Application-aware policy enforcement
First Claim
1. A method comprising:
- receiving a first message from a first manager, the first message comprising a first element of a request for policy authorization, the request for policy authorization attempting to authorize use of particular network resources or application parameters for a particular application context;
in response to the first message, establishing a policy rendezvous state at a policy manager for a policy decision on the request for policy authorization;
receiving a second message from a second manager subsequent to the first message, the second message comprising a second element of the request for policy authorization, the second element completing the request for policy authorization;
in response to the second message, making the policy decision based on the first and second elements of the request for policy authorization; and
if the policy decision grants the request for policy authorization, generating a complete policy facet and communicating the complete policy facet to the first manager or the second manager to authorize use of the particular network resources or the application parameters for the particular application context.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a method includes receiving a first message from a first manager. The first message includes a first element of a request for policy authorization. The request for policy authorization attempts to reserve particular network resources for a particular application context. The method includes, in response to the first message, establishing a policy rendezvous state at a policy manager for a policy decision on the request for policy authorization. The method includes receiving a second message from a second manager subsequent to the first message. The second message includes a second element of the request for policy authorization, and the second element completes the request for policy authorization. The method includes, in response to the second message, making the policy decision based on the first and second elements of the request for policy authorization. The method includes, if the policy decision grants the request for policy authorization, generating a complete policy facet and communicating the complete policy facet to the first manager or the second manager to authorize use of the particular resources for the particular application context.
-
Citations
27 Claims
-
1. A method comprising:
-
receiving a first message from a first manager, the first message comprising a first element of a request for policy authorization, the request for policy authorization attempting to authorize use of particular network resources or application parameters for a particular application context;
in response to the first message, establishing a policy rendezvous state at a policy manager for a policy decision on the request for policy authorization;
receiving a second message from a second manager subsequent to the first message, the second message comprising a second element of the request for policy authorization, the second element completing the request for policy authorization;
in response to the second message, making the policy decision based on the first and second elements of the request for policy authorization; and
if the policy decision grants the request for policy authorization, generating a complete policy facet and communicating the complete policy facet to the first manager or the second manager to authorize use of the particular network resources or the application parameters for the particular application context. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An apparatus comprising:
-
one or more processors; and
a memory coupled to the processors comprising instructions executable by the processors, the processors operable when executing the instructions to;
receive a first message from a first manager, the first message comprising a first element of a request for policy authorization, the request for policy authorization attempting to authorize use of particular network resources of application parameters for a particular application context;
in response to the first message, establish a policy rendezvous state at a policy manager for a policy decision on the request for policy authorization;
receive a second message from a second manager subsequent to the first message, the second message comprising a second element of the request for policy authorization, the second element completing the request for policy authorization;
in response to the second message, make the policy decision based on the first and second elements of the request for policy authorization; and
if the policy decision grants the request for policy authorization, generate a complete policy facet and communicate the complete policy facet to the first manager or the second manager to authorize use of the particular resources or application parameters for the particular application context. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A system comprising:
-
means for receiving a first message from a first manager, the first message comprising a first element of a request for policy authorization, the request for policy authorization attempting to authorize use of particular network resources or application parameters for a particular application context;
means for, in response to the first message, establishing a policy rendezvous state at a policy manager for a policy decision on the request for policy authorization;
means for receiving a second message from a second manager subsequent to the first message, the second message comprising a second element of the request for policy authorization, the second element completing the request for policy authorization;
means for, in response to the second message, making the policy decision based on the first and second elements of the request for policy authorization; and
means for, if the policy decision grants the request for policy authorization, generating a complete policy facet and communicating the complete policy facet to the first manager or the second manager to authorize use of the particular resources or application parameters for the particular application context.
-
Specification