Entitlement security and control
First Claim
Patent Images
1. A method comprising:
- receiving an entitlement request from a user via a client seeking an entitlement permission;
generating an entitlement profile corresponding to the user, the entitlement profile is based on the entitlement request;
generating an entitlement criteria based on entitlement rules, wherein the entitlement rules are placed at a metadata repository;
associating first metadata with the entitlement criteria to describe the entitlement criteria, and placing the entitlement criteria and the first metadata at the metadata repository;
associating second metadata with the entitlement profile to describe the entitlement profile, and placing the entitlement profile and the second metadata at the metadata repository;
retrieving the entitlement criteria, the first metadata, the entitlement profile, and the second metadata from the metadata repository;
matching the entitlement profile and the second metadata with the entitlement criteria and the first metadata to determine whether the entitlement request is satisfied;
granting the entitlement permission upon satisfaction of the entitlement rules by the entitlement request;
generating an audit trail of entitlement events by tracking the entitlement events relating to the granting of the entitlement permission, the audit trail having entitlement-related information, the entitlement-related information having information relating to one or more of first users requesting the entitlement permission, second users receiving the entitlement permission, and third users receiving the entitlement permission and not receiving an access permission, the first users including the user, wherein the tracking of the entitlement events includes tracking one or more of trusted data sources, reviewing entitlement requests, entitlement permission upon changes in one or more of the entitlement rules, entitlement regulations, and user characteristics; and
validating the granting of the entitlement permission by accessing the audit trail.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, apparatus, and method are provided for entitlement security and control. According to one embodiment, an entitlement request is received from a user seeking entitlement permission, the entitlement request is matched against entitlement rules and roles that are retrieved from a metadata repository, and the entitlement permission is granted if the entitlement request satisfies the entitlement rules and roles.
103 Citations
13 Claims
-
1. A method comprising:
-
receiving an entitlement request from a user via a client seeking an entitlement permission; generating an entitlement profile corresponding to the user, the entitlement profile is based on the entitlement request; generating an entitlement criteria based on entitlement rules, wherein the entitlement rules are placed at a metadata repository; associating first metadata with the entitlement criteria to describe the entitlement criteria, and placing the entitlement criteria and the first metadata at the metadata repository; associating second metadata with the entitlement profile to describe the entitlement profile, and placing the entitlement profile and the second metadata at the metadata repository; retrieving the entitlement criteria, the first metadata, the entitlement profile, and the second metadata from the metadata repository; matching the entitlement profile and the second metadata with the entitlement criteria and the first metadata to determine whether the entitlement request is satisfied; granting the entitlement permission upon satisfaction of the entitlement rules by the entitlement request; generating an audit trail of entitlement events by tracking the entitlement events relating to the granting of the entitlement permission, the audit trail having entitlement-related information, the entitlement-related information having information relating to one or more of first users requesting the entitlement permission, second users receiving the entitlement permission, and third users receiving the entitlement permission and not receiving an access permission, the first users including the user, wherein the tracking of the entitlement events includes tracking one or more of trusted data sources, reviewing entitlement requests, entitlement permission upon changes in one or more of the entitlement rules, entitlement regulations, and user characteristics; and validating the granting of the entitlement permission by accessing the audit trail. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system comprising:
-
a client to send an entitlement request to a server to seek an entitlement permission for a user; a server coupled to the client, the server having an entitlement unit including a metadata repository having entitlement rules, an entitlement processing unit coupled with the metadata repository, the entitlement processing unit to receive the entitlement request from a user seeking an entitlement permission, generate an entitlement profile corresponding to the user, the entitlement profile is based on the entitlement request, generate an entitlement criteria based on the entitlement rules, associate first metadata with the entitlement criteria to describe the entitlement criteria, and placing the entitlement criteria and the first metadata at a metadata repository; associate second metadata with the entitlement profile to describe the entitlement profile, and placing the entitlement profile and the second rnetadata at the metadata repository; retrieve the entitlement criteria, the first metadata, the entitlement profile, and the second metadata from the metadata repository; match the entitlement profile and the second metadata with the entitlement criteria and the first metadata to determine whether the entitlement request is satisfied, grant the entitlement permission upon satisfaction of the entitlement mles by the entitlement request, generate an audit trail of entitlement events by tracking the entitlement events relating to the granting of the entitlement permission, the audit trail having entitlement-related information, the entitlement-related information having information relating to one or more of first users requesting the entitlement permission, second users receiving the entitlement permission, and third users receiving the entitlement permission and not receiving an access permission, the first users including the user, wherein the tracking of the entitlement events includes tracking one or more of trusted data sources, reviewing entitlement requests, entitlement permission upon changes in one or more of the entitlement rules, entitlement regulations, and user characteristics, and validate the granting of the entitlement permission by accessing the audit trail; and an access control unit coupled with the entitlement unit. - View Dependent Claims (7, 8)
-
-
9. A tangible machine-readable storage medium having instructions which, when executed, cause a machine to:
-
receive an entitlement request from a user via a client seeking an entitlement permission; generate an entitlement profile corresponding to the user, the entitlement profile is based on the entitlement request; generate an entitlement criteria based on entitlement rules, wherein the entitlement rules are placed at a metadata repository; associate first metadata with the entitlement criteria to describe the entitlement criteria, and placing the entitlement criteria and the first metadata at the metadata repository; associate second metadata with the entitlement profile to describe the entitlement profile, and placing the entitlement profile and the second metadata at the metadata repository; retrieve the entitlement criteria, the first metadata, the entitlement profile, and the second metadata from the metadata repository; match the entitlement profile and the second metadata with the entitlement rules and the first metadata to determine whether the entitlement request is satisfied; grant the entitlement permission upon satisfaction of the entitlement rules by the entitlement request; generate an audit trail of entitlement events by tracking the entitlement events relating to the granting of the entitlement permission, the audit trail having entitlement-related information, the entitlement-related information having information relating to one or more of first users requesting the entitlement permission, second users receiving the entitlement permission, and third users receiving the entitlement permission and not receiving an access permission, the first users including the user, wherein the tracking of the entitlement events includes tracking one or more of trusted data sources, reviewing entitlement requests, entitlement permission upon changes in one or more of the entitlement rules, entitlement regulations, and user characteristics; and validate the granting of the entitlement permission by accessing the audit trail. - View Dependent Claims (10, 11, 12, 13)
-
Specification