Policy enforcement via attestations
First Claim
Patent Images
1. A method, comprising:
- detecting a principal operating within an environment;
identifying a condition within the environment;
obtaining an attestation in response to the condition; and
enforcing a policy in response to the attestation against the principal within the environment.
3 Assignments
0 Petitions
Accused Products
Abstract
Policy enforcement via attestations is provided. A principal operates within an environment and assumes roles having certain access rights to resources and the principal takes actions while assuming those roles. The roles and actions are monitored and attestations are raised under the proper set of circumstances. The attestations trigger policy restrictions that are enforced against the principal. The policy restrictions circumscribe the access rights to the resources.
-
Citations
29 Claims
-
1. A method, comprising:
-
detecting a principal operating within an environment;
identifying a condition within the environment;
obtaining an attestation in response to the condition; and
enforcing a policy in response to the attestation against the principal within the environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method, comprising:
-
monitoring actions of a principal within an environment;
dynamically applying an attestation against resource access permissions or resource policies associated with the principal in response to one or more of the actions or dynamic conditions occurring within the environment; and
circumscribing a number of the resource access permissions assigned to the principal in response to policy associated with the dynamically applied attestation. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A system, comprising:
-
an attestation implemented in a machine-accessible medium; and
a monitoring service, wherein the monitoring service is to dynamically monitor actions being taking against a resource within an environment and is to dynamically monitor conditions occurring within the environment and in response thereto the monitoring service is to dynamically apply the attestation to enforce a policy restriction that circumscribes access permissions or roles acceptable for accessing the resource. - View Dependent Claims (18, 19, 20, 21, 22)
-
-
23. A system, comprising:
-
a first principal service; and
a policy service, wherein the policy service is to dynamically supply policy restrictions to enforce against roles activated by a second principal, and wherein the policy restrictions are to be triggered by attestations dynamically issued by the first principal service to the policy service while the second principal operates within an environment and attempts to access resources of that environment. - View Dependent Claims (24, 25, 26, 27, 28, 29)
-
Specification