  wherein: 
 the policy evaluates to true or false for the principal.    
     
     
         16 . The system of  claim 10  wherein: 
 a policy includes one or more predicates.    
     
     
         17 . The system of  claim 10  wherein: 
 the security framework is capable of responding to the request.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.