Systems and methods for testing whether access to a resource is authorized based on access information
First Claim
1. A method for testing access to a resource available on a network, comprising the steps of:
- receiving access information;
testing whether access to said resource is authorized based on said access information without granting authorization to said resource, said testing includes accessing an authorization rule for said resource and accessing an identity profile for a first user to determine whether at least a portion of said authorization rule is satisfied based on information in said identity profile, said authorization rule is not part of said identity profile; and
reporting whether access to said resource is authorized based on said step of testing.
5 Assignments
0 Petitions
Accused Products
Abstract
The Access Tester allows an administrator, or any other authorized user, to determine who or what entities have access to a resource, whether a particular individual or set of individuals have access to a resource under certain conditions and whether the authorization rules associated with a resource operate as intended. In one embodiment, an administrator uses a graphical user interface to enter access information. Exemplar access information includes one or more URLs identifying the resource(s), one or more request methods, one or more IP addresses, date and time restrictions, and an identification of one or more users. The Access Tester determines whether the identified users are authorized to access the resource(s) associated with the URL(s) using the request methods, during the date and time provided.
286 Citations
37 Claims
-
1. A method for testing access to a resource available on a network, comprising the steps of:
-
receiving access information; testing whether access to said resource is authorized based on said access information without granting authorization to said resource, said testing includes accessing an authorization rule for said resource and accessing an identity profile for a first user to determine whether at least a portion of said authorization rule is satisfied based on information in said identity profile, said authorization rule is not part of said identity profile; and reporting whether access to said resource is authorized based on said step of testing. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. One or more processor readable storage devices having processor readable code embodied on said processor readable storage devices, said processor readable code for programming one or more processors to perform a method, comprising the steps of:
-
receiving access information; and testing whether access to a resource is authorized based on said access information, said testing includes; identifying a policy domain to which said resource belongs, said policy domain includes a set of one or more policies, determining whether said resource is associated with a policy in said set of one or more policies, if said resource is not associated with a policy in said set, determining whether access to said resource is authorized using an authorization rule associated with said policy domain but not a policy in said set of one or more policies, and if said resource is associated with a policy in said set, determining whether access to said resource is authorized using an authorization rule associated with said policy with which said resource is associated. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. An apparatus comprising:
-
a communication interface; one or more storage devices; and one or more processors in communication with said one or more storage devices and said communication interface, said one or more processors programmed to perform a method comprising the steps of; receiving access information, and testing whether access to a resource secured by an access system is authorized based on said access information, said access system includes an access management system and an identity management system wherein testing includes identifying a policy domain; searching for a policy; determining authorization using a default rule for said policy domain if no policy is found; and determining authorization using a specific rule for said policy if said policy is found. - View Dependent Claims (32, 33, 34, 35, 36, 37)
-
Specification