Flexible access control policy enforcement
First Claim
Patent Images
1. Logic encoded in one or more tangible non-transitory media for execution and when executed operable to:
- identify one or more parameters of a connection with a client;
determine one or more policies, and a prioritization order for the determined policies, based on the one or more parameters;
access an indirection table to create an entry for the client, wherein the entry indicates the prioritization order of the determined policies; and
create one or more entries in one or more policy data structures for the one or more determined policies.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for applying access-control policies. In particular implementations, a method includes determining one or more policies, and a prioritization order for the determined policies, based on the one or more parameters; accessing an indirection table to create an entry for the client, wherein the entry indicates the prioritization order of the determined policies; and creating one or more entries in one or more policy data structures for the one or more determined policies.
-
Citations
20 Claims
-
1. Logic encoded in one or more tangible non-transitory media for execution and when executed operable to:
-
identify one or more parameters of a connection with a client; determine one or more policies, and a prioritization order for the determined policies, based on the one or more parameters; access an indirection table to create an entry for the client, wherein the entry indicates the prioritization order of the determined policies; and create one or more entries in one or more policy data structures for the one or more determined policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
determining, by one or more computing devices, one or more policies, and a prioritization order for the determined policies, based on the one or more parameters; accessing, by the one or more computing devices, an indirection table to create an entry for the client, wherein the entry indicates the prioritization order of the determined policies; and creating, by the one or more computing devices, one or more entries in one or more policy data structures for the one or more determined policies. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. An apparatus comprising:
-
a network interface; and one or more packet processors comprising control plane logic operable to; identify one or more parameters of a connection with a client; determine one or more policies, and a prioritization order for the determined policies, based on the one or more parameters; access an indirection table to create an entry for the client, wherein the entry indicates the prioritization order of the determined policies; create one or more entries in one or more policy data structures for the one or more determined policies; wherein the one or more packet processors further comprise data plane logic operable to; access the indirection table against one or more attributes of a received frame to identify one or more policies for the frame; and apply the one or more policies based on the prioritization indicated in the indirection table. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification