ACCESS CONTROL DECISION SYSTEM, ACCESS CONTROL ENFORCING SYSTEM, AND SECURITY POLICY
First Claim
1. An access control enforcing system, comprising an access control enforcing part enforcing an access control for subject information based on access control information indicating a control concerning an access to the subject information in accordance with a security policy,wherein said access control enforcing part further includes a requirement capability determining part determining whether or not a requirement to execute the access can be executed, the requirement indicated by the access control information, andwherein the access control is enforced for the subject information based on a determination result by the requirement capability determining part so as to satisfy the requirement.
0 Assignments
0 Petitions
Accused Products
Abstract
In an access control decision system, first information indicated by an access decision request is converted into second information being higher abstract when the access decision request is received. Next, the access control for the subject information is determined by referring a security policy being abstractly regulated based on the second information and a decision result showing the access control for the subject information is sent to a request originator that sent the access decision request.
-
Citations
32 Claims
-
1. An access control enforcing system, comprising an access control enforcing part enforcing an access control for subject information based on access control information indicating a control concerning an access to the subject information in accordance with a security policy,
wherein said access control enforcing part further includes a requirement capability determining part determining whether or not a requirement to execute the access can be executed, the requirement indicated by the access control information, and wherein the access control is enforced for the subject information based on a determination result by the requirement capability determining part so as to satisfy the requirement.
-
10. An access control enforcing method, comprising the steps of:
-
determining that a requirement indicated in access control information, the requirement to execute an access, when the access control is enforced to the subject information based on the access control information indicating a control concerning the access to the subject information in accordance to a security policy; and enforcing the access control to the subject information so as to satisfy the requirement based on a determination result.
-
- 11. A system, comprising a rule description showing a rule regulating whether or not an operation is allowed based on a first security attribute of subject information directed to the operation and a second security attribute of a user requesting the operation for the subject information, wherein the rule description regulates to allow the operation when a requirement is satisfied.
-
27. (canceled)
-
28. A security control system, comprising:
-
showing a rule regulating whether or not an operation is allowed, based on a first security attribute of subject information directed to the operation and a second security attribute of a user requesting the operation for the subject information; and controlling the operation for the subject information in accordance with a security policy regulating that the operation is allowed when a requirement is satisfied.
-
-
29. A security policy regulating method, comprising a rule description showing a rule regulating whether or not an operation is allowed based on a first security attribute of subject information directed to the operation and a second security attribute of a user requesting the operation for the subject information, wherein the rule description regulates to allow the operation when a requirement is satisfied.
-
30. A security policy, comprising a rule description being managed by a system and showing a rule regulating a requirement required to satisfy to allow an operation, said operation incapable of being controlled to allow or prohibit with respect to a subject information when the subject information is output outside the system by allowing the operation to the subject information, wherein said rule description regulates that the operation is allowed when the requirement is satisfied, said requirement capable of repeatedly conducting the control with respect to the subject information being output outside the system.
-
31. A computer-readable recording medium recorded with a security policy, said security policy comprising a rule description being managed by a system and showing a rule regulating a requirement required to satisfy to allow an operation, said operation incapable of being controlled to allow or prohibit with respect to a subject information when the subject information is output outside the system by allowing the operation to the subject information, wherein said rule description regulates that the operation is allowed when the requirement is satisfied, said requirement capable of repeatedly conducting the control with respect to the subject information being output outside the system.
-
32. A system for controlling an operation, comprising:
-
managing subject information directed to the operation; and a rule description being managed by a system and showing a rule regulating a requirement required to satisfy to allow an operation, said operation incapable of being controlled to allow or prohibit with respect to a subject information when the subject information is output outside the system by allowing the operation to the subject information, wherein said rule description regulates that the operation is allowed when the requirement is satisfied, said requirement capable of repeatedly conducting the control with respect to the subject information being output outside the system.
-
Specification