Dynamic access control of resources in a computing environment
First Claim
Patent Images
1. A method comprising:
- over a period of time, continuously monitoring, by a policy retrieval point executing on a processor device, at least one new policy creation location for a new policy rule;
detecting that a first new policy rule has been added to the at least one new policy creation location;
storing the first new policy rule in a core policy rule structure that comprises a plurality of policy rules;
receiving a request for new policy rules;
communicating the first new policy rule toward a policy decision point in response to the request for the new policy rules;
subsequent to communicating the first new policy rule toward the policy decision point, detecting that a second new policy rule has been added to the at least one new policy creation location;
making a determination that the second new policy rule is inconsistent with at least one policy rule of the plurality of policy rules in the core policy rule structure; and
refraining from storing the second new policy rule in the core policy rule structure based on the determination.
1 Assignment
0 Petitions
Accused Products
Abstract
Dynamic access control of resources in a computing environment is disclosed. A policy retrieval point continuously monitors at least one new policy creation location for a new policy rule. It is detected that a first new policy rule has been added to the at least one new policy creation location. The first new policy rule is stored in a core policy rule structure that comprises a plurality of policy rules. A request for new policy rules is received, and the first new policy rule is communicated toward a policy decision point in response to the request.
-
Citations
19 Claims
-
1. A method comprising:
-
over a period of time, continuously monitoring, by a policy retrieval point executing on a processor device, at least one new policy creation location for a new policy rule; detecting that a first new policy rule has been added to the at least one new policy creation location; storing the first new policy rule in a core policy rule structure that comprises a plurality of policy rules; receiving a request for new policy rules; communicating the first new policy rule toward a policy decision point in response to the request for the new policy rules; subsequent to communicating the first new policy rule toward the policy decision point, detecting that a second new policy rule has been added to the at least one new policy creation location; making a determination that the second new policy rule is inconsistent with at least one policy rule of the plurality of policy rules in the core policy rule structure; and refraining from storing the second new policy rule in the core policy rule structure based on the determination. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computing system, comprising:
-
one or more memories; and one or more processor devices coupled to the one or more memories, the one or more processor devices to; over a period of time, continuously monitor at least one new policy creation location for a new policy rule; detect that a first new policy rule has been added to the at least one new policy creation location; store the first new policy rule in a core policy rule structure that comprises a plurality of policy rules; receive a request for new policy rules; communicate the first new policy rule toward a policy decision point in response to the request for the new policy rules; subsequent to communicating the first new policy rule toward the policy decision point, detect that a second new policy rule has been added to the at least one new policy creation location; make a determination that the second new policy rule is inconsistent with at least one policy rule of the plurality of policy rules in the core policy rule structure; and refrain from storing the second new policy rule in the core policy rule structure based on the determination. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A non-transitory computer program product stored on a non-transitory computer-readable storage medium and including instructions to cause one or more processor devices to:
-
over a period of time, continuously monitor at least one new policy creation location for a new policy rule; detect that a first new policy rule has been added to the at least one new policy creation location; store the first new policy rule in a core policy rule structure that comprises a plurality of policy rules; receive a request for new policy rules; communicate the first new policy rule toward a policy decision point in response to the request for the new policy rules; subsequent to communicating the first new policy rule toward the policy decision point, detect that a second new policy rule has been added to the at least one new policy creation location; make a determination that the second new policy rule is inconsistent with at least one policy rule of the plurality of policy rules in the core policy rule structure; and refrain from storing the second new policy rule in the core policy rule structure based on the determination. - View Dependent Claims (16, 17, 18, 19)
-
Specification