×

Use of rules engine to build namespaces

  • US 8,312,459 B2
  • Filed: 12/12/2005
  • Issued: 11/13/2012
  • Est. Priority Date: 12/12/2005
  • Status: Active Grant
First Claim
Patent Images

1. A system for restricting access to resources comprising:

  • a computing device comprising a processor;

    a memory in communication with the processor when the system is operational, said memory having stored therein;

    computer-readable instructions that upon execution by the processor cause an operating system module to serve a system environment and an isolated environment within the system environment, the system environment associated with a set of resources represented by a plurality of nodes of a global hierarchy, the isolated environment associated with a view of the set of resources wherein the view comprises a hierarchical arrangement distinct from an arrangement of the global hierarchy such that the view may comprise nodes from the global hierarchy in a dependency relationship that is different from the dependency relationship of the global hierarchy, the hierarchical arrangement of the view comprising a node not found in the global hierarchy;

    upon execution by the processor, the operating system module causing the generation of the view by creating a constrained-space-specific hierarchy comprising a subset of the plurality of nodes of the global hierarchy, the subset representing resources accessible to the isolated environment; and

    computer-readable instructions that upon execution cause a rules engine to receive and evaluate a set of declarative rules that when applied change the access capabilities for the resources accessible to the isolated environment represented by the view creating the constrained-space-specific hierarchy, wherein the rules engine evaluates the set of rules during construction of the constrained-space-specific hierarchy and associates directives representing the set of rules with nodes in the constrained-space-specific hierarchy, and wherein the constrained-space-specific hierarchy generated by application of the set of rules during construction of the constrained-space-specific hierarchy restricts a set of resources available to at least one process executing in the isolated environment by evaluating the directives during processing and enabling or denying access to a node in the constrained-space-specific hierarchy.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×