Method and appliance for XML policy matching
First Claim
Patent Images
1. A method of enforcing application-layer policies to application layer formatted documents, each policy defining a rule and an action, comprising:
- distinctly storing simple policies and complex policies applicable to the application layer formatted documents in a simple policies data structure, wherein said simple policies data structure stores XPath queries that do not use wildcard “
*” and
descendent “
//”
expressions, and, respectively, a complex policies data structure, wherein said complex policies data structure stores XPath queries that use wildcard “
*” and
descendent “
//”
expressions;
parsing a document received as streaming application layer data in a hierarchical structure, for enabling evaluation of an object in the document, wherein the document is an Extensible Markup Language (XML) document and the object is a result of evaluation of an XPath expression;
simultaneously querying the simple and complex policies data structures to identify all policies corresponding to the object;
discontinuing the query for the object in the simple and complex policies data structures once all of the simple and complex policies that match the object are identified; and
executing the actions defined by the simple and complex policies corresponding to the object.
12 Assignments
0 Petitions
Accused Products
Abstract
An XML matching engine and method are provided, where policy rules expressed using XPath/XQuery policies are matched to streaming XML documents. Two distinct data structures are used: a combined modified DFA data structure for storing simple XPath queries (no wildcards or descendents) and a modified AFilter structure for storing complex queries (with wildcards or/and descendents). As the matching engine receives XML tags from XML parser, matching is performed in both structures in parallel.
5 Citations
20 Claims
-
1. A method of enforcing application-layer policies to application layer formatted documents, each policy defining a rule and an action, comprising:
-
distinctly storing simple policies and complex policies applicable to the application layer formatted documents in a simple policies data structure, wherein said simple policies data structure stores XPath queries that do not use wildcard “
*” and
descendent “
//”
expressions, and, respectively, a complex policies data structure, wherein said complex policies data structure stores XPath queries that use wildcard “
*” and
descendent “
//”
expressions;parsing a document received as streaming application layer data in a hierarchical structure, for enabling evaluation of an object in the document, wherein the document is an Extensible Markup Language (XML) document and the object is a result of evaluation of an XPath expression; simultaneously querying the simple and complex policies data structures to identify all policies corresponding to the object; discontinuing the query for the object in the simple and complex policies data structures once all of the simple and complex policies that match the object are identified; and executing the actions defined by the simple and complex policies corresponding to the object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for enforcing application-layer policies to documents, each policy defining a rule and an action, comprising:
-
a XML parser for parsing a XML document received as streaming XML data in a hierarchical structure to enable evaluation of an object in the XML document; a simple policies data structure for storing XPath queries that do not use wildcard “
*” and
descendent “
//”
expressions;a complex policies data structure for storing XPath queries that use wildcard “
*” and
descendent “
//”
expressions;means for simultaneously querying the simple and complex policies data structures to identify all policies corresponding to the object; and means for executing the actions defined by the policies corresponding to the object identified in the data structures. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification