INTELLIGENT TRUST MANAGEMENT METHOD AND SYSTEM
1 Assignment
0 Petitions
Accused Products
Abstract
Intelligent Trust Management provides a centralized security facility that gives system components a flexible mechanism for implementing security policies. System components such as applications create a request describing an action that needs to be checked against an appropriate security policy. The request is given to a trust system that determines which policy object applies to the request, and may pass request arguments to the policy. The policy objects include executable code that uses any arguments along with dynamically obtained variable information to make a decision. The decision is returned to the system component, which then operates accordingly. Policy objects may maintain state and interface with the user independent of the system component in order to obtain information to make their decisions. Policy objects may call other policy objects and/or mathematically combine the results of other policy objects to make a decision.
57 Citations
40 Claims
-
1-20. -20. (canceled)
-
21. In a computing environment, a computer-implemented method, comprising:
-
maintaining a plurality of policies as centrally maintained application system resources available to one or more applications through an intelligent trust manager, wherein the policies are isolated from the one or more applications; implementing the plurality of policies in a plurality of policy objects, wherein the plurality of policy objects are organized in a hierarchical grouping; receiving action information, including data that identifies a proposed action, wherein the proposed action corresponds to a first policy object of the plurality of policy objects; selecting, from the plurality of policy objects, the first policy object corresponding to the proposed action based on the data that identifies the proposed action; invoking the first policy object to obtain a decision made by the first policy object on the proposed action; and returning the decision in response to the action information that was received. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
-
-
29. A computer storage medium storing a computer program of instructions for executing a computer-implemented method, the method comprising:
-
maintaining a plurality of policies as centrally maintained application system resources available to one or more applications through an intelligent trust manager, wherein the policies are isolated from the one or more applications; implementing the plurality of policies in a plurality of policy objects, wherein the plurality of policy objects are organized in a hierarchical grouping; receiving action information, including data that identifies a proposed action, wherein the proposed action corresponds to a first policy object of the plurality of policy objects; selecting, from the plurality of policy objects, the first policy object corresponding to the proposed action based on the data that identifies the proposed action; invoking the first policy object to obtain a decision made by the first policy object on the proposed action; and returning the decision in response to the action information that was received. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 40)
-
-
37. A system comprising:
-
at least one processing unit; a memory, operatively connected to the at least one processing unit and storing instructions that, when executed by the at least one processing unit, cause the at least one processing unit to perform a method, the method comprising; maintaining a plurality of policies as centrally maintained application system resources available to one or more applications through an intelligent trust manager, wherein the policies are isolated from the one or more applications; implementing the plurality of policies in a plurality of policy objects, wherein the plurality of policy objects are organized in a hierarchical grouping; receiving action information, including data that identifies a proposed action, wherein the proposed action corresponds to a first policy object of the plurality of policy objects; selecting, from the plurality of policy objects, the first policy object corresponding to the proposed action based on the data that identifies the proposed action; invoking the first policy object to obtain a decision made by the first policy object on the proposed action; and returning the decision in response to the action information that was received. - View Dependent Claims (38, 39)
-
Specification