Provisioning software with policy-appropriate capabilities
First Claim
1. A method of provisioning a software product with policy-appropriate capabilities, comprising:
- preventing full capabilities of the software product;
determining which capabilities of the full capabilities a user of the software product requires based on a predetermined policy; and
based on the determining, allowing functionality of the which capabilities thereby provisioning the software product with the policy.
4 Assignments
0 Petitions
Accused Products
Abstract
Apparatus and methods are described for enabling distribution of user-tailored pieces of a larger software program in a way that facilitates compliance with organizational policies around security, access control, and the like. The pieces, representing new or missing functionality in an existing instance of pre-installed software, are supplied as supplemental software fragments (known as “aspects”) that provide the new or missing logic to a target application with the target application having to know of the fragment'"'"'s existence. The number and quality of aspects provisioned to the user are tailored to the user'"'"'s identity and/or organizational role in accordance with explicit policy governing such provisioning. In this manner, the user of the software gains functionality appropriate to his security level, title, or other qualifications, and the events surrounding the provisioning become loggable, traceable, and verifiable.
-
Citations
29 Claims
-
1. A method of provisioning a software product with policy-appropriate capabilities, comprising:
-
preventing full capabilities of the software product; determining which capabilities of the full capabilities a user of the software product requires based on a predetermined policy; and based on the determining, allowing functionality of the which capabilities thereby provisioning the software product with the policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of tailoring executable code with policy-appropriate capabilities for a user, comprising:
-
preventing certain capabilities of the executable code from operating; determining which capabilities of the prevented certain capabilities the user of the executable code requires based on a predetermined policy other than a licensing arrangement based on purchase of the executable code; and based on the determining, allowing the which capabilities of the prevented certain capabilities to operate thereby provisioning the executable code with the policy, wherein the allowing the which capabilities varies depending upon different users. - View Dependent Claims (10, 11, 12, 13)
-
-
14. In a computing environment, a method of provisioning a software product with policy-appropriate capabilities for a user of a client machine, comprising:
-
installing the software product on the client machine, the software product including an incomplete version of source or object code preventing full operation, the code including one or more insertion points; determining which capabilities the user functionally requires for use according to a predetermined policy of an organization related to the user; based on the determining, allowing the which capabilities to operate thereby provisioning the software product with the policy, the allowing including inserting one or more aspects of code at the one or more insertion points after the determining the which capabilities the user functionally requires for use, the inserting the one or more aspects of code also making the incomplete version of source or object code operational for the user. - View Dependent Claims (15, 16)
-
-
17. The method of claim 17, wherein the allowing the which capabilities to operate varies depending upon different users.
-
18. A computing system, comprising:
-
a client machine for installation with a software product in a locked down condition; an aspect store having a plurality of JAR files for inclusion in the software product to make it unlocked per a policy-appropriate determination of a user of the client machine; and an intermediary interfaced between the client machine and the aspect store, the intermediary operable to fetch and return one or more of the JAR files to the software product of the client machine whenever a policy-based decision associates the user with the one or more of the JAR files. - View Dependent Claims (19, 20, 21)
-
-
22. A computer readable media having computer executable instructions that is provisionally enabled with policy-appropriate capabilities, comprising:
-
a plurality of lines of object or source code together resulting in an inoperable software product; and one or more pointcuts in the plurality of lines for receiving one or more aspects, the aspects relating to a predetermined policy about a user of a client machine upon which the plurality of lines are installed and the plurality of lines together with the aspects resulting in an operational software product for the user that is provisioned according to the policy. - View Dependent Claims (23, 24, 25)
-
-
26. By way of aspect oriented programming, a method of writing executable code for a software product, comprising:
-
drafting Java code including a POJO; creating a pointcut in the POJO, the Java code and POJO being an inoperable software product; drafting an aspect for insertion at the pointcut, the aspect exclusively relating to a predetermined policy about a user of a client machine upon which the Java code is to be installed, the Java code and the aspect together resulting in an operational version of the software product for the user that is provisioned according to the policy. - View Dependent Claims (27)
-
-
28. A computer software product having computer executable instructions that, when executed, operates functionally differently per different users, comprising:
a plurality of lines of object or source code with a pointcut for receipt of a first and second aspect, the first aspect relating to a predetermined policy about a first user of a computing device upon which the plurality of lines of object or source code are installed wherein the first aspect together with the plurality of lines of object or source code yield a first functionality, the second aspect relating to a predetermined policy about a second user of the computing device upon which the plurality of lines are installed wherein the second aspect together with the plurality of lines of object or source code yield a second functionality different than the first functionality.
-
29. A computer software product having computer executable instructions that, when executed, operates functionally differently per different users, comprising:
a plurality of lines of object or source code with a plurality of aspects embedded therein made operational differently per a first or second user, wherein the first aspect relates to a predetermined policy about a first user of a computing device upon which the plurality of lines of object or source code are installed and the first aspect together with the plurality of lines of object or source code yield a first functionality, and wherein the second aspect relates to a predetermined policy about a second user of the computing device upon which the plurality of lines of object or source code are installed and the second aspect together with the plurality of lines of object or source code yield a second functionality different than the first functionality.
Specification