Method, apparatus and system for enforcing access control policies using contextual attributes
First Claim
Patent Images
1. A method comprising:
- receiving a request for access to a protected resource;
receiving contextual attributes associated with the request;
comparing the contextual attributes against a policy database; and
granting access if the contextual attributes are valid according to a policy in the policy database.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, apparatus and system provide access control utilizing contextual attributes. An access control module may receive a client request for access to a protected resource. The access control module may examine the contextual attributes associated with the request and compare the attributes against a policy database. If the attributes are valid according to a policy in the policy database, access may be granted to the protected resource. Otherwise, access may be denied.
-
Citations
23 Claims
-
1. A method comprising:
-
receiving a request for access to a protected resource;
receiving contextual attributes associated with the request;
comparing the contextual attributes against a policy database; and
granting access if the contextual attributes are valid according to a policy in the policy database. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An article comprising a machine-accessible medium having stored thereon instructions that, when executed by a machine, cause the machine to:
-
receive a request for access to a protected resource;
receive contextual attributes associated with the request;
compare the contextual attributes against a policy database; and
grant access if the contextual attributes are valid according to a policy in the policy database. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method comprising:
-
requesting access to a protected resource;
collecting contextual attributes associated with the request, the contextual attributes comprising at least one of information about a subject of the request, information about the protected resource and information about a type of transaction pertaining to the request, the contextual attributes further comprising a type and the type including at least one of an identification attribute, an implicit attribute and an explicit attribute;
transmitting the contextual attributes with the request. - View Dependent Claims (15, 16)
-
-
17. An article comprising a machine-accessible medium having stored thereon instructions that, when executed by a machine, cause the machine to:
-
request access to a protected resource;
collect contextual attributes associated with the request, the contextual attributes comprising at least one of information about a subject of the request, information about the protected resource and information about a type of transaction pertaining to the request, the contextual attributes further comprising a type and the type including at least one of an identification attribute, an implicit attribute and an explicit attribute;
transmit the contextual attributes with the request. - View Dependent Claims (18, 19)
-
-
20. An access control system comprising:
-
a client device capable of transmitting a request to a service provider requesting access to a protected resources, the client device further capable of transmitting contextual information with the access request; and
a resource manager of the service provider capable of receiving the request from the client device for access to the protected resources, the resource manager capable of comparing the received contextual attributes against a policy database and granting access to the protected resource if the contextual attributes are valid according to a policy in the policy database. - View Dependent Claims (21, 22, 23)
-
Specification