Definition of low-level security rules in terms of high-level security concepts
First Claim
Patent Images
1. A system comprising:
- a pluggable security policy enforcement module configured to be replaceable in the system and to provide different granularities of control for a business logic in the system, wherein the business logic processes requests submitted to the system.
1 Assignment
0 Petitions
Accused Products
Abstract
A set of pluggable rules are used to define low-level security rules in terms of high-level security concepts. The rules are part of a pluggable module that can interact with a business logic to provide different granularities of control.
-
Citations
39 Claims
-
1. A system comprising:
a pluggable security policy enforcement module configured to be replaceable in the system and to provide different granularities of control for a business logic in the system, wherein the business logic processes requests submitted to the system. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. One or more computer-readable media comprising computer-executable instructions that, when executed, direct a processor to perform acts including:
-
receiving a request to perform an operation;
checking whether to access a business logic in order to generate a result for the requested operation;
obtaining, from the business logic, a set of zero or more additional tests to be performed in order to generate the result;
performing each additional test in the set of tests if there is at least one test in the set of tests;
checking a set of pluggable rules to determine the result of the requested operation; and
returning, as the result, a failure indication if checking the business logic or checking the set of pluggable rules indicates that the result is a failure, otherwise returning, as the result, a success indication. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method comprising:
-
providing high-level permission concepts for security rules;
allowing a set of security rules to be defined using the high-level permission concepts, wherein the set of security rules allows permissions to be assigned to users of an application; and
determining, based at least in part on a permission assigned to a user, whether to permit an operation based on a request by the user. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
-
26. A method comprising:
-
receiving a request to perform an operation;
accessing a set of low-level rules, wherein the low-level rules are defined in terms of high-level concepts;
checking whether a user requesting to perform the operation is entitled to perform the operation based at least in part on the set of low-level rules; and
returning an indication of whether the operation is allowed or not allowed. - View Dependent Claims (27, 28, 29, 30)
-
-
31. A method comprising:
-
assigning high level security concepts to an application domain; and
allowing a set of pluggable rules to define low-level rules, in terms of the high level security concepts, for different business logic in the application domain. - View Dependent Claims (32, 33, 34)
-
-
35. An architecture comprising:
-
a plurality of resources;
a business logic layer to process, based at least in part on the plurality of resources, requests received from a client; and
a pluggable security policy enforcement module to enforce security restrictions on accessing information stored at the plurality of resources. - View Dependent Claims (36, 37, 38, 39)
-
Specification