Associative policy model
First Claim
1. A method for implementing an associative policy, the method comprising:
- providing a policy on a policy server, the policy having a service definition that contains first and second relational components;
providing first and second network entities;
operatively coupling the first and second network entities to the policy server;
dynamically associating the first network entity with the second network entity, wherein such associating includes binding the first relational component of the service definition in the policy to the first network entity, and binding the second relational component of the service definition in the policy to the second network entity; and
enforcing the policy on the first and second network entities.
17 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for an associative policy model are provided. One embodiment of the present invention provides a method for implementing an associative policy. In this embodiment, the method includes providing a policy on a policy server, the policy having a service definition that contains first and second relational components, providing first and second network entities, operatively coupling the first and second network entities to the policy server, dynamically associating the first network entity with the second network entity (wherein such associating includes binding the first relational component of the service definition in the policy to the first network entity, and binding the second relational component of the service definition in the policy to the second network entity), and enforcing the policy on the first and second network entities.
135 Citations
39 Claims
-
1. A method for implementing an associative policy, the method comprising:
-
providing a policy on a policy server, the policy having a service definition that contains first and second relational components;
providing first and second network entities;
operatively coupling the first and second network entities to the policy server;
dynamically associating the first network entity with the second network entity, wherein such associating includes binding the first relational component of the service definition in the policy to the first network entity, and binding the second relational component of the service definition in the policy to the second network entity; and
enforcing the policy on the first and second network entities. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for managing an associative policy on a policy server, the method comprising:
-
providing a policy having a service definition, wherein the service definition has one or more rulesets that each contain one or more placeholders;
specifying a role associated with each ruleset;
operatively coupling one or more devices to the policy server; and
upon such coupling, converting the policy into one or more device policies by inserting device information into the placeholders for each ruleset, and distributing the device policies to the corresponding devices. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A computer-implemented method on a policy server, the method comprising:
-
providing a master policy on the policy server, the master policy having a first component and a second component;
binding the policy server to a first device to obtain information about the first device;
binding the policy server to a second device to obtain information about the second device;
creating a first policy on the policy server using the first component of the master policy and the information about the second device;
creating a second policy on the policy server using the second component of the master policy and the information about the first device;
sending the first policy to the first device; and
sending the second policy to the second device. - View Dependent Claims (26, 27, 28, 29, 30)
-
-
31. A computer-implemented method on a client, the method comprising:
-
obtaining boot information for the client;
obtaining role information for a user on the client;
sending the boot information and the role information to a policy server;
obtaining a client-specific security policy from the policy server; and
enforcing the client-specific security policy on the client, wherein the client-specific security policy includes security information about a server that is associated with the client, and wherein the security information is based on boot information and role information for the server. - View Dependent Claims (32, 33, 34)
-
-
35. A system, comprising:
-
a network;
a first network entity coupled to the network;
a second network entity coupled to the network; and
a policy server coupled to the network, the policy server having a security policy that includes a first set of rules and a second set of rules, and each of the set of rules having one or more placeholders, wherein the policy server is operable to;
convert the security policy into a first entity policy by inserting entity information for the second network entity into the placeholders of the first set of rules;
convert the security policy into a second entity policy by inserting entity information for the first network entity into the placeholders of the second set of rules;
send the first entity policy to the first network entity; and
send the second entity policy to the second network entity. - View Dependent Claims (36, 37, 38)
-
-
39. A policy server, comprising:
-
a master security policy having a client component and a server component;
an interface to couple the policy server with a server device and a client device; and
wherein the policy server is operable to;
obtain server information about the server device;
obtain client information about the client device;
create a client policy using the client component of the master security policy and the server information;
create a server policy using the server component of the master security policy and the client information;
send the client policy to the client device; and
send the server policy to the server device.
-
Specification