Policy inheritance through nested groups

US 20050097166A1
Filed: 10/08/2004
Published: 05/05/2005
Est. Priority Date: 10/10/2003
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for policy inheritance, comprising:

defining a first group wherein the first group refers to at least one of;

a user and a group different from the first group;

defining a second group wherein the second group is nested within the first group;

defining a first policy wherein the first policy includes a resource, a subject and one of;

an action and a role, and wherein the subject includes the first group;

inheriting the first policy by the second group;

wherein the resource is part of a resource hierarchy; and

wherein the first policy can be used to control access to the resource.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented system and method for policy inheritance, comprising, defining a first group wherein the first group refers to at least one of: a user and a group different from the first group, defining a second group wherein the second group is nested within the first group, defining a first policy wherein the first policy includes a resource, a subject and one of, an action and a role, and wherein the subject includes the first group, inheriting the first policy by the second group, wherein the resource is part of a resource hierarchy, and wherein the first policy can be used to control access to the resource.

Citations

27 Claims

1. A computer-implemented method for policy inheritance, comprising:
- defining a first group wherein the first group refers to at least one of;
  
  a user and a group different from the first group;
  
  defining a second group wherein the second group is nested within the first group;
  
  defining a first policy wherein the first policy includes a resource, a subject and one of;
  
  an action and a role, and wherein the subject includes the first group;
  
  inheriting the first policy by the second group;
  
  wherein the resource is part of a resource hierarchy; and
  
  wherein the first policy can be used to control access to the resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-implemented method of claim 1, further comprising:
    - defining a second policy wherein the second policy includes a second resource, a second subject and one of;
      
      a second action and a second role; and
      
      wherein the second subject includes the second group.
  - 3. The computer-implemented method of claim 2 wherein:
    - the first group does not inherit the second policy.
  - 4. The computer-implemented method of claim 1 wherein:
    - the resource hierarchy represents an application.
  - 5. The computer-implemented method of claim 1 wherein:
    - the policy includes a constraint.
  - 6. The computer-implemented method of claim 1 wherein:
    - the second group has more actions than the first group.
  - 7. The computer-implemented method of claim 1, further comprising:
    - granting the second group access to the resource based on the first policy.
  - 8. The computer-implemented method of claim 1, further comprising:
    - defining a third group wherein the third group is nested within the second group; and
      
      wherein the third group inherits the first policy.
  - 9. The computer-implemented method of claim 2, further comprising:
    - defining a third group wherein the third group is nested within the second group; and
      
      wherein the third group inherits the first policy and the second policy.
  - 10. A distributed security system capable of performing the method of claim 1.

11. A computer-implemented method for policy inheritance, comprising:
- defining a first group wherein the first group refers to at least one of;
  
  a user and a group different from the first group;
  
  defining a second group wherein the second group is nested within the first group;
  
  defining a first policy wherein the first policy includes a resource, a subject and one of;
  
  an action and a role, and wherein the subject includes the first group;
  
  inheriting the first policy by the second group;
  
  wherein the resource is part of a resource hierarchy;
  
  wherein the first policy can be used to control access to the resource; and
  
  wherein the resource hierarchy represents an application.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The computer-implemented method of claim 11, further comprising:
    - defining a second policy wherein the second policy includes a second resource, a second subject and one of;
      
      a second action and a second role; and
      
      wherein the second subject includes the second group.
  - 13. The computer-implemented method of claim 12 wherein:
    - the first group does not inherit the second policy.
  - 14. The computer-implemented method of claim 11, further comprising:
    - granting the second group access to the resource based on the first policy.
  - 15. The computer-implemented method of claim 11, further comprising:
    - defining a third group wherein the third group is nested within the second group; and
      
      wherein the third group inherits the first policy.
  - 16. The computer-implemented method of claim 12, further comprising:
    - defining a third group wherein the third group is nested within the second group; and
      
      wherein the third group inherits the first policy and the second policy.
  - 17. A distributed security system capable of performing the method of claim 11.

18. A machine readable medium having instructions stored thereon to cause a system to:
- define a first group wherein the first group refers to at least one of;
  
  a user and a group different from the first group;
  
  define a second group wherein the second group is nested within the first group;
  
  define a first policy wherein the first policy includes a resource, a subject and one of;
  
  an action and a role, and wherein the subject includes the first group;
  
  inherit the first policy by the second group;
  
  wherein the resource is part of a resource hierarchy; and
  
  wherein the first policy can be used to control access to the resource.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. The machine readable medium of claim 18, further comprising instructions stored thereon to cause the system to:
    - define a second policy wherein the second policy includes a second resource, a second subject and one of;
      
      a second action and a second role; and
      
      wherein the second subject includes the second group.
  - 20. The machine readable medium of claim 19 wherein:
    - the first group does not inherit the second policy.
  - 21. The machine readable medium of claim 18 wherein:
    - the resource hierarchy represents an application.
  - 22. The machine readable medium of claim 18 wherein:
    - the policy includes a constraint.
  - 23. The machine readable medium of claim 18 wherein:
    - the second group has more actions than the first group.
  - 24. The machine readable medium of claim 18, further comprising instructions stored thereon to cause the system to:
    - grant the second group access to the resource based on the first policy.
  - 25. The machine readable medium of claim 18, further comprising instructions stored thereon to cause the system to:
    - define a third group wherein the third group is nested within the second group; and
      
      wherein the third group inherits the first policy.
  - 26. The machine readable medium of claim 19, further comprising instructions stored thereon to cause the system to:
    - define a third group wherein the third group is nested within the second group; and
      
      wherein the third group inherits the first policy and the second policy.

27. A computer signal embodied in a transmission medium, comprising:
- a code segment including instructions for defining a first group wherein the first group refers to at least one of;
  
  a user and a group different from the first group;
  
  a code segment including instructions for defining a second group wherein the second group is nested within the first group;
  
  a code segment including instructions for defining a first policy wherein the first policy includes a resource, a subject and one of;
  
  an action and a role, and wherein the subject includes the first group;
  
  a code segment including instructions for inheriting the first policy by the second group;
  
  wherein the resource is part of a resource hierarchy; and
  
  wherein the first policy can be used to control access to the resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
BEA Systems Incorporated (Oracle Corporation)
Inventors
Xu, Mingde, Byrne, David, Howes, Jason, Patrick, Paul, Riendeau, Richard J., Yagen, Kenneth D., Falco, Mark A.

Granted Patent

US 7,644,432 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/203
CPC Class Codes

H04L 63/20 for managing network securi...

Policy inheritance through nested groups

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Policy inheritance through nested groups

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links