Delayed policy evaluation
First Claim
Patent Images
1. A processor-implemented method for communicating between a rules engine implemented in a firewall and a plurality of criteria providers, the method comprising:
- (a) determining, via the processor, the plurality of criteria providers, wherein each criteria provider of the plurality is for resolving a respective criterion of a rule;
(b) providing a call from the rules engine to each criteria provider of the plurality of criteria providers for information indicative of a criterion evaluation of a received evaluation request by a respective criteria provider, wherein;
if the received evaluation request is adequate for completing the evaluation of the criterion by the respective criteria provider, providing the called for information from the respective criteria provider to the rules engine; and
if the received evaluation request is not adequate for completing the evaluation of the criterion by the respective criteria provider, marking the respective criterion as unresolved;
(c) repeating step (b) for each unresolved criterion, wherein if the received evaluation request by an unresolved criterion is adequate for completing the evaluation by the respective pending criteria provider, the called for information is provided to the rules engine and the unresolved criterion is no longer unresolved.
2 Assignments
0 Petitions
Accused Products
Abstract
The evaluation of a policy can be delayed until all rules criteria needed for evaluation are available. Also, new types of rules criteria can be registered without requiring changes to a rules engine. A policy manager allows rules to be evaluated and decisions made at different stages of the request handling. The policy manager facilitates interaction with the rules engine until all criteria are evaluated. The policy manager also allows modules developed by third parties to provide notification when criteria can be decided and thus complete evaluation.
18 Citations
14 Claims
-
1. A processor-implemented method for communicating between a rules engine implemented in a firewall and a plurality of criteria providers, the method comprising:
-
(a) determining, via the processor, the plurality of criteria providers, wherein each criteria provider of the plurality is for resolving a respective criterion of a rule; (b) providing a call from the rules engine to each criteria provider of the plurality of criteria providers for information indicative of a criterion evaluation of a received evaluation request by a respective criteria provider, wherein; if the received evaluation request is adequate for completing the evaluation of the criterion by the respective criteria provider, providing the called for information from the respective criteria provider to the rules engine; and if the received evaluation request is not adequate for completing the evaluation of the criterion by the respective criteria provider, marking the respective criterion as unresolved; (c) repeating step (b) for each unresolved criterion, wherein if the received evaluation request by an unresolved criterion is adequate for completing the evaluation by the respective pending criteria provider, the called for information is provided to the rules engine and the unresolved criterion is no longer unresolved. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system comprising:
-
a processor; a rules engine, implemented on the processor, that determines a plurality of criteria providers to enforce a policy, wherein each criterion of the plurality is associated with a respective criteria provider; and the plurality of criteria providers, each criteria provider; evaluating a respective criterion of a rule; determining if criteria received thereby is adequate for completing a respective evaluation; providing a notification indicative of the adequacy of the received criteria; and
making a decision in accordance with the respective evaluation; anda policy manger; providing a call from the rules engine to each criteria provider of the plurality for information indicative of an evaluation of criteria received thereby; if criteria received by a criteria provider is adequate for completing a respective evaluation, providing the called for information from the respective criteria provider to the rules engine; if the criteria received by a criteria provider is not adequate for completing the evaluation, marking the respective criterion as unresolved; and for each unresolved criterion, providing a call from the rules engine to each criteria provider of the plurality for information indicative of an evaluation of criteria received thereby wherein, if the received criteria is adequate for completing the evaluation by the respective criteria provider, the queried for information is provided to the rules engine and the unresolved criterion no longer unresolved. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A processor-implemented method for evaluating a criteria provider, the method comprising:
-
(a) determining, via the processor, a plurality of criteria providers, wherein each criteria provider of the plurality is for resolving a respective criterion of a rule; (b) querying each criteria provider of the plurality for information of a criterion evaluation of a received evaluation request by a respective criteria provider, wherein; if the received evaluation request is adequate for completing the evaluation of the criterion by the respective criteria provider, providing the queried for information; and if the received evaluation request is not adequate for completing the evaluation of the criterion by the respective criteria provider, marking the respective criterion as unresolved; and (c) repeating step (b) for each unresolved criterion, wherein if the received evaluation request by an unresolved criterion is adequate for completing the evaluation by the respective pending criteria provider, the called for information is provided to the rules engine and the unresolved criterion is no longer unresolved. - View Dependent Claims (13, 14)
-
Specification