Security data redaction
First Claim
1. A method for securing access to data, the method comprising:
- accessing at least one service on behalf of a requestor;
receiving a result set including results from accessing the at least one service; and
providing to the requestor only that portion of the result set that the requester is permitted to access;
wherein the portion of the result set provided to the requestor is mapped to a view of the data associated with the requester.
3 Assignments
0 Petitions
Accused Products
Abstract
In accordance with one embodiment of the present invention, there are provided mechanisms and methods for securing access to data. These mechanisms and methods for securing access to data make it possible for systems to have improved control over accesses to information by redacting responses made by services based upon access policies. Requestors may be users, proxies or automated entities. This ability of a system to redact responses to queries or requests for services in accordance with access policies makes it possible to attain improved security in computing systems over conventional access control mechanisms that control based upon privileges for accessing a file, an account, a storage device or a machine upon which the information is stored.
167 Citations
19 Claims
-
1. A method for securing access to data, the method comprising:
-
accessing at least one service on behalf of a requestor;
receiving a result set including results from accessing the at least one service; and
providing to the requestor only that portion of the result set that the requester is permitted to access;
wherein the portion of the result set provided to the requestor is mapped to a view of the data associated with the requester. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-readable medium carrying one or more sequences of instructions for securing access to data, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
accessing at least one service on behalf of a requester;
receiving a result set including results from accessing the at least one service; and
providing to the requester only that portion of the result set that the requestor is permitted to access;
wherein the portion of the result set provided to the requestor is mapped to a view of the data associated with the requester. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus for securing access to data, the apparatus comprising:
-
a processor; and
one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
accessing at least one service on behalf of a requester;
receiving a result set including results from accessing the at least one service; and
providing to the requestor only that portion of the result set that the requestor is permitted to access;
wherein the portion of the result set provided to the requestor is mapped to a view of the data associated with the requester.
-
-
18. A method for receiving data under a controlled environment, the method comprising:
-
sending a request to access a service to a server; and
receiving a portion of a result set of the service from the server, wherein the server has prepared the portion of the result set of the service according to a determination of a subset of the result set which is permitted to be provided responsive to the request.
-
-
19. A computer-readable medium carrying one or more sequences of instructions for receiving data under a controlled environment, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
sending a request to access a service to a server; and
receiving a portion of a result set of the service from the server, wherein the server has prepared the portion of the result set of the service according to a determination of a subset of the result set which is permitted to be provided responsive to the request.
-
Specification