Controlling Resource Access Based on Resource Properties
First Claim
1. In a computing environment, a method performed on at least one processor, comprising, determining access to a resource based on policy decoupled from the resource, including by evaluating a resource label associated with the resource against a user claim associated with an access request.
2 Assignments
0 Petitions
Accused Products
Abstract
Described is a technology by which access to a resource is determined by evaluating a resource label of the resource against a user claim of an access request, according to policy decoupled from the resource. The resource may be a file, and the resource label may be obtained by classifying the file into classification properties, such that a change to the file may change its resource label, thereby changing which users have access to the file. The resource label-based access evaluation may be logically combined with a conventional ACL-based access evaluation to determine whether to grant or deny access to the resource.
-
Citations
20 Claims
- 1. In a computing environment, a method performed on at least one processor, comprising, determining access to a resource based on policy decoupled from the resource, including by evaluating a resource label associated with the resource against a user claim associated with an access request.
- 9. In a computing environment, a system comprising, an authorization engine that determines access to a resource based upon policy, including by using information in the policy to evaluate a resource label associated with the resource against a user claim associated with an access request.
- 16. One or more computer-readable media having computer-executable instructions, which when executed perform steps, comprising, processing an access request to grant or deny an access-related operation to a resource, including obtaining policy that is decoupled from the resource, and using the policy to determine whether to grant or deny the access-related operation, including by evaluating a resource label associated with the resource against a user claim associated with the access request.
Specification