×

Rest-based declarative policy management

  • US 10,834,137 B2
  • Filed: 05/29/2018
  • Issued: 11/10/2020
  • Est. Priority Date: 09/28/2017
  • Status: Active Grant
First Claim
Patent Images

1. A method for policy evaluation in a multi-tenant cloud-based based identity and access management (IAM) system, the method comprising:

  • receiving a request for an IAM service for a tenant of a plurality of tenants of the multi-tenant cloud-based IAM system;

    determining an applicable policy associated with the IAM service;

    determining a policy expression of the applicable policy, wherein the policy expression comprises a reference to an attribute value, wherein the reference either comprises a function or comprises an application programming interface (API) of an attribute retriever class;

    obtaining the attribute value by invoking the function or by invoking the API of the attribute retriever class;

    evaluating the applicable policy at run-time using at least the obtained attribute value, the applicable policy comprising a declarative policy configured by a policy engine; and

    performing the IAM service based on the result of the evaluating of the policy;

    wherein the policy engine defines a data model comprising resource types corresponding to policy artifacts associated with the declarative policy, the policy artifacts comprising at least one of the declarative policy, a policy type, rules, condition groups, or conditions;

    wherein the policy type defines a contract between the policy engine and a component of the multi-tenant cloud-based IAM system that uptakes the policy engine and performs the IAM service, and the policy type is defined by the component of the multi-tenant cloud-based IAM system that uptakes the policy engine by configuring one or more control switches that control a run-time evaluation behavior of the declarative policy.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×