Remote interface for policy decisions governing access control
First Claim
1. A method of controlling access to resources, said method comprising:
- storing a policy decision for a resource in local memory, said policy decision received from a source of policy definitions, said policy decision based on a policy definition governing access to said resource and on requester identifying information provided to said source;
receiving a request for access to said resource, said request comprising said requester identifying information; and
evaluating said request using said policy decision in said local memory instead of referring said request to said source for evaluation.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems thereof for controlling access to resources are described. When a user attempts to access a resource via a remote interface such as a Web server, the request is initially evaluated by a source of policy definitions such as a policy server. This source returns a policy decision to the remote interface. The policy decision is stored in memory by the remote interface. The remote interface can then evaluate subsequent requests from the user for the resource using the stored policy decision instead of having to communicate again with the source for the policy decision. Enhancements to this approach are also described. Accordingly, policy definitions and decisions are more efficiently implemented.
106 Citations
25 Claims
-
1. A method of controlling access to resources, said method comprising:
-
storing a policy decision for a resource in local memory, said policy decision received from a source of policy definitions, said policy decision based on a policy definition governing access to said resource and on requester identifying information provided to said source;
receiving a request for access to said resource, said request comprising said requester identifying information; and
evaluating said request using said policy decision in said local memory instead of referring said request to said source for evaluation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of controlling access to resources, said method comprising:
-
receiving a request for access to a resource, said request comprising requestor identifying information, wherein said request is referred to a source of a policy definition that governs access to said resource for evaluation;
receiving from said source a policy decision for said resource, said policy decision based on said policy definition and said requestor identifying information; and
storing said policy decision in local memory, wherein a subsequent request for said resource is evaluated locally using said policy decision stored in memory. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer-usable medium having computer-readable program code embodied therein for causing a computer system to perform a method of controlling access to resources, said method comprising:
-
storing in memory a policy decision for a first resource, said policy decision received from a source of policy definitions, said policy decision based on a policy definition governing access to said first resource and on requestor identifying information provided to said source;
receiving a request for access to said first resource, said request comprising said requester identifying information; and
evaluating said request using said policy decision stored in said memory instead of referring said request to said source for evaluation. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
Specification