Techniques and System for Specifying Policies Using Abstractions
First Claim
Patent Images
1. A method of managing information comprising:
- providing a plurality of rules and a plurality of abstractions, wherein a rule comprises an expression having a first variable, and the first variable is defined in a first abstraction;
transferring the plurality of rules and abstractions to a target; and
for the target, controlling access to information based on the plurality of rules and abstractions.
3 Assignments
0 Petitions
Accused Products
Abstract
A policy language for an information management system allows specifying or more policies using policy abstractions. The policies and policy abstractions are decoupled from one another, so policies and policy abstractions may be specified and altered separately from each other. A policy may refer to any number of policy abstractions. Multiple policies may reference a single policy abstraction, and a change to that policy abstraction will result in multiple policies being changed. Further, policy abstractions may be nested, so one policy abstraction may reference another policy abstraction, and so forth.
-
Citations
54 Claims
-
1. A method of managing information comprising:
-
providing a plurality of rules and a plurality of abstractions, wherein a rule comprises an expression having a first variable, and the first variable is defined in a first abstraction; transferring the plurality of rules and abstractions to a target; and for the target, controlling access to information based on the plurality of rules and abstractions. - View Dependent Claims (4, 5, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 21, 23, 25, 26, 34, 35, 36, 40, 41, 42)
-
-
2. A method of managing information comprising:
-
providing a plurality of rules and a plurality of abstractions, wherein a rule comprises an expression having a first variable, and the first variable is defined in a first abstraction; determining a subset of the plurality of rules and abstractions relevant to a target; transferring the subset of rules and abstractions to the target; and for the target, controlling access to the information based on the subset of rules and abstractions. - View Dependent Claims (6, 19, 20, 22, 24, 27, 28, 29, 30, 31, 32, 33, 37, 38, 39)
-
-
3. A method of managing information comprising:
-
providing a plurality of rules and a plurality of abstractions, wherein a rule comprises an expression having a first variable, and the first variable is defined in a first abstraction; transferring the plurality of rules and abstractions to a target; and for the target, controlling application usage based on the plurality of rules and abstractions.
-
-
43. An information management system comprising:
-
a plurality of rule components and a plurality of abstraction components, wherein a rule component comprises an expression having a variable, and the variable is defined in an abstraction component; a policy server component, accessing the rule and abstraction components; a workstation component, coupled to the policy server component, the workstation comprising a code component; a deployment mode of operation in which the policy server determines a set of rule and abstraction components relevant to the workstation component, and transfers this set of rule and abstraction components to the workstation component; and an execution mode of operation in which the code component of the workstation manages access to information of the information management system based on the set of rule and abstraction components. - View Dependent Claims (45, 46, 47)
-
-
44. An information management system comprising:
-
a plurality of rule components and a plurality of abstraction components, wherein a rule component comprises an expression having a variable, and the variable is defined in an abstraction component; a policy server component, accessing the rule and abstraction components; a workstation component, coupled to the policy server component, the workstation comprising a code component; a deployment mode of operation in which the policy server determines a set of rule and abstraction components relevant to the workstation component, and transfers this set of rule and abstraction components to the workstation component; and an execution mode of operation in which the code component of the workstation manages application usage in the information management system based on the set of rule and abstraction components.
-
-
48. A method of operating an information management system comprising:
-
providing a plurality of rule components, each rule component comprising an expression having at least one variable; providing a plurality of abstraction components, each abstraction component is separate from the rule components, an abstraction component defining variables of the plurality of rule components, wherein a first variable is found in two or more of the rule components; modifying the first variable; and controlling access to information of the information management system according to two or more of the rule components having the modified first variable. - View Dependent Claims (49, 50, 51, 52, 53)
-
-
54. A method of managing information comprising:
-
providing a plurality of rules and a plurality of abstractions, wherein a rule comprises an expression having a first variable, and the first variable is defined in a first abstraction, and the definition of the first variable in the first abstraction comprises a second variable defined in a second abstraction; and for a target device, controlling sending of an e-mail message based on a subset of the rules and abstractions.
-
Specification