Virtual distributed security system
First Claim
Patent Images
1. A method of defining a security arrangement between entities of a distributed computing system, the method including:
- identifying a portion of a first security policy written in a first security policy language;
identifying a portion of a second security policy written in a second security policy language;
one or more computer processors processing data in accordance with the portion of the first security policy and the portion of the second security policy; and
exchanging messages between the entities to negotiate on the identification of the portion of the first security policy and the portion of the second security policy.
1 Assignment
0 Petitions
Accused Products
Abstract
A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.
157 Citations
17 Claims
-
1. A method of defining a security arrangement between entities of a distributed computing system, the method including:
-
identifying a portion of a first security policy written in a first security policy language; identifying a portion of a second security policy written in a second security policy language; one or more computer processors processing data in accordance with the portion of the first security policy and the portion of the second security policy; and exchanging messages between the entities to negotiate on the identification of the portion of the first security policy and the portion of the second security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method of defining a security arrangement between entities of a distributed computing system, the method including:
-
identifying a portion of a first security policy written in a first security policy language; identifying a portion of a second security policy written in a second security policy language; one or more computer processors processing data in accordance with the portion of the first security policy and the portion of the second security policy; exchanging messages between the entities to negotiate on the identification of the portion of the first security policy and the portion of the second security policy; and wherein the first security policy includes a revocation service which monitors the use of credentials for revocation, wherein a credential is revoked upon exceeding a use limit according to the security policy, and wherein the use limit is one or more of a call limit and a frequency limit, the call limit being a maximum number of times a credential may be used and the frequency limit being a maximum number of times a credential may be used within a particular time period.
-
-
17. A computer program product for implementing a method of defining a security arrangement between entities of a distributed computing system, the computer program product comprising one or more hardware computer-readable storage devices having encoded thereon computer-executable instructions which, when executed upon one or more computer processors, perform the method including:
-
identifying a portion of a first security policy written in a first security policy language; identifying a portion of a second security policy written in a second security policy language; processing data in accordance with the portion of the first security policy and the portion of the second security policy; and exchanging messages between the entities to negotiate on the identification of the portion of the first security policy and the portion of the second security policy.
-
Specification