Methods systems and computer program products for processing complex policy rules based on rule form type
First Claim
1. A method for processing a complex policy rule structured in a plurality of levels wherein the complex policy rule selects an action for execution based on a plurality of individual policy conditions each of the individual policy conditions being expressed as ranges and being associated with one of the levels, the method comprising the steps of:
- determining if the complex policy rule is a conjunctive normal form (CNF) policy rule;
receiving an event, the event having an associated value defining a point in a space covered by the individual policy conditions; and
performing the following steps if the complex policy rule is a CNF policy rule;
generating a plurality of summary conditions, each of the summary conditions being associated with one of the levels;
comparing the associated value of the received event to a selected one of the summary conditions to determine if the selected one of the summary conditions is met;
determining that the complex policy rule may be skipped if the selected one of the summary conditions is not met;
repeating the step of comparing for others of the summary conditions and individual policy conditions until at least one of one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met; and
determining that the complex policy rule may be skipped if at least one of one of the summary conditions is not met or all individual policy conditions for one of the levels are not met.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present invention include methods, systems and computer program products which provide for a complex policy rule structured in a plurality of levels wherein the complex policy rule selects an action for execution based on a plurality of individual policy conditions. An event is received having an associated value defining a point in a space covered by the individual policy conditions. The following operations are performed if the complex policy rule is a CNF policy rule. A plurality of summary conditions are generated, each of the summary conditions being associated with one of the levels. The associated value of the received event is compared to a selected one of the summary conditions to determine if the selected one of the summary conditions is met. Operations repeat for others of the summary conditions and individual policy conditions until either one of the summary conditions is not met or all individual policy conditions for one of the levels are not met, allowing the policy rule to be skipped, or until at least one of the individual policy conditions for each level is met. DNF policy rule processing is also provided.
-
Citations
49 Claims
-
1. A method for processing a complex policy rule structured in a plurality of levels wherein the complex policy rule selects an action for execution based on a plurality of individual policy conditions each of the individual policy conditions being expressed as ranges and being associated with one of the levels, the method comprising the steps of:
-
determining if the complex policy rule is a conjunctive normal form (CNF) policy rule;
receiving an event, the event having an associated value defining a point in a space covered by the individual policy conditions; and
performing the following steps if the complex policy rule is a CNF policy rule;
generating a plurality of summary conditions, each of the summary conditions being associated with one of the levels;
comparing the associated value of the received event to a selected one of the summary conditions to determine if the selected one of the summary conditions is met;
determining that the complex policy rule may be skipped if the selected one of the summary conditions is not met;
repeating the step of comparing for others of the summary conditions and individual policy conditions until at least one of one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met; and
determining that the complex policy rule may be skipped if at least one of one of the summary conditions is not met or all individual policy conditions for one of the levels are not met. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
comparing the associated value of the received event to ones of the individual policy conditions associated with a same level as the selected one of the summary conditions if the selected one of the summary conditions is met to determine if any of the individual policy conditions associated with a same level as the selected one of the summary conditions is met;
selecting another one of the summary conditions associated with another one of the levels and comparing the associated value of the received event to the another one of the summary conditions to determine if the another one of the summary conditions is not met;
comparing the associated value of the received event to ones of the individual policy conditions associated with the another one of the levels if the another one of the summary conditions is met to determine if any of the individual policy conditions associated with the another one of the levels is met; and
repeating the steps of selecting another one of the summary conditions associated with another one of the levels and comparing the associated value of the received event to the another one of the summary conditions and comparing the associated value of the received event to ones of the individual policy conditions associated with the another one of the levels if the another one of the summary conditions is met until at least one of one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met.
-
-
3. The method of claim 1 wherein the step of repeating the step of comparing for others of the summary conditions and individual policy conditions until at least one of one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met further comprises the steps of:
-
selecting another one of the summary conditions associated with another one of the levels and comparing the associated value of the received event to the another one of the summary conditions to determine if the another one of the summary conditions is not met;
repeating the step of selecting another one of the summary conditions for others of the summary conditions until at least one of one of the summary conditions is not met or all of the summary conditions are met; and
comparing the associated value of the received event to individual policy conditions until at least one of all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met if all of the summary conditions are met.
-
-
4. The method of claim 1 further comprising the step of executing the action associated with the complex policy rule if at least one individual policy condition at each level is met if the complex policy rule is a CNF policy rule.
