System and method for enforcing user policies on a web server
First Claim
1. ) A method for accessing information comprising:
- a) using a generic policy agent to intercept a request made by a client for a resource accessible from a server;
b) accessing a token in the header portion of said request;
c) accessing a user policy associated with said token from a database;
d) evaluating if said client is allowed access to said requested resource based on said user policy; and
e) if said client is allowed access to said requested information, directing said user to said requested resource, wherein said d) and e) are performed by said generic policy agent.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for enforcing user policies on web servers. Embodiments of the present invention include a policy agent that enforces user policies on web servers that is generic to any web server platform. In one embodiment, a generic policy engine comprises a core policy level that caches the policy definitions by fetching user policies from an identity server and returns the policy values and an interface layer that interfaces the policy library with the web server and enforces the policies for specific users and applications. In one embodiment of the present invention, one core policy library can be shared by a plurality of policy agents running on different web servers.
-
Citations
31 Claims
-
1. ) A method for accessing information comprising:
-
a) using a generic policy agent to intercept a request made by a client for a resource accessible from a server;
b) accessing a token in the header portion of said request;
c) accessing a user policy associated with said token from a database;
d) evaluating if said client is allowed access to said requested resource based on said user policy; and
e) if said client is allowed access to said requested information, directing said user to said requested resource, wherein said d) and e) are performed by said generic policy agent. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. ) A computer implemented system for regulating access to information comprising:
-
a) a generic agent interface coupled to a server for intercepting an incoming HTTP request associated with a user and for enforcing user policies for a predetermined resource;
b) a generic policy library for fetching and storing said user policies for a plurality of users and HTTP resources; and
c) a generic policy engine that accesses said policy library and uses said user policies to determine a policy value, wherein said policy value is sent to said generic agent interface wherein said policy is enforced and wherein further said generic policy engine is not application specific. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. ) In a server system comprising a processor coupled to a bus and a memory coupled to said bus, a computer readable medium comprising instructions that when executed implement a method of accessing information said method comprising:
-
a) using a generic policy agent to intercept an HTTP request made by a client for a resource accessible from said server system;
b) accessing a token in a header portion of said HTTP request to determine if a cookie is present and if no cookie is present, directing said client to an authentication application;
c) provided said cookie is present, accessing a user policy associated with said token from a database;
d) using a generic policy agent to determine if said client is allowed access to said requested resource based on said user policy wherein said generic policy agent comprises an application inspecific policy engine; and
e) if said client is allowed access to said requested resource, using an application specific policy agent to direct said user to said requested resource. - View Dependent Claims (21, 22, 23, 24, 25)
-
-
26. ) A communication system comprising:
-
an application specific agent interface module for enforcing a policy regarding a user access request for resources and wherein said agent interface module comprises server-specific instructions;
a generic policy engine for evaluating said user access request and for determining said policy based thereon and wherein said generic policy engine is application inspecific and wherein further said user access request identifies said user and said resources and wherein said policy indicates allowance or rejection of said request; and
an identity server coupled to communicate with said policy engine and for containing mapping information. - View Dependent Claims (27, 28, 29, 30, 31)
-
Specification