Enforcing data sharing policy through shared data management
First Claim
Patent Images
1. A method of managing shared data for one or more applications hosted on one or more Software-as-a-Service platforms, comprising:
- receiving one or more data policy specifications from a policy specification engine;
extracting data access rights from the one or more data policies based on a user role, data purpose, an object set and a constraint identification;
extracting a data domain from the one or more data policies based on the data purpose and the object set;
associating the data access rights and the data domain with data attributes of the shared data;
automatically responding to application-based offers and requests for the shared data within a Software-as-a-Service platform based on the data access rights;
identifying based on the data domain, one or more applications as an authoritative source for attribute-level data sharing within a Software-as-a-Service platform;
enforcing data sharing constraints between multiple Software-as-a-Service platforms based on the data rights and the data domain;
appending policy details, the policy details including the data domain and the data access rights associated with the data attributes of the shared data, to a shared data packet;
propagating the shared data packet to one or more applicable applications within a single Software-as-a-Service platform; and
propagating the shared data packet to one or more applicable external Software-as-a-Service platforms.
2 Assignments
0 Petitions
Accused Products
Abstract
Enforcing data sharing policy through shared data management, in one aspect, may include extracting data access rights from the one or more data policies based on a user role, data purpose, an object set and a constraint identification; extracting a data domain from the one or more data policies based on the data purpose and the object set; associating the data access rights and the data domain with data attributes of the shared data; automatically responding to application-based offers and requests for the shared data within a Software-as-a-Service platform based on the data access rights.
-
Citations
24 Claims
-
1. A method of managing shared data for one or more applications hosted on one or more Software-as-a-Service platforms, comprising:
-
receiving one or more data policy specifications from a policy specification engine; extracting data access rights from the one or more data policies based on a user role, data purpose, an object set and a constraint identification; extracting a data domain from the one or more data policies based on the data purpose and the object set; associating the data access rights and the data domain with data attributes of the shared data; automatically responding to application-based offers and requests for the shared data within a Software-as-a-Service platform based on the data access rights; identifying based on the data domain, one or more applications as an authoritative source for attribute-level data sharing within a Software-as-a-Service platform; enforcing data sharing constraints between multiple Software-as-a-Service platforms based on the data rights and the data domain; appending policy details, the policy details including the data domain and the data access rights associated with the data attributes of the shared data, to a shared data packet; propagating the shared data packet to one or more applicable applications within a single Software-as-a-Service platform; and propagating the shared data packet to one or more applicable external Software-as-a-Service platforms. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for managing shared data for one or more applications hosted on one or more Software-as-a-Service platforms, comprising:
-
a processor; a shared data management module operable to execute on the processor, and further operable to receive one or more data policy specifications from a policy specification engine, the shared data management module further operable to extract data access rights from the one or more data policies based on a user role, data purpose, an object set and a constraint identification, the shared data management module further operable to extract a data domain from the one or more data policies based on the data purpose and the object set, the shared data management module further operable to associate the data access rights and the data domain with data attributes of the shared data, the shared data management module further operable to automatically respond to application-based offers and requests for the shared data within a Software-as-a-Service platform based on the data access rights, the shared data management module further operable to identify based on the data domain, one or more applications as an authoritative source for attribute-level data sharing within a Software-as-a-Service platform, the shared data management module further operable to enforce data sharing constraints between multiple Software-as-a-Service platforms based on the data rights and the data domain, the shared data management module further operable to append policy details, the policy details including the data domain and the data access rights associated with the data attributes of the shared data, to a shared data packet, the shared data management module further operable to propagate the shared data packet to one or more applicable applications within a single Software-as-a-Service platform, and propagate the shared data packet to one or more applicable external Software-as-a-Service platforms. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer readable storage medium, excluding a signal per se storing a program of instructions executable by a machine to perform a method of managing shared data for one or more applications hosted on one or more Software-as-a-Service platforms, comprising:
-
receiving one or more data policy specifications from a policy specification engine; extracting data access rights from the one or more data policies based on a user role, data purpose, an object set and a constraint identification; extracting a data domain from the one or more data policies based on the data purpose and the object set; associating the data access rights and the data domain with data attributes of the shared data; automatically responding to application-based offers and requests for the shared data within a Software-as-a-Service platform based on the data access rights; identifying based on the data domain, one or more applications as an authoritative source for attribute-level data sharing within a Software-as-a-Service platform; enforcing data sharing constraints between multiple Software-as-a-Service platforms based on the data rights and the data domain; appending policy details, the policy details including the data domain and the data access rights associated with the data attributes of the shared data, to a shared data packet; propagating the shared data packet to one or more applicable applications within a single Software-as-a-Service platform; and propagating the shared data packet to one or more applicable external Software-as-a-Service platforms. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification