Policy implementation delegation

US 20060277594A1
Filed: 06/02/2005
Published: 12/07/2006
Est. Priority Date: 06/02/2005
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method for delegating policy implementation, comprising:

parsing a policy to determine a minimum set of access rights needed to implement the policy;

analyzing a list to identify a set of users of a computerized resource subject to the policy that meets the minimum set of access rights; and

identifying at least one user from the set of users to implement the policy for the computerized resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention allows a user (e.g., a policy implementer) to be identified and delegated responsibility for implementing a policy. This can occur, implicitly, semi-implicitly or explicitly. In a typical embodiment, a policy provided (e.g., by a policy owner) is automatically parsed to determine a minimum set of access rights needed to implement the policy. For example, the policy might indicate that an implementing user only needs simple read privileges. Alternatively, the policy might require read/write privileges. In any event, a list (e.g., an access control list) will be analyzed to identify a set (e.g., one or more) of users of a computerized resource subject to the policy that meets the minimum set of access rights. Once this set of users has been identified, a hierarchy can be optionally analyzed to determine who among the set of users is permitted to implement the policy.

52 Citations

View as Search Results

26 Claims

1. A computer-implemented method for delegating policy implementation, comprising:
- parsing a policy to determine a minimum set of access rights needed to implement the policy;
  
  analyzing a list to identify a set of users of a computerized resource subject to the policy that meets the minimum set of access rights; and
  
  identifying at least one user from the set of users to implement the policy for the computerized resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method of claim 1, further comprising:
    - analyzing, prior to the identifying step, a hierarchy to determine who among the set of users is permitted to implement the policy based on a hierarchical relationship of the set of users to an owner of the policy.
  - 3. The computer-implemented method of claim 1, wherein the set of users is identified based upon a set of roles and corresponding access rights, as indicated in the list.
  - 4. The computer-implemented method of claim 1, wherein the list associates users of the computerized resource with corresponding access rights.
  - 5. The computer-implemented method of claim 1, further comprising delegating implementation of the policy to the at least one user by identifying the at least one user in the policy.
  - 6. The computer-implemented method of claim 5, wherein the at least one user is identified in the policy automatically.
  - 7. The computer-implemented method of claim 5, wherein the at least one user is identified in the policy manually by an owner of the policy.
  - 8. The computer-implemented method of claim 1, further comprising monitoring the computerized resource for changes.

9. A system for delegating policy implementation, comprising:
- a system for parsing a policy to determine a minimum set of access rights needed to implement the policy;
  
  a system for analyzing a list to identify a set of users of a computerized resource subject to the policy that meets the minimum set of access rights; and
  
  a system for identifying at least one user from the set of users to implement the policy for the computerized resource.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, further comprising:
    - a system for analyzing a hierarchy to determine who among the set of users is permitted to implement the policy based on a hierarchical relationship of the set of users to an owner of the policy.
  - 11. The system of claim 10, wherein the hierarchy contains a hierarchy of users of the computerized resource.
  - 12. The system of claim 9, wherein the list associates users of the computerized resource with corresponding access rights.
  - 13. The system of claim 9, further comprising a system for delegating implementation of the policy to the at least one user.
  - 14. The system of claim 13, wherein the delegating is performed by automatically identifying the at least one user in the policy.
  - 15. The system of claim 13, wherein the delegating is performed by identifying the at least one user to an owner of the policy.
  - 16. The system of claim 9, further comprising a system for monitoring the computerized resource for changes.

17. A program product stored on a computer readable medium for delegating policy implementation, the computer readable medium including program code, which when executed on a computer causes the computer to:
- parse a policy to determine a minimum set of access rights needed to implement the policy;
  
  analyze a list to identify a set of users of a computerized resource subject to the policy that meets the minimum set of access rights; and
  
  identify at least one user from the set of users to implement the policy for the computerized resource.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The program product of claim 17, wherein the program code further causes to computer system to analyze a hierarchy to determine who among the set of users is permitted to implement the policy based on a hierarchical relationship of the set of users to an owner of the policy.
  - 19. The program product of claim 18, wherein the hierarchy contains a hierarchy of users of the computerized resource.
  - 20. The program product of claim 17, wherein the list associates users of the computerized resource with corresponding access rights.
  - 21. The program product of claim 17, wherein the program code further causes to computer system to delegate implementation of the policy to the at least one user.
  - 22. The program product of claim 21, wherein implementation of the policy is delegated by automatically identifying the at least one user in the policy.
  - 23. The program product of claim 21, herein implementation of the policy is delegated by identifying the at least one user to an owner of the policy.
  - 24. The program product of claim 17, wherein the program code further causes to computer system to monitor the computerized resource for changes.

25. A method for deploying an application for delegating policy implementation:
- providing a computer infrastructure being operable to;
  
  parse a policy to determine a minimum set of access rights needed to implement the policy;
  
  analyze a list to identify a set of users of a computerized resource subject to the policy that meets the minimum set of access rights; and
  
  identify at least one user from the set of users to implement the policy for the computerized resource.
- View Dependent Claims (26)
- - 26. The method of claim 25, wherein the computer infrastructure is further operable to analyze a hierarchy to determine who among the set of users is permitted to implement the policy based on a hierarchical relationship of the set of users to an owner of the policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Bhamidipaty, Anuradha, Chiavegatto, Arlindo Jr., Roy, Shourya, Mohania, Mukesh K., Bhide, Manish A., Gupta, Rajeev

Application Number

US11/143,033
Publication Number

US 20060277594A1
Time in Patent Office

Days
Field of Search
US Class Current

726/2
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

G06Q 10/10   Office automation; Time man...

Policy implementation delegation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

52 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Policy implementation delegation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links