Post data processing
First Claim
1. A method for matching a policy to a resource in an Access System, comprising:
- receiving from a requestor a first HTTP POST request to access a first resource;
loading a first policy domain from a plurality of policy domains based on said first resource wherein said first policy domain comprises a logical grouping of a first set of resources and a plurality of policies, each policy of the plurality of policies comprising a plurality of access rules including at least one first level rule defining a default access rule for resources of the first policy domain not associated with a policy and at least one second level rule defining an access rule for an associated resource of the first set of resources, wherein each access rule includes an authentication rule having an associated rating indicting a relative strength of the authentication rule;
choosing a first policy from the plurality of policies in the first policy domain by matching said first policy to said first resource based on POST data referenced by said first HTTP POST request;
authentication said first HTTP POST request based on said authentication rule of said first policy;
in response to authenticating said first HTTP POST request, authorizing said first HTTP POST request based on said first policy;
receiving from the requestor a second HTTP POST request to access a second resource;
loading a second policy domain from the plurality of policy domains based on said second resource wherein said second policy domain comprises a logical grouping of a second set of resources and a plurality of policies, each policy of the plurality of policies comprising a plurality of access rules including at least one first level rule defining a default access rule for resources of the second policy domain not associated with apolicy and at least one second level rule defining an access rule for an associated resource of the second set of resources, wherein each access rule includes an authentication rule having an associated rating indicting a relative strength of the authentication rule;
choosing a second policy from the plurality of policies in the second policy domain by matching said second policy to said second resource based on POST data referenced by said second HTTP POST request;
in response to the associated rating of the authentication rule of the first policy being less than the associated rating of the authentication rule of the second policy, authenticating the second HTTP POST request based on said authentication rule of said second policy and authorizing said second HTTP POST request based on said second policy; and
in response to the associated rating of the authentication rule of the first policy being equal to or greater than the associated rating of the authentication rule of the second policy, authorizing said second HTTP POST request based on said second policy without authenticating the second HTTP POST request.
5 Assignments
0 Petitions
Accused Products
Abstract
The present invention matches sets of authentication, authorization, and auditing rules to resources in an Access System based on the contents of POST data received in HTTP POST requests. The system of the present invention receives a POST request and matches a set of rules to a resource using POST data referenced by the HTTP request. In one embodiment, the matching is performed by accessing required matching data. A portion of the POST data is selected and compared with the required data. If all of the required data is matched to the POST data, then the resource is successfully matched. The present invention further authorizes a user to access resources in an Access System based on the contents of POST data. An authorization rule is retrieved and authorization is performed using the POST data. If the authorization is successful, the system grants the user access to the resource.
-
Citations
21 Claims
-
1. A method for matching a policy to a resource in an Access System, comprising:
-
receiving from a requestor a first HTTP POST request to access a first resource; loading a first policy domain from a plurality of policy domains based on said first resource wherein said first policy domain comprises a logical grouping of a first set of resources and a plurality of policies, each policy of the plurality of policies comprising a plurality of access rules including at least one first level rule defining a default access rule for resources of the first policy domain not associated with a policy and at least one second level rule defining an access rule for an associated resource of the first set of resources, wherein each access rule includes an authentication rule having an associated rating indicting a relative strength of the authentication rule; choosing a first policy from the plurality of policies in the first policy domain by matching said first policy to said first resource based on POST data referenced by said first HTTP POST request; authentication said first HTTP POST request based on said authentication rule of said first policy; in response to authenticating said first HTTP POST request, authorizing said first HTTP POST request based on said first policy; receiving from the requestor a second HTTP POST request to access a second resource; loading a second policy domain from the plurality of policy domains based on said second resource wherein said second policy domain comprises a logical grouping of a second set of resources and a plurality of policies, each policy of the plurality of policies comprising a plurality of access rules including at least one first level rule defining a default access rule for resources of the second policy domain not associated with apolicy and at least one second level rule defining an access rule for an associated resource of the second set of resources, wherein each access rule includes an authentication rule having an associated rating indicting a relative strength of the authentication rule; choosing a second policy from the plurality of policies in the second policy domain by matching said second policy to said second resource based on POST data referenced by said second HTTP POST request; in response to the associated rating of the authentication rule of the first policy being less than the associated rating of the authentication rule of the second policy, authenticating the second HTTP POST request based on said authentication rule of said second policy and authorizing said second HTTP POST request based on said second policy; and in response to the associated rating of the authentication rule of the first policy being equal to or greater than the associated rating of the authentication rule of the second policy, authorizing said second HTTP POST request based on said second policy without authenticating the second HTTP POST request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. One or more processor readable storage devices having processor readable code embodied on said processor readable storage devices, said processor readable code for programming one or more processors to perform a method for matching a policy to a resource in an Access System, the method comprising:
