Policy isolation for network authentication and authorization
First Claim
1. A method to be executed at least in part in a computing device for managing access to a resource in a networked environment based on a security policy, the method comprising:
- receiving a request for authentication and authorization from a network access server (NAS) for a user;
determining an applicable security policy in response the request, wherein the applicable security policy is associated with one of;
an application and a network access device;
confirming compliance with the applicable security policy; and
providing a notification of the compliance to the NAS.
2 Assignments
0 Petitions
Accused Products
Abstract
Authentication, authorization, and accounting (AAA) operations are performed using policies isolated at application and/or network device level. Categorized policies are generated for applications and network access devices, and provided to a policy database associated with an AAA server. A policy engine evaluates requests for access at application or network access device level. The specific policies are indicated using a network access server type attribute within a policy tag included in a packet from the client. If no applicable policy is found, a default policy may be applied. An adaptive UI enables access to the policies based on user credentials.
-
Citations
20 Claims
-
1. A method to be executed at least in part in a computing device for managing access to a resource in a networked environment based on a security policy, the method comprising:
-
receiving a request for authentication and authorization from a network access server (NAS) for a user; determining an applicable security policy in response the request, wherein the applicable security policy is associated with one of;
an application and a network access device;confirming compliance with the applicable security policy; and providing a notification of the compliance to the NAS. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer-readable medium having computer executable instructions for providing policy isolation in managing network access authentication, the instructions comprising:
-
in response to a request for access to a network resource determining a policy among a plurality of policies stored in a policy data store, wherein the plurality of policies includes one or more categorized policies associated with one of;
an application and a network access device;determining compliance with the policy using an authentication protocol; if the compliance is confirmed, providing a notification of authentication; and if the compliance cannot be confirmed, providing a notification of failure to authenticate. - View Dependent Claims (15, 16)
-
-
17. A system for providing policy isolation in network authentication and authorization, comprising:
-
a policy engine configured to; determine an applicable policy in response to a request by a user for access to a network resource from a NAS; retrieve the applicable policy; determine compliance with the applicable policy; if the compliance is confirmed, authenticate the user; and if the compliance is not confirmed, provide the NAS with a denial of authentication; a policy data store configured to store a plurality of policies, wherein a portion of the plurality of policies is associated with one of;
an application and a network access device; anda user interface configured to; enable access to at least a portion of the plurality of policies based on one or more credentials for at least one from a set of;
adding a new policy, modifying an existing policy, and removing an existing policy in association one of an application and a network access device. - View Dependent Claims (18, 19, 20)
-
Specification