Managing network resource access using session context
First Claim
1. A method comprising:
- establishing, at a computing device, a user session in a service domain covering a service area to which the computing device provides a network service;
determining whether an authoritative user session has already been established in the service domain;
if the authoritative user session has not already been established in the service domain, associating, to the user session, an access control list (ACL) that does not define at least one permission to the user session;
receiving a request from a user device to access a controlled network resource; and
based on whether the ACL defines the at least one permission for access to the controlled network resource, permitting or denying, to the user device, access to the controlled network resource.
0 Assignments
0 Petitions
Accused Products
Abstract
A computing device providing a network service to a service area may receive a connection request from a user device and generate a session start request to start a user session in a service domain covering the service area. One or more policy rules may be evaluated to determine whether any rule is applicable to the user device, which includes determining that an authoritative user session has already been established in the service domain. The user session may be established in the service domain for the user device, and at least one permission for access to a controlled network resource may be associated with the user session based on the determination that the authoritative user session has already been established. A request from the user device to access the controlled network resource may be received and access to the controlled network resource may be granted.
18 Citations
20 Claims
-
1. A method comprising:
-
establishing, at a computing device, a user session in a service domain covering a service area to which the computing device provides a network service; determining whether an authoritative user session has already been established in the service domain; if the authoritative user session has not already been established in the service domain, associating, to the user session, an access control list (ACL) that does not define at least one permission to the user session; receiving a request from a user device to access a controlled network resource; and based on whether the ACL defines the at least one permission for access to the controlled network resource, permitting or denying, to the user device, access to the controlled network resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus comprising:
-
one or more network ports to send/receive data packets to/from a communication network; and a microprocessor coupled to the one or more network ports, the microprocessor configured to; establish, at a computing device, a user session in a service domain covering a service area to which the computing device provides a network service; determine whether an authoritative user session has already been established in the service domain; if the authoritative user session has not already been established in the service domain, associate, to the user session, an access control list (ACL) that does not define at least one permission to the user session; receive a request from a user device to access a controlled network resource; and based on whether the ACL defines the at least one permission for access to the controlled network resource, permit or deny, to the user device, access to the controlled network resource. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable storage media encoded with instructions that, when executed by a processor of a computing device, cause the processor to:
-
establish, at the computing device, a user session in a service domain covering a service area to which the computing device provides a network service; determine whether an authoritative user session has already been established in the service domain; if the authoritative user session has not already been established in the service domain, associate, to the user session, an access control list (ACL) that does not define at least one permission to the user session; receive a request from a user device to access a controlled network resource; and based on whether the ACL defines the at least one permission for access to the controlled network resource, permit or deny, to the user device, access to the controlled network resource. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification