Access control for an e-commerce application
First Claim
1. A system for selectively granting access to a target object, comprising:
- an object data store that includes a plurality of hierarchically structured target objects and a plurality of hierarchically structured actor objects;
an action data store that includes a plurality of action objects;
an access control instruction data store comprising a plurality of hierarchically structured access control instructions;
a context comprising an actor attribute, an action attribute, and a target attribute; and
an access determination engine configured to selectively grant access to the target object based on a first set of access control instructions having attributes that match the context and a second set of access control instructions having attributes that are hierarchically broader than the attributes of the context.
6 Assignments
0 Petitions
Accused Products
Abstract
A system and method for selectively granting access to a target object. In one embodiment, the system includes an object data store, an access control instruction data store, an action data store, a context, and an access determination engine. The object data store includes a plurality of hierarchically structured target objects and a plurality of hierarchically structured actor objects. The access control instruction data store includes a plurality of hierarchically structured access control instructions. The action data store comprising a plurality action objects. The context includes an actor attribute, an action attribute, and a target attribute. The access determination engine configured to selectively grant access to the target object based on a first set of access control instructions having attributes that match the context and a second set of access control instructions having attributes that are hierarchically broader than the attributes of the context.
30 Citations
20 Claims
-
1. A system for selectively granting access to a target object, comprising:
-
an object data store that includes a plurality of hierarchically structured target objects and a plurality of hierarchically structured actor objects;
an action data store that includes a plurality of action objects;
an access control instruction data store comprising a plurality of hierarchically structured access control instructions;
a context comprising an actor attribute, an action attribute, and a target attribute; and
an access determination engine configured to selectively grant access to the target object based on a first set of access control instructions having attributes that match the context and a second set of access control instructions having attributes that are hierarchically broader than the attributes of the context. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for selectively granting access to a target object, comprising:
-
receiving a context comprising an actor attribute, an action attribute, and a target attribute;
determining a first set of hierarchically broader actor attributes based on the actor attribute;
determining a second set of hierarchically broader action attributes based on the action attribute;
determining a third set of hierarchically broader target attributes based on the target attribute and;
determining a set of relevant access control instructions according to the actor, action, and target attributes and the first, second, and third sets of hierarchically broader relevant attributes. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer program product, comprising a computer readable medium having computer code embodied therein for selectively granting access to a target object comprising:
-
a computer readable program code device configured as an object data store comprised of a plurality of hierarchically structured target objects and a plurality of hierarchically structured actor objects;
a computer readable program code device configured as an access control instruction data store comprising a plurality of hierarchically structured access control instructions;
a computer readable program code device configured as an action data store comprising a plurality action objects a computer readable program code device configured as a context comprising an actor attribute, an action attribute, and a target attribute; and
an access determination engine configured to selectively grant access to the target object based on a first set of access control instructions having attributes that match the context and a second set of access control instructions having attributes that are hierarchically broader than the attributes of the context.
-
-
19. A system for selectively granting access to a target object, comprising;
-
means for receiving a context comprising an actor attribute, an action attribute, and a target attribute;
means for determining a first set of hierarchically broader actor attributes based on the actor attribute;
means for determining a second set of hierarchically broader action attributes based on the action attribute;
means for determining a third set of hierarchically broader target attributes based on the target attribute; and
means for determining a set of relevant access control instructions according to the actor, action, and target attributes and the first, second, and third sets of hierarchically broader relevant attributes.
-
-
20. A computer program product comprising a computer useable medium having computer readable code embodied therein selectively granting access to a target object, the computer program product adapted when run on a computer to execute steps, including:
-
receiving a context comprising an actor attribute, an action attribute, and a target attribute;
determining a first set of hierarchically broader actor attributes based on the actor attribute;
determining a second set of hierarchically broader actin attributes based on the actin attribute;
determining a third set of hierarchically broader target attributes based on the target attribute; and
determining a set of relevant access control instructions according to the actor action, and target attributes and the first, second and third sets of hierarchically broader relevant attributes.
-
Specification