-
5. The method of claim 4 wherein the step of generating a plurality of summary conditions further comprises the step of establishing a lowest starting value of one of the individual conditions associated with a level as a start value of a summary condition for that level and establishing a highest ending value of one of the individual policy conditions associated with that level as an end value of the summary condition for that level.
-
6. The method of claim 5 wherein the step of generating a plurality of summary conditions further comprises the step of generating an all inclusive range as a summary condition for a level if the associated range of one of the individual policy conditions associated with that level is a unitary point of a first value and another of the individual policy conditions associated with that level is a unitary point of a second value different from the first value.
-
7. The method of claim 6 wherein the step of generating a plurality of summary conditions further comprises the step of generating an all inclusive range as a summary condition for a level if the associated range of one of the individual policy conditions associated with that level is all inclusive.
-
8. The method of claim 4 wherein the step of comparing the associated value of the received event to an associated selected one of the summary conditions is preceded by the step of selecting one of the summary conditions most likely to not be met as the selected one of the summary conditions.
-
9. The method of claim 4 further comprising the steps of:
-
determining if the complex policy rule is a disjunctive normal form (DNF) policy rule; and
performing the following steps if the complex policy rule is a DNF policy rule;
generating a plurality of collapsed conditions, each of the collapsed conditions being associated with one of the levels and having a range for each group of policy conditions included in the one of the plurality of levels;
comparing the associated value of the received event to a selected one of the collapsed conditions to determine if the selected one of the collapsed conditions is met;
selecting another one of the collapsed conditions and comparing the associated value of the received event to the selected another one of the collapsed conditions to determine if the selected another one of the collapsed conditions is met if the selected one of the collapsed conditions is not met;
repeating the steps of comparing until at least one of a collapsed condition is met or all of the collapsed conditions are not met; and
wherein the step of executing the action further comprises the step of executing the action associated with the complex policy rule if one of the collapsed conditions is met if the complex policy rule is a DNF policy rule.
-
-
10. A method for processing a complex policy rule structured in a plurality of levels wherein the complex policy rule selects an action for execution based on a plurality of individual policy conditions, each of the individual policy conditions including a plurality of groups and being expressed as ranges for each of the groups, the method comprising the steps of:
-
determining if the complex policy rule is a conjunctive normal form (CNF) policy rule;
receiving an event, the event having associated values defining a point in a space covered by the plurality of conditions; and
performing the following steps if the complex policy rule is a CNF policy rule;
generating a plurality of summary conditions, each of the summary conditions being associated with a respective one of the groups for a respective one of the levels;
comparing a respective one of the associated values of the received event to an associated selected one of the summary conditions, the selected one of the summary conditions being associated with the same group of policy conditions as the respective one of the associated values of the received event, to determine if the associated one of the summary conditions is met;
determining that the complex policy rule may be skipped if the associated one of the summary conditions is not met;
repeating the step of comparing for others of the summary conditions and individual policy conditions until at least one of one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each of the levels is met;
determining that the complex policy rule may be skipped if at least one of one of the summary conditions is not met or all individual policy conditions for one of the levels are not met; and
executing the action if at least one of the individual policy conditions for each of the levels is met if the complex policy rule is a CNF policy rule. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
determining if the complex policy rule is a disjunctive normal form (DNF) policy rule; and
performing the following steps if the complex policy rule is a DNF policy rule;
generating a plurality of collapsed conditions, each of the collapsed conditions being associated with one of the levels and having a range for each group of policy conditions;
comparing the associated values of the received event to a selected one of the collapsed conditions to determine if the selected one of the collapsed conditions is met;
selecting another one of the collapsed conditions and comparing the associated values of the received event to the selected another one of the collapsed conditions to determine if the selected another one of the collapsed conditions is met if the previously selected one of the collapsed conditions is not met;
repeating the step of selecting another one of the collapsed conditions and comparing the associated values of the received event to the selected another one of the collapsed conditions until at least one of a collapsed condition is met or all of the collapsed conditions are not met; and
wherein the step of executing the action further comprises the step of executing the action associated with the complex policy rule if one of the collapsed conditions is met if the complex policy rule is a DNF policy rule.
-
-
17. The method of claim 16 wherein the steps of comparing the associated values of the received event to a selected one of the collapsed conditions to determine if the selected one of the collapsed conditions is met and selecting another one of the collapsed conditions and comparing the associated values of the received event to the selected another one of the collapsed conditions to determine if the selected another one of the collapsed conditions is met if the previously selected one of the collapsed conditions is not met further comprise the step of determining that a collapsed condition is not met if any one of the ranges of the collapsed condition is not met.
-
18. The method of claim 10 wherein the step of repeating the step of comparing for others of the summary conditions and individual policy conditions comprises the step of comparing the associated values of the received event to ones of the individual policy conditions associated with the same level as one of the summary conditions which is met to determine if any of the individual policy conditions associated with the same level as one of the summary conditions which is met are met.
-
19. The method of claim 10 wherein the step of repeating the step of comparing for others of the summary conditions and individual policy conditions comprises the steps of:
-
selecting another one of the summary conditions associated with the same level as the selected one of the summary conditions and associated with a different group of policy conditions;
comparing one of the associated values of the received event associated with the different group to the another one of the summary conditions to determine if the another one of the summary conditions is met; and
repeating the steps of selecting another one of the summary conditions and comparing one of the associated values of the received event associated with the different group to the another one of the summary conditions until at least one of a summary condition is not met or all of the summary conditions associated with the same level are met.
-
-
20. The method of claim 19 wherein the step of repeating the steps of selecting another one of the summary conditions and comparing one of the associated values of the received event associated with the different group to the another one of the summary conditions is followed by the step of comparing the associated values of the received event to ones of the individual policy conditions associated with the same level to determine if any of the individual policy conditions associated with the same level are met if all of the summary conditions associated with the same level are met.
-
21. The method of claim 20 wherein the step of comparing the associated values of the received event to ones of the individual policy conditions associated with the same level to determine if any of the individual policy conditions associated with the same level are met if all of the summary conditions associated with the same level are met is followed by the steps of:
-
comparing the associated values of the received event to ones of the summary conditions associated with another one of the levels to determine if any of the summary conditions associated with another one of the levels is not met;
comparing the associated values of the received event to ones of the individual policy conditions associated with the another one of the levels if all of the ones of the summary conditions associated with the another one of the levels is met to determine if any of the ones of the individual policy conditions associated with the another one of the levels are met; and
repeating the steps of comparing the associated values of the received event to ones of the summary conditions associated with another one of the levels and comparing the associated values of the received event to ones of the individual policy conditions associated with the another one of the levels for others of the plurality of levels until at least one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met.
-
-
22. The method of claim 21 wherein at least one of the groups is selected from the group consisting of source device internet protocol (IP) address range, destination device IP address range, inbound interface identifier (ID) range, outbound interface ID range, source device port number range, destination device port number range, protocol ID range, application name and application data classification.
-
23. The method of claim 22 wherein the step of generating a plurality of summary conditions further comprises the step of establishing a lowest starting value of one of the groups of one of the individual conditions associated with a level as a start value of a summary condition for that group for that level and establishing a highest ending value of the one of the groups of the one of the individual policy conditions associated with that level as an end value of the summary condition for that group for that level.
-
24. The method of claim 23 wherein the step of generating a plurality of summary conditions further comprises the step of generating an all inclusive range as a summary condition for a group for a level if the associated range for that group of one of the individual policy conditions associated with that level is a unitary point of a first value and another of the individual policy conditions associated with that level for that group is a unitary point of a second value different from the first value.
-
25. The method of claim 24 wherein the step of generating a plurality of summary conditions further comprises the step of generating an all inclusive range as a summary condition for a group for a level if the associated range for that group of one of the individual policy conditions associated with that level is all inclusive.
-
26. The method of claim 25 further comprising the steps of:
-
determining if the complex policy rule is a disjunctive normal form (DNF) policy rule; and
performing the following steps if the complex policy rule is a DNF policy rule;
generating a plurality of collapsed conditions, each of the collapsed conditions being associated with one of the levels and having a range for each group of policy conditions;
comparing the associated values of the received event to a selected one of the collapsed conditions to determine if the selected one of the collapsed conditions is met;
selecting another one of the collapsed conditions and comparing the associated values of the received event to the selected another one of the collapsed conditions to determine if the selected another one of the collapsed conditions is met if the previously selected one of the collapsed conditions is not met;
repeating the step of selecting another one of the collapsed conditions and comparing the associated values of the received event to the selected another one of the collapsed conditions until at least one of a collapsed condition is met or all of the collapsed conditions are not met; and
wherein the step of executing the action further comprises the step of executing the action associated with the complex policy rule if one of the collapsed conditions is met if the complex policy rule is a DNF policy rule.
