Method and apparatus for software policy management

US 8,418,124 B2
Filed: 10/22/2007
Issued: 04/09/2013
Est. Priority Date: 10/20/2006
Status: Active Grant

First Claim

Patent Images

1. A method of software policy management, comprising:

defining a set of generic policies applicable to both a first policy-enabled software application and a second policy-enabled software application, the first and second policy-enabled software applications having different policies;

creating, independent of the defined policies and during development of the first policy-enabled software application, a first policy enforcement point in uncompelled software code for the first policy-enabled software application, the first policy enforcement point enabling policy management by providing a first information element as an output from a compiled version of the first policy-enabled software application;

creating, independent of the defined policies and during development of the second policy-enabled software application, a second policy enforcement point in uncompelled software code for a second policy-enabled software application, the second policy enforcement point enabling policy management by providing a second information element as an output from a compiled version of the second policy-enabled software application, the compiled version of the second policy-enabled software application having a different policy requirement than the first policy-enabled software application;

creating, based on the defined set of generic policies, first and second policy decision points as database fields in a policy manager external to the first and second policy-enabled software applications;

receiving, at run-time, the first and second information elements at the first and second policy decision points; and

performing policy decision making by configuring policy management at run-time for the first and second software applications having different policy requirements based on the set of generic policies and in response to the received first and second information elements.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for software policy management are provided. A compiled policy-enabled software application includes a policy enforcement point to export an information element to a policy manager. The policy manager includes a policy interpreter having a policy decision point to perform policy decision making based on the received information element from the policy enforcement point. Through a plurality of policy decision points, the policy manager can execute a wide range of policies for different compiled software applications. Policies can be modified centrally in the policy interpreter and changes can affect either one or more of the policy-enabled software applications. A policy manager browser can create and manage the policy decision making performed by the policy interpreter.

22 Citations

View as Search Results

18 Claims

1. A method of software policy management, comprising:
- defining a set of generic policies applicable to both a first policy-enabled software application and a second policy-enabled software application, the first and second policy-enabled software applications having different policies;
  
  creating, independent of the defined policies and during development of the first policy-enabled software application, a first policy enforcement point in uncompelled software code for the first policy-enabled software application, the first policy enforcement point enabling policy management by providing a first information element as an output from a compiled version of the first policy-enabled software application;
  
  creating, independent of the defined policies and during development of the second policy-enabled software application, a second policy enforcement point in uncompelled software code for a second policy-enabled software application, the second policy enforcement point enabling policy management by providing a second information element as an output from a compiled version of the second policy-enabled software application, the compiled version of the second policy-enabled software application having a different policy requirement than the first policy-enabled software application;
  
  creating, based on the defined set of generic policies, first and second policy decision points as database fields in a policy manager external to the first and second policy-enabled software applications;
  
  receiving, at run-time, the first and second information elements at the first and second policy decision points; and
  
  performing policy decision making by configuring policy management at run-time for the first and second software applications having different policy requirements based on the set of generic policies and in response to the received first and second information elements.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 wherein the step of performing policy decision making for the first and second software applications having different policy requirements comprises different decision making for the first and second software applications.
  - 3. The method of claim 1 wherein the first and second software applications have different policy types.
  - 4. The method of claim 1 further comprising receiving a policy decision at the first policy enforcement point and determining an action to be taken in the first policy-enabled software application in response to the received policy decision.
  - 5. The method of claim 1 further comprising generating and propagating a corporate policy decision by returning the corporate policy decision to the first and second compiled policy-enabled software applications.
  - 6. The method of claim 1 wherein the compiled version of the first policy-enabled software application is deployed in a plurality of instances, and the method further comprises generating and propagating an individual application policy decision by returning the individual application policy decision to each of the plurality of instances of the first policy-enabled software application.
  - 7. The method of claim 1 wherein the steps of creating the first and second policy enforcement points are performed before the step of defining the policies.
  - 8. The method of claim 7 wherein the policies are defined in relation to the data in the first information element and/or the second information element.
  - 9. The method of claim 1 wherein the first and second policy enforcement points are inserted at points at which potential dynamic behavior is required.
  - 10. The method of claim 1 wherein the first and second policy enforcement points provide data useful for an undetermined policy decision.
  - 11. The method of claim 1 wherein the first and second policy enforcement points provide data to be used in relation to a policy decision for an unforeseen user requirement.
  - 12. The method of claim 1 wherein the first and second policy enforcement points provide data to be used in relation to a policy decision for a user requirement additional to current user requirements.

13. A non-transitory computer-readable storage device storing statements and instructions for execution by a processor to perform a method of software policy management comprising:
- defining a set of generic policies applicable to both a first policy-enabled software application and a second policy-enabled software application, the first and second policy-enabled software applications having different policies;
  
  creating, independent of the defined policies and during development of the first policy-enabled software application, a first policy enforcement point in uncompelled software code for the first policy-enabled software application, the first policy enforcement point enabling policy management by providing a first information element as an output from a compiled version of the first policy-enabled software application;
  
  creating, independent of the defined policies and during development of the second policy-enabled software application, a second policy enforcement point in uncompelled software code for a second policy-enabled software application, the second policy enforcement point enabling policy management by providing a second information element as an output from a compiled version of the second policy-enabled software application, the compiled version of the second policy-enabled software application having a different policy requirement than the first policy-enabled software application;
  
  creating, based on the defined set of generic policies, first and second policy decision points as database fields in a policy manager external to the first and second policy-enabled software applications;
  
  receiving, at run-time, the first and second information elements at the first and second policy decision points; and
  
  performing policy decision making by configuring policy management at run-time for the first and second software applications having different policy requirements based on the set of generic policies and in response to the received first and second information elements.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory computer-readable storage device of claim 13 wherein the steps of creating the first and second policy enforcement points are performed before the step of defining the policies.
  - 15. The non-transitory computer-readable storage device of claim 13 wherein the first and second policy enforcement points are inserted at points at which potential dynamic behavior is required.
  - 16. The non-transitory computer-readable storage device of claim 13 wherein the first and second policy enforcement points provide data useful for an undetermined policy decision.
  - 17. The non-transitory computer-readable storage device of claim 13 wherein the first and second policy enforcement points provide data to be used in relation to a policy decision for an unforeseen user requirement.
  - 18. The non-transitory computer-readable storage device of claim 13 wherein the first and second policy enforcement points provide data to be used in relation to a policy decision for a user requirement additional to current user requirements.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Her Majesty The Queen In Right of Canada As Represented By The Minister of National Defence
Original Assignee
Her Majesty The Queen In Right of Canada As Represented By The Minister of National Defence
Inventors
Turner, Cameron, Bishay, Hany
Primary Examiner(s)
Kim, Matt
Assistant Examiner(s)
Lu, Hua

Application Number

US12/446,125
Publication Number

US 20100218167A1
Time in Patent Office

1,996 Days
Field of Search

717/101, 717/120
US Class Current

717/101
CPC Class Codes

G06F 21/629 to features or functions of...

Method and apparatus for software policy management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for software policy management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links