Invalid policy detection
First Claim
1. A method comprising:
- receiving a policy at a client from a host, the policy including a number of assertions for the client to comply with in order to access one or more resources via the host, wherein the policy is cached at the client, and wherein the client is configured to generate policy digests;
determining, at the client, that the client is complying with at least one assertion;
generating a policy digest at the client for the cached policy by reading each of the at least one assertions from the policy, assigning a respective bit value to each of the at least one assertions, and writing each respective bit value to a bit vector, the policy digest identifying the at least one assertion; and
sending a message from the client to the host to access a resource via the host, the message including the policy digest.
2 Assignments
0 Petitions
Accused Products
Abstract
Implementations are described and claimed herein to detect an invalid policy that may reside in a cache at a client. An expired policy is removed from cache and a current policy is requested. Otherwise the cached policy may be used. The client indicates which policy it is using by generating a policy digest, including, in compressed form, one or more assertions. If the host determines the policy digest is invalid, the host issues an invalid digest fault. If the policy digest is valid, but the assertions included in the policy digest are invalid, the host issues an invalid policy fault. In either case, the client is notified that the cached policy is no longer valid and that a current policy should be requested.
-
Citations
36 Claims
-
1. A method comprising:
-
receiving a policy at a client from a host, the policy including a number of assertions for the client to comply with in order to access one or more resources via the host, wherein the policy is cached at the client, and wherein the client is configured to generate policy digests; determining, at the client, that the client is complying with at least one assertion; generating a policy digest at the client for the cached policy by reading each of the at least one assertions from the policy, assigning a respective bit value to each of the at least one assertions, and writing each respective bit value to a bit vector, the policy digest identifying the at least one assertion; and sending a message from the client to the host to access a resource via the host, the message including the policy digest. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
sending a policy from a host to a client, the policy including a number of assertions for the client to comply with in order to access one or more resources via the host, and wherein the host is configured to implement a host messaging module; extracting a policy digest from a message received at the host from the client, the policy digest indicating that the client is complying with at least one assertion of the number of assertions of the policy in order to access the one or more resources via the host and the policy digest including a bit vector identifying the at least one assertion; returning, by the host, an invalid digest fault to the client when a length of the bit vector is not valid; and determining, by the host, whether the at least one assertion is valid when the length of the bit vector is valid. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A system comprising:
-
a processing unit; and a system memory accessible to the processing unit, the system memory including; a message processor to; receive a message from a client to access a resource; and extract a policy digest from the message, the policy digest indicating that the client is complying with one or more of a number of assertions of a policy in order to access one or more resources via the system and the policy digest including a bit vector identifying the one or more assertions; and a fault generator to; return an invalid digest fault to the client when a length of the bit vector is not valid; and determine whether the one or more assertions are valid when the length of the bit vector is valid. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A system comprising:
-
a processor; and a memory accessible to the processor, the memory including; a digest generator to; generate a policy digest based on one or more policies received at a client from a host, the one or more policies each specifying at least one assertion that the client must comply with in order to access a resource via the host; and place a bit vector in a header of a message to access a particular resource of the host, the bit vector including one bit for each assertion of a particular policy and including one bit for each assertion of an additional policy referenced by the particular policy. - View Dependent Claims (20, 21, 22, 23)
-
-
24. One or more computer-readable storage media encoding a computer program for executing on a computer system a computer process, the computer process comprising:
-
receiving a policy at a client from a host, the policy including a number of assertions for the client to comply with in order to access one or more resources via the host, and wherein the policy is cached at the client; determining, at the client, that the client is complying with at least one assertion; generating a policy digest at the client for the cached policy, the policy digest identifying the at least one assertion the client is complying with; sending a message from the client to the host, the message including a request to access a particular resource via the host and the message including the policy digest; receiving a fault at the client from the host, the fault indicating that the policy is invalid; removing the policy from a cache at the client in response to receiving the fault; and sending a request from the client to the host for a valid policy after removing the policy from the cache. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
-
-
32. One or more computer-readable storage media encoding a computer program for executing on a computer system a computer process, the computer process comprising:
-
extracting at a host a policy digest included in a message from a client, the policy digest indicating that the client is complying with an assertion required to access a resource via the host, the assertion is associated with a policy, and the policy digest includes a bit vector identifying the assertion; returning, by the host, an invalid digest fault to the client when a length of the bit vector is not valid; and determining, by the host, whether the assertion is valid when the length of the bit vector is valid. - View Dependent Claims (33, 34, 35, 36)
-
Specification