SELECTING POLICY FOR COMPATIBLE COMMUNICATION
First Claim
1. At a computer system, a method for selecting communication options for communicating with another computer system, the method comprising:
- an act of accessing a first hierarchical policy document corresponding to the computer system, the first hierarchal policy document arranged in a hierarchical format to describe compatible combinations of communication options appropriate for communicating with the computer system, communication options higher in the hierarchical format providing context for related communication options lower in the hierarchical format;
an act of accessing a second hierarchical policy document corresponding to the other computer system, the second hierarchal policy document arranged in a hierarchical format to describe compatible combinations of communication options appropriate for communicating with the other computer system, communication options higher in the hierarchical format providing context for related communication options lower in the hierarchical format;
an act of matching a portion of the first hierarchical policy document to corresponding portion of the second hierarchical policy document for a specified communication option;
an act of recursively matching a second lower portion of the first hierarchical policy document to a corresponding second lower portion of the second hierarchical policy document for a corresponding specified communication sub-option of the specified communication option in the context of the specified communication option; and
an act of determining that compatible communication between the computer system and the other computer system is possible using the specified communication option along with the corresponding communication sub-option.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention extends to methods, systems, and computer program products for selecting policy for compatible communication. Hierarchical policy document data structures represent communication (e.g., security) aspects and options such that lower aspects and options are accessed in the context of corresponding higher aspects and options to define applicable scope. Use of a hierarchical description also facilitates separation of what is being protected from how it is being protected thereby allowing security policy to be considered at different locations of a description document.
-
Citations
20 Claims
-
1. At a computer system, a method for selecting communication options for communicating with another computer system, the method comprising:
-
an act of accessing a first hierarchical policy document corresponding to the computer system, the first hierarchal policy document arranged in a hierarchical format to describe compatible combinations of communication options appropriate for communicating with the computer system, communication options higher in the hierarchical format providing context for related communication options lower in the hierarchical format; an act of accessing a second hierarchical policy document corresponding to the other computer system, the second hierarchal policy document arranged in a hierarchical format to describe compatible combinations of communication options appropriate for communicating with the other computer system, communication options higher in the hierarchical format providing context for related communication options lower in the hierarchical format; an act of matching a portion of the first hierarchical policy document to corresponding portion of the second hierarchical policy document for a specified communication option; an act of recursively matching a second lower portion of the first hierarchical policy document to a corresponding second lower portion of the second hierarchical policy document for a corresponding specified communication sub-option of the specified communication option in the context of the specified communication option; and an act of determining that compatible communication between the computer system and the other computer system is possible using the specified communication option along with the corresponding communication sub-option. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. At a computer system, a method for selecting security options for communicating with another computer system, the method comprising:
-
an act of accessing a security intent for the other computer system, the security intent indicative how communication with the other computer system is to be secured; an act of determining that the computer system is compatible with the security intent of the other computer system; an act of accessing a security target for the other computer system, the security target indicating what portion of communication with the other computer system is to be secured; an act of identifying one or more security options compatible with both the computer system and the other computer system that can be used to implement the security intent for the security target. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. At a computer system, a method for securely communicating with another computer system, the method comprising:
-
an act of accessing a security intent for the other computer system, the security intent indicative how communication with the other computer system is to be secured, the security intent associated with a higher level node in a hierarchical policy document corresponding to the other computer system; an act of matching a corresponding higher level node in the hierarchical policy document corresponding the computer system to the higher level node in the hierarchical policy document corresponding to the other computer system, the match indicative of the computer system being compatible with the security intent of the other computer system; an act of accessing a security target for the other computer system, the security target indicating what portion of communication with the other computer system is to be secured; an act of matching one or more lower level nodes in the hierarchical policy document for the computer system to corresponding one or more lower level nodes in the hierarchical policy document for the other computer system to identify one or more security options that can be used to implement the security intent of the other computer system; and an act of securing the security target in accordance with the identified security options to implement the security intent of the other computer system when communicating with the other computer system. - View Dependent Claims (17, 18, 19, 20)
-
Specification