Query interface to policy server
First Claim
1. An apparatus for providing information in response to a query of a virtual database table, the apparatus comprising:
- a virtual database service comprising the virtual database table, wherein the virtual database table comprises one or more rows and each of the one or more rows comprises one or more fields;
an information source comprising the information to be provided in response to the query of the virtual database table, wherein the information source comprises an access evaluator configured to determine whether a user may have access to an information resource within the information source, the query comprising a field name and an indication of manner for selecting a row, the manner of selecting a row including information identifying the information resource within the information source and the user seeking access to the information resource, the information provided in response to the query including an indication of whether the identified user may access the information resource, the virtual database service configured to;
receive the query;
respond to the field name and the indication of the manner for selecting a row as required to obtain the information to be provided from the information source; and
provide the information as a value of the field indicated by the field name in the selected row, in response to the query; and
an additional information source configured for use as a user profile information source that provides additional information about the user through the use of profile information gathering that indicates to the user profile information source how to gather the profile information, the indication of the manner for selecting a row further including the profile information gathering information, wherein the information provided in response to the query is obtained at least in part from the profile information source, the provided information including the profile information.
29 Assignments
0 Petitions
Accused Products
Abstract
An exemplary scalable access filter that is used together with others like it in a virtual private network to control access by users at clients in the network to information resources provided by servers in the network is disclosed. Each access filter uses a local copy of an access control data base (3845) to determine whether an access request is made by a user. Each user belongs to one or more user groups and each information resource belongs to one or more information sets. Access is permitted or denied according to access policies, which define access in terms of the user groups and information sets. The first access filter in the path performs the access check, encrypts and authenticates the request; the other access filters in the path do not repeat the access check. The interface used by applications to determine whether a user has access to an entity is now an SQL query. The policy server (3811) assembles the information needed for the response to the query from various information sources, including source external to the policy server.
209 Citations
9 Claims
-
1. An apparatus for providing information in response to a query of a virtual database table, the apparatus comprising:
-
a virtual database service comprising the virtual database table, wherein the virtual database table comprises one or more rows and each of the one or more rows comprises one or more fields; an information source comprising the information to be provided in response to the query of the virtual database table, wherein the information source comprises an access evaluator configured to determine whether a user may have access to an information resource within the information source, the query comprising a field name and an indication of manner for selecting a row, the manner of selecting a row including information identifying the information resource within the information source and the user seeking access to the information resource, the information provided in response to the query including an indication of whether the identified user may access the information resource, the virtual database service configured to; receive the query; respond to the field name and the indication of the manner for selecting a row as required to obtain the information to be provided from the information source; and provide the information as a value of the field indicated by the field name in the selected row, in response to the query; and an additional information source configured for use as a user profile information source that provides additional information about the user through the use of profile information gathering that indicates to the user profile information source how to gather the profile information, the indication of the manner for selecting a row further including the profile information gathering information, wherein the information provided in response to the query is obtained at least in part from the profile information source, the provided information including the profile information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification
-
- Resources
-
Current AssigneeQuest Software, Inc.
-
Original AssigneeSonicWALL, Inc. (SonicWall Holdings Ltd.)
-
InventorsHannel, Clifford Lee, May, Anthony
-
Primary Examiner(s)LEROUX, ETIENNE PIERRE
-
Application NumberUS10/019,101Time in Patent Office3,352 DaysField of Search707/1, 707/3, 707/9, 707/10, 707/2, 707/200, 705/2, 705/28, 709/225, 709/228, 709/229, 709/202, 713/168, 713/201US Class Current1/1CPC Class CodesG06F 16/2445 Data retrieval commands; Vi...G06F 21/6227 where protection concerns t...G06F 2221/2113 Multi-level security, e.g. ...Y10S 707/99933 Query processing, i.e. sear...
