Method, system, and computer program product for facilitating communication in an interoperability network
First Claim
1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code embodied therein, the computer readable program code adapted to be executed to implement a method, the method comprising:
- storing policy data for a plurality of entities, including;
storing first policy data corresponding to a first one of the entities, the first one of the entities including a first role associated with a user used to control access to information, andstoring second policy data of a second one of the entities, the second one of the entities including a group defined by a second role, the group including the user, where the second policy data is used for authorization of the user;
receiving a message from the user for being transmitted in a network, the message for accessing by the user the information;
in response to the receipt of the message, identifying the first policy data of the first role and the second policy data of the group;
in response to the receipt of the message, merging the first policy data of the first role and the second policy data of the group to produce a combined policy;
evaluating the combined policy with respect to the received message;
determining whether the message is associated with a policy violation, based on the evaluation of the combined policy;
allowing the user to access the information when the determination is that the message is not associated with the policy violation; and
denying the user access to the information when the determination is that the message is associated with the policy violation.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus are described for facilitating communication among a plurality of entities via an interoperability network. Each entity has policy data corresponding thereto governing interaction with the entity via the interoperability network. A message is transmitted from a first one of the entities to a second one of the entities. The first entity has first policy data corresponding thereto and the second entity has second policy data corresponding thereto. The transmitted message was handled in the network according to combined policy data representing a combination of the first and second policy data.
-
Citations
18 Claims
-
1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code embodied therein, the computer readable program code adapted to be executed to implement a method, the method comprising:
-
storing policy data for a plurality of entities, including; storing first policy data corresponding to a first one of the entities, the first one of the entities including a first role associated with a user used to control access to information, and storing second policy data of a second one of the entities, the second one of the entities including a group defined by a second role, the group including the user, where the second policy data is used for authorization of the user; receiving a message from the user for being transmitted in a network, the message for accessing by the user the information; in response to the receipt of the message, identifying the first policy data of the first role and the second policy data of the group; in response to the receipt of the message, merging the first policy data of the first role and the second policy data of the group to produce a combined policy; evaluating the combined policy with respect to the received message; determining whether the message is associated with a policy violation, based on the evaluation of the combined policy; allowing the user to access the information when the determination is that the message is not associated with the policy violation; and denying the user access to the information when the determination is that the message is associated with the policy violation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method, comprising:
-
storing policy data for a plurality of entities, including; storing first policy data corresponding to a first one of the entities, the first one of the entities including a first role associated with a user used to control access to information, and storing second policy data of a second one of the entities, the second one of the entities including a group defined by a second role, the group including the user, where the second policy data is used for authorization of the user; receiving a message from the user for being transmitted in a network, the message for accessing by the user the information; in response to the receipt of the message, identifying the first policy data of the first role and the second policy data of the group; in response to the receipt of the message, merging the first policy data of the first role and the second policy data of the group to produce a combined policy; evaluating the combined policy with respect to the received message; determining whether the message is associated with a policy violation, based on the evaluation of the combined policy; allowing the user to access the information when the determination is that the message is not associated with the policy violation; and denying the user access to the information when the determination is that the message is associated with the policy violation. - View Dependent Claims (14, 15, 17)
-
-
16. An interoperability network, comprising:
-
at least one data store having policy data for entities stored therein; and at least one computing device for; storing policy data for a plurality of entities, including; storing first policy data corresponding to a first one of the entities, the first one of the entities including a first role associated with a user used to control access to information, and storing second policy data of a second one of the entities, the second one of the entities including a group defined by a second role, the group including the user, where the second policy data is used for authorization of the user; receiving a message from the user for being transmitted in a network, the message for accessing by the user the information; in response to the receipt of the message, identifying the first policy data of the first role and the second policy data of the group; in response to the receipt of the message, merging the first policy data of the first role and the second policy data of the group to produce a combined policy; evaluating the combined policy with respect to the received message; determining whether the message is associated with a policy violation, based on the evaluation of the combined policy; allowing the user to access the information when the determination is that the message is not associated with the policy violation; and denying the user access to the information when the determination is that the message is associated with the policy violation.
-
-
18. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code embodied therein, the computer readable program code adapted to be executed to implement a method, the method comprising:
-
storing policy data for a plurality of entities, including; storing first policy data corresponding to a first one of the entities, the first one of the entities including a first role associated with a user used to control access to information, and storing second policy data of a second one of the entities, the second one of the entities including a group defined by a second role, the group including the user, where the second policy data is used for authorization of the user; receiving a message from the user for being transmitted in a network, the message for accessing by the user the information; in response to the receipt of the message, identifying the first policy data of the first role and the second policy data of the group; in response to the receipt of the message, merging the first policy data of the first role and the second policy data of the group to produce a combined policy; evaluating the combined policy with respect to the received message; determining whether the message is associated with a policy violation, based on the evaluation of the combined policy; allowing the user to access the information when the determination is that the message is not associated with the policy violation; and denying the user access to the information when the determination is that the message is associated with the policy violation.
-
Specification