CONTROLLING ACCESS TO RESOURCES BY HOSTED ENTITIES
First Claim
1. A system for including context in an access policy on a mobile computing device, said system comprising:
- a memory area for storing a policy set specifying an application program identifier of an application program executing on the mobile computing device, a resource identifier for a resource associated with a mobile computing device, and access rights, wherein the application program identifier or the resource identifier includes an entity identifier associated with an entity hosted by the application program, and wherein the access rights define access by the entity to the resource; and
a processor programmed to;
receive the access rights by the entity to the resource;
associate the entity identifier with the application program identifier or the resource identifier;
associate the received access rights with the application program identifier and the resource identifier to create the policy set; and
store the created policy set in the memory area.
2 Assignments
0 Petitions
Accused Products
Abstract
Controlling resource access by entities hosted by an execution extension environment via entity identifiers associated with the resources or with the execution extension environment. Policy sets define the access to the resources. Each policy set includes a principal identifier for execution extension environment, a resource identifier for one of the resources, and access rights. The principal identifier or the resource identifier includes one of the entity identifiers. Access requests from entities are evaluated by comparing the entity identifiers to the policy sets. In some embodiments, the policy sets implement access control for web browsers hosting executable code that attempts to access resources on a computing device.
-
Citations
20 Claims
-
1. A system for including context in an access policy on a mobile computing device, said system comprising:
-
a memory area for storing a policy set specifying an application program identifier of an application program executing on the mobile computing device, a resource identifier for a resource associated with a mobile computing device, and access rights, wherein the application program identifier or the resource identifier includes an entity identifier associated with an entity hosted by the application program, and wherein the access rights define access by the entity to the resource; and a processor programmed to; receive the access rights by the entity to the resource; associate the entity identifier with the application program identifier or the resource identifier; associate the received access rights with the application program identifier and the resource identifier to create the policy set; and store the created policy set in the memory area. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
identifying a policy set, said policy set defining access to a resource by an entity associated with at least one execution extension environment, said policy set including a principal identifier for the execution extension environment, a resource identifier for the resource, and access rights, wherein the principal identifier or the resource identifier includes an entity identifier associated with the entity; receiving a request for the resource from the entity; comparing the received request to the identified policy set; and granting the entity access to the resource based on said comparing. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. One or more computer-readable media having computer-executable components, said components comprising:
-
an interface component for receiving user input to define access rights by an entity to a resource, said entity being associated with at least one execution extension environment; a policy component for receiving a policy set, said policy set defining access to the resource by the entity, said policy set including a principal identifier for the execution extension environment, a resource identifier for the resource, and the access rights defined by the interface component, wherein the principal identifier or the resource identifier includes an entity identifier associated with the entity; and an access component for receiving a request for the resource from the entity, comparing the received request to the policy set received by the policy component, and granting the entity access to the resource based on said comparing. - View Dependent Claims (18, 19, 20)
-
Specification