Rule-based application access management
First Claim
Patent Images
1. A method comprising:
- providing a streaming software container including a plurality of resources used in executing a streaming software application at a client device, the plurality of resources including access control rules defining access to the plurality of resources;
receiving a request for a resource used in executing the streaming software application from a requestor;
determining if the resource is one of the plurality of resources included in the streaming software container;
if it is determined that the resource is absent from the plurality of resources included in the streaming software container, then providing the resource to the requestor;
if it is determined that the resource is one of the plurality of resources included in the streaming software container, then;
determining if the requestor has rules-based access to the resource according to the access control rules;
providing the resource from the streaming software container to the requestor for executing the streaming software application if the requestor has rules-based access to the resource;
determining an altitude for the resource;
determining the access control rules for the resource based on the altitude;
determining if the access control rules for the resource specify accept;
if it is determined that the access control rules for the resource fail to specify accept, determining if the access control rules for the resource specify pause;
if it is determined that the access control rules for the resource fail to specify pause, determining if the access control rules for the resource specify pass through;
if it is determined that the access control rules for the resource specify pass through;
decrementing the altitude for the resource to a lower altitude;
determining new access control rules for the resource using a process ID and a resource ID at the lower altitude.
2 Assignments
0 Petitions
Accused Products
Abstract
A container that manages access to protected resources using rules to intelligently manage them includes an environment having a set of software and configurations that are to be managed. A rule engine, which executes the rules, may be called reactively when software accesses protected resources. The engine uses a combination of embedded and configurable rules. It may be desirable to assign and manage rules per process, per resource (e.g. file, registry, etc.), and per user. Access rules may be altitude-specific access rules.
248 Citations
15 Claims
-
1. A method comprising:
-
providing a streaming software container including a plurality of resources used in executing a streaming software application at a client device, the plurality of resources including access control rules defining access to the plurality of resources; receiving a request for a resource used in executing the streaming software application from a requestor; determining if the resource is one of the plurality of resources included in the streaming software container; if it is determined that the resource is absent from the plurality of resources included in the streaming software container, then providing the resource to the requestor; if it is determined that the resource is one of the plurality of resources included in the streaming software container, then; determining if the requestor has rules-based access to the resource according to the access control rules; providing the resource from the streaming software container to the requestor for executing the streaming software application if the requestor has rules-based access to the resource; determining an altitude for the resource; determining the access control rules for the resource based on the altitude; determining if the access control rules for the resource specify accept; if it is determined that the access control rules for the resource fail to specify accept, determining if the access control rules for the resource specify pause; if it is determined that the access control rules for the resource fail to specify pause, determining if the access control rules for the resource specify pass through; if it is determined that the access control rules for the resource specify pass through; decrementing the altitude for the resource to a lower altitude; determining new access control rules for the resource using a process ID and a resource ID at the lower altitude. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
at least one processor; memory storing instructions configured to instruct the at least one processor to perform; providing a streaming software container including a plurality of resources used in executing a streaming software application at a client device, the plurality of resources including access control rules defining access to the plurality of resources; receiving a request for a resource used in executing the streaming software application from a requestor; determining if the resource is one of the plurality of resources included in the streaming software container; if it is determined that the resource is absent from the plurality of resources included in the streaming software container, then providing the resource to the requestor; if it is determined that the resource is one of the plurality of resources included in the streaming software container, then; determining if the requestor has rules-based access to the resource according to the access control rules; providing the resource from the streaming software container to the requestor for executing the streaming software application if the requestor has rules-based access to the resource; determining an altitude for the resource; determining the access control rules for the resource based on the altitude; determining if the access control rules for the resource specify accept; if it is determined that the access control rules for the resource fail to specify accept, determining if the access control rules for the resource specify pause; if it is determined that the access control rules for the resource fail to specify pause, determining if the access control rules for the resource specify pass through; if it is determined that the access control rules for the resource specify pass through; decrementing the altitude for the resource to a lower altitude; determining new access control rules for the resource using a process ID and a resource ID at the lower altitude. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
Specification