Method and apparatus for policy management in a network device
First Claim
1. A method for managing policies within a network intermediary device, comprising:
- opening a network connection between a client and the network intermediary device when said connection is permitted by a policy comprising a first rule set relating to network connections;
processing a transaction over the network connection according to at least one additional policy, said additional policy comprising a second rule set for processing data received at the intermediary device for the transaction, said second rule set being different from the first rule set, the transaction comprising a request received from a client over the network connection;
utilizing a policy ticket describing actions and properties to be taken during a communication, said actions and properties corresponding to a version of policy rules current at a beginning of the communication and updated thereafter, as the policy ticket is transported between a plurality of checkpoints defining a flow of the communication and according to determinations, at any of the plurality of checkpoints, of actions to be taken during the communication;
upon completion of the transaction, closing the network connection when an evaluation determines that the connection should be closed, and not closing the connection when an evaluation determines that the connection should not be closed; and
in the event the connection is not closed, reusing, subject to the at least one additional policy, the connection for further transactions with the client.
11 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for policy management in a network intermediary device. One embodiment of the invention, includes establishing a session between a client and an intermediary device on a network to enable processing of a communication between the client and the intermediary device. Then, the communication is processed by the intermediary device while maintaining a consistent version of policy throughout the communication. Finally, after the communication is complete, the intermediary terminates the communication. The intermediary device may maintain consistent policy by utilizing a policy ticket upon which transactional information is stored and that references the version of policy that was current when the communication first began. The policy ticket may be transported throughout the intermediary device according to a “checkpoint” scheme, and at each checkpoint, evaluating the policy rules, if necessary, to determine appropriate actions to be taken based on current client and network information as applied to the policy rules.
20 Citations
8 Claims
-
1. A method for managing policies within a network intermediary device, comprising:
-
opening a network connection between a client and the network intermediary device when said connection is permitted by a policy comprising a first rule set relating to network connections; processing a transaction over the network connection according to at least one additional policy, said additional policy comprising a second rule set for processing data received at the intermediary device for the transaction, said second rule set being different from the first rule set, the transaction comprising a request received from a client over the network connection; utilizing a policy ticket describing actions and properties to be taken during a communication, said actions and properties corresponding to a version of policy rules current at a beginning of the communication and updated thereafter, as the policy ticket is transported between a plurality of checkpoints defining a flow of the communication and according to determinations, at any of the plurality of checkpoints, of actions to be taken during the communication; upon completion of the transaction, closing the network connection when an evaluation determines that the connection should be closed, and not closing the connection when an evaluation determines that the connection should not be closed; and in the event the connection is not closed, reusing, subject to the at least one additional policy, the connection for further transactions with the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification