×

Methods and apparatus for controlling access to a resource

  • US 7,185,192 B1
  • Filed: 07/07/2000
  • Issued: 02/27/2007
  • Est. Priority Date: 07/07/2000
  • Status: Expired due to Term
First Claim
Patent Images

1. A method for providing access control in a computing system environment, the method comprising the steps of:

  • receiving an access request;

    selecting, based on the access request, a set of rules containing at least one rule from a master set of rules; and

    producing an access control decision based on performing rule operations in a given rule of the selected set of rules by sequentially performing rule operations in the given rule until performing a disregard instruction, the disregard instruction including disregard criteria identifying a type of other rule operations in the selected set of rules to disregard from performing; and

    after performing the disregard instruction in the given rule;

    i) evaluating the disregard criteria against any remaining unperformed rule operations in other rules of the selected set of rules, the other rules being rules other than the given rule;

    ii) marking any remaining unperformed rule operations in the other rules of the selected set of rules that match the disregard criteria to be disregarded from further rule processing; and

    iii) executing remaining unmarked rule operations in the other rules in the selected set of rules;

    wherein the step of selecting includes the steps of;

    determining an identity of a resource in the computing system environment to which access is requested in the access request; and

    applying at least one filter operation, using the identity of the resource, for rules in the at least one master set of rules to produce the selected set of rules for use in determining the access control decision to the resource; and

    wherein the method further includes the step of determining a role identity of a requestor submitting the access request; and

    wherein the step of performing includes sequentially processing each rule operation in the selected set of rules using the role identity of the requestor submitting the access request in combination with the identity of the resource to determine if the requestor using the role identity can access the resource.

View all claims
  • 9 Assignments
Timeline View
Assignment View
    ×
    ×