METHOD AND APPARATUS FOR POLICY-BASED NETWORK ACCESS CONTROL WITH ARBITRARY NETWORK ACCESS CONTROL FRAMEWORKS
First Claim
Patent Images
1. A method of assessing network access to a client in a communication network, the method comprising:
- receiving a request to access the network from the client;
invoking an appropriate access protocol terminator;
receiving at least one attribute about the client from the appropriate access protocol terminator;
translating the at least one attribute into a canonical form; and
using the at least one attribute in canonical form to determine a service type.
5 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for integrating various network access control frameworks under the control of a single policy decision point (PDP). The apparatus supports pluggable protocol terminators to interface to any number of access protocols or backend support services. The apparatus contains Trust and Identity Mediators to mediate between the protocol terminators and a canonical policy subsystem, translating attributes between framework representations, and a canonical representation using extensible data-driven dictionaries.
-
Citations
26 Claims
-
1. A method of assessing network access to a client in a communication network, the method comprising:
-
receiving a request to access the network from the client; invoking an appropriate access protocol terminator; receiving at least one attribute about the client from the appropriate access protocol terminator; translating the at least one attribute into a canonical form; and using the at least one attribute in canonical form to determine a service type. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer readable medium having embodied thereon a program, the program being executable by a machine to perform a method to grant access to a client in a communication network, the method comprising:
-
receiving a request to access the network from the client; invoking an appropriate access protocol terminator; receiving at least one attribute about the client from the appropriate access protocol terminator; translating the at least one attribute into a canonical form; and using the at least one attribute in canonical form to determine a service type. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system to grant network access to a client in a communication network, the system comprising:
-
a client protocol terminator configured to be coupled through a network access device to a remote client; an access attribute translation device coupled to the client protocol terminator and configured to translate attributes from a first framework representation into a canonical representation; and a policy database coupled to the access attribute translation device and configured to store protocol attributes relating to a plurality of frameworks. - View Dependent Claims (20, 21, 22)
-
-
23. A system to grant network access to a client in a communication network, the system comprising:
-
a client protocol terminator means for coupling to a remote client; an access attribute translation means for translating attributes from a first framework representation into a canonical representation; and a protocol storage means for storing protocol attributes relating to a plurality of frameworks. - View Dependent Claims (24, 25, 26)
-
Specification