Policy management in an interoperability network

US 8,453,196 B2
Filed: 06/01/2004
Issued: 05/28/2013
Est. Priority Date: 10/14/2003
Status: Active Grant

First Claim

Patent Images

1. An interoperability network, comprising:

at least one database having policy data for entities stored therein;

at least one computing device for;

receiving a message in a network from a first entity for a response from a second entity, wherein the first entity is a user;

identifying, in the database, first policy data corresponding to the user, the first policy data being user-specific and imposing a first set of restrictions on the user to access the second entity, wherein the first set of restrictions includes a first requirement for the user to be authenticated to communicate with the second entity;

identifying, in the database, second policy data associated with the second entity, the second policy data including a second set of restrictions, wherein the second set of restrictions includes at least a second requirement separate from the first requirement for the user to be authorized to communicate with the second entity;

combining the first policy data with the second policy data by determining a union and logical combination of the first policy data and the second policy data to produce a combined policy data, wherein said combining of the first policy data with the second policy data is a logical combination, and wherein the first policy data is combined with the second policy data in response to the receipt of the message in the network;

evaluating the combined policy data to determine whether the combined policy data is violated, wherein the combined policy data is violated when a restriction from the first set of restrictions or the second set of restrictions is violated;

in response to a determination that the combined policy data is violated, rejecting the message; and

in response to a determination that the combined policy data is not violated, transmitting the message to the second entity.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus are described for facilitating communication among a plurality of entities via an interoperability network. Each entity has policy data corresponding thereto governing interaction with the entity via the interoperability network. A message is transmitted from a first one of the entities to a second one of the entities. The first entity has first policy data corresponding thereto and the second entity has second policy data corresponding thereto. The transmitted message was handled in the network according to combined policy data representing a combination of the first and second policy data.

156 Citations

10 Claims

1. An interoperability network, comprising:
- at least one database having policy data for entities stored therein;
  
  at least one computing device for;
  
  receiving a message in a network from a first entity for a response from a second entity, wherein the first entity is a user;
  
  identifying, in the database, first policy data corresponding to the user, the first policy data being user-specific and imposing a first set of restrictions on the user to access the second entity, wherein the first set of restrictions includes a first requirement for the user to be authenticated to communicate with the second entity;
  
  identifying, in the database, second policy data associated with the second entity, the second policy data including a second set of restrictions, wherein the second set of restrictions includes at least a second requirement separate from the first requirement for the user to be authorized to communicate with the second entity;
  
  combining the first policy data with the second policy data by determining a union and logical combination of the first policy data and the second policy data to produce a combined policy data, wherein said combining of the first policy data with the second policy data is a logical combination, and wherein the first policy data is combined with the second policy data in response to the receipt of the message in the network;
  
  evaluating the combined policy data to determine whether the combined policy data is violated, wherein the combined policy data is violated when a restriction from the first set of restrictions or the second set of restrictions is violated;
  
  in response to a determination that the combined policy data is violated, rejecting the message; and
  
  in response to a determination that the combined policy data is not violated, transmitting the message to the second entity.
- View Dependent Claims (4)
- - 4. The network of claim 1 wherein a notification relating to the rejection of the message is sent to at least one of the user and the second entity.

2. A computer-implemented method, the method comprising:
- storing policy data for entities;
  
  receiving a message in a network from a first entity for a response from a second entity, wherein the first entity is a user;
  
  identifying, in a database, first policy data corresponding to the user, the first policy data being user-specific and imposing a first set of restrictions on the user to access the second entity, wherein the first set of restrictions includes a first requirement for the user to be authenticated to communicate with the second entity;
  
  identifying, in the database, second policy data associated with the second entity, the second policy data including a second set of restrictions, wherein the second set of restrictions includes at least a second requirement separate from the first requirement for the user to be authorized to communicate with the second entity;
  
  utilizing at least one hardware processor, combining the first policy data with the second policy data by determining a union and logical combination of the first policy data and the second policy data to produce a combined policy data, wherein said combining of the first policy data with the second policy data is a logical combination, and wherein the first policy data is combined with the second policy data in response to the receipt of the message in the network;
  
  evaluating the combined policy data, utilizing the at least one hardware processor, to determine whether the combined policy data is violated, wherein the combined policy data is violated when a restriction from the first set of restrictions or the second set of restrictions is violated;
  
  in response to a determination that the combined policy data is violated, rejecting the message; and
  
  in response to a determination that the combined policy data is not violated, transmitting the message to the second entity.
- View Dependent Claims (5, 6, 7, 8, 9, 10)
- - 5. The method of claim 2 wherein an entirety of the first policy data corresponding to the first one of the entities is combined with an entirety of the second policy data corresponding to the second one of the entities.
  - 6. The method of claim 2 wherein a scope of the first policy data corresponds to a connection.
  - 7. The method of claim 6 wherein the scope of the first policy data only corresponds to a connection associated with the user.
  - 8. The method of claim 2 wherein a scope of the second policy data corresponds to a plurality of users.
  - 9. The method of claim 8, wherein the second set of restrictions is imposed on the plurality of users.
  - 10. The method of claim 2 wherein the first requirement is for the user to be authenticated using a password.

3. A computer-implemented method, the method comprising:
- storing policy data for entities;
  
  receiving a message in a network from a first entity for a response from a second entity, wherein the first entity is a user;
  
  identifying, in a database, first policy data corresponding to the user, the first policy data being user-specific and imposing a first set of restrictions on the user to access the second entity, wherein the first set of restrictions includes a first requirement for the user to be authenticated to communicate with the second entity;
  
  identifying, in the database, second policy data associated with the second entity, the second policy data including a second set of restrictions, wherein the second set of restrictions includes at least a second requirement separate from the first requirement for the user to be authorized to communicate with the second entity;
  
  utilizing at least one hardware processor, combining the first policy data with the second policy data by determining a union and logical combination of the first policy data and the second policy data to produce a combined policy data, wherein said combining of the first policy data with the second policy data is a logical combination, and wherein the first policy data is combined with the second policy data in response to the receipt of the message in the network;
  
  evaluating the combined policy data, utilizing the at least one hardware processor, to determine whether the combined policy data is violated, wherein the combined policy data is violated when a restriction from the first set of restrictions or the second set of restrictions is violated;
  
  in response to a determination that the combined policy data is violated, rejecting the message; and
  
  in response to a determination that the combined policy data is not violated, transmitting the message to the second entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Lerner, Alexander, Dewey, Michael K.
Primary Examiner(s)
Tabor, Amare F

Application Number

US10/858,709
Publication Number

US 20050080914A1
Time in Patent Office

3,283 Days
Field of Search

726/1, 709/223, 709/225, 709/230
US Class Current

726/1
CPC Class Codes

G06F 21/6236   between heterogeneous systems

G06F 9/546   Message passing systems or ...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

H04L 67/63   Routing a service request d...

Policy management in an interoperability network

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

156 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Policy management in an interoperability network

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

156 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links