Access control policy engine controlling access to resource based on any of multiple received types of security tokens
First Claim
1. A method in connection with a requestor submitting a request to access a digital resource, the request including at least one security token associated with the requestor, each security token of the request containing access decision information useful for determining whether to allow the request, each security token having one of a plurality of types, the method for an access control policy engine associated with the resource to determine whether to allow the request, the method comprising the access control policy engine:
- receiving the request with each security token thereof;
retrieving each security token from the request;
processing each retrieved security token by;
determining the type of such retrieved security token; and
mapping the access decision information in the retrieved security token to the common format as at least one security claim setting forth a right of the requestor, the access control policy engine having a set of security claims relating to the request after having processed the retrieved tokens;
retrieving a set of rules for accessing the resource;
applying the retrieved set of rules for accessing the resource to the set of security claims to determine whether to allow the request from the requestor; and
if the request from the requestor is to be allowed, providing the requestor access to the resource in accordance with the request and the rights of the requestor as set forth within the set of security claims.
2 Assignments
0 Petitions
Accused Products
Abstract
An access control policy engine associated with a resource determines whether to allow a request to access same. The engine receives the request with an security token, retrieves the token determines a type thereof, and maps access decision information in the token to a common format as at least one security claim setting forth adequate information to determine a right of the requestor. Thereafter, the engine retrieves a set of rules for accessing the resource, applies the rules to the security claims to determine whether to allow the request from the requestor, and if the request is to be allowed, provides the requestor access to the resource in accordance with the request and the rights of the requestor as determined based on the security claims.
-
Citations
18 Claims
-
1. A method in connection with a requestor submitting a request to access a digital resource, the request including at least one security token associated with the requestor, each security token of the request containing access decision information useful for determining whether to allow the request, each security token having one of a plurality of types, the method for an access control policy engine associated with the resource to determine whether to allow the request, the method comprising the access control policy engine:
-
receiving the request with each security token thereof;
retrieving each security token from the request;
processing each retrieved security token by;
determining the type of such retrieved security token; and
mapping the access decision information in the retrieved security token to the common format as at least one security claim setting forth a right of the requestor, the access control policy engine having a set of security claims relating to the request after having processed the retrieved tokens;
retrieving a set of rules for accessing the resource;
applying the retrieved set of rules for accessing the resource to the set of security claims to determine whether to allow the request from the requestor; and
if the request from the requestor is to be allowed, providing the requestor access to the resource in accordance with the request and the rights of the requestor as set forth within the set of security claims. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-based system comprising a digital resource to which a requestor requests access based on a request including at least one security token associated with the requestor, each security token of the request containing access decision information useful for determining whether to allow the request, each security token having one of a plurality of types, the system further comprising:
an access control policy engine associated with the resource and controlling access thereto to determine whether to allow the request, the access control policy engine;
receiving the request with each security token thereof;
retrieving each security token from the request;
processing each retrieved security token by;
determining the type of such retrieved security token; and
mapping the access decision information in the retrieved security token to the common format as at least one security claim setting forth adequate information to determine a right of the requestor, the access control policy engine having a set of security claims relating to the request after having processed the retrieved tokens;
retrieving a set of rules for accessing the resource;
applying the retrieved set of rules for accessing the resource to the set of security claims to determine whether to allow the request from the requestor; and
if the request from the requestor is to be allowed, providing the requestor access to the resource in accordance with the request and the rights of the requestor as determined based on the set of security claims. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
Specification