Plugin architecture for extending polices

US 7,296,235 B2
Filed: 10/10/2002
Issued: 11/13/2007
Est. Priority Date: 10/10/2002
Status: Active Grant

First Claim

Patent Images

1. A computer readable medium having stored therein computer implementable instructions for executing a policy component, said policy component comprising:

a first policy decision point for evaluating and enforcing pre-defined policies used to control access to a resource; and

a plurality of interfaces for extending the pre-defined policies to obtain customized policies for controlling access to the resource,wherein each of said customized policies comprises;

a rule that references the resource and comprises at least one action associated with the resource,a condition that comprises a constraint on the at least one action,a subject that defines a collection of users to whom each of the customized policies apply, anda referral that comprises an identification of a second policy decision point to which the evaluation of each of the customized policies is to be delegated, andwherein said policy component is operable to receive user defined customized policies and integrate said user defined customized policies into said second policy decision point,wherein the first policy decision point is different from the second policy decision point, andwherein the first policy decision point and the second policy decision point each comprise at least one selected from a group consisting of a policy product and an organization.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An architecture for allowing extensibility to policies. The architecture has a policy component program that is able to evaluate and enforce polices. The architecture also has plugin modules for allowing a user to customize the polices. The policy component program is able to present interfaces to the user for customizing the polices. The policy component program is further able to integrate customized polices into a framework of the policy component program in response to user input that is based on the interfaces presented to the user. The presented interfaces may be for defining subjects in the policy program, defining conditions in the policy program, defining referrals in the policy program, defining resource names in the policy program, and defining how conflicts will be resolved in the policy program. The interfaces may be compliant with the JAVA programming language.

64 Citations

View as Search Results

27 Claims

1. A computer readable medium having stored therein computer implementable instructions for executing a policy component, said policy component comprising:
- a first policy decision point for evaluating and enforcing pre-defined policies used to control access to a resource; and
  
  a plurality of interfaces for extending the pre-defined policies to obtain customized policies for controlling access to the resource,wherein each of said customized policies comprises;
  
  a rule that references the resource and comprises at least one action associated with the resource,a condition that comprises a constraint on the at least one action,a subject that defines a collection of users to whom each of the customized policies apply, anda referral that comprises an identification of a second policy decision point to which the evaluation of each of the customized policies is to be delegated, andwherein said policy component is operable to receive user defined customized policies and integrate said user defined customized policies into said second policy decision point,wherein the first policy decision point is different from the second policy decision point, andwherein the first policy decision point and the second policy decision point each comprise at least one selected from a group consisting of a policy product and an organization.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A computer readable medium as in claim 1, wherein said plurality of interfaces comprise an interface for defining the subject in said second policy decision point.
  - 3. A computer readable medium as in claim 1, wherein said plurality of interfaces comprise an interface for defining the condition in said second policy decision point.
  - 4. A computer readable medium as in claim 1, wherein said plurality of interfaces comprise an interface for defining the referral in said second policy decision point.
  - 5. A computer readable medium as in claim 1, wherein said plurality of interfaces comprise an interface for defining a structure for resolving conflicts in at least one of said first policy decision point and said second policy decision point.
  - 6. A computer readable medium as in claim 1, wherein said plurality of interfaces comprise an interface for defining resource names in at least one of said first policy decision point and said second policy decision point.
  - 7. A computer readable medium as in claim 1, wherein said plurality of interfaces are implemented in a substantially compliant version of the JAVA programming language.

8. An architecture for extending policies comprising:
- a computer readable medium having stored thereon instructions for implementing;
  
  a first policy decision point for evaluating and enforcing pre-defined policies used to control access to a resource; and
  
  a plurality of plugin modules for allowing a user to extend the pre-defined policies to obtain customized policies for controlling access to the resource, wherein each of said customized policies comprise;
  
  a rule that references the resource and comprises at least one action associated with the resource,a condition that comprises a constraint on the at least one action,a subject that defines a collection of users to whom each of the customized policies apply, anda referral that comprises an identification of a second policy decision point to which the evaluation of each of the customized policies is to be delegated; and
  
  wherein said plurality of plugin modules is operable to present interfaces to said user for customizing said policies and is further operable to integrate customized policies into a framework of said second policy decision point in response to user input based on said interfaces,wherein the first policy decision point is different from the second policy decision point, andwherein the first policy decision point and the second policy decision point each comprise at least one selected from a group consisting of a policy product and an organization.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. An architecture as in claim 8, wherein said plurality of plugin modules comprise a plugin for customizing subjects in at least one policy of said customized policies.
  - 10. An architecture as in claim 8, wherein said plurality of plugin modules comprise a plugin for customizing conditions in at least one policy of said customized policies.
  - 11. An architecture as in claim 8, wherein said plurality of plugin modules comprise a plugin for customizing referrals in at least one policy of said customized policies.
  - 12. An architecture as in claim 8, wherein said plurality of plugin modules comprise a plugin for customizing conflict resolution in at least one policy of said customized policies.
  - 13. An architecture as in claim 8, wherein said plurality of plugin modules comprise a plugin for customizing resource names in at least one policy of said customized policies.

