Virtual distributed security system
First Claim
Patent Images
1. A method of defining a security arrangement between entities of a distributed computing system, the method including:
- identifying a portion of a first security policy written in a first security policy language;
identifying a portion of a second security policy written in a second security policy language;
one or more computer processors processing data in accordance with the portion of the first security policy and the portion of the second security policy; and
exchanging messages between the entities to negotiate on the identification of the portion of the first security policy and the portion of the second security policy.
1 Assignment
0 Petitions
Accused Products
Abstract
A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.
157 Citations
17 Claims
-
1. A method of defining a security arrangement between entities of a distributed computing system, the method including:
-
identifying a portion of a first security policy written in a first security policy language; identifying a portion of a second security policy written in a second security policy language; one or more computer processors processing data in accordance with the portion of the first security policy and the portion of the second security policy; and exchanging messages between the entities to negotiate on the identification of the portion of the first security policy and the portion of the second security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method of defining a security arrangement between entities of a distributed computing system, the method including:
-
identifying a portion of a first security policy written in a first security policy language; identifying a portion of a second security policy written in a second security policy language; one or more computer processors processing data in accordance with the portion of the first security policy and the portion of the second security policy; exchanging messages between the entities to negotiate on the identification of the portion of the first security policy and the portion of the second security policy; and wherein the first security policy includes a revocation service which monitors the use of credentials for revocation, wherein a credential is revoked upon exceeding a use limit according to the security policy, and wherein the use limit is one or more of a call limit and a frequency limit, the call limit being a maximum number of times a credential may be used and the frequency limit being a maximum number of times a credential may be used within a particular time period.
-
-
17. A computer program product for implementing a method of defining a security arrangement between entities of a distributed computing system, the computer program product comprising one or more hardware computer-readable storage devices having encoded thereon computer-executable instructions which, when executed upon one or more computer processors, perform the method including:
-
identifying a portion of a first security policy written in a first security policy language; identifying a portion of a second security policy written in a second security policy language; processing data in accordance with the portion of the first security policy and the portion of the second security policy; and exchanging messages between the entities to negotiate on the identification of the portion of the first security policy and the portion of the second security policy.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Corporation
-
InventorsDella-Libera, Giovanni M., Kaler, Christopher G., Konersmann, Scott A., Lampson, Butler W., Leach, Paul J., Lovering, Bradford H., Lucco, Steven E., Millet, Stephen J., Rashid, Richard F., Shewchuk, John P.
-
Primary Examiner(s)Colin, Carl
-
Assistant Examiner(s)Lavelle, Gary
-
Application NumberUS11/254,519Publication NumberTime in Patent Office2,567 DaysField of Search713/151, 726/1US Class Current726/1CPC Class CodesG06Q 20/3676 Balancing accountsH04L 63/08 for authentication of entit...H04L 63/10 for controlling access to d...H04L 63/168 above the transport layerH04L 63/20 for managing network securi...H04L 67/02 based on web technology, e....H04L 67/56 Provisioning of proxy servi...H04L 67/561 Adding application-function...H04L 67/565 Conversion or adaptation of...
