Policy Management of Multiple Security Domains
First Claim
1. A method, in a data processing system, for centralized policy management of multiple security domains in accordance with an illustrative embodiment, the method comprising:
- receiving an access request at a policy enforcement point component in the data processing system, wherein the policy enforcement point component is managed by a plurality of security domains;
querying, by the policy enforcement point component, a policy broker component in the data processing system;
determining, by the policy broker component, an access decision that complies with policies of the plurality of security domains; and
returning, by the policy broker component, the access decision to the policy enforcement point component.
1 Assignment
0 Petitions
Accused Products
Abstract
A mechanism is provided in a data processing system for centralized policy management of multiple security domains in accordance with an illustrative embodiment. A policy enforcement point component in the data processing system receives an access request. The policy enforcement point component is managed by a plurality of security domains. The policy enforcement point component queries a policy broker component in the data processing system. The policy broker component determines an access decision that complies with policies of the plurality of security domains. It does so by orchestrating a workflow that involves the policy decision, administration, and information components of those domains. The policy broker component returns the access decision to the policy enforcement point component.
16 Citations
20 Claims
-
1. A method, in a data processing system, for centralized policy management of multiple security domains in accordance with an illustrative embodiment, the method comprising:
-
receiving an access request at a policy enforcement point component in the data processing system, wherein the policy enforcement point component is managed by a plurality of security domains; querying, by the policy enforcement point component, a policy broker component in the data processing system; determining, by the policy broker component, an access decision that complies with policies of the plurality of security domains; and returning, by the policy broker component, the access decision to the policy enforcement point component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer program product comprising a computer readable storage medium having a computer readable program stored therein, wherein the computer readable program, when executed on a computing device, causes the computing device to:
-
receive an access request at a policy enforcement point component in the computing device, wherein the policy enforcement point component is managed by a plurality of security domains; query, by the policy enforcement point component, a policy broker component in the data processing system; determine, by the policy broker component, an access decision that complies with policies of the plurality of security domains; and return, by the policy broker component, the access decision to the policy enforcement point component. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A data processing system, comprising:
-
a processor; and a memory coupled to the processor, wherein the memory comprises instructions which, when executed by the processor, cause the processor to; receiving an access request at a policy enforcement point component in the data processing system, wherein the policy enforcement point component is managed by a plurality of security domains; querying, by the policy enforcement point component, a policy broker component in the data processing system; determining, by the policy broker component, an access decision that complies with policies of the plurality of security domains; and returning, by the policy broker component, the access decision to the policy enforcement point component. - View Dependent Claims (18, 19, 20)
-
Specification