Policy management in an interoperability network
First Claim
Patent Images
1. An interoperability network, comprising:
- at least one database having policy data for entities stored therein;
at least one computing device for;
receiving a message in a network from a first entity for a response from a second entity, wherein the first entity is a user;
identifying, in the database, first policy data corresponding to the user, the first policy data being user-specific and imposing a first set of restrictions on the user to access the second entity, wherein the first set of restrictions includes a first requirement for the user to be authenticated to communicate with the second entity;
identifying, in the database, second policy data associated with the second entity, the second policy data including a second set of restrictions, wherein the second set of restrictions includes at least a second requirement separate from the first requirement for the user to be authorized to communicate with the second entity;
combining the first policy data with the second policy data by determining a union and logical combination of the first policy data and the second policy data to produce a combined policy data, wherein said combining of the first policy data with the second policy data is a logical combination, and wherein the first policy data is combined with the second policy data in response to the receipt of the message in the network;
evaluating the combined policy data to determine whether the combined policy data is violated, wherein the combined policy data is violated when a restriction from the first set of restrictions or the second set of restrictions is violated;
in response to a determination that the combined policy data is violated, rejecting the message; and
in response to a determination that the combined policy data is not violated, transmitting the message to the second entity.
5 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus are described for facilitating communication among a plurality of entities via an interoperability network. Each entity has policy data corresponding thereto governing interaction with the entity via the interoperability network. A message is transmitted from a first one of the entities to a second one of the entities. The first entity has first policy data corresponding thereto and the second entity has second policy data corresponding thereto. The transmitted message was handled in the network according to combined policy data representing a combination of the first and second policy data.
-
Citations
10 Claims
-
1. An interoperability network, comprising:
-
at least one database having policy data for entities stored therein; at least one computing device for; receiving a message in a network from a first entity for a response from a second entity, wherein the first entity is a user; identifying, in the database, first policy data corresponding to the user, the first policy data being user-specific and imposing a first set of restrictions on the user to access the second entity, wherein the first set of restrictions includes a first requirement for the user to be authenticated to communicate with the second entity; identifying, in the database, second policy data associated with the second entity, the second policy data including a second set of restrictions, wherein the second set of restrictions includes at least a second requirement separate from the first requirement for the user to be authorized to communicate with the second entity; combining the first policy data with the second policy data by determining a union and logical combination of the first policy data and the second policy data to produce a combined policy data, wherein said combining of the first policy data with the second policy data is a logical combination, and wherein the first policy data is combined with the second policy data in response to the receipt of the message in the network; evaluating the combined policy data to determine whether the combined policy data is violated, wherein the combined policy data is violated when a restriction from the first set of restrictions or the second set of restrictions is violated; in response to a determination that the combined policy data is violated, rejecting the message; and in response to a determination that the combined policy data is not violated, transmitting the message to the second entity. - View Dependent Claims (4)
-
-
2. A computer-implemented method, the method comprising:
-
storing policy data for entities; receiving a message in a network from a first entity for a response from a second entity, wherein the first entity is a user; identifying, in a database, first policy data corresponding to the user, the first policy data being user-specific and imposing a first set of restrictions on the user to access the second entity, wherein the first set of restrictions includes a first requirement for the user to be authenticated to communicate with the second entity; identifying, in the database, second policy data associated with the second entity, the second policy data including a second set of restrictions, wherein the second set of restrictions includes at least a second requirement separate from the first requirement for the user to be authorized to communicate with the second entity; utilizing at least one hardware processor, combining the first policy data with the second policy data by determining a union and logical combination of the first policy data and the second policy data to produce a combined policy data, wherein said combining of the first policy data with the second policy data is a logical combination, and wherein the first policy data is combined with the second policy data in response to the receipt of the message in the network; evaluating the combined policy data, utilizing the at least one hardware processor, to determine whether the combined policy data is violated, wherein the combined policy data is violated when a restriction from the first set of restrictions or the second set of restrictions is violated; in response to a determination that the combined policy data is violated, rejecting the message; and in response to a determination that the combined policy data is not violated, transmitting the message to the second entity. - View Dependent Claims (5, 6, 7, 8, 9, 10)
-
-
3. A computer-implemented method, the method comprising:
-
storing policy data for entities; receiving a message in a network from a first entity for a response from a second entity, wherein the first entity is a user; identifying, in a database, first policy data corresponding to the user, the first policy data being user-specific and imposing a first set of restrictions on the user to access the second entity, wherein the first set of restrictions includes a first requirement for the user to be authenticated to communicate with the second entity; identifying, in the database, second policy data associated with the second entity, the second policy data including a second set of restrictions, wherein the second set of restrictions includes at least a second requirement separate from the first requirement for the user to be authorized to communicate with the second entity; utilizing at least one hardware processor, combining the first policy data with the second policy data by determining a union and logical combination of the first policy data and the second policy data to produce a combined policy data, wherein said combining of the first policy data with the second policy data is a logical combination, and wherein the first policy data is combined with the second policy data in response to the receipt of the message in the network; evaluating the combined policy data, utilizing the at least one hardware processor, to determine whether the combined policy data is violated, wherein the combined policy data is violated when a restriction from the first set of restrictions or the second set of restrictions is violated; in response to a determination that the combined policy data is violated, rejecting the message; and in response to a determination that the combined policy data is not violated, transmitting the message to the second entity.
-
Specification