USER-CENTRIC RESOURCE ARCHITECTURE
First Claim
1. A computer-implemented method for controlling access to resources of a platform in a computer system, the method comprising:
- detecting a request to access a resource, wherein the resource resides in the computer system, and wherein the resource is associated with an owner;
requesting a first resource access decision from a first policy decision unit associated with the owner;
receiving, from the first policy decision unit, the first resource access decision and first trust information, wherein the first trust information indicates trust of a second policy decision unit;
requesting a second resource access decision from the second policy decision unit associated with the virtual universe platform;
receiving, from the second policy decision unit, a second resource access decision; and
returning the second resource access decision.
1 Assignment
0 Petitions
Accused Products
Abstract
Some embodiments include a computer-implemented method for controlling access to resources of a platform in a computer system. The method can comprise detecting a request to access a resource, wherein the resource resides in the computer system, and wherein the resource is associated with an owner; requesting a first resource access decision from a first policy decision unit associated with the owner; receiving, from the first policy decision unit, the first resource access decision and first trust information, wherein the first trust information indicates trust of a second policy decision unit; requesting a second resource access decision from the second policy decision unit associated with the virtual universe platform; receiving, from the second policy decision unit, a second resource access decision; and returning the second resource access decision.
80 Citations
25 Claims
-
1. A computer-implemented method for controlling access to resources of a platform in a computer system, the method comprising:
-
detecting a request to access a resource, wherein the resource resides in the computer system, and wherein the resource is associated with an owner; requesting a first resource access decision from a first policy decision unit associated with the owner; receiving, from the first policy decision unit, the first resource access decision and first trust information, wherein the first trust information indicates trust of a second policy decision unit; requesting a second resource access decision from the second policy decision unit associated with the virtual universe platform; receiving, from the second policy decision unit, a second resource access decision; and returning the second resource access decision. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method for controlling access to resources of a platform in a computer system, the method comprising:
-
detecting a request to access a first resource in the computer system, wherein the first resource is associated with a second resource in the computer system, and wherein the first and second resources are associated with separate owners; requesting a first resource access decision from a first policy decision unit residing in the computer system, wherein the first policy decision unit is associated with the first resource'"'"'s owner; receiving, from the first policy decision unit, a first trust information, wherein the first trust information indicates trust of a second policy decision unit associated with the second resource'"'"'s owner, a and third policy decision unit associated with the platform in the computer system, and a message indicating unavailability of the first resource access decision; requesting a second resource access decision from the second policy decision unit, wherein the second policy decision unit resides in the computer system; receiving, from the second policy decision unit, a second resource access decision; requesting a third resource access decision from a third policy decision unit, wherein the third policy decision unit resides in the computer system; receiving, from the third policy decision unit, a third resource access decision; and returning the third policy decision. - View Dependent Claims (7, 8, 9, 10)
-
-
11. An apparatus for controlling access to resources of a platform in a computer system, the apparatus comprising:
-
a platform configured to host one or more resources and run one or more applications; a policy decision unit (PDU) configured to store policies and determine access to the one or more resources; a policy enforcement unit (PEU) configured to detect a request to access a resource from the one or more resources, wherein the resource is associated with an owner; request a first resource access decision from a first policy decision unit associated with the owner; receive, from the first policy decision unit, the first resource access decision and first trust information, wherein the first trust information indicates trust of a second policy decision unit; request a second resource access decision from the second policy decision unit associated with the platform; receive, from the second policy decision unit, a second resource access decision; and return the second policy decision unit. - View Dependent Claims (12, 13, 14, 15)
-
-
16. An apparatus also comprising:
-
a platform configured to host one or more resources and run one or more applications; a policy decision unit (PDU) configured to store policies and determine access to the one or more resources; a policy enforcement unit configured to detect a request to access a first resource, wherein the first resource is associated with a second resource, and wherein the first and second resources are associated with separate owners; request a first resource access decision from a first policy decision unit associated with the first resource'"'"'s owner; receive, from the first policy decision unit, a first trust information, wherein the first trust information indicates trust of a second policy decision unit associated with the second resource'"'"'s owner, a and third policy decision unit associated with the platform, and a message indicating unavailability of the first resource access decision; request a second resource access decision from the second policy decision unit; receive, from the second policy decision unit, a second resource access decision; request a third resource access decision from a third policy decision unit; receive, from the third policy decision unit, a third resource access decision; and return the third policy decision unit. - View Dependent Claims (17, 18, 19, 20)
-
-
21. One or more machine-readable media having stored therein a program product, which when executed a set of one or more processor units causes the set of one or more processor units to perform operations that comprise:
-
detecting a request to access a resource, wherein the resource is associated with an owner; requesting a first resource access decision from a first policy decision unit associated with the owner; receiving, from the first policy decision unit, the first resource access decision and first trust information, wherein the first trust information indicates trust of a second policy decision unit; requesting a second resource access decision from the second policy decision unit associated with the platform; receiving, from the second policy decision unit, a second resource access decision; and returning the second policy decision unit. - View Dependent Claims (22, 23, 24, 25)
-
Specification