×

Method and system for dynamically implementing an enterprise resource policy

  • US 7,779,247 B2
  • Filed: 01/09/2004
  • Issued: 08/17/2010
  • Est. Priority Date: 01/09/2003
  • Status: Active Grant
First Claim
Patent Images

1. A centralized system to process authenticated user requests to perform actions on resources, comprising:

  • a policy enforcement point operable to receive a user request to perform an action upon a resource, wherein user request is from a user with an authenticated identity;

    a server in communication with the policy enforcement point, wherein the server is operable to;

    receive the user request from the policy enforcement point;

    implement a plurality of connectors, wherein each of the plurality of connectors interfaces with one of a plurality of remote data sources, wherein each of the plurality of remote data sources comprises attribute values, and wherein at least one of the plurality of remote data sources is accessible by the server and not accessible by the policy enforcement point;

    retrieve a rule associated with the action, wherein there are a plurality of actions associated with the resource, wherein each action has at least one associated rule, and wherein each rule is evaluated based on a value of at least one of the attributes stored at the plurality of data sources;

    determine all attribute values required to evaluate the rule;

    group the required attributes by connector, wherein each connector corresponds to a remote data source having values for attributes grouped under that connector;

    for each connector;

    for each attribute grouped under the connector, determine whether an attribute value for the attribute is present at the server;

    for each attribute grouped under the connector and lacking an attribute value at the server, add the attribute to a connector request;

    request from the data source associated with the connector attribute values for each attribute included in the connector request, wherein the requesting is performed via the connector; and

    evaluate the user request in real time to determine whether the user is authorized to perform the action on the resource, wherein the evaluating comprises applying the rule considering the attribute value.

View all claims
  • 5 Assignments
Timeline View
Assignment View
    ×
    ×