Automated policy constraint matching for computing resources
First Claim
1. A method, comprising:
- accessing a first policy definition comprising one or more policy constraints, wherein each policy constraint specifies one or more acceptable values for each of one or more vocabulary items of the first policy definition;
accessing a second policy definition comprising one or more other policy constraints, each of which specifies one or more acceptable values for one or more other vocabulary items of the second policy definition;
wherein one of the acceptable values of the first policy definition and of the acceptable values of the second policy definition for a single vocabulary item common to both the first and second policy definitions are configured in a hierarchical relationship, wherein a narrower one of the acceptable values for the common vocabulary item is defined as a subset of a broader one of the acceptable values for the common vocabulary item;
wherein the narrower one of the acceptable values inherits all semantics from the broader acceptable value;
determining an intersection policy definition comprising one or more intersection policy constraints specifying one or more acceptable values for the vocabulary item common to both the first and second policy definitions, wherein said determining comprises specifying the narrower one of the acceptable values in one of the one or more intersection policy constraints for the common vocabulary item; and
communicating with a device in a distributed computing environment according to the determined intersection policy definition.
2 Assignments
0 Petitions
Accused Products
Abstract
Web services interface policy constraints may be specified in a policy constraints language and policy processing, such as generating an intersection policy of two policies may be automated by a policy-processing engine. A policy constraint may be a specification of a value, range of values, or set of values that a particular requirement or offering is allowed to have. Hierarchies of requirements and/or offerings may also be expressed and matched such that a more specific case of a requirement or offering may be matched against a more general case of the same requirement or offering. Also, preferences among vocabulary items, vocabulary item values, policy constraints, and other elements of a policy may be specified and automatically determined by a policy-processing engine. Automated matching of consumer requirements against provider offerings may allow a policy-processing engine to process policies with specifications of requirements or offerings from any domain-specific schema.
209 Citations
23 Claims
-
1. A method, comprising:
-
accessing a first policy definition comprising one or more policy constraints, wherein each policy constraint specifies one or more acceptable values for each of one or more vocabulary items of the first policy definition;
accessing a second policy definition comprising one or more other policy constraints, each of which specifies one or more acceptable values for one or more other vocabulary items of the second policy definition;
wherein one of the acceptable values of the first policy definition and of the acceptable values of the second policy definition for a single vocabulary item common to both the first and second policy definitions are configured in a hierarchical relationship, wherein a narrower one of the acceptable values for the common vocabulary item is defined as a subset of a broader one of the acceptable values for the common vocabulary item;
wherein the narrower one of the acceptable values inherits all semantics from the broader acceptable value;
determining an intersection policy definition comprising one or more intersection policy constraints specifying one or more acceptable values for the vocabulary item common to both the first and second policy definitions, wherein said determining comprises specifying the narrower one of the acceptable values in one of the one or more intersection policy constraints for the common vocabulary item; and
communicating with a device in a distributed computing environment according to the determined intersection policy definition. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A device, comprising:
-
a processor; and
a memory coupled to the processor, wherein the memory comprises program instructions configured to;
access a first policy definition comprising one or more policy constraints, wherein each policy constraint specifies one or more acceptable values for each of one or more vocabulary items of the first policy definition;
access a second policy definition comprising one or more other policy constraints, each of which specifies one or more acceptable values for one or more other vocabulary items of the second policy definition;
wherein one of the acceptable values of the first policy definition and of the acceptable values of the second policy definition for a single vocabulary item common to both the first and second policy definitions are configured in a hierarchical relationship, wherein a narrower one of the acceptable values for the common vocabulary item is defined as a subset of a broader one of the acceptable values for the common vocabulary item;
wherein the narrower one of the acceptable values inherits all semantics from the broader acceptable value;
determine an intersection policy definition comprising one or more intersection policy constraints specifying one or more acceptable values for each of one or more vocabulary items common to both the first and second policy definitions, wherein said determining comprises specifying the narrower one of the acceptable values in one of the one or more intersection policy constraints for the common vocabulary item; and
communicate with a device in a distributed computing environment according to the determined intersection policy definition.
-
-
23. A computer accessible medium, comprising program instructions configured to implement:
-
accessing a first policy definition comprising one or more policy constraints, wherein each policy constraint specifies one or more acceptable values for each of one or more vocabulary items of the first policy definition;
accessing a second policy definition comprising one or more other policy constraints, each of which specifies one or more acceptable values for one or more other vocabulary items of the second policy definition;
wherein one of the acceptable values of the first policy definition and of the acceptable values of the second policy definition for a single vocabulary item common to both the first and second policy definitions are configured in a hierarchical relationship, wherein a narrower one of the acceptable values for the common vocabulary item is defined as a subset of a broader one of the acceptable values for the common vocabulary item;
wherein the narrower one of the acceptable values inherits all semantics from the broader acceptable value;
determining an intersection policy definition comprising one or more intersection policy constraints specifying one or more acceptable values for each of one or more vocabulary items common to both the first and second policy definitions, wherein said determining comprises specifying the narrower one of the acceptable values in one of the one or more intersection policy constraints for the common vocabulary item; and
communicating with a device in a distributed computing environment according to the determined intersection policy definition.
-
Specification