Plugin architecture for extending polices
First Claim
1. A computer readable medium having stored therein computer implementable instructions for executing a policy component, said policy component comprising:
- a first policy decision point for evaluating and enforcing pre-defined policies used to control access to a resource; and
a plurality of interfaces for extending the pre-defined policies to obtain customized policies for controlling access to the resource,wherein each of said customized policies comprises;
a rule that references the resource and comprises at least one action associated with the resource,a condition that comprises a constraint on the at least one action,a subject that defines a collection of users to whom each of the customized policies apply, anda referral that comprises an identification of a second policy decision point to which the evaluation of each of the customized policies is to be delegated, andwherein said policy component is operable to receive user defined customized policies and integrate said user defined customized policies into said second policy decision point,wherein the first policy decision point is different from the second policy decision point, andwherein the first policy decision point and the second policy decision point each comprise at least one selected from a group consisting of a policy product and an organization.
2 Assignments
0 Petitions
Accused Products
Abstract
An architecture for allowing extensibility to policies. The architecture has a policy component program that is able to evaluate and enforce polices. The architecture also has plugin modules for allowing a user to customize the polices. The policy component program is able to present interfaces to the user for customizing the polices. The policy component program is further able to integrate customized polices into a framework of the policy component program in response to user input that is based on the interfaces presented to the user. The presented interfaces may be for defining subjects in the policy program, defining conditions in the policy program, defining referrals in the policy program, defining resource names in the policy program, and defining how conflicts will be resolved in the policy program. The interfaces may be compliant with the JAVA programming language.
64 Citations
27 Claims
-
1. A computer readable medium having stored therein computer implementable instructions for executing a policy component, said policy component comprising:
-
a first policy decision point for evaluating and enforcing pre-defined policies used to control access to a resource; and a plurality of interfaces for extending the pre-defined policies to obtain customized policies for controlling access to the resource, wherein each of said customized policies comprises; a rule that references the resource and comprises at least one action associated with the resource, a condition that comprises a constraint on the at least one action, a subject that defines a collection of users to whom each of the customized policies apply, and a referral that comprises an identification of a second policy decision point to which the evaluation of each of the customized policies is to be delegated, and wherein said policy component is operable to receive user defined customized policies and integrate said user defined customized policies into said second policy decision point, wherein the first policy decision point is different from the second policy decision point, and wherein the first policy decision point and the second policy decision point each comprise at least one selected from a group consisting of a policy product and an organization. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An architecture for extending policies comprising:
a computer readable medium having stored thereon instructions for implementing; a first policy decision point for evaluating and enforcing pre-defined policies used to control access to a resource; and a plurality of plugin modules for allowing a user to extend the pre-defined policies to obtain customized policies for controlling access to the resource, wherein each of said customized policies comprise; a rule that references the resource and comprises at least one action associated with the resource, a condition that comprises a constraint on the at least one action, a subject that defines a collection of users to whom each of the customized policies apply, and a referral that comprises an identification of a second policy decision point to which the evaluation of each of the customized policies is to be delegated; and wherein said plurality of plugin modules is operable to present interfaces to said user for customizing said policies and is further operable to integrate customized policies into a framework of said second policy decision point in response to user input based on said interfaces, wherein the first policy decision point is different from the second policy decision point, and wherein the first policy decision point and the second policy decision point each comprise at least one selected from a group consisting of a policy product and an organization. - View Dependent Claims (9, 10, 11, 12, 13)
-
14. A computer implemented method for allowing policy customization, comprising:
-
providing an interface for defining customized policies in a policy program, in response to a request for said interface, wherein said customized policies are obtained by extending pre-defined policies that are used to control access to a resource and evaluated by a first policy decision point wherein said customized policies comprise; a rule that references the resource and comprises at least one action associated with the resource, a condition that comprises a constraint on the at least one action, a subject that defines a collection of users to whom each of the customized policies apply, and a referral that comprises an identification of a second policy decision point to which the evaluation of each of the customized policies is to be delegated; receiving a user supplied policy definition that is compliant with said interface; and integrating said user supplied policy definition into said policy program, wherein the first policy decision point is different from the second policy decision point, and wherein the first policy decision point and the second policy decision point each comprise at least one selected from a group consisting of a policy product and an organization. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. A computer readable medium having stored therein instructions which when executed on a processor implement a method of allowing policy extension, said method comprising the steps of:
-
instantiating a policy program for executing a plurality of pre-defined policies used to control access to a resource, wherein the plurality of pre-defined policies are evaluated by a first policy decision point; providing an interface for extending a first policy of said plurality of pre-defined policies; receiving an extension to said first policy, said extension based on said interface; and integrating said extension to said first policy into said policy program to obtain a first customized policy for controlling access to the resource, wherein the first customized policy comprises; a rule that references the resource and comprises at least one action associated with the resource, a condition that comprises a constraint on the at least one action, a subject that defines a collection of users to whom each of the customized policies apply, and a referral that comprises an identification of a second policy decision point to which the evaluation of each of the customized policies is to be delegated, wherein the first policy decision point is different from the second policy decision point and wherein the first policy decision point and the second policy decision point each comprise at least one selected from a group consisting of a policy product and an organization. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
Specification