System for managing access to protected resources
First Claim
Patent Images
1. A computer program product comprising non-transitory computer readable storage medium, said computer program product for controlling authorization of access to a resource, said computer program product comprising:
- computer readable program code embodied at the non-transitory computer readable storage medium for retrieving an indication of a request for access to the resource from a policy enforcement point;
computer readable program code embodied at the non-transitory computer readable storage medium for obtaining from a policy repository a dynamically-loadable security policy associated with the resource, the dynamically-loadable security policy comprising at least one rule;
computer readable program code embodied at the non-transitory computer readable storage medium for examining the at least one rule of the dynamically-loadable security policy to determine at least one attribute required by the rule to evaluate the policy associated with the resource and comprising the at least one rule;
computer readable program code embodied at the non-transitory computer readable storage medium for invoking a connector to a data source that contains the at least one attribute required by the rule needed to evaluate the policy;
computer readable program code embodied at the non-transitory computer readable storage medium for retrieving the at least one attribute required by the rule to evaluate the policy;
computer readable program code embodied at the non-transitory computer readable storage medium for evaluating the policy using a value of the at least one attribute; and
return an authorization decision to the policy enforcement point.
2 Assignments
0 Petitions
Accused Products
Abstract
A rules evaluation engine that controls user'"'"'s security access to enterprise resources that have policies created for them. This engine allows real time authorization process to be performed with dynamic enrichment of the rules if necessary. Logging, alarm and administrative processes for granting or denying access to the user are also realized. The access encompasses computer and physical access to information and enterprise spaces.
2 Citations
7 Claims
-
1. A computer program product comprising non-transitory computer readable storage medium, said computer program product for controlling authorization of access to a resource, said computer program product comprising:
-
computer readable program code embodied at the non-transitory computer readable storage medium for retrieving an indication of a request for access to the resource from a policy enforcement point; computer readable program code embodied at the non-transitory computer readable storage medium for obtaining from a policy repository a dynamically-loadable security policy associated with the resource, the dynamically-loadable security policy comprising at least one rule; computer readable program code embodied at the non-transitory computer readable storage medium for examining the at least one rule of the dynamically-loadable security policy to determine at least one attribute required by the rule to evaluate the policy associated with the resource and comprising the at least one rule; computer readable program code embodied at the non-transitory computer readable storage medium for invoking a connector to a data source that contains the at least one attribute required by the rule needed to evaluate the policy; computer readable program code embodied at the non-transitory computer readable storage medium for retrieving the at least one attribute required by the rule to evaluate the policy; computer readable program code embodied at the non-transitory computer readable storage medium for evaluating the policy using a value of the at least one attribute; and return an authorization decision to the policy enforcement point. - View Dependent Claims (2, 3)
-
-
4. A method for controlling authorization of access to a resource, said method comprising:
-
retrieving an indication of a request for access to the resource from a policy enforcement point; obtaining a dynamically-loadable security policy associated with the resource, the dynamically-loadable security policy comprising at least one rule from a policy repository; examining the at least one rule of the dynamically-loadable security policy to determine at least one attribute required by the rule to evaluate the dynamically-loadable policy associated with the resource and comprising the at least one rule; invoking a connector to a data source that contains the at least one attribute required by the rule to evaluate the policy; retrieving the at least one attribute required by the rule to evaluate the policy; evaluating the policy using a value of the at least one attribute; and returning an authorization decision to the policy enforcement point. - View Dependent Claims (5, 6, 7)
-
Specification