Method and apparatus for providing distributed policy management
First Claim
1. A method comprising:
- facilitating, by a processor, a creation and/or a modification of at least one device user interface element, at least one device user interface functionality, or a combination thereof, of a user device based, at least in part, on information, data, and/or a signal resulting from;
a local and/or remote determination of one or more domains of an information system, the one or more domains associated at least in part with respective subsets of one or more resources of the information system; and
in response to an input at the user device by a user other than administrators of the information system, a local and/or remote generation of one or more respective access policies local to the one or more domains, the one or more respective access policies configured to enable a determination, at least in part, of access to the respective subsets, the one or more resources, or a combination thereof,wherein the one or more respective access policies are generated locally and independently from one or more other access policies applicable to the one or more domains, and the one or more respective access policies are configured to operate independently of the one or more other access policies,wherein the one or more respective access policies, the one or more domains, or a combination thereof represent at least in part successive layers of access control with respect to the respective subsets, the one or more resources, or a combination thereof, andwherein the one or more respective access policies are different from the one or more other access policies for accessing the subset, while implemented via a different mechanism.
2 Assignments
0 Petitions
Accused Products
Abstract
An approach is provided for distributed policy management and enforcement. A policy manager determines one or more domains of an information system. The one or more domains are associated at least in part with respective subsets of one or more resources of the information system. The policy manager also determines one or more respective access policies local to the one or more domains. The one or more respective access policies configured to enable a determination at least in part of access to the respective subsets, the one or more resources, or a combination thereof. At least one of the one or more respective access policies is configured to operate independently of other ones of the one or more respective schemas.
-
Citations
20 Claims
-
1. A method comprising:
-
facilitating, by a processor, a creation and/or a modification of at least one device user interface element, at least one device user interface functionality, or a combination thereof, of a user device based, at least in part, on information, data, and/or a signal resulting from; a local and/or remote determination of one or more domains of an information system, the one or more domains associated at least in part with respective subsets of one or more resources of the information system; and in response to an input at the user device by a user other than administrators of the information system, a local and/or remote generation of one or more respective access policies local to the one or more domains, the one or more respective access policies configured to enable a determination, at least in part, of access to the respective subsets, the one or more resources, or a combination thereof, wherein the one or more respective access policies are generated locally and independently from one or more other access policies applicable to the one or more domains, and the one or more respective access policies are configured to operate independently of the one or more other access policies, wherein the one or more respective access policies, the one or more domains, or a combination thereof represent at least in part successive layers of access control with respect to the respective subsets, the one or more resources, or a combination thereof, and wherein the one or more respective access policies are different from the one or more other access policies for accessing the subset, while implemented via a different mechanism. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 17, 18, 19, 20)
-
-
11. A method comprising facilitating access to at least one interface, the interface allowing access to at least one service, the service configured to perform the method of:
-
determining, by a processor, one or more domains of an information system, the one or more domains associated at least in part with respective subsets of one or more resources of the information system; and in response to an input at a user device by a user other than administrators of the information system, generating by the processor one or more respective access policies local to the one or more domains, the one or more respective access policies configured to enable a determination at least in part of access to the respective subsets, the one or more resources, or a combination thereof, wherein the one or more respective access policies are generated locally and independently from one or more other access policies applicable to the one or more domains, and the one or more respective access policies are configured to operate independently of the one or more other access policies, wherein the one or more respective access policies, the one or more domains, or a combination thereof represent at least in part successive layers of access control with respect to the respective subsets, the one or more resources, or a combination thereof, and wherein the one or more respective access policies are different from the one or more other access policies for accessing the subset, while implemented via a different mechanism. - View Dependent Claims (12, 13)
-
-
14. A method comprising:
-
determining, by a processor, one or more domains of an information system, the one or more domains associated at least in part with respective subsets of one or more resources of the information system; and in response to an input at a user device by a user other than administrators of the information system, generating by the processor one or more respective access policies local to the one or more domains, the one or more respective access policies configured to enable a determination at least in part of access to the respective subsets, the one or more resources, or a combination thereof, wherein the one or more respective access policies are generated locally and independently from one or more other access policies applicable to the one or more domains, and the one or more respective access policies are configured to operate independently of the one or more other access policies, wherein the one or more respective access policies, the one or more domains, or a combination thereof represent at least in part successive layers of access control with respect to the respective subsets, the one or more resources, or a combination thereof, and wherein the one or more respective access policies are different from the one or more other access policies for accessing the subset, while implemented via a different mechanism. - View Dependent Claims (15, 16)
-
Specification