HOLISTIC XACML AND OBLIGATION CODE AUTOMATICALLY GENERATED FROM ONTOLOGICALLY DEFINED RULE SET

US 20090320093A1
Filed: 12/31/2008
Published: 12/24/2009
Est. Priority Date: 12/31/2007
Status: Active Grant

First Claim

Patent Images

1. A system for automatically generating code for an authorization policy for network resources, the system comprising:

one or more processors; and

a memory in communication with the one or more processors, wherein the memory contains instructions that when executed by the one or more processors, cause the one or more processors to;

automatically generate obligation code for the policy, wherein rules of the policy are modeled using an ontologically defined ruleset; and

automatically generate XACML rule code for the policy based on the same ontologically defined ruleset.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer-based systems and methods for automatically generating both XACML rules and processed-based obligation code using a common ontologically defined ruleset.

131 Citations

23 Claims

1. A system for automatically generating code for an authorization policy for network resources, the system comprising:
- one or more processors; and
  
  a memory in communication with the one or more processors, wherein the memory contains instructions that when executed by the one or more processors, cause the one or more processors to;
  
  automatically generate obligation code for the policy, wherein rules of the policy are modeled using an ontologically defined ruleset; and
  
  automatically generate XACML rule code for the policy based on the same ontologically defined ruleset.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the memory stores instructions that, when executed by the one or more processors, cause the one or more processors to automatically generate obligation code by associating at least one step of an obligation of the policy with an interface.
  - 3. The system of claim 2, wherein an input field and/or an output field of the interface is associated with a concept from the ontology.
  - 4. The system of claim 3, wherein the concept from the ontology is represented by a semantic graph.
  - 5. The system of claim 2, wherein WSDL is used to describe the input field and/or the output field of the interface.
  - 6. The system of claim 5, wherein the memory stores instructions that, when executed by the one or more processors, cause the one or more processors to automatically generate obligation code by automatically generating obligation code based on each rule and interface of the policy.
  - 7. The system of claim 1, wherein the memory stores instructions that, when executed by the one or more processors, cause the one or more processors to automatically generate XACML rule code for each modeled rule of the policy.

8. A computer product comprising:
- a computer readable medium having stored thereon instructions that, when executed by a processor, causes the processor to;
  
  automatically generate obligation code for an authorization policy for network resources, wherein rules of the policy are modeled using an ontologically defined ruleset; and
  
  automatically generate XACML rule code for the policy based on the same ontologically defined ruleset.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer product of claim 8, wherein the computer readable medium stores instructions that, when executed by the processor, causes the processor to automatically generate obligation code by associating at least one step of an obligation of the policy with an interface.
  - 10. The computer product of claim 9, wherein an input field and/or an output field of the interface is associated with a concept from the ontology.
  - 11. The computer product of claim 10, wherein the concept from the ontology is represented by a semantic graph.
  - 12. The computer product of claim 9, wherein WSDL is used to describe the input field and/or the output field of the interface.
  - 13. The computer product of claim 12, wherein the computer readable medium stores instructions that, when executed by the processor, causes the processor to automatically generate obligation code based on each rule and interface of the policy.
  - 14. The computer product of claim 8, wherein the computer readable medium stores instructions that, when executed by the processor, causes the processor to automatically generate XACML rule code for each modeled rule of the policy.

15. A method for automatically generating code for an authorization policy for network resources, the method comprising:
- automatically generating, by a computer system comprising a code generation software module, obligation code for the policy, wherein rules of the policy are modeled using an ontologically defined ruleset; and
  
  automatically generating, by the computer system, XACML rule code for the policy based on the same ontologically defined ruleset.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
- - 16. The method of claim 15, wherein automatically generating the obligation code comprises associating at least one step of an obligation of the policy with an interface.
  - 17. The method of claim 16, wherein an input field and/or an output field of the interface is associated with a concept from the ontology.
  - 18. The method of claim 17, wherein the concept from the ontology is represented by a semantic graph.
  - 19. The method of claim 16, wherein WSDL is used to describe the input field and/or the output field of the interface.
  - 20. The method of claim 19, wherein automatically generating the obligation code comprises automatically generating the obligation code based on each rule and interface of the policy.
  - 21. The method of claim 15, wherein automatically generating the XACML rule code comprises automatically generating the XACML rule code for each modeled rule of the policy.
  - 22. The method of claim 15, further comprising deploying the automatically generated obligation code and the automatically generated XACML rule code in a computer-based authorization architecture.
  - 23. The method of claim 22, wherein the step of deploying comprises deploying XACML rule code at a Policy Administration Point (PAP) of the computer-based authorization architecture.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Enterra Solutions LLC
Original Assignee
Enterra Solutions LLC
Inventors
Aucoin, Bryan J., Wagner, Peter A., Glazier, Jason S., DeAngelis, Stephen F.

Granted Patent

US 9,323,938 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 8/10   Requirements analysis; Spec...

G06F 8/35   model driven

HOLISTIC XACML AND OBLIGATION CODE AUTOMATICALLY GENERATED FROM ONTOLOGICALLY DEFINED RULE SET

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

131 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

HOLISTIC XACML AND OBLIGATION CODE AUTOMATICALLY GENERATED FROM ONTOLOGICALLY DEFINED RULE SET

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

131 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links