Method, system, and computer program product for facilitating communication in an interoperability network

US 8,966,577 B2
Filed: 10/16/2013
Issued: 02/24/2015
Est. Priority Date: 10/14/2003
Status: Expired due to Term

First Claim

Patent Images

1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code embodied therein, the computer readable program code adapted to be executed to implement a method, the method comprising:

storing policy data for a plurality of entities, including;

storing first policy data corresponding to a first one of the entities, the first one of the entities including a first role associated with a user used to control access to information, andstoring second policy data of a second one of the entities, the second one of the entities including a group defined by a second role, the group including the user, where the second policy data is used for authorization of the user;

receiving a message from the user for being transmitted in a network, the message for accessing by the user the information;

in response to the receipt of the message, identifying the first policy data of the first role and the second policy data of the group;

in response to the receipt of the message, merging the first policy data of the first role and the second policy data of the group to produce a combined policy;

evaluating the combined policy with respect to the received message;

determining whether the message is associated with a policy violation, based on the evaluation of the combined policy;

allowing the user to access the information when the determination is that the message is not associated with the policy violation; and

denying the user access to the information when the determination is that the message is associated with the policy violation.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus are described for facilitating communication among a plurality of entities via an interoperability network. Each entity has policy data corresponding thereto governing interaction with the entity via the interoperability network. A message is transmitted from a first one of the entities to a second one of the entities. The first entity has first policy data corresponding thereto and the second entity has second policy data corresponding thereto. The transmitted message was handled in the network according to combined policy data representing a combination of the first and second policy data.

Citations

18 Claims

1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code embodied therein, the computer readable program code adapted to be executed to implement a method, the method comprising:
- storing policy data for a plurality of entities, including;
  
  storing first policy data corresponding to a first one of the entities, the first one of the entities including a first role associated with a user used to control access to information, andstoring second policy data of a second one of the entities, the second one of the entities including a group defined by a second role, the group including the user, where the second policy data is used for authorization of the user;
  
  receiving a message from the user for being transmitted in a network, the message for accessing by the user the information;
  
  in response to the receipt of the message, identifying the first policy data of the first role and the second policy data of the group;
  
  in response to the receipt of the message, merging the first policy data of the first role and the second policy data of the group to produce a combined policy;
  
  evaluating the combined policy with respect to the received message;
  
  determining whether the message is associated with a policy violation, based on the evaluation of the combined policy;
  
  allowing the user to access the information when the determination is that the message is not associated with the policy violation; and
  
  denying the user access to the information when the determination is that the message is associated with the policy violation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computer program product of claim 1, further comprising associating the combined policy with the message such that the combined policy is transmitted with the message in the network.
  - 3. The computer program product of claim 1, wherein the policy violation is a run-time policy violation.
  - 4. The computer program product of claim 3, further comprising generating a policy violation message corresponding to the run-time policy violation, and transmitting the policy violation message to the user.
  - 5. The computer program product of claim 1, further comprising storing policy audit data for at least one of the entities associated with the network, the policy audit data comprising information relating to compliance of the at least one of the entities with at least a portion of the policy data.
  - 6. The computer program product of claim 5, further comprising generating reports using the policy audit data.
  - 7. The computer program product of claim 1, further comprising facilitating configuration of the policy data associated with at least one of the entities.
  - 8. The computer program product of claim 7, wherein facilitating configuration of the policy data includes facilitating presentation of graphical user interfaces to users associated with the at least one of the entities.
  - 9. The computer program product of claim 1, wherein the plurality of entities include at least one of organizations, individuals, computing platforms, software applications, and services.
  - 10. The computer program product of claim 1, wherein the policy data relate to at least one of security, message format, network protocols, routing, organizations, users, and roles.
  - 11. The computer program product of claim 1 wherein the first, second, and combined policy data each include at least one policy assertion.
  - 12. The computer program product of claim 1, wherein the first, second, and combined policy data each include a plurality of policy assertions, and further comprising code for evaluating different ones of the policy assertions at different points within the network.

