OPTIMIZED POLICY MATCHING AND EVALUATION FOR NON-HIERARCHICAL RESOURCES
First Claim
Patent Images
1. A computer-readable memory storing a plurality of instructions executable by one or more processors, the plurality of instructions comprising:
- instructions that cause at least one processor from the one or more processors to receive an authorization request to be authorized, the authorization request identifying a subject, resource information, and an action, the resource information comprising a resource expression identifying a non-hierarchical resource;
instructions that cause at least one processor from the one or more processors to determine that the resource identified by the authorization request is a non-hierarchical resource;
instructions that cause at least one processor from the one or more processors to access a plurality of memory structures stored for a plurality of policies targeting a plurality of non-hierarchical resources;
instructions that cause at least one processor from the one or more processors to determine a set of characters from the resource expression identifying the non-hierarchical in the authorization request;
instructions that cause at least one processor from the one or more processors to identify, using the plurality of memory structures and the set of characters, a first set of policies from the plurality of policies that are applicable for authorizing the authorization request; and
instructions that cause at least one processor from the one or more processors to evaluate one or more policies from the first set of policies to determine whether the subject identified in the authorization request is authorized to perform the action identified in the authorization request on the non-hierarchical resource identified in the authorization request.
1 Assignment
0 Petitions
Accused Products
Abstract
Improved techniques are provided for processing authorization requests. In some embodiments, an authorization request specifying a non-hierarchical resource can be processed without having to sequentially process the various security policies configured for a collection of resources.
12 Citations
20 Claims
-
1. A computer-readable memory storing a plurality of instructions executable by one or more processors, the plurality of instructions comprising:
-
instructions that cause at least one processor from the one or more processors to receive an authorization request to be authorized, the authorization request identifying a subject, resource information, and an action, the resource information comprising a resource expression identifying a non-hierarchical resource; instructions that cause at least one processor from the one or more processors to determine that the resource identified by the authorization request is a non-hierarchical resource; instructions that cause at least one processor from the one or more processors to access a plurality of memory structures stored for a plurality of policies targeting a plurality of non-hierarchical resources; instructions that cause at least one processor from the one or more processors to determine a set of characters from the resource expression identifying the non-hierarchical in the authorization request; instructions that cause at least one processor from the one or more processors to identify, using the plurality of memory structures and the set of characters, a first set of policies from the plurality of policies that are applicable for authorizing the authorization request; and instructions that cause at least one processor from the one or more processors to evaluate one or more policies from the first set of policies to determine whether the subject identified in the authorization request is authorized to perform the action identified in the authorization request on the non-hierarchical resource identified in the authorization request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system comprising:
-
a memory configured to store a plurality of memory structures stored for a plurality of policies targeting a plurality of non-hierarchical resources; and one or more processors configured to access the plurality of memory structures stored by the memory, the one or more processors configured to; receive an authorization request to be authorized, the authorization request identifying a subject, resource information, and an action, the resource information comprising a resource expression identifying a non-hierarchical resource; determine that the resource identified by the authorization request is a non-hierarchical resource; determine a set of characters from the resource expression identifying the non-hierarchical in the authorization request; identify using the plurality of memory structures and the set of characters, a first set of policies from the plurality of policies that are applicable for authorizing the authorization request; and evaluate one or more policies from the first set of policies to determine whether the subject identified in the authorization request is authorized to perform the action identified in the authorization request on the non-hierarchical resource identified in the authorization request. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method comprising:
-
receiving, by a computing system, an authorization request to be authorized, the authorization request identifying a subject, resource information, and an action, the resource information comprising a resource expression identifying a non-hierarchical resource; determining, by the computing system, that the resource identified by the authorization request is a non-hierarchical resource; accessing, by the computing system, a plurality of memory structures stored for a plurality of policies targeting a plurality of non-hierarchical resources; determining, by the computing system, a set of characters from the resource expression identifying the non-hierarchical in the authorization request; identifying, by the computing system, using the plurality of memory structures and the set of characters, a first set of policies from the plurality of policies that are applicable for authorizing the authorization request; and evaluating, by the computing system, one or more policies from the first set of policies to determine whether the subject identified in the authorization request is authorized to perform the action identified in the authorization request on the non-hierarchical resource identified in the authorization request.
-
Specification