AUTOMATED SECURITY ANALYSIS FOR FEDERATED RELATIONSHIP
First Claim
1. A method performed on a computer processor, said method comprising:
- receiving first security descriptors conforming to a security schema, said first security descriptors being received from a recipient domain in a proposed federation;
comparing said first security descriptors to a provider federation policy to create a federation access policy, said provider federation policy being defined for a provider domain, said federation access policy comprising at least common security access definitions between said first security descriptors and said provider federation policy;
creating a shared repository conforming to said federation access policy; and
permitting access to said shared repository for users from said recipient domain and said provider domain.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer monitoring system uses a set of parameterized models to gather information about monitored devices. The models include scripts for gathering information, as well as type validation and data validation functions. The parameters within the model are used to generate user interface prompts and to populate discovery scripts as well as data validation scripts. In some cases, the models may include localization settings that may customize the user interface and validation output for different languages. A processing engine may generate a user interface from the parameters defined in the models, customize the scripts from the user input, and cause the scripts to be executed. The data gathered by the scripts may be analyzed using type validation and data validation.
32 Citations
20 Claims
-
1. A method performed on a computer processor, said method comprising:
-
receiving first security descriptors conforming to a security schema, said first security descriptors being received from a recipient domain in a proposed federation; comparing said first security descriptors to a provider federation policy to create a federation access policy, said provider federation policy being defined for a provider domain, said federation access policy comprising at least common security access definitions between said first security descriptors and said provider federation policy; creating a shared repository conforming to said federation access policy; and permitting access to said shared repository for users from said recipient domain and said provider domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
a network connection to a provider domain; a network connection to a recipient domain; a security gathering mechanism that receives security descriptors from said recipient domain and from said provider domain; a security analyzer that analyzes said security descriptors from said recipient domain and from said provider domain to create a federated security policy; and a repository engine that creates a shared repository accessible from said provider domain and from said recipient domain, said shared repository conforming to said federated security policy. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method performed on a computer processor, said method comprising:
-
transmitting a digital form to a recipient organization, said recipient organization having a recipient domain; receiving a digital results document from said recipient organization, said digital results document being generated using said digital form; receiving a local security policy; generating a federation policy based on comparing said digital results document with said local security policy; creating a shared repository; and setting a set of security functions on said shared repository to comply with said federation policy. - View Dependent Claims (18, 19, 20)
-
Specification