Method and system for dynamically associating access rights with a resource
First Claim
1. A method for dynamically associating, by a server, access rights with a resource, the method comprising the steps of:
- (a) receiving, by a server, a request for a resource from a client;
(b) transmitting, by a policy engine executing on the server, a collection agent to the client in response to receiving the request;
(c) receiving, by the policy engine from the collection agent executing on the client, client information;
(d) applying, by a first component of the policy engine, policies to the client information to generate a dataset comprising a plurality of identifiers, each of the plurality of identifiers identifying a respective condition satisfied by the client information;
(e) transmitting, by the first component of the policy engine to a second component of the policy engine, the dataset comprising the plurality of identifiers;
(f) applying, by the second component of the policy engine, policies to the dataset to identify a plurality of levels of access rights associated with the resource;
(g) requesting, by the server from the second component of the policy engine, the plurality of levels of access rights to associate with the resource;
(h) signing, by the server, the resource with the plurality of levels of access rights via an extensible rights markup language;
(i) transmitting, by the server, the resource signed with the plurality of levels of access rights to the client;
(j) making, by an application program responsive to receiving from the server the signed resource, an access control decision using the plurality of levels of access rights, the application program executing on the client; and
(k) providing, by the application program, restricted access to the resource responsive to the access control decision.
8 Assignments
0 Petitions
Accused Products
Abstract
A method for dynamically associating, by a server, access rights with a resource includes the step of receiving, by the server, a request for a resource from a client. The server requests, from a policy engine, an identification of a plurality of access rights to associate with the resource, the plurality of access rights identified responsive to an application of a policy to the client. The server associates the resource with the plurality of access rights via a rights markup language. The server transmits the resource to the client with the identification of the associated plurality of access rights. An application program on the client makes an access control decision responsive to the associated plurality of access rights. The application program provides restricted access to the resource responsive to the access control decision.
-
Citations
35 Claims
-
1. A method for dynamically associating, by a server, access rights with a resource, the method comprising the steps of:
-
(a) receiving, by a server, a request for a resource from a client; (b) transmitting, by a policy engine executing on the server, a collection agent to the client in response to receiving the request; (c) receiving, by the policy engine from the collection agent executing on the client, client information; (d) applying, by a first component of the policy engine, policies to the client information to generate a dataset comprising a plurality of identifiers, each of the plurality of identifiers identifying a respective condition satisfied by the client information; (e) transmitting, by the first component of the policy engine to a second component of the policy engine, the dataset comprising the plurality of identifiers; (f) applying, by the second component of the policy engine, policies to the dataset to identify a plurality of levels of access rights associated with the resource; (g) requesting, by the server from the second component of the policy engine, the plurality of levels of access rights to associate with the resource; (h) signing, by the server, the resource with the plurality of levels of access rights via an extensible rights markup language; (i) transmitting, by the server, the resource signed with the plurality of levels of access rights to the client; (j) making, by an application program responsive to receiving from the server the signed resource, an access control decision using the plurality of levels of access rights, the application program executing on the client; and (k) providing, by the application program, restricted access to the resource responsive to the access control decision. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for dynamically associating access rights with a resource comprising:
-
a server receiving a request for access to a resource from a client; a policy engine executing on the server to; transmit a collection agent to the client in response to receiving the request, receive from the collection agent executing on the client, client information, a first component of the policy engine executing on the server to; apply policies to the client information to generate a dataset comprising a plurality of identifiers, each of the plurality of identifiers indentifying a respective condition satisfied by the client information, transmit the dataset comprising the plurality of identifiers to a second component of the policy engine, the second component of the policy engine executing on the server to; apply policies to the dataset to identify a plurality of levels of access rights associated with the resource, receive a request from the server for an identification of a plurality of levels of access rights to associate with the resource; wherein the server signs the resource with the plurality of levels of access rights via an extensible rights markup language, and transmits the resource signed with the associated plurality of levels of access rights to the client; and an application program executing on the client to; receive, from the server, a copy of the resource signed with the plurality of levels of access rights, make an access control decision in response to receiving from the server the resource signed with the plurality of levels of access rights using the plurality of levels of access rights, and provide restricted access to the resource responsive to the access control decision. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
Specification