System and method for rule-based entitlements
First Claim
Patent Images
1. A method of authorization, comprising:
- associating at least one role with a resource;
associating at least one capability with the at least one role; and
determining whether to permit a resource operation based on the at least one capability.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method of authorization comprising associating at least one role with a resource, associating at least one capability with the at least one role, and determining whether to permit a resource operation based on the at least one capability.
159 Citations
104 Claims
-
1. A method of authorization, comprising:
-
associating at least one role with a resource;
associating at least one capability with the at least one role; and
determining whether to permit a resource operation based on the at least one capability. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of authorization, comprising:
-
intercepting a resource operation, the resource operation identifying a resource;
associating at least one role with the resource;
associating at least one capability with the at least one role; and
allowing the resource operation if the resource operation is permitted based on the at least one capability. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A method of authorization, comprising:
-
sending a resource request from a client to an access controller, wherein the access controller associates at least one capability with the resource request; and
sending an indication of whether the resource request is permitted from the access controller to the client based on the at least one capability; and
wherein associating the at least one capability with the resource request includes associating at least one role with a resource identified in the resource request. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. A system for authorization, comprising:
-
an access controller adapted to accept a resource operation from a client;
a role mapper coupled to the access controller, the role mapper to associate at least one role with the client; and
a decision module coupled to the access controller, to determine whether access to a resource specified in the resource operation is permitted based upon the at least one role. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 76, 78)
-
-
53. A system for authorization, comprising:
-
a client adapted to send a resource operation to an access controller;
wherein the access controller is coupled to a role mapper, the role mapper to associate at least one role with a client; and
wherein the access controller is coupled to an access decision module, the access decision module to determine whether access to a resource specified in the resource operation is permitted based upon the role at least one role. - View Dependent Claims (54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65)
-
-
66. A system for authorization, comprising:
-
a client;
an access controller to accept a resource operation from the client, wherein the resource operation identifies a resource;
a role mapper coupled to the access controller, to associate at least one role with a client; and
an access decision module coupled to the access controller, to determine whether access to a resource specified in the resource operation is permitted based upon the role at least one role. - View Dependent Claims (67, 68, 69, 70, 71, 72, 73, 74, 75, 77)
-
-
79. A system for authorization, comprising:
-
a means for associating at least one role with a resource;
a means for associating at least one capability with the at least one role; and
a means for determining whether to permit a resource operation based on the at least one capability. - View Dependent Claims (80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91)
-
-
92. A machine readable medium having instructions stored thereon that when executed by a processor cause a system to:
-
associate at least one role with a resource;
associate at least one capability with the at least one role; and
determine whether to permit a resource operation based on the at least one capability. - View Dependent Claims (93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104)
-
Specification