Policy-based method for configuring an access control service
First Claim
1. A method for processing an access control list configuration request by a first control service using a first control specification language, and a second control service using a second control specification language, the method comprising steps of:
- receiving the access control list configuration request from a configuration request handler;
providing the request to a first stand-alone control service using a high level programming language;
providing the request to a second stand-alone control service using a low level programming language;
receiving a decision on the request from each of the first and second control services; and
comparing the decisions to determine if they differ, wherein differing decisions indicate a need to modify the configuration of said access control list using said first control service.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for processing a request by a first control service using a first control specification language, and a second control service using a second control specification language includes steps of: receiving the request from a requestor; providing the request to the first and second control services; receiving a decision on the request from each of the first and second control services; and comparing the decisions. The first control specification language is an access control policy.
34 Citations
35 Claims
-
1. A method for processing an access control list configuration request by a first control service using a first control specification language, and a second control service using a second control specification language, the method comprising steps of:
-
receiving the access control list configuration request from a configuration request handler; providing the request to a first stand-alone control service using a high level programming language; providing the request to a second stand-alone control service using a low level programming language; receiving a decision on the request from each of the first and second control services; and comparing the decisions to determine if they differ, wherein differing decisions indicate a need to modify the configuration of said access control list using said first control service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A system configured for processing an access control list configuration request by a first control service using a first control specification language, and a second control service using a second control specification language, the system comprising:
-
data storage configured for storing the first and second control specification languages; a database configured for creation, deletion, and modification of persistent data; memory comprising logic; and a processor operatively connected to said memory and configured to; receive the access control list configuration request from a configuration request handler; provide the request to a first stand-alone control service using high level programming language; provide the request to a second stand-alone control service using low level programming language; receive a decision on the request from each of the first and second control services; and compare the decisions to determine if they differ. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
-
28. A computer program product tangibly embodied on a non-transitory computer readable medium and comprising instructions that, when executed, enables a processor to:
-
process a request by a first control service using a first control specification language, and a second control service using a second control specification language, the enable element comprising steps of; receiving the access control list configuration request from a configuration request handler; providing the request to a first stand-alone control service using a high level programming language; providing the request to a second stand-alone control service using a low level programming language; receiving a decision on the request from each of the first and second control services; and comparing the decisions to determine if they differ. - View Dependent Claims (29, 30, 31, 32, 33, 34)
-
-
35. A system for obtaining services for processing an access control list configuration request by a first control service using a first control specification language, and a second control service using a second control specification language, the system comprising:
receiving the access control list configuration request from a configuration request handler;
providing the access request to a first stand-alone control service using a high-level programming language ;
providing the access request to a second stand-alone control service using a low-level programming language;
receiving a decision on the access request from each of the first control services;
comparing the decisions to determine if they differ, wherein differing decisions indicate a need to modify the configuration of said access control list using said first control service; and
providing notification of the comparison to the requestor.
Specification