-
-
27. The method of claim 26 further comprising the step of selecting one of the plurality of collapsed conditions which is most likely to be met as the selected one of the plurality of collapsed conditions.
-
28. The method of claim 27 wherein the step of generating a plurality of collapsed conditions further comprises the step of establishing an intersection of associated ranges of all individual policy conditions associated with each group of policy conditions included in a particular level to provide one of the plurality of collapsed conditions associated with the particular level.
-
29. A method for processing a complex policy rule structured in a plurality of levels wherein the complex policy rule selects an action for execution based on a plurality of individual policy conditions each of the individual policy conditions being expressed as ranges and being associated with one of the levels, the method comprising the steps of:
-
receiving an event, the event having an associated value defining a point in a space covered by the individual policy conditions;
determining if the complex policy rule is a disjunctive normal form (DNF) policy rule; and
performing the following steps if the complex policy rule is a DNF policy rule;
generating a plurality of collapsed conditions, each of the collapsed conditions being associated with one of the levels and having a range for each group of policy conditions included in the one of the plurality of levels;
comparing the associated value of the received event to a selected one of the collapsed conditions to determine if the selected one of the collapsed conditions is met;
selecting another one of the collapsed conditions and comparing the associated value of the received event to the selected another one of the collapsed conditions to determine if the selected another one of the collapsed conditions is met if the selected one of the collapsed conditions is not met;
repeating the steps of comparing until at least one of a collapsed condition is met or all of the collapsed conditions are not met; and
executing the action associated with the complex policy rule if one of the collapsed conditions is met if the complex policy rule is a DNF policy rule.
-
-
30. A system for processing a complex policy rule structured in a plurality of levels wherein the complex policy rule selects an action for execution based on a plurality of individual policy conditions each of the individual policy conditions being expressed as ranges and being associated with one of the levels, the system comprising:
-
means for determining if the complex policy rule is a conjunctive normal form (CNF) policy rule;
means for receiving an event, the event having an associated value defining a point in a space covered by the individual policy conditions; and
the following means responsive to determining that the complex policy rule is a CNF policy rule;
means for generating a plurality of summary conditions, each of the summary conditions being associated with one of the levels;
means for comparing the associated value of the received event to a selected one of the summary conditions to determine if the selected one of the summary conditions is met;
means for determining that the complex policy rule may be skipped if the selected one of the summary conditions is not met;
means for controlling the means for comparing to repeat comparing for others of the summary conditions and individual policy conditions until at least one of one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met; and
means for determining that the complex policy rule may be skipped if at least one of one of the summary conditions is not met or all individual policy conditions for one of the levels are not met. - View Dependent Claims (31, 32, 33, 34, 35)
means for comparing the associated value of the received event to ones of the individual policy conditions associated with a same level as the selected one of the summary conditions if the selected one of the summary conditions is met to determine if any of the individual policy conditions associated with a same level as the selected one of the summary conditions is met;
means for selecting another one of the summary conditions associated with another one of the levels and comparing the associated value of the received event to the another one of the summary conditions to determine if the another one of the summary conditions is not met;
means for comparing the associated value of the received event to ones of the individual policy conditions associated with the another one of the levels if the another one of the summary conditions is met to determine if any of the individual policy conditions associated with the another one of the levels is met; and
means for controlling the means for selecting another one of the summary conditions associated with another one of the levels and the means for comparing the associated value of the received event to the another one of the summary conditions and the means for comparing the associated value of the received event to ones of the individual policy conditions associated with the another one of the levels if the another one of the summary conditions is met to repeat operations until at least one of one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met.
-
-
32. The system of claim 30 wherein the means for controlling the means for comparing to repeat comparing for others of the summary conditions and individual policy conditions until at least one of one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met further comprises:
-
means for selecting another one of the summary conditions associated with another one of the levels and comparing the associated value of the received event to the another one of the summary conditions to determine if the another one of the summary conditions is not met;
means for controlling the means for selecting another one of the summary conditions to repeat operations for others of the summary conditions until at least one of one of the summary conditions is not met or all of the summary conditions are met; and
means for comparing the associated value of the received event to individual policy conditions until at least one of all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met if all of the summary conditions are met.
-
-
33. The system of claim 30 further comprising means for executing the action associated with the complex policy rule if at least one individual policy condition at each level is met if the complex policy rule is a CNF policy rule.
-
34. The system of claim 33 further comprising means for selecting one of the summary conditions most likely to not be met as the selected one of the summary conditions.
-
35. The system of claim 33 further comprising:
-
means for determining if the complex policy rule is a disjunctive normal form (DNF) policy rule; and
the following means responsive to determining that the complex policy rule is a DNF policy rule;
means for generating a plurality of collapsed conditions, each of the collapsed conditions being associated with one of the levels and having a range for each group of policy conditions included in the one of the plurality of levels;
means for comparing the associated value of the received event to a selected one of the collapsed conditions to determine if the selected one of the collapsed conditions is met;
means for selecting another one of the collapsed conditions and comparing the associated value of the received event to the selected another one of the collapsed conditions to determine if the selected another one of the collapsed conditions is met if the selected one of the collapsed conditions is not met;
means for controlling the means for comparing to repeat comparing until at least one of a collapsed condition is met or all of the collapsed conditions are not met; and
wherein the means for executing the action further comprises means for executing the action associated with the complex policy rule if one of the collapsed conditions is met if the complex policy rule is a DNF policy rule.
-
-
36. A system for processing a complex policy rule structured in a plurality of levels wherein the complex policy rule selects an action for execution based on a plurality of individual policy conditions, each of the individual policy conditions including a plurality of groups and being expressed as ranges for each of the groups, the system comprising:
-
means for determining if the complex policy rule is a conjunctive normal form (CNF) policy rule;
means for receiving an event, the event having associated values defining a point in a space covered by the plurality of conditions; and
the following means responsive to determining that the complex policy rule is a CNF policy rule;
means for generating a plurality of summary conditions, each of the summary conditions being associated with a respective one of the groups for a respective one of the levels;
means for comparing a respective one of the associated values of the received event to an associated selected one of the summary conditions, the selected one of the summary conditions being associated with the same group of policy conditions as the respective one of the associated values of the received event, to determine if the associated one of the summary conditions is met;
means for determining that the complex policy rule may be skipped if the associated one of the summary conditions is not met;
means for controlling the means for comparing to repeat comparing for others of the summary conditions and individual policy conditions until at least one of one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each of the levels is met;
means for determining that the complex policy rule may be skipped if at least one of one of the summary conditions is not met or all individual policy conditions for one of the levels are not met; and
means for executing the action if at least one of the individual policy conditions for each of the levels is met if the complex policy rule is a CNF policy rule. - View Dependent Claims (37, 38)
means for determining if the complex policy rule is a disjunctive normal form (DNF) policy rule; and
the following means responsive to determining that the complex policy rule is a DNF policy rule;
means for generating a plurality of collapsed conditions, each of the collapsed conditions being associated with one of the levels and having a range for each group of policy conditions included in the one of the plurality of levels;
means for comparing the associated value of the received event to a selected one of the collapsed conditions to determine if the selected one of the collapsed conditions is met;
means for selecting another one of the collapsed conditions and comparing the associated value of the received event to the selected another one of the collapsed conditions to determine if the selected another one of the collapsed conditions is met if the selected one of the collapsed conditions is not met;
means for controlling the means for comparing to repeat comparing until at least one of a collapsed condition is met or all of the collapsed conditions are not met; and
wherein the means for executing the action further comprises means for executing the action associated with the complex policy rule if one of the collapsed conditions is met if the complex policy rule is a DNF policy rule.
-
-
39. A system for processing a complex policy rule structured in a plurality of levels wherein the complex policy rule selects an action for execution based on a plurality of individual policy conditions each of the individual policy conditions being expressed as ranges and being associated with one of the levels, the system comprising:
-
means for receiving an event, the event having an associated value defining a point in a space covered by the individual policy conditions;
means for determining if the complex policy rule is a disjunctive normal form (DNF) policy rule; and
the following means responsive to determining that the complex policy rule is a DNF policy rule;
means for generating a plurality of collapsed conditions, each of the collapsed conditions being associated with one of the levels and having a range for each group of policy conditions included in the one of the plurality of levels;
means for comparing the associated value of the received event to a selected one of the collapsed conditions to determine if the selected one of the collapsed conditions is met;
means for selecting another one of the collapsed conditions and comparing the associated value of the received event to the selected another one of the collapsed conditions to determine if the selected another one of the collapsed conditions is met if the selected one of the collapsed conditions is not met;
means for controlling the means for comparing to repeat comparing until at least one of a collapsed condition is met or all of the collapsed conditions are not met; and
means for executing the action associated with the complex policy rule if one of the collapsed conditions is met if the complex policy rule is a DNF policy rule.
