Transparent policies
First Claim
Patent Images
1. A computer-implemented method, comprising:
- enforcing a set of policies for an account, the set of policies configured such that fulfillment of requests submitted by an administrator of the account requires compliance with at least a first policy in a first subset of the set of policies and a second policy in a second subset of the set of policies;
receiving, from the administrator associated with the account, a request for information about the set of policies enforced for the account, the set of policies indicating conditions for access to computing resources;
obtaining information responsive to the request, the information responsive to the request comprising information about the first subset of the set of policies and excluding information about the second subset of the set of policies as a result of the administrator lacking authorization for obtaining information about policies in the second subset of the set of policies; and
providing to the administrator, a response to the request that comprises the information responsive to the request, the response lacking any information indicative of existence of the second subset of the set of policies.
1 Assignment
0 Petitions
Accused Products
Abstract
A system enforces policies in connection with requests to access resources. Users are provided the ability to obtain information about the policies the system enforces. Some of the users have associated restrictions such that, when those users request information about the policies, the information provided is incomplete. The information provided may lack information about one or more policies that apply to the users.
-
Citations
22 Claims
-
1. A computer-implemented method, comprising:
-
enforcing a set of policies for an account, the set of policies configured such that fulfillment of requests submitted by an administrator of the account requires compliance with at least a first policy in a first subset of the set of policies and a second policy in a second subset of the set of policies; receiving, from the administrator associated with the account, a request for information about the set of policies enforced for the account, the set of policies indicating conditions for access to computing resources; obtaining information responsive to the request, the information responsive to the request comprising information about the first subset of the set of policies and excluding information about the second subset of the set of policies as a result of the administrator lacking authorization for obtaining information about policies in the second subset of the set of policies; and providing to the administrator, a response to the request that comprises the information responsive to the request, the response lacking any information indicative of existence of the second subset of the set of policies. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system, comprising at least one computing device configured to implement one or more services, the at least one computing device including microprocessor and a memory, the one or more services:
-
for an entity, maintain information about policies enforced for the entity; provide an interface through which requests are submitted to allow a user to obtain information about the policies, the policies indicating conditions for access to computing resources; and process requests submitted through the provided interface such that, for at least a first user and a second user requesting the same information about the policies during a time when the policies remain unchanged, the first user is provided first information about the policies that is different than second information about the policies provided to the second user, the first information indicating existence of one or more policies for which the second information lacks an indication of existence of the one or more policies. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable storage medium having collectively stored thereon executable instructions that, if executed by one or more processors of a computer system, the computer system including a microprocessor and a memory, cause the computer system to at least:
-
receive, from a requestor, a request whose fulfillment involves providing information to the requestor about a set of policies indicating conditions for access to computing resources associated with an entity, the policies applied to requests submitted to a system and enforced such that, fulfillment of the requests is dependent on compliance with the policies; obtain information responsive to the request, the information responsive to the request comprising information about a first subset of the set of policies and excluding information about a second subset of the set of policies as a result of the requestor lacking authorization for obtaining information about policies in the second subset of the set of policies; and provide, to the requestor, a response to the request based at least in part on the information responsive to the request. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
Specification