Method, system, and computer program product for network authorization
First Claim
1. A computer program product embodied on a non-transitory computer readable medium for facilitating communication, comprising:
- computer code for storing in at least one database data for a plurality of entities, wherein each of the plurality of entities contains data corresponding thereto for governing interaction with the entity utilizing an interoperability network, wherein the data includes at least one rule, and wherein the storing includes;
storing first data of a first one of the entities, the first one of the entities including a user and the first data particular to the user and used for authorization of the user, andstoring second data of a second one of the entities, the second data particular to the second one of the entities;
computer code for receiving from the user a posted message for being transmitted in the interoperability network to the second one of the entities, wherein a link token is included in a header of the posted message;
computer code for, in response to the receipt of the posted message, identifying from the database the first data of the user and the second data of the second one of the entities;
computer code for merging the identified first data of the user and the identified second data of the second one of the entities to produce a combined policy that is honored by both of the user and the second one of the entities, in response to receipt of the message from the user; and
computer code for governing access to the second one of the entities by the user using the combined policy by;
evaluating the combined policy at run-time with respect to the posted message, determining whether the posted message is associated with a policy violation, based on the evaluation of the combined policy;
conditionally allowing the access by the user to the second one of the entities, based on the determination, including;
rejecting the posted message when the determination is that the posted message is associated with the policy violation, andtransmitting the message when the determination is that the posted message is not associated with the policy violation.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus are described for facilitating communication among a plurality of entities via an interoperability network. Each entity has policy data corresponding thereto governing interaction with the entity via the interoperability network. A message is transmitted from a first one of the entities to a second one of the entities. The first entity has first policy data corresponding thereto and the second entity has second policy data corresponding thereto. The transmitted message was handled in the network according to combined policy data representing a combination of the first and second policy data.
85 Citations
23 Claims
-
1. A computer program product embodied on a non-transitory computer readable medium for facilitating communication, comprising:
-
computer code for storing in at least one database data for a plurality of entities, wherein each of the plurality of entities contains data corresponding thereto for governing interaction with the entity utilizing an interoperability network, wherein the data includes at least one rule, and wherein the storing includes; storing first data of a first one of the entities, the first one of the entities including a user and the first data particular to the user and used for authorization of the user, and storing second data of a second one of the entities, the second data particular to the second one of the entities; computer code for receiving from the user a posted message for being transmitted in the interoperability network to the second one of the entities, wherein a link token is included in a header of the posted message; computer code for, in response to the receipt of the posted message, identifying from the database the first data of the user and the second data of the second one of the entities; computer code for merging the identified first data of the user and the identified second data of the second one of the entities to produce a combined policy that is honored by both of the user and the second one of the entities, in response to receipt of the message from the user; and computer code for governing access to the second one of the entities by the user using the combined policy by; evaluating the combined policy at run-time with respect to the posted message, determining whether the posted message is associated with a policy violation, based on the evaluation of the combined policy; conditionally allowing the access by the user to the second one of the entities, based on the determination, including; rejecting the posted message when the determination is that the posted message is associated with the policy violation, and transmitting the message when the determination is that the posted message is not associated with the policy violation. - View Dependent Claims (2, 3, 4, 5, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
6. A system for facilitating communication, comprising:
-
a hardware-processor for; storing in at least one database data for a plurality of entities, wherein each of the plurality of entities contains data corresponding thereto for governing interaction with the entity utilizing an interoperability network, wherein the data includes at least one rule, and wherein the storing includes; storing first data of a first one of the entities, the first one of the entities including a user and the first data particular to the user and used for authorization of the user, and storing second data of a second one of the entities, the second data particular to the second one of the entities; receiving from the user a posted message for being transmitted in the interoperability network to the second one of the entities, wherein a link token is included in a header of the posted message; in response to the receipt of the posted message, identifying from the database the first data of the user and the second data of the second one of the entities; merging the identified first data of the user and the identified second data of the second one of the entities to produce a combined policy that is honored by both of the user and the second one of the entities, in response to receipt of the message from the user; and governing access to the second one of the entities by the user using the combined policy by; evaluating the combined policy at run-time with respect to the posted message, determining whether the posted message is associated with a policy violation, based on the evaluation of the combined policy; conditionally allowing the access by the user to the second one of the entities, based on the determination, including; rejecting the posted message when the determination is that the posted message is associated with the policy violation, and transmitting the message when the determination is that the posted message is not associated with the policy violation. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method for facilitating communication, comprising:
-
storing in at least one database data for a plurality of entities, wherein each of the plurality of entities contains data corresponding thereto for governing interaction with the entity utilizing an interoperability network, wherein the data includes at least one rule, and wherein the storing includes; storing first data of a first one of the entities, the first one of the entities including a user and the first data particular to the user and used for authorization of the user, and storing second data of a second one of the entities, the second data particular to the second one of the entities; receiving from the user a posted message for being transmitted in the interoperability network to the second one of the entities, wherein a link token is included in a header of the posted message; in response to the receipt of the posted message, identifying from the database the first data of the user and the second data of the second one of the entities; merging the identified first data of the user and the identified second data of the second one of the entities to produce a combined policy that is honored by both of the user and the second one of the entities, in response to receipt of the message from the user; and governing access to the second one of the entities by the user using the combined policy by; evaluating the combined policy at run-time with respect to the posted message, determining whether the posted message is associated with a policy violation, based on the evaluation of the combined policy; conditionally allowing the access by the user to the second one of the entities, based on the determination, including; rejecting the posted message when the determination is that the posted message is associated with the policy violation, and transmitting the message when the determination is that the posted message is not associated with the policy violation; wherein the above steps are performed by a computer processor. - View Dependent Claims (12, 13, 14, 15)
-
Specification