Policy Based, Delegated Limited Network Access Management
First Claim
1. A method of policy-based, delegated network access management,:
- comprising;
for each discovered access control entry (ACE) sequence of a plurality of discovered ACE sequences, during a discovery process;
determining whether the discovered ACE sequence is stored in a legacy profile or associated with legacy profiles by an access control list (ACL) reference;
assigning to the discovered ACE sequence a network access role (NAR) determined by whether the discovered ACE sequence matches, either exactly, partially, or not at all, an existing NAR, and whether the discovered ACE sequence is a valid expression;
during a policy establishment process, comprising;
establishing one or more policies to manage one or more user groups based upon the NARs discovered and assigned to users during the discovery process.a network access administrator delegating management of the one or more user groups and the one or more established policies to one or more resource access administrators responsible for administering the one or more user groups and the one or more policies;
during a delegated provisioning process, comprising;
the one or more resource access administrators administering network access by allocating NARs that have been approved by the network access administrator.
2 Assignments
0 Petitions
Accused Products
Abstract
Policy-based, delegated limited network access management places day-to-day control of network access in the hands of authorized users, referred to as resource access administrators, selected for their business knowledge and ability to respond quickly to business events. Resource access administrators have the ability to respond, in the form of access decisions proposed by individuals with knowledge or, or responsibility for business processes and business partner relationships and shaped and pre-approved by network security specialists, referred to as network access administrators. This approach, therefore, reduces the cost, complexity, and delay (latency) associated with managing external network access without compromising network security.
-
Citations
15 Claims
-
1. A method of policy-based, delegated network access management,:
- comprising;
for each discovered access control entry (ACE) sequence of a plurality of discovered ACE sequences, during a discovery process; determining whether the discovered ACE sequence is stored in a legacy profile or associated with legacy profiles by an access control list (ACL) reference; assigning to the discovered ACE sequence a network access role (NAR) determined by whether the discovered ACE sequence matches, either exactly, partially, or not at all, an existing NAR, and whether the discovered ACE sequence is a valid expression; during a policy establishment process, comprising; establishing one or more policies to manage one or more user groups based upon the NARs discovered and assigned to users during the discovery process. a network access administrator delegating management of the one or more user groups and the one or more established policies to one or more resource access administrators responsible for administering the one or more user groups and the one or more policies; during a delegated provisioning process, comprising; the one or more resource access administrators administering network access by allocating NARs that have been approved by the network access administrator. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- comprising;
-
15. A method of policy-based, delegated network access management, comprising:
- a network access manager analyzing access configurations of one or more user groups and proposing a set of network access roles of the one or more user groups as a result of the analysis;
a network access administrator in cooperation with the network access manager managing the set of network access roles to define a set of approved network access roles; and the network access administrator deploying the set of approved network access roles to one or more devices that control network access.
- a network access manager analyzing access configurations of one or more user groups and proposing a set of network access roles of the one or more user groups as a result of the analysis;
Specification