Holistic XACML and obligation code automatically generated from ontologically defined rule set

US 9,323,938 B2
Filed: 12/31/2008
Issued: 04/26/2016
Est. Priority Date: 12/31/2007
Status: Active Grant

First Claim

Patent Images

1. A system for automatically generating code for an authorization policy for network resources, the system comprising:

one or more processors; and

a memory in communication with the one or more processors, wherein the memory contains instructions that when executed by the one or more processors, cause the one or more processors to;

automatically generate obligation code for the policy, in a first programming language, wherein rules of the policy are modeled using an ontologically defined ruleset, wherein the obligation code includes a plurality of function calls; and

after generating the obligation code, automatically generate XACML rule code for the policy based on the same ontologically defined ruleset, wherein the first programming language is not XACML, wherein the one or more processors are programmed to generate the XACML rule code for the policy by inserting calling details for each of the plurality of function calls of the obligation code in the XACML code.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer-based systems and methods for automatically generating both XACML rules and processed-based obligation code using a common ontologically defined ruleset.

13 Citations

View as Search Results

19 Claims

1. A system for automatically generating code for an authorization policy for network resources, the system comprising:
- one or more processors; and
  
  a memory in communication with the one or more processors, wherein the memory contains instructions that when executed by the one or more processors, cause the one or more processors to;
  
  automatically generate obligation code for the policy, in a first programming language, wherein rules of the policy are modeled using an ontologically defined ruleset, wherein the obligation code includes a plurality of function calls; and
  
  after generating the obligation code, automatically generate XACML rule code for the policy based on the same ontologically defined ruleset, wherein the first programming language is not XACML, wherein the one or more processors are programmed to generate the XACML rule code for the policy by inserting calling details for each of the plurality of function calls of the obligation code in the XACML code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the memory stores instructions that, when executed by the one or more processors, cause the one or more processors to automatically generate obligation code by associating at least one step of an obligation of the policy with an interface.
  - 3. The system of claim 2, wherein an input field and/or an output field of the interface is associated with a concept from the ontology.
  - 4. The system of claim 3, wherein the concept from the ontology is represented by a semantic graph.
  - 5. The system of claim 2, wherein WSDL is used to describe the input field and/or the output field of the interface.
  - 6. The system of claim 5, wherein the memory stores instructions that, when executed by the one or more processors, cause the one or more processors to automatically generate obligation code by automatically generating obligation code based on each rule and interface of the policy.
  - 7. The system of claim 1, wherein the memory stores instructions that, when executed by the one or more processors, cause the one or more processors to automatically generate XACML rule code for each modeled rule of the policy.
  - 8. The system of claim 1, wherein the first programming language comprises Business Process Execution Language (BPEL).
  - 9. The system of claim 1, wherein the first programming language comprises Java.

10. A method for automatically generating code for an authorization policy for network resources, the method comprising:
- automatically generating, by a computer system comprising a code generation software module, obligation code for the policy, in a first programming language, wherein rules of the policy are modeled using an ontologically defined ruleset, wherein the obligation code includes a plurality of function calls; and
  
  after generating the obligation code, automatically generating, by the computer system, XACML rule code for the policy based on the same ontologically defined ruleset, wherein the first programming language is not XACML, and wherein generating the XACML rule code for the policy comprises inserting calling details for each of the plurality of function calls of the obligation code in the XACML code.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The method of claim 10, wherein automatically generating the obligation code comprises associating at least one step of an obligation of the policy with an interface.
  - 12. The method of claim 11, wherein an input field and/or an output field of the interface is associated with a concept from the ontology.
  - 13. The method of claim 12, wherein the concept from the ontology is represented by a semantic graph.
  - 14. The method of claim 11, wherein WSDL is used to describe the input field and/or the output field of the interface.
  - 15. The method of claim 14, wherein automatically generating the obligation code comprises automatically generating the obligation code based on each rule and interface of the policy.
  - 16. The method of claim 10, wherein automatically generating the XACML rule code comprises automatically generating the XACML rule code for each modeled rule of the policy.
  - 17. The method of claim 10, further comprising deploying the automatically generated obligation code and the automatically generated XACML rule code in a computer-based authorization architecture.
  - 18. The method of claim 17, wherein the step of deploying comprises deploying XACML rule code at a Policy Administration Point (PAP) of the computer-based authorization architecture.
  - 19. The method of claim 10, wherein:
    - the XACML code comprises access policies for network resources; and
      
      the obligation code comprises simulation code that is executed prior to generating the XACML code in order to formulate the access policies for the network resources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Enterra Solutions LLC
Original Assignee
Enterra Solutions LLC
Inventors
Glazier, Jason S., Aucoin, Bryan J., DeAngelis, Stephen F., Wagner, Peter A.
Primary Examiner(s)
GEORGANDELLIS, ANDREW C

Application Number

US12/347,042
Publication Number

US 20090320093A1
Time in Patent Office

2,673 Days
Field of Search

726/1
US Class Current

1/1
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 8/10   Requirements analysis; Spec...

G06F 8/35   model driven

Holistic XACML and obligation code automatically generated from ontologically defined rule set

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Holistic XACML and obligation code automatically generated from ontologically defined rule set

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links