Query Interface to Policy Server
First Claim
1. A method for positive access control, the method comprising:
- storing information in memory regarding a plurality of users, the information for each user including a dossier for the user;
receiving an access request from a client device associated with a user, the access request including authentication information;
executing instructions stored in memory, wherein execution of the instructions by a processor;
retrieves a dossier for the user based on the authentication information provided in the request,identifies that the user belongs to a custom user group, the identification based on the retrieved dossier, andmoves a session associated with the user to a server dedicated to providing guaranteed fast responses during congested time periods.
32 Assignments
0 Petitions
Accused Products
Abstract
A scalable access filter that is used together with others like it in a virtual private network to control access by users at clients in the network to information resources provided by servers in the network. Each access filter uses a local copy of an access control data base to determine whether an access request is made by a user. Each user belongs to one or more user groups and each information resource belongs to one or more information sets. Access is permitted or denied according to access policies which define access in terms of the user groups and information sets. The first access filter in the path performs the access check, encrypts and authenticates the request; the other access filters in the path do not repeat the access check. The interface used by applications to determine whether a user has access to an entity is now an SQL entity. The policy server assembles the information needed for the response to the query from various information sources, including source external to the policy server.
79 Citations
1 Claim
-
1. A method for positive access control, the method comprising:
-
storing information in memory regarding a plurality of users, the information for each user including a dossier for the user; receiving an access request from a client device associated with a user, the access request including authentication information; executing instructions stored in memory, wherein execution of the instructions by a processor; retrieves a dossier for the user based on the authentication information provided in the request, identifies that the user belongs to a custom user group, the identification based on the retrieved dossier, and moves a session associated with the user to a server dedicated to providing guaranteed fast responses during congested time periods.
-
Specification