13. A method, comprising:
- storing policy data for a plurality of entities, including;
  
  storing first policy data corresponding to a first one of the entities, the first one of the entities including a first role associated with a user used to control access to information, andstoring second policy data of a second one of the entities, the second one of the entities including a group defined by a second role, the group including the user, where the second policy data is used for authorization of the user;
  
  receiving a message from the user for being transmitted in a network, the message for accessing by the user the information;
  
  in response to the receipt of the message, identifying the first policy data of the first role and the second policy data of the group;
  
  in response to the receipt of the message, merging the first policy data of the first role and the second policy data of the group to produce a combined policy;
  
  evaluating the combined policy with respect to the received message;
  
  determining whether the message is associated with a policy violation, based on the evaluation of the combined policy;
  
  allowing the user to access the information when the determination is that the message is not associated with the policy violation; and
  
  denying the user access to the information when the determination is that the message is associated with the policy violation.
- View Dependent Claims (14, 15, 17)
- - 14. The method of claim 13, further comprising associating the combined policy with the message such that the combined policy is transmitted with the message in the network.
  - 15. The method of claim 13, wherein the policy violation is a run-time policy violation.
  - 17. The interoperability network of claim 14, wherein the at least one computing device includes a plurality of components, and the message is handled at each of the components.

16. An interoperability network, comprising:
- at least one data store having policy data for entities stored therein; and
  
  at least one computing device for;
  
  storing policy data for a plurality of entities, including;
  
  storing first policy data corresponding to a first one of the entities, the first one of the entities including a first role associated with a user used to control access to information, andstoring second policy data of a second one of the entities, the second one of the entities including a group defined by a second role, the group including the user, where the second policy data is used for authorization of the user;
  
  receiving a message from the user for being transmitted in a network, the message for accessing by the user the information;
  
  in response to the receipt of the message, identifying the first policy data of the first role and the second policy data of the group;
  
  in response to the receipt of the message, merging the first policy data of the first role and the second policy data of the group to produce a combined policy;
  
  evaluating the combined policy with respect to the received message;
  
  determining whether the message is associated with a policy violation, based on the evaluation of the combined policy;
  
  allowing the user to access the information when the determination is that the message is not associated with the policy violation; and
  
  denying the user access to the information when the determination is that the message is associated with the policy violation.

18. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code embodied therein, the computer readable program code adapted to be executed to implement a method, the method comprising:
- storing policy data for a plurality of entities, including;
  
  storing first policy data corresponding to a first one of the entities, the first one of the entities including a first role associated with a user used to control access to information, andstoring second policy data of a second one of the entities, the second one of the entities including a group defined by a second role, the group including the user, where the second policy data is used for authorization of the user;
  
  receiving a message from the user for being transmitted in a network, the message for accessing by the user the information;
  
  in response to the receipt of the message, identifying the first policy data of the first role and the second policy data of the group;
  
  in response to the receipt of the message, merging the first policy data of the first role and the second policy data of the group to produce a combined policy;
  
  evaluating the combined policy with respect to the received message;
  
  determining whether the message is associated with a policy violation, based on the evaluation of the combined policy;
  
  allowing the user to access the information when the determination is that the message is not associated with the policy violation; and
  
  denying the user access to the information when the determination is that the message is associated with the policy violation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Lerner, Alexander, Dewey, Michael K.
Primary Examiner(s)
Tabor, Amare F

Application Number

US14/055,817
Publication Number

US 20140053235A1
Time in Patent Office

496 Days
Field of Search

726/1, 709/223, 709/225, 709/240
US Class Current

726/1
CPC Class Codes

G06F 21/6236   between heterogeneous systems

G06F 9/546   Message passing systems or ...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

H04L 67/63   Routing a service request d...

Method, system, and computer program product for facilitating communication in an interoperability network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method, system, and computer program product for facilitating communication in an interoperability network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links