SUPER POLICY IN INFORMATION PROTECTION SYSTEMS
First Claim
1. In a computing system, a method of providing access to information based on policy, the method comprising:
- receiving a request from a requestor to access information, wherein the information is associated with author policy expressing restrictions on use of the information by expressing at least one of who can use the information, how the information can be used, or what conditions apply to the use of the information;
accessing the author policy;
processing the author policy using super policy programmatic code to generate a composite policy, the composite policy including a combination of the author policy and super policy applied by the super policy programmatic code, such that restrictions are added to or removed from the author policy to create the composite policy;
evaluating the request, including information about the requester, against the composite policy to determine if the requester is authorized to access the information;
determining that the requester is authorized to access the information based on the composite policy; and
as a result of determining that the requester is authorized to access the information based on the composite policy, granting access to the information to the requester.
2 Assignments
0 Petitions
Accused Products
Abstract
Providing access to information based on super policy. Information is associated with author policy expressing restrictions on use of the information The author policy is processed using super policy programmatic code to generate a composite policy. The composite policy includes a combination of the author policy and super policy applied by the super policy programmatic code, such that restrictions are added to or removed from the author policy to create the composite policy. A request for the information is evaluated. This includes evaluating information about the requester against the composite policy to determine if the requester is authorized to access the information. A determination is made that the requester is authorized to access the information based on the composite policy, where after the requester is authorized to access the information based on the composite policy, access is granted to the information to the requester.
127 Citations
20 Claims
-
1. In a computing system, a method of providing access to information based on policy, the method comprising:
-
receiving a request from a requestor to access information, wherein the information is associated with author policy expressing restrictions on use of the information by expressing at least one of who can use the information, how the information can be used, or what conditions apply to the use of the information; accessing the author policy; processing the author policy using super policy programmatic code to generate a composite policy, the composite policy including a combination of the author policy and super policy applied by the super policy programmatic code, such that restrictions are added to or removed from the author policy to create the composite policy; evaluating the request, including information about the requester, against the composite policy to determine if the requester is authorized to access the information; determining that the requester is authorized to access the information based on the composite policy; and as a result of determining that the requester is authorized to access the information based on the composite policy, granting access to the information to the requester. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. In a computing system, a method of providing access to information based on policy, the method comprising:
-
displaying a user interface, the user interface configured to receive input from a user to define super policy for information, accessing author policy, wherein the author policy is associated with the information, the author policy expressing restrictions on use of the information by expressing at least one of who can use the information, how the information can be used, or what conditions apply to the use of the information; generating super policy programmatic code from the user input; processing the author policy using the super policy programmatic code to generate a composite policy, the composite policy including a combination of the author policy and super policy applied by the super policy programmatic code, such that restrictions are added to or removed from the author policy to create the composite policy; and using the composite policy to evaluate requests to access the information. - View Dependent Claims (19)
-
-
20. In a computing environment, a physical computer readable medium comprising computer executable instructions that when executed by a processor are configured to cause the following:
-
receiving a request from a requestor to access information, wherein the information is associated with author policy expressing restrictions on use of the information by expressing at least one of who can use the information, how the information can be used, or what conditions apply to the use of the information; accessing the author policy; processing the author policy using super policy programmatic code to generate a composite policy, the composite policy including a combination of the author policy and super policy applied by the super policy programmatic code, such that restrictions are added to or removed from the author policy to create the composite policy; evaluating the request, including information about the requester, against the composite policy to determine if the requester is authorized to access the information; determining that the requester is authorized to access the information based on the composite policy; and as a result of determining that the requester is authorized to access the information based on the composite policy, granting access to the information to the requester.
-
Specification