Flexibly assigning security configurations to applications
First Claim
1. A computer implemented method for assigning a security configuration to an application, the computer implemented method comprising:
- determining, forming a first determination, whether a first identifier identifying the application is mapped to the security configuration, the application executing in a data processing system using a processor and a memory;
determining, forming a second determination, whether the application participates in a group by determining whether a second identifier identifying the group is mapped to the security configuration;
creating a set of maps, a map in the set of maps including a combination of (i) mapping of an application identifier to a first security configuration from a plurality of security configurations, (ii) mapping of a group identifier to a second security configuration in the plurality of security configurations, and (iii) default mapping to a third security configuration in the plurality of security configurations;
using a map from the plurality of maps in making the first and the second determinations, the security configuration being a member of the plurality of security configurations;
assigning, forming a first assignment, the security configuration to the application responsive to either of the first and the second determinations being true, data of the first assignment being recorded in a data storage associated with the data processing system; and
assigning, forming a second assignment, the security configuration to the application using a determination by a first policy responsive to the first and the second determinations being false, data of the second assignment being recorded in the data storage associated with the data processing system.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system, and computer usable program product for flexibly assigning security configurations to applications are provided in the illustrative embodiments. An embodiment determines, forming a first determination, whether a first identifier identifying the application is mapped to the security configuration. The embodiment determines, forming a second determination, whether the application participates in a group by determining whether a second identifier identifying the group is mapped to the security configuration. The embodiment assigns, forming a first assignment, the security configuration to the application if either of the first and the second determinations is true. The embodiment assigns, forming a second assignment, the security configuration to the application using a determination by a first policy if the first and the second determinations are false.
33 Citations
18 Claims
-
1. A computer implemented method for assigning a security configuration to an application, the computer implemented method comprising:
-
determining, forming a first determination, whether a first identifier identifying the application is mapped to the security configuration, the application executing in a data processing system using a processor and a memory; determining, forming a second determination, whether the application participates in a group by determining whether a second identifier identifying the group is mapped to the security configuration; creating a set of maps, a map in the set of maps including a combination of (i) mapping of an application identifier to a first security configuration from a plurality of security configurations, (ii) mapping of a group identifier to a second security configuration in the plurality of security configurations, and (iii) default mapping to a third security configuration in the plurality of security configurations; using a map from the plurality of maps in making the first and the second determinations, the security configuration being a member of the plurality of security configurations; assigning, forming a first assignment, the security configuration to the application responsive to either of the first and the second determinations being true, data of the first assignment being recorded in a data storage associated with the data processing system; and assigning, forming a second assignment, the security configuration to the application using a determination by a first policy responsive to the first and the second determinations being false, data of the second assignment being recorded in the data storage associated with the data processing system. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer usable program product comprising a computer usable storage device including computer usable code for assigning a security configuration to an application, the computer usable program product comprising:
-
computer usable code for determining, forming a first determination, whether a first identifier identifying the application is mapped to the security configuration, the application executing in a data processing system; computer usable code for creating a set of maps, a map in the set of maps including a combination of (i) mapping of an application identifier to a first security configuration from a plurality of security configurations, (ii) mapping of a group identifier to a second security configuration in the plurality of security configurations, and (iii) default mapping to a third security configuration in the plurality of security configurations; computer usable code for using a map from the plurality of maps in making the first and the second determinations, the security configuration being a member of the plurality of security configurations; computer usable code for assigning, forming a first assignment, the security configuration to the application when the first determination is true, data of the first assignment being recorded in a data storage associated with the data processing system; and computer usable code for assigning, forming a second assignment, the security configuration to the application using a determination by a first policy when the first determination is false, data of the second assignment being recorded in the data storage associated with the data processing system. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A data processing system for assigning a security configuration to an application, the data processing system comprising:
-
a storage device including a storage medium, wherein the storage device stores computer usable program code; and a processor, wherein the processor executes the computer usable program code, and wherein the computer usable program code comprises; computer usable code for determining, forming a first determination, whether a first identifier identifying the application is mapped to the security configuration, the application executing in a data processing system; computer usable code for determining, forming a second determination, whether the application participates in a group by determining whether a second identifier identifying the group is mapped to the security configuration; computer usable code for creating a set of maps, a map in the set of maps including a combination of (i) mapping of an application identifier to a first security configuration from a plurality of security configurations, (ii) mapping of a group identifier to a second security configuration in the plurality of security configurations, and (iii) default mapping to a third security configuration in the plurality of security configurations; computer usable code for using a map from the plurality of maps in making the first and the second determinations, the security configuration being a member of the plurality of security configurations; computer usable code for assigning, forming a first assignment, the security configuration to the application responsive to either of the first and the second determinations being true, data of the first assignment being recorded in a data storage associated with the data processing system; and computer usable code for assigning, forming a second assignment, the security configuration to the application using a determination by a first policy responsive to the first and the second determinations being false, data of the second assignment being recorded in the data storage associated with the data processing system.
-
Specification