Method of enforcing a policy on a computer network
First Claim
1. A method for enforcing a selected policy from a set of polices maintained by a policy server to be applied to a user interconnected to a network through a communication path, wherein the network includes a gateway and one or more resources, comprising:
- receiving, by the gateway, a request from the user to access the one or more resources on the network;
selecting a user object from a plurality of stored objects, wherein the user object corresponds to the user and includes a set of attributes comprising a group to which the user belongs, a user name, password, and an override attribute;
determining whether to grant or deny access to the network based upon the user name and password;
identifying a profile that applies to the user based on the set of attributes, including the group to which the user belongs, wherein the profile includes an authorization parameter and a communication parameter;
determining, by the gateway, whether to grant or deny access to the resources on the network based upon the authorization parameter; and
configuring the communication path, including setting quality of service (QOS) based upon the communication parameter.
3 Assignments
0 Petitions
Accused Products
Abstract
A policy server program evaluates one or more policy statements based on the group or groups to which a user belongs as well as other conditions. Each policy statement expresses an implementation of the access policy of the network, and is associated with a profile. The profile contains one or more actions that are to be applied to the user. The policy server program determines the identity of the group or groups to which the user belongs by referencing one or more group attributes contained in a user object which is located in a directory on the network. The user object and its group parameters are established when the user is added to the directory, while a policy statement for a group can be created at any time.
-
Citations
23 Claims
-
1. A method for enforcing a selected policy from a set of polices maintained by a policy server to be applied to a user interconnected to a network through a communication path, wherein the network includes a gateway and one or more resources, comprising:
-
receiving, by the gateway, a request from the user to access the one or more resources on the network; selecting a user object from a plurality of stored objects, wherein the user object corresponds to the user and includes a set of attributes comprising a group to which the user belongs, a user name, password, and an override attribute; determining whether to grant or deny access to the network based upon the user name and password; identifying a profile that applies to the user based on the set of attributes, including the group to which the user belongs, wherein the profile includes an authorization parameter and a communication parameter; determining, by the gateway, whether to grant or deny access to the resources on the network based upon the authorization parameter; and configuring the communication path, including setting quality of service (QOS) based upon the communication parameter. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer-readable medium having computer-readable instructions for a method for enforcing a selected policy from a set of polices maintained by a policy server to be applied to a user interconnected to a network through a communication path, wherein the network includes a gateway and one or more resources, comprising:
-
receiving, by the gateway, a request from the user to access the one or more resources on the network; selecting a user object from a plurality of stored objects, wherein the user object corresponds to the user and includes a set of attributes comprising a group to which the user belongs, a user name, password, and an override attribute; determining whether to grant or deny access to the network based upon the user name and password; identifying a profile that applies to the user based on the set of attributes, including the group to which the user belongs, wherein the profile includes an authorization parameter and a communication parameter; determining, by the gateway, whether to grant or deny access to the resources on the network based upon the authorization parameter; and configuring the communication path, including setting quality of service (QOS), based upon the communication parameter. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
-
Specification