US2005138412A1PendingUtilityA1
Resource management with policies
Priority: Feb 14, 2003Filed: Feb 7, 2005Published: Jun 23, 2005
Est. expiryFeb 14, 2023(expired)· nominal 20-yr term from priority
Y10S707/99939G06F 9/50
33
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
A system, method and media for controlling access to a resource in a distributed computing environment, comprising: receiving a request for a principal to access the resource; determining a policy that is appropriate for the principal given the resource; determining whether access to the resource is allowed given the policy.
Claims
exact text as granted — not AI-modified1 . A method for controlling access to a resource in a distributed computing environment, comprising:
receiving a request for a principal to access the resource; determining a policy that is appropriate for the principal given the resource; determining whether access to the resource is allowed given the policy; wherein the policy is associated with a first resource in a hierarchy of resources; and wherein the policy can supersede a second policy associated with a parent of the resource in the hierarchy of resources.
2 . The method of claim 1 wherein:
a policy includes one or more expressions.
3 . The method of claim 1 wherein the step of determining whether to allow access to the resource includes:
evaluating the policy.
4 . The method of claim 1 wherein:
a resource is part of an enterprise application.
5 . The method of claim 1 wherein:
a resource can inherit a policy.
6 . The method of claim 1 wherein:
the policy evaluates to true or false for the principal.
7 . The method of claim 1 wherein:
a policy includes one or more predicates.
8 . The method of claim 1 , further comprising:
responding to the request.
9 . A machine readable medium having instructions stored thereon to cause a system to:
receive a request for a principal to access a resource; determine a policy that is appropriate for the principal given the resource; determine whether access to the resource is allowed given the policy; wherein the policy is associated with a first resource in a hierarchy of resources; and wherein the policy can supersede a second policy associated with a parent of the resource in the hierarchy of resources.
10 . A system for controlling access to a resource in a distributed computing environment, comprising:
a security framework capable of receiving a request for a principal to access the resource; a component coupled to the security framework and capable of determining whether access to the resource is allowed given the policy; wherein the policy is associated with a first resource in a hierarchy of resources; and wherein the policy can supersede a second policy associated with a parent of the resource in the hierarchy of resources.
11 . The system of claim 10 wherein:
a policy includes one or more expressions.
12 . The system of claim 10 wherein:
determining whether to allow access to the resource includes evaluating the policy.
13 . The system of claim 10 wherein:
a resource is part of an enterprise application.
14 . The system of claim 10 wherein:
a resource can inherit a policy.
15 . The system of claim 10 wherein:
the policy evaluates to true or false for the principal.
16 . The system of claim 10 wherein:
a policy includes one or more predicates.
17 . The system of claim 10 wherein:
the security framework is capable of responding to the request.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.