14. A computer implemented method for allowing policy customization, comprising:
- providing an interface for defining customized policies in a policy program, in response to a request for said interface, wherein said customized policies are obtained by extending pre-defined policies that are used to control access to a resource and evaluated by a first policy decision point wherein said customized policies comprise;
  
  a rule that references the resource and comprises at least one action associated with the resource,a condition that comprises a constraint on the at least one action,a subject that defines a collection of users to whom each of the customized policies apply, anda referral that comprises an identification of a second policy decision point to which the evaluation of each of the customized policies is to be delegated;
  
  receiving a user supplied policy definition that is compliant with said interface; and
  
  integrating said user supplied policy definition into said policy program,wherein the first policy decision point is different from the second policy decision point, andwherein the first policy decision point and the second policy decision point each comprise at least one selected from a group consisting of a policy product and an organization.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. A computer implemented method as in claim 14, wherein said interface is for defining subjects in said policy program.
  - 16. A computer implemented method as in claim 14, wherein said interface is for defining conditions in said policy program.
  - 17. A computer implemented method as in claim 14, wherein said interface is for defining referrals in said policy program.
  - 18. A computer implemented method as in claim 14, wherein said interface is for defining a structure for resolving conflicts in said policy program.
  - 19. A computer implemented method as in claim 14, wherein said interface is for defining resource names in said policy program.
  - 20. A computer implemented method as in claim 14, wherein said interface is implemented in a substantially compliant version of the JAVA programming language.

21. A computer readable medium having stored therein instructions which when executed on a processor implement a method of allowing policy extension, said method comprising the steps of:
- instantiating a policy program for executing a plurality of pre-defined policies used to control access to a resource, wherein the plurality of pre-defined policies are evaluated by a first policy decision point;
  
  providing an interface for extending a first policy of said plurality of pre-defined policies;
  
  receiving an extension to said first policy, said extension based on said interface; and
  
  integrating said extension to said first policy into said policy program to obtain a first customized policy for controlling access to the resource, wherein the first customized policy comprises;
  
  a rule that references the resource and comprises at least one action associated with the resource,a condition that comprises a constraint on the at least one action,a subject that defines a collection of users to whom each of the customized policies apply, anda referral that comprises an identification of a second policy decision point to which the evaluation of each of the customized policies is to be delegated,wherein the first policy decision point is different from the second policy decision point andwherein the first policy decision point and the second policy decision point each comprise at least one selected from a group consisting of a policy product and an organization.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. A computer readable medium as in claim 21, wherein said providing an interface further comprises providing a selection to a user between a plurality of interfaces for extending policies of said plurality of pre-defined policies.
  - 23. A computer readable medium as in claim 22, wherein said providing an interface further comprises:
    - in response to a selection from said user, providing to said user a subject interface that is for defining subjects in said policy program.
  - 24. A computer readable medium as in claim 22, wherein said providing an interface further comprises:
    - in response to a selection from said user, providing to said user a condition interface that is for defining conditions in said policy program.
  - 25. A computer readable medium as in claim 22, wherein said providing an interface further comprises:
    - in response to a selection from said user, providing to said user a referral interface that is for defining referrals in said policy program.
  - 26. A computer readable medium as in claim 22, wherein said providing an interface further comprises:
    - in response to a selection from said user, providing to said user a conflict resolution interface that is for defining a structure for resolving conflicts in said policy program.
  - 27. A computer readable medium as in claim 22, wherein said providing an interface further comprises:
    - in response to a selection from said user, providing to said user a resource name interface that is for defining resource names in said policy program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Cui, Hua, Ranganathan, Aravindan, Luo, Ping, Bhat, Shivaram, Arumugam, Dilli Dorai Minnal
Primary Examiner(s)
Vu; Kieu D.

Application Number

US10/269,152
Publication Number

US 20040070604A1
Time in Patent Office

1,860 Days
Field of Search

715/744, 715/747, 715/764, 709/228, 709/229, 709/223
US Class Current

715/744
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06T 11/001 Texturing; Colouring; Gener...

Plugin architecture for extending polices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

64 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Plugin architecture for extending polices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links