Method and apparatus for XSL/XML based authorization rules policy implementation
First Claim
1. A method in a data processing system for controlling access to a resource, the method comprising:
- receiving access decision information from a client in a format other than in an extensible markup language format, wherein the access decision information is usable for the controlling of the access to the resource;
formatting the access decision information into an access decision information document in the extensible markup language format;
evaluating the access decision information document in an extensible markup language format with an extensible markup language rule, wherein the evaluating step uses two different extensible markup language entities as input to its evaluation process, which are (i) the access decision information document in the extensible markup language format and (ii) the extensible markup language rule, wherein the extensible markup language rule is in a compiled rule object compiled by an extensible markup language processor and identifies the access decision information; and
generating an access decision based on the evaluation.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for implementing XSL/XML based authorization rules policy on a given set of data. An authorization rules engine is created which uses authorization rules defined in XSL to operate on access decision information (ADI) provided by the user. Inside the authorization rules engine, a boolean authorization rules mechanism is implemented to constrain the XSL processor to arrive at a boolean authorization decision. By applying the constrained authorization rules, the authorization rules engine evaluates available ADI data from an ADI XML input document. An output from a set of predetermined authorization decisions is provided to the user when the ADI input data is successfully evaluated. An error message is also provided to the user if required ADI data is unavailable for evaluation.
-
Citations
20 Claims
-
1. A method in a data processing system for controlling access to a resource, the method comprising:
-
receiving access decision information from a client in a format other than in an extensible markup language format, wherein the access decision information is usable for the controlling of the access to the resource; formatting the access decision information into an access decision information document in the extensible markup language format; evaluating the access decision information document in an extensible markup language format with an extensible markup language rule, wherein the evaluating step uses two different extensible markup language entities as input to its evaluation process, which are (i) the access decision information document in the extensible markup language format and (ii) the extensible markup language rule, wherein the extensible markup language rule is in a compiled rule object compiled by an extensible markup language processor and identifies the access decision information; and generating an access decision based on the evaluation. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An authorization system comprising:
-
a set of extensible markup language rule objects; and an extensible markup language processor, wherein the extensible markup language processor receives access decision information from a client in a format other than in an extensible markup language format, wherein the access decision information is usable for controlling access to a resource, formats the access decision information into an access decision information document in the extensible markup language format , evaluates the access decision information document in the extensible markup language format against a rule object in the set of extensible markup language rule objects, wherein the extensible markup language processor has two different extensible markup language entities as input, which are (i) the access decision information document in the extensible markup language format and (ii) the rule object in the set of extensible markup language rule objects, wherein the extensible markup language rule is in a compiled rule object compiled by an extensible markup language processor and identifies the access decision information, and generates a plain-text result of an access decision based on the evaluation.
-
-
9. A data processing system for controlling access to a resource, the data processing system comprising:
-
receiving means for receiving access decision information from a client in a format other than in an extensible markup language format, wherein the access decision information is usable for the controlling of the access to the resource; formatting means for formatting the access decision information into the access decision information document in the extensible markup language format; evaluating means for evaluating the access decision information document in an extensible markup language format with an extensible markup language rule, wherein the evaluation means has two different extensible markup language entities as input, which are (i) the access decision information document in the extensible markup language format and (ii) the extensible markup language rule, wherein the extensible markup language rule is in a compiled rule object compiled by an extensible markup language processor and identifies the access decision information; and generating means for generating an access decision based on the evaluation. - View Dependent Claims (10, 11, 12)
-
-
13. A computer program product in a computer readable storage medium for controlling access to a resource, the computer program product comprising:
-
first instructions for receiving access decision information from a client in a format other than in an extensible markup language format, wherein the access decision information is usable for the controlling of the access to the resource; second instructions for formatting the access decision information into the access decision information document in the extensible markup language format; third instructions for evaluating the access decision information document in an extensible markup language format with an extensible markup language rule, wherein the second instructions for evaluating uses two different extensible markup language entities as input, which are (i) the access decision information document in the extensible markup language format and (ii) the extensible markup language rule, wherein the extensible markup language rule is in a compiled rule object compiled by an extensible markup language processor and identifies the access decision information; and fourth instructions for generating an access decision based on the evaluation. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A data processing system comprising:
-
a bus system; a memory connected to the bus system, wherein the memory includes a set of instructions; and a processing unit connected to the bus system, wherein the processing unit executes the set of instructions to receive access decision information from a client in a format other than in an extensible markup language format, wherein the access decision information is usable for controlling access to a resource, format the access decision information into an access decision information document in the extensible markup language format;
evaluate the access decision information document in an extensible markup language format with an extensible markup language rule, wherein the processing unit uses two different extensible markup language entities as input, which are (i) the access decision information document in the extensible markup language format and (ii) the extensible markup language rule, wherein the extensible markup language rule is in a compiled rule object compiled by an extensible markup language processor and identifies the access decision information; and
generate an access decision based on the evaluation.
-
Specification