×

Policy management of multiple security domains

  • US 9,054,971 B2
  • Filed: 04/24/2012
  • Issued: 06/09/2015
  • Est. Priority Date: 04/24/2012
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method, in a data processing system, for centralized policy management of multiple security domains in accordance with an illustrative embodiment, the method comprising:

  • receiving an access request at a microprocessor executing a policy enforcement point component in the data processing system, wherein the policy enforcement point component runs in the data processing system and controls access to a sensitive resource on the data processing system, wherein the policy enforcement point component is managed by a plurality of security domains, and wherein the access request requests access to the sensitive resource;

    sending an access control query from the policy enforcement point component to a policy broker component running in the data processing system;

    responsive to the policy broker component determining no policy decision point component is co-located on the data processing system, sending the access control query to a plurality of policy decision point components associated with the plurality of security domains, receiving independent access decisions from the plurality of policy decision point components, and determining, by the policy broker components, a reconciled access decision that complies with policies of the plurality of security domains based on the independent access decisions received from the plurality of policy decision point components;

    returning, by the policy broker component, the reconciled access decision to the policy enforcement point component; and

    allowing or rejecting, by the microprocessor executing the policy enforcement point component, the access request on the sensitive resource based on the reconciled access decision.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×