Method and device for taking an access control policy decision
First Claim
1. A method for taking a policy decision by a policy decision device, wherein the policy decision device has access to objects being relatable to each other by relations of one or more relation types, the method comprising the steps of receiving a request for the policy decision, the request specifying a first object of the objects and request information, obtaining a policy matching to the request information and being applicable to a second object of the objects, obtaining at least one propagation rule associated to the policy, the at least one propagation rule specifying at least one relation type of the one or more relation types, verifying if a relation path exits, the relation path linking the first object and the second object and consisting of one or more of the relations, verifying if the one or more relations of the relation path are in accordance with at least one of the at least one specified relation type, and if said relation path exists and if said one or more relations of the relation path are in accordance, applying the policy to the first object for taking the policy decision.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and a device for taking a policy decision are disclosed. The policy decision device (S3) has access to objects being relatable to each other by relations of one or more relation types. The method comprises the steps of receiving (100) a request for the policy decision, the request specifying a first object of the objects and request information, obtaining (105) a policy matching to the request information and being applicable to a second object of the objects, obtaining (110) at least one propagation rule associated to the policy, the at least one propagation rule specifying at least one relation type of the one or more relation types, verifying if a relation path exits, the relation path linking the first object and the second object and consisting of one or more or the relations, verifying if the one or more relations of the relation path are in accordance with at least one of the at least one specified relation type, and if said the relation path are in accordance, applying the policy to the first object for taking (120) the policy decision.
-
Citations
18 Claims
-
1. A method for taking a policy decision by a policy decision device, wherein the policy decision device has access to objects being relatable to each other by relations of one or more relation types, the method comprising the steps of
receiving a request for the policy decision, the request specifying a first object of the objects and request information, obtaining a policy matching to the request information and being applicable to a second object of the objects, obtaining at least one propagation rule associated to the policy, the at least one propagation rule specifying at least one relation type of the one or more relation types, verifying if a relation path exits, the relation path linking the first object and the second object and consisting of one or more of the relations, verifying if the one or more relations of the relation path are in accordance with at least one of the at least one specified relation type, and if said relation path exists and if said one or more relations of the relation path are in accordance, applying the policy to the first object for taking the policy decision.
-
7. A policy decision device for taking a policy decision, the policy decision device comprising:
-
a receiving unit and a processing unit, wherein the processing unit is adapted to access objects being relatable to each other by relations of one or more relation types, the receiving unit is adapted to receive a request for the policy decision, the request specifying a first object of the objects and request information, the processing unit is further adapted to obtain a policy matching to the request information and being applicable to a second object of the objects, to obtain at least one propagation rule associated to the policy, the at least one propagation rule specifying at least one relation type of the one or more relation types, to verify if a relation path exits, the relation path linking the first object and the second object and consisting of one or more of the relations, to verify if the one or more relations of the relation path are in accordance with at least one of the at least one specified relation type, and if said relation path exists and if said one or more relations of the relation path are in accordance, to apply the policy to the first object for taking the policy decision. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer program loadable into a policy decision device, the computer program comprising code adapted
to access objects being relatable to each other by relations of one or more relation types, to process a request for a policy decision, the request specifying a first object of the objects and request information, to obtain a policy matching to the request information and being applicable to a second object of the objects, to obtain at least one propagation rule associated to the policy, the at least one propagation rule specifying at least one relation type of the one or more relation types, to verify if a relation path exits, the relation path linking the first object and the second object and consisting of one or more of the relations, to verify if the one or more relations of the relation path are in accordance with at least one of the at least one specified relation type, and if said relation path exists and if said one or more relations of the relation path are in accordance, to apply the policy to the first object for taking the policy decision.
Specification