Invalid policy detection
First Claim
1. A method comprising:
- generating a policy digest for a cached policy at a client, the policy digest identifying at least one assertion the client is complying with; and
including the policy digest in a request by the client to access a resource.
2 Assignments
0 Petitions
Accused Products
Abstract
Implementations are described and claimed herein to detect an invalid policy that may reside in a cache at a client. An expired policy is removed from cache and a current policy is requested. Otherwise the cached policy may be used. The client indicates which policy it is using by generating a policy digest, including, in compressed form, one or more assertions. If the host determines the policy digest is invalid, the host issues an invalid digest fault. If the policy digest is valid, but the assertions included in the policy digest are invalid, the host issues an invalid policy fault. In either case, the client is notified that the cached policy is no longer valid and that a current policy should be requested.
-
Citations
38 Claims
-
1. A method comprising:
-
generating a policy digest for a cached policy at a client, the policy digest identifying at least one assertion the client is complying with; and
including the policy digest in a request by the client to access a resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
extracting at a host a policy digest identifying a cached policy, the policy digest included in a request to access a resource; and
denying access to the resource if the policy digest identifies an invalid policy. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
a policy digest identifying at least one cached policy; and
a messaging module denying access to a resource if the policy digest identifies an invalid policy for the resource. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A system comprising:
-
a policy digest for a cached policy at a client, the policy digest identifying at least one assertion the client is complying with; and
a messaging module including the policy digest in a request by the client to access a resource. - View Dependent Claims (22, 23, 24, 25)
-
-
26. A computer program product encoding a computer program for executing on a computer system a computer process, the computer process comprising:
-
generating a policy digest for a cached policy at a client, the policy digest identifying at least one assertion the client is complying with; and
including the policy digest in a request by the client to access a resource. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33)
-
-
34. A computer program product encoding a computer program for executing on a computer system a computer process, the computer process comprising:
-
extracting at a host a policy digest identifying a cached policy, the policy digest included in a request to access a resource; and
denying access to the resource if the policy digest identifies an invalid policy. - View Dependent Claims (35, 36, 37, 38)
-
Specification