Access authorization having embedded policies
First Claim
Patent Images
1. A computer implemented method for auditing a denial of a request to access a resource, the method comprising:
- receiving the request to access the resource from an identified principal computer application, wherein receiving the request comprises receiving an authorization query;
identifying a policy applicable to the identified principal computer application, the policy referencing at least one rule or privilege that authorizes access to the resource;
performing an access control check based on the identified principal computer application and the identified policy; and
upon determining that access is denied for the identified principal computer application according to the access check;
triggering a first event based upon determining that the access is denied for the identified principal computer application according to the access check;
auditing the denial of the request by making an entry in an audit log; and
triggering a second event based upon the auditing of the denial of the request.
1 Assignment
0 Petitions
Accused Products
Abstract
A facility for receiving an embedded policy is provided. The facility checks an application program image for the presence of an embedded policy. If an embedded policy is detected, the facility extracts the policy from within the application program image. The facility may then apply the extracted policy to the application program image before the application program image is loaded and/or executed. Moreover, the facility may check the application program image'"'"'s integrity prior to extracting the embedded policy.
56 Citations
20 Claims
-
1. A computer implemented method for auditing a denial of a request to access a resource, the method comprising:
-
receiving the request to access the resource from an identified principal computer application, wherein receiving the request comprises receiving an authorization query; identifying a policy applicable to the identified principal computer application, the policy referencing at least one rule or privilege that authorizes access to the resource; performing an access control check based on the identified principal computer application and the identified policy; and upon determining that access is denied for the identified principal computer application according to the access check; triggering a first event based upon determining that the access is denied for the identified principal computer application according to the access check; auditing the denial of the request by making an entry in an audit log; and
triggering a second event based upon the auditing of the denial of the request. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer implemented method for auditing an inherently dangerous operation, the method comprising:
-
receiving a request to access a website from an identified principal computer application; identifying a policy applicable to the identified principal computer application, the policy referencing at least one rule or privilege that authorizes access to the website; performing an access control check based on the identified principal computer application and the identified policy; and upon determining that access is an authorized action for the identified principal computer application according to the access check; determining that the authorized action is an inherently dangerous operation; triggering a first event based upon determining the authorized action is an inherently dangerous operation; auditing the authorized action for the inherently dangerous operation by making an entry in an inherently dangerous operation audit log; and triggering a second event based upon the auditing of the authorized action for the inherently dangerous operation. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A system for auditing a denied request to access a resource, the system comprising:
-
a processor; and a memory communicatively coupled to the processor, the memory having computer-executable instructions that when executed by the processor, provide a method comprising; receiving a request to access the resource from a principal; identifying a policy applicable to the principal; performing an access control check based on the principal and the identified policy; determining that access is denied for the principal according to the access check; triggering a first event based upon determining that the access is denied for the principal according to the access check; auditing the denied request by making an entry in an audit log; and triggering a second event based on the auditing of the denied request. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification