Dynamic access decision information module
First Claim
1. A method for dynamic access decision information retrieval, the method comprising:
- receiving a request for access decision information from an application, wherein the request identifies a plurality of entitlement information items for an entity and an identity of the entity, responsive to receiving the request starting a session for the entity in a dynamic information retrieval server data processing system;
determining, at the dynamic information retrieval server data processing system, a given entitlement information provider for each one of the plurality of entitlement information items to form a plurality of entitlement information providers, wherein the plurality of entitlement information providers are determined based on the plurality of entitlement information items identified in the request that is received;
retrieving, at the dynamic information retrieval server data processing system, a given entitlement information item from each one of the plurality of entitlement information providers, wherein retrieving the given entitlement information item from each one of the plurality of entitlement information providers includes generating a retrieval client for each one of the plurality of entitlement information providers to form a plurality of retrieval clients, wherein each one of the retrieval clients is generated by the session and retrieves entitlement information from a given one of the plurality of entitlement information providers that each one of the retrieval clients is associated with, wherein the retrieved entitlement information is returned to the session;
forming a response, wherein the response includes the one or more entitlement information items; and
returning the response to the application, wherein the application is an access manager that is operatively coupled to a web server that receives entity requests from the entity in order to make informed entity-specific entitlement decisions regarding a service requested by the entity, wherein each one of the retrieval clients generates a protocol module to form a plurality of protocol modules, and wherein each one of the protocol modules retrieves entitlement information from a given one of the entitlement information providers that each one of the protocol modules is associated with using a provider specific protocol that is compatible with the given one of the entitlement information providers.
1 Assignment
0 Petitions
Accused Products
Abstract
A dynamic information retrieval service is provided that can be configured to retrieve entitlement information from a plurality of providers. Any application that requires entitlement data may make a request for that information to the dynamic information retrieval service using a single standard interface. A request includes information describing the identity of the user and a list of names representing the entitlement data that are required. The dynamic information retrieval service determines the appropriate provider for the entitlement information, retrieves the entitlement data, and returns the requested entitlement data to the application. The dynamic information retrieval service may also cache the entitlement data. The dynamic information retrieval service may process requests requiring several distinct items of entitlement data to be retrieved in parallel. Therefore, applications may send a single request for entitlement data for a single user, but for several providers.
-
Citations
4 Claims
-
1. A method for dynamic access decision information retrieval, the method comprising:
-
receiving a request for access decision information from an application, wherein the request identifies a plurality of entitlement information items for an entity and an identity of the entity, responsive to receiving the request starting a session for the entity in a dynamic information retrieval server data processing system; determining, at the dynamic information retrieval server data processing system, a given entitlement information provider for each one of the plurality of entitlement information items to form a plurality of entitlement information providers, wherein the plurality of entitlement information providers are determined based on the plurality of entitlement information items identified in the request that is received; retrieving, at the dynamic information retrieval server data processing system, a given entitlement information item from each one of the plurality of entitlement information providers, wherein retrieving the given entitlement information item from each one of the plurality of entitlement information providers includes generating a retrieval client for each one of the plurality of entitlement information providers to form a plurality of retrieval clients, wherein each one of the retrieval clients is generated by the session and retrieves entitlement information from a given one of the plurality of entitlement information providers that each one of the retrieval clients is associated with, wherein the retrieved entitlement information is returned to the session; forming a response, wherein the response includes the one or more entitlement information items; and returning the response to the application, wherein the application is an access manager that is operatively coupled to a web server that receives entity requests from the entity in order to make informed entity-specific entitlement decisions regarding a service requested by the entity, wherein each one of the retrieval clients generates a protocol module to form a plurality of protocol modules, and wherein each one of the protocol modules retrieves entitlement information from a given one of the entitlement information providers that each one of the protocol modules is associated with using a provider specific protocol that is compatible with the given one of the entitlement information providers. - View Dependent Claims (2)
-
-
3. A dynamic access decision information apparatus for providing dynamic access decision information retrieval, the apparatus comprising:
-
receipt means for receiving a request for access decision information from an application, wherein the request identifies a plurality of entitlement information items for an entity and an identity of the entity, responsive to receiving the request, starting a session for the entity in a dynamic information retrieval server data processing system; determination means for determining, at the dynamic information retrieval server data processing system, a given entitlement information provider for each one of the plurality of entitlement information items to form a plurality of entitlement information providers, wherein the plurality of entitlement information providers are determined based on the plurality of entitlement information items identified in the request that is received; retrieval means for retrieving, at the dynamic information retrieval server data processing system, a given entitlement information item from each one of the plurality of entitlement information providers, wherein retrieving the given entitlement information item from each one of the plurality of entitlement information providers includes generating a retrieval client executable process within the dynamic access decision information apparatus for each one of the plurality of entitlement information providers to form a plurality of retrieval clients, wherein each one of the retrieval clients is generated by the session and retrieves entitlement information from a given one of the plurality of entitlement information providers that each one of the retrieval clients is associated with, wherein the retrieved entitlement information is returned to the session; forming means for forming a response, wherein the response includes the one or more entitlement information items; and returning means for returning the response to the application, wherein the application is an access manager that is operatively coupled to a web server that receives entity requests from the entity across a network, wherein the access manager includes a rules engine that is called by the access manager to evaluate rules based on credentials and entitlements of the entity in order to make informed entity-specific decisions regarding a service requested by the entity, wherein each one of the retrieval clients generates a protocol module to form a plurality of protocol modules, and wherein each one of the protocol modules retrieves entitlement information from a given one of the entitlement information providers that each one of the protocol modules is associated with using a provider specific protocol that is compatible with the given one of the entitlement information providers.
-
-
4. A computer recordable medium having a computer program product tangibly embodied therein, wherein the computer program product is operable in a data processing system for providing dynamic access decision information retrieval, the computer program product comprising:
-
instructions for receiving a request for access decision information from an application, wherein the request identifies a plurality of entitlement information items for an entity and an identity of the entity, responsive to receiving the request starting a session for the entity in a dynamic information retrieval server data processing system; instructions for determining, at the dynamic information retrieval server data processing system, a given entitlement information provider for each one of the plurality of entitlement information items to form a plurality of entitlement information providers, wherein the plurality of entitlement information providers are determined based on the plurality of entitlement information items identified in the request that is received; instructions for retrieving, at the dynamic information retrieval server data processing system, a given entitlement information item from each one of the plurality of entitlement information providers, wherein the instructions for retrieving the given entitlement information item from each one of the plurality of entitlement information providers includes instructions for generating a retrieval client executable process within the data processing for each one of the plurality of entitlement information providers to form a plurality of retrieval clients, wherein each one of the retrieval clients is generated by the session and retrieves entitlement information from a given one of the plurality of entitlement information providers that each one of the retrieval clients is associated with, wherein the retrieved entitlement information is returned to the session; instructions for forming a response, wherein the response includes the one or more entitlement information items; and instructions for returning the response to the application, wherein the application is an access manager that is operatively coupled to a web server that receives entity requests from the entity across a network, wherein the access manager includes a rules engine that is called by the access manager to evaluate rules based on credentials and entitlements of the entity in order to make informed entity-specific decisions regarding a service requested by the entity, wherein each one of the retrieval clients generates a protocol module to form a plurality of protocol modules, and wherein each one of the protocol modules retrieves entitlement information from a given one of the entitlement information providers that each one of the protocol modules is associated with using a provider specific protocol that is compatible with the given one of the entitlement information providers.
-
Specification