-
receiving from a requestor a first HTTP POST request to access a first resource; loading a first policy domain from a plurality of policy domains based on said first resource wherein said first policy domain comprises a logical grouping of a first set of resources and a plurality of policies, each policy of the plurality of policies comprising a plurality of access rules including at least one first level rule defining a default access rule for resources of the first policy domain not associated with a policy and at least one second level rule defining an access rule for an associated resource of the first set of resources, wherein each access rule includes an authentication rule having an associated rating indicting a relative strength of the authentication rule; choosing a first policy from the plurality of policies in the first policy domain by matching said first policy to said first resource based on POST data referenced by said first HTTP POST request; authentication said first HTTP POST request based on said authentication rule of said first policy; in response to authenticating said first HTTP POST request, authorizing said first HTTP POST request based on said first policy; receiving from the requestor a second HTTP POST request to access a second resource; loading a second policy domain from the plurality of policy domains based on said second resource wherein said second policy domain comprises a logical grouping of a second set of resources and a plurality of policies, each policy of the plurality of policies comprising a plurality of access rules including at least one first level rule defining a default access rule for resources of the second policy domain not associated with a policy and at least one second level rule defining an access rule for an associated resource of the second set of resources, wherein each access rule includes an authentication rule having an associated rating indicting a relative strength of the authentication rule; choosing a second policy from the plurality of policies in the second policy domain by matching said second policy to said second resource based on POST data referenced by said second HTTP POST request; in response to the associated rating of the authentication rule of the first policy being less than the associated rating of the authentication rule of the second policy, authenticating the second HTTP POST request based on said authentication rule of said second policy and authorizing said second HTTP POST request based on said second policy; and in response to the associated rating of the authentication rule of the first policy being equal to or greater than the associated rating of the authentication rule of the second policy, authorizing said second HTTP POST request based on said second policy without authenticating the second HTTP POST request. - View Dependent Claims (13, 14, 15, 16)
-
-
17. An apparatus, comprising:
-
a communication interface; one or more storage devices; and one or more processors in communication with said one or more storage devices and said conmmnication interface, said one or more processors programmed to perform a method for matching a policy to a resource in an Access System by; receiving from a requestor a first HTTP POST request to access a first resource; loading a first policy domain from a plurality of policy domains based on said first resource wherein said first policy domain comprises a logical grouping of a first set of resources and a plurality of policies, each policy of the plurality of policies comprising a plurality of access rules including at least one first level rule defining a default access rule for resources of the first policy domain not associated with a policy and at least one second level rule defining an access rule for an associated resource of the first set of resources, wherein each access rule includes an authentication rule having an associated rating indicting a relative strength of the authentication rule; choosing a first policy from the plurality of policies in the first policy domain by matching said first policy to said first resource based on POST data referenced by said first HTTP POST request; authentication said first HTTP POST request based on said authentication rule of said first policy; in response to authenticating said first HTTP POST request, authorizing said first HTTP POST request based on said first policy; receiving from the requestor a second HTTP POST request to access a second resource; loading a second policy domain from the plurality of policy domains based on said second resource wherein said second policy domain comprises a logical grouping of a second set of resources and a plurality of policies, each policy of the plurality of policies comprising a plurality of access rules including at least one first level rule defining a default access rule for resources of the second policy domain not associated with a policy and at least one second level rule defining an access rule for an associated resource of the second set of resources, wherein each access rule includes an authentication rule having an associated rating indicting a relative strength of the authentication rule; choosing a second policy from the plurality of policies in the second policy domain by matching said second policy to said second resource based on POST data referenced by said second HTTP POST request; in response to the associated rating of the authentication rule of the first policy being less than the associated rating of the authentication rule of the second policy, authenticating the second HTTP POST request based on said authentication rule of said second policy and authorizing said second HTTP POST request based on said second policy; and in response to the associated rating of the authentication rule of the first policy being equal to or greater than the associated rating of the authentication rule of the second policy, authorizing said second HTTP POST request based on said second policy without authenticating the second HTTP POST request. - View Dependent Claims (18, 19, 20, 21)
-
Specification