INTELLIGENT TRUST MANAGEMENT METHOD AND SYSTEM
First Claim
1. In a computer system, a method of making a decision on a proposed action of an system component, comprising the steps of, receiving action information from an system component, the information including the proposed action, obtaining a policy corresponding to the proposed action, dynamically obtaining variable information at the policy from a source independent of the system component, making a decision via executable code in the policy based on the variable information, and returning the decision to the system component.
2 Assignments
0 Petitions
Accused Products
Abstract
Intelligent Trust Management provides a centralized security facility that gives system components a flexible mechanism for implementing security policies. System components such as applications create a request describing an action that needs to be checked against an appropriate security policy. The request is given to a trust system that determines which policy object applies to the request, and may pass request arguments to the policy. The policy objects include executable code that uses any arguments along with dynamically obtained variable information to make a decision. The decision is returned to the system component, which then operates accordingly. Policy objects may maintain state and interface with the user independent of the system component in order to obtain information to make their decisions. Policy objects may call other policy objects and/or mathematically combine the results of other policy objects to make a decision.
141 Citations
33 Claims
- 1. In a computer system, a method of making a decision on a proposed action of an system component, comprising the steps of, receiving action information from an system component, the information including the proposed action, obtaining a policy corresponding to the proposed action, dynamically obtaining variable information at the policy from a source independent of the system component, making a decision via executable code in the policy based on the variable information, and returning the decision to the system component.
- 23. In a computer system, a system for making a decision requested by an system component, comprising, a trust manager for receiving an action proposed by the system component, a policy manager for maintaining a relationship between actions and policies, the trust manager obtaining a policy corresponding to the action from the policy manager, and wherein the policy makes a decision based on dynamic information obtained by the policy.
Specification