METHOD, SYSTEM, AND PROGRAM PRODUCT FOR CONTROLLING ACCESS TO PERSONAL ATTRIBUTES ACROSS ENTERPRISE DOMAINS
First Claim
1. A method for controlling access to personal attributes across enterprise domains, comprising:
- locating the personal attributes among the enterprise domains;
organizing the personal attributes into a set of profiles based on services associated with the enterprise domains;
obtaining at least one access control policy governing sharing of the personal attributes; and
controlling access to the personal attributes based on the at least one access control policy.
1 Assignment
0 Petitions
Accused Products
Abstract
In general, the present invention provides a method, system, and program product for managing personal attributes across enterprise domains. Specifically, under the present invention, personal attributes for an end-user will be located among the enterprise domains. Once located, the personal attributes will be grouped into a set of profiles based on associated services (e.g., medical, insurance, etc.). The end-user can log into the system to see his/her personal attributes and to provide input regarding how access to the personal attributes should be controlled. Specifically, based on the end-user'"'"'s input (and possibly other factors such as applicable legislation) an access control policy will be generated and used to control access to the personal attributes. In addition, any transactions involving the personal attributes will be recorded so that auditing can take place.
-
Citations
20 Claims
-
1. A method for controlling access to personal attributes across enterprise domains, comprising:
-
locating the personal attributes among the enterprise domains; organizing the personal attributes into a set of profiles based on services associated with the enterprise domains; obtaining at least one access control policy governing sharing of the personal attributes; and controlling access to the personal attributes based on the at least one access control policy. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for controlling access to personal attributes across enterprise domains, comprising:
-
an attribute discovery system for locating the personal attributes among the enterprise domains; an attribute organization system for organizing the personal attributes into a set of profiles based on services associated with the enterprise domains; an access control system for generating at least one access control policy governing sharing of the personal attributes; and a policy enforcement system for controlling access to the personal attributes based on the at least one access control policy. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A program product stored on a computer readable medium for controlling access to personal attributes across enterprise domains, the computer readable medium comprising program code for causing a computer system to perform the following steps:
-
locating the personal attributes among the enterprise domains; organizing the personal attributes into a set of profiles based on services associated with the enterprise domains; obtaining at least one access control policy governing sharing of the personal attributes; and controlling access to the personal attributes based on the at least one access control policy. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A method for deploying an application for controlling access to personal attributes across enterprise domains, comprising:
providing a computer infrastructure being operable to; locate the personal attributes among the enterprise domains; organize the personal attributes into a set of profiles based on services associated with the enterprise domains; obtain at least one access control policy governing sharing of the personal attributes; and control access to the personal attributes based on the at least one access control policy. - View Dependent Claims (19, 20)
Specification