Resource policy management using a centralized policy data structure
First Claim
Patent Images
1. A method comprising:
- receiving first policy data associated with a particular resource from a first principal, wherein the first principal is an entity authorized to access a centralized policy data structure associated with the particular resource;
authenticating the first principal;
modifying the centralized policy data structure associated with the particular resource based on the received first policy data if the first principal is authenticated;
receiving second policy data associated with the particular resource from a second different principal, wherein the second different principal is a different entity authorized to access the centralized policy data structure associated with the particular resource; and
modifying the centralized policy data structure associated with the particular resource based on the received second policy data if the second principal is authenticated.
1 Assignment
0 Petitions
Accused Products
Abstract
Managing policies includes receiving policy data associated with a resource from a resource owner over a network, authenticating the resource owner to determine whether to accept the received policy data, and storing the received policy data in a centralized data structure if the resource owner is authenticated.
212 Citations
19 Claims
-
1. A method comprising:
-
receiving first policy data associated with a particular resource from a first principal, wherein the first principal is an entity authorized to access a centralized policy data structure associated with the particular resource;
authenticating the first principal;
modifying the centralized policy data structure associated with the particular resource based on the received first policy data if the first principal is authenticated;
receiving second policy data associated with the particular resource from a second different principal, wherein the second different principal is a different entity authorized to access the centralized policy data structure associated with the particular resource; and
modifying the centralized policy data structure associated with the particular resource based on the received second policy data if the second principal is authenticated. - View Dependent Claims (2, 3, 4)
-
-
5. A method comprising:
-
receiving from a resource owner a policy query associated with a resource, the policy query including a policy identifier, a resource name, an access control level, and client credentials associated with a client seeking to access the resource;
authenticating the resource owner;
searching for policy data based on the policy identifier;
determining a policy query result indicative of whether the policy data grants the client access to the resource based on the client credentials and the access control level; and
returning to the resource owner the policy query result. - View Dependent Claims (6, 7, 8)
-
-
9. An apparatus comprising:
-
a centralized data structure associated with a particular resource; and
a policy manager to receive policy data associated with the particular resource from a plurality of principals authorized to modify the centralized data structure associated with the particular resource, authenticate the plurality of principals, and in response to receiving first policy data from a first principal of the plurality of principals, modify the centralized data structure associated with the particular resource based on the first policy data. - View Dependent Claims (10, 11)
-
-
12. An apparatus comprising:
-
a centralized data structure including a plurality of device data structures; and
a processor configured to;
receive from a resource owner of a particular resource a policy query associated with the particular resource, the policy query including a policy identifier, a resource name, an access control level, and client credentials associated with a client seeking to access the particular resource, authenticate the resource owner to determine whether to accept the policy query, search the centralized data structure for a device data structure associated with the particular resource based on the policy identifier, determine a policy query result indicative of whether the policy data grants the client access to the particular resource based on the client credentials and the access control level, and return to the resource owner the policy query result. - View Dependent Claims (13, 14)
-
-
15. An article comprising a computer-readable medium that stores computer-executable instructions for causing a computer system to:
-
authenticate a first principal to determine whether to accept first policy data associated with a particular resource, in response to receiving the first policy data from the first principal; and
modify a centralized device data structure associated with the particular resource using the first policy data, if the first principal is authenticated;
authenticate a second different principal to determine whether to accept second policy data associated with the particular resource, in response to receiving the second policy data from the second principal; and
modify the centralized device data structure associated with the particular resource using the first policy data, if the second principal is authenticated. - View Dependent Claims (16)
-
-
17. An article comprising a computer-readable medium that stores computer-executable instructions for causing a computer system to:
-
forward a client request to access a resource associated with a resource owner to a policy manager over a network, in response to receiving the client request from a client;
evaluate policy data received from the policy manager over the network;
determine a policy query result indicative of whether to grant the client access to the resource based on evaluating the policy data; and
return to the resource owner the policy query result. - View Dependent Claims (18, 19)
-
Specification