METHOD AND APPARATUS FOR POLICY-BASED NETWORK ACCESS CONTROL WITH ARBITRARY NETWORK ACCESS CONTROL FRAMEWORKS
First Claim
Patent Images
1. A non-transitory computer readable medium comprising instructions which when executed by one or more processors causes performance of:
- receiving a first request;
determining a first set of one or more attributes in a first protocol based on the first request;
translating the first set of attributes from the first protocol to a canonical form;
applying policy rules to the first set of attributes in the canonical form to determine whether to grant the first request;
receiving a second request;
determining a second set of one or more attributes in a second protocol based on the second request, the second protocol being different than the first protocol;
translating the second set of attributes from the second protocol to the canonical form;
applying policy rules to the second set of attributes in the canonical form to determine whether to grant the second request.
5 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for integrating various network access control frameworks under the control of a single policy decision point (PDP). The apparatus supports pluggable protocol terminators to interface to any number of access protocols or backend support services. The apparatus contains Trust and Identity Mediators to mediate between the protocol terminators and a canonical policy subsystem, translating attributes between framework representations, and a canonical representation using extensible data-driven dictionaries.
10 Citations
12 Claims
-
1. A non-transitory computer readable medium comprising instructions which when executed by one or more processors causes performance of:
-
receiving a first request; determining a first set of one or more attributes in a first protocol based on the first request; translating the first set of attributes from the first protocol to a canonical form; applying policy rules to the first set of attributes in the canonical form to determine whether to grant the first request; receiving a second request; determining a second set of one or more attributes in a second protocol based on the second request, the second protocol being different than the first protocol; translating the second set of attributes from the second protocol to the canonical form; applying policy rules to the second set of attributes in the canonical form to determine whether to grant the second request. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory computer readable medium comprising instructions which when executed by one or more processors causes performance of:
-
receiving a first request; determining one or more attributes based on the first request; translating the one or more attributes into a canonical form; based on the one or more attributes in the canonical form, gathering information from at least two different devices; translating the information into the canonical form. - View Dependent Claims (7, 8)
-
-
9. A non-transitory computer readable medium comprising instructions which when executed by one or more processors causes performance of:
-
receiving a first request; determining one or more attributes based on the first request; translating the one or more attributes into a canonical form; based on the one or more attributes in the canonical form, gathering a first information using a first protocol; translating the first information into the canonical form; based on the one or more attributes in the canonical form, gathering a second information using a second protocol; translating the second information into the canonical form. - View Dependent Claims (10, 11, 12)
-
Specification