-
-
40. A computer program product for processing a complex policy rule structured in a plurality of levels wherein the complex policy rule selects an action for execution based on a plurality of individual policy conditions each of the individual policy conditions being expressed as ranges and being associated with one of the levels, comprising:
-
a computer-readable storage medium having computer-readable program code embodied in said medium, said computer-readable program code comprising;
computer-readable program code which determines if the complex policy rule is a conjunctive normal form (CNF) policy rule;
computer-readable program code which receives an event, the event having an associated value defining a point in a space covered by the individual policy conditions; and
the following computer-readable program code responsive to determining that the complex policy rule is a CNF policy rule;
computer-readable program code which generates a plurality of summary conditions, each of the summary conditions being associated with one of the levels;
computer-readable program code which compares the associated value of the received event to a selected one of the summary conditions to determine if the selected one of the summary conditions is met;
computer-readable program code which determines that the complex policy rule may be skipped if the selected one of the summary conditions is not met;
computer-readable program code which controls the computer-readable program code which compares to repeat comparing for others of the summary conditions and individual policy conditions until at least one of one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met; and
computer-readable program code which determines that the complex policy rule may be skipped if at least one of one of the summary conditions is not met or all individual policy conditions for one of the levels are not met. - View Dependent Claims (41, 42, 43, 44, 45)
computer-readable program code which compares the associated value of the received event to ones of the individual policy conditions associated with a same level as the selected one of the summary conditions if the selected one of the summary conditions is met to determine if any of the individual policy conditions associated with a same level as the selected one of the summary conditions is met;
computer-readable program code which selects another one of the summary conditions associated with another one of the levels and comparing the associated value of the received event to the another one of the summary conditions to determine if the another one of the summary conditions is not met;
computer-readable program code which compares the associated value of the received event to ones of the individual policy conditions associated with the another one of the levels if the another one of the summary conditions is met to determine if any of the individual policy conditions associated with the another one of the levels is met; and
computer-readable program code which controls the computer-readable program code which selects another one of the summary conditions associated with another one of the levels and the computer-readable program code which compares the associated value of the received event to the another one of the summary conditions and the computer-readable program code which compares the associated value of the received event to ones of the individual policy conditions associated with the another one of the levels if the another one of the summary conditions is met to repeat operations until at least one of one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met.
-
-
42. The computer program product of claim 40 wherein the computer-readable program code which controls the computer-readable program code which compares to repeat comparing for others of the summary conditions and individual policy conditions until at least one of one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met further comprises:
-
computer-readable program code which selects another one of the summary conditions associated with another one of the levels and comparing the associated value of the received event to the another one of the summary conditions to determine if the another one of the summary conditions is not met;
computer-readable program code which controls the computer-readable program code which selects another one of the summary conditions to repeat operations for others of the summary conditions until at least one of one of the summary conditions is not met or all of the summary conditions are met; and
computer-readable program code which compares the associated value of the received event to individual policy conditions until at least one of all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met if all of the summary conditions are met.
-
-
43. The computer program product of claim 40 further comprising computer-readable program code which executes the action associated with the complex policy rule if at least one individual policy condition at each level is met if the complex policy rule is a CNF policy rule.
-
44. The computer program product of claim 43 further comprising computer-readable program code which selects one of the summary conditions most likely to not be met as the selected one of the summary conditions.
-
45. The computer program product of claim 43 further comprising:
-
computer-readable program code which determines if the complex policy rule is a disjunctive normal form (DNF) policy rule; and
the following computer-readable program code responsive to determining that the complex policy rule is a DNF policy rule;
computer-readable program code which generates a plurality of collapsed conditions, each of the collapsed conditions being associated with one of the levels and having a range for each group of policy conditions included in the one of the plurality of levels;
computer-readable program code which compares the associated value of the received event to a selected one of the collapsed conditions to determine if the selected one of the collapsed conditions is met;
computer-readable program code which selects another one of the collapsed conditions and comparing the associated value of the received event to the selected another one of the collapsed conditions to determine if the selected another one of the collapsed conditions is met if the selected one of the collapsed conditions is not met;
computer-readable program code which controls the computer-readable program code which compares to repeat comparing until at least one of a collapsed condition is met or all of the collapsed conditions are not met; and
wherein the computer-readable program code which executes the action further comprises computer-readable program code which executes the action associated with the complex policy rule if one of the collapsed conditions is met if the complex policy rule is a DNF policy rule.
-
-
46. A computer program product for processing a complex policy rule structured in a plurality of levels wherein the complex policy rule selects an action for execution based on a plurality of individual policy conditions, each of the individual policy conditions including a plurality of groups and being expressed as ranges for each of the groups, comprising:
-
a computer-readable storage medium having computer-readable program code embodied in said medium, said computer-readable program code comprising;
computer-readable program code which determines if the complex policy rule is a conjunctive normal form (CNF) policy rule;
computer-readable program code which receives an event, the event having associated values defining a point in a space covered by the plurality of conditions; and
the following computer-readable program code responsive to determining that the complex policy rule is a CNF policy rule;
computer-readable program code which generates a plurality of summary conditions, each of the summary conditions being associated with a respective one of the groups for a respective one of the levels;
computer-readable program code which compares a respective one of the associated values of the received event to an associated selected one of the summary conditions, the selected one of the summary conditions being associated with the same group of policy conditions as the respective one of the associated values of the received event, to determine if the associated one of the summary conditions is met;
computer-readable program code which determines that the complex policy rule may be skipped if the associated one of the summary conditions is not met;
computer-readable program code which controls the computer-readable program code which compares to repeat comparing for others of the summary conditions and individual policy conditions until at least one of one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each of the levels is met;
computer-readable program code which determines that the complex policy rule may be skipped if at least one of one of the summary conditions is not met or all individual policy conditions for one of the levels are not met; and
computer-readable program code which executes the action if at least one of the individual policy conditions for each of the levels is met if the complex policy rule is a CNF policy rule. - View Dependent Claims (47, 48)
computer-readable program code which determines if the complex policy rule is a disjunctive normal form (DNF) policy rule; and
the following computer-readable program code responsive to determining that the complex policy rule is a DNF policy rule;
computer-readable program code which generates a plurality of collapsed conditions, each of the collapsed conditions being associated with one of the levels and having a range for each group of policy conditions included in the one of the plurality of levels;
computer-readable program code which compares the associated value of the received event to a selected one of the collapsed conditions to determine if the selected one of the collapsed conditions is met;
computer-readable program code which selects another one of the collapsed conditions and compares the associated value of the received event to the selected another one of the collapsed conditions to determine if the selected another one of the collapsed conditions is met if the selected one of the collapsed conditions is not met;
computer-readable program code which controls the computer-readable program code which compares to repeat comparing until at least one of a collapsed condition is met or all of the collapsed conditions are not met; and
wherein the computer-readable program code which executes the action further comprises computer-readable program code which executes the action associated with the complex policy rule if one of the collapsed conditions is met if the complex policy rule is a DNF policy rule.
-
-
49. A computer program product for processing a complex policy rule structured in a plurality of levels wherein the complex policy rule selects an action for execution based on a plurality of individual policy conditions each of the individual policy conditions being expressed as ranges and being associated with one of the levels, comprising:
-
a computer-readable storage medium having computer-readable program code embodied in said medium, said computer-readable program code comprising;
computer-readable program code which receives an event, the event having an associated value defining a point in a space covered by the individual policy conditions;
computer-readable program code which determines if the complex policy rule is a disjunctive normal form (DNF) policy rule; and
the following computer-readable program code responsive to determining that the complex policy rule is a DNF policy rule;
computer-readable program code which generates a plurality of collapsed conditions, each of the collapsed conditions being associated with one of the levels and having a range for each group of policy conditions included in the one of the plurality of levels;
computer-readable program code which compares the associated value of the received event to a selected one of the collapsed conditions to determine if the selected one of the collapsed conditions is met;
computer-readable program code which selects another one of the collapsed conditions and comparing the associated value of the received event to the selected another one of the collapsed conditions to determine if the selected another one of the collapsed conditions is met if the selected one of the collapsed conditions is not met;
computer-readable program code which controls the computer-readable program code which compares to repeat comparing until at least one of a collapsed condition is met or all of the collapsed conditions are not met; and
computer-readable program code which executes the action associated with the complex policy rule if one of the collapsed conditions is met if the complex policy rule is a DNF policy rule.
-
Specification