Security authorization queries
First Claim
Patent Images
1. A system comprising:
- memory and a processor; and
a security scheme module, stored in the memory and executable on the processor, that includes an authorization query table and a syntactic validator that disallows an assertion having a negation element at a first level, wherein the authorization query table includes multiple fields with each field mapping a resource-specific operation to an associated authorization query, and wherein each authorization query is a logical English expression comprising a fact, a condition, and/or a logical operator.
2 Assignments
0 Petitions
Accused Products
Abstract
In an example implementation, a bifurcated security scheme has a first level that does not allow usage of negations and a second level that does permit usage of negations. In another example implementation, an authorization query table maps respective resource-specific operations to respective associated authorization queries. In yet another example implementation, authorization queries are permitted to have negations, but individual assertions are not.
111 Citations
18 Claims
-
1. A system comprising:
-
memory and a processor; and a security scheme module, stored in the memory and executable on the processor, that includes an authorization query table and a syntactic validator that disallows an assertion having a negation element at a first level, wherein the authorization query table includes multiple fields with each field mapping a resource-specific operation to an associated authorization query, and wherein each authorization query is a logical English expression comprising a fact, a condition, and/or a logical operator. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method with an authorization query table in a security scheme, the authorization query table stored in a memory, the method comprising:
-
providing a resource-specific operation for a resource stored in a memory to the authorization query table stored in the memory; disallowing, by a syntactic validator, an assertion having a negation element at a first level; ascertaining an authorization query that is associated with the resource-specific operation using the authorization query table stored in the memory, wherein each authorization query is a logical English expression comprising a fact, a condition, and/or a logical operator, the ascertained authorization query comprising an authorization query template having one or more predetermined empty slots; and converting, at the resource guard module, the authorization query template into the ascertained authorization query by replacing the one or more predetermined empty slots with the identified resource and a principal requesting the identified resource. - View Dependent Claims (11, 12)
-
-
13. One or more computer-readable storage media with computer-executable instructions that, when executed on a processor, configure the processor to perform acts comprising:
- implementing a bifurcated security scheme having a first level and a second level, wherein the first level includes a syntactic validator that disallows an assertion containing a negation and the second level permits usage of negations within an authorization query, and wherein each authorization query is a logical English expression comprising conditions, asserted facts, and/or logical operators.
- View Dependent Claims (14, 15, 16, 17, 18)
Specification