AUTHORIZATION-BASED REDACTION OF DATA
First Claim
1. A method comprising:
- prior to providing a content item to an entity, a component sending an authorization request to an authorization component;
receiving, at the component, an authorization response to the authorization request, wherein the authorization response indicates;
that the entity is permitted to access the content item; and
that one or more portions are to be redacted from the content item prior to providing the content item to the entity;
in response to the authorization response, the component sending a redaction request to a redaction component to redact the one or more portions from the content item to produce a redacted version of the content item; and
providing the redacted version of the content item to the entity;
wherein the method is performed by one or more computing devices.
1 Assignment
0 Petitions
Accused Products
Abstract
Tasks for providing a post-redaction document to a requestor are distributed among several distinct components. The decision about whether a particular requestor is permitted to obtain a requested content item is made by an authorization service. When obtaining requested content item is permitted, the authorization service returns (a) portion identification information, and (b) redaction technique information that indicates the manner by which that portion should be redacted. Redaction is then performed by a redaction component. Techniques are described in which the portion identification information identifies portions to be redacted using XPath expressions, and the redaction component has logic to identify the portions, within the pre-redaction version of the content item, that are targeted by the XPath expressions.
45 Citations
20 Claims
-
1. A method comprising:
-
prior to providing a content item to an entity, a component sending an authorization request to an authorization component; receiving, at the component, an authorization response to the authorization request, wherein the authorization response indicates; that the entity is permitted to access the content item; and that one or more portions are to be redacted from the content item prior to providing the content item to the entity; in response to the authorization response, the component sending a redaction request to a redaction component to redact the one or more portions from the content item to produce a redacted version of the content item; and providing the redacted version of the content item to the entity; wherein the method is performed by one or more computing devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. One or more non-transitory computer-readable media storing instructions which, when executed by one or more processors, cause the one or more processors to execute an authorization service that is configured to perform the steps of:
-
receive an authorization request that indicates a role of a requestor and a requested service; and in response to the request, send an authorization response that includes; at least one XPath expression that identifies which portion of a content item, from the requested service, is to be redacted before the content item is provided to a requestor that has the role; and an indication of which type of encryption, of a plurality of available types of encryption, is to be used to used to redact said portion of the content item.
-
-
11. One or more non-transitory computer-readable media storing instructions which, when executed by one or more processors, cause the one or more processors to execute a redaction component that is configured to perform the steps of:
-
receiving a redaction request that includes an XPath expression and an indication of a selected type of encryption, wherein the selected type of encryption is one of a plurality of types of encryption supported by the redaction component; and in response to the redaction request, generating a post-redaction version of a content item by performing the selected type of encryption on one or more portions of a pre-redaction version of the content item, wherein the one or more portions are portions that match the XPath expression.
-
-
12. One or more non-transitory computer-readable media storing instructions which, when executed by one or more processors, cause the one or more processors to perform a method that includes:
-
prior to providing a content item to an entity, a component sending an authorization request to an authorization component; receiving, at the component, an authorization response to the authorization request, wherein the authorization response indicates; that the entity is permitted to access the content item; and that one or more portions are to be redacted from the content item prior to providing the content item to the entity; in response to the authorization response, the component sending a redaction request to a redaction component to redact the one or more portions from the content item to produce a redacted version of the content item; and providing the redacted version of the content item to the entity; wherein the method is performed by one or more computing devices. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification