Automatic enforcement of obligations according to a data-handling policy
First Claim
1. A method for automatically enforcing obligations in accordance with a data-handling policy, said data-handling policy comprising rules for access to data stored in a data repository and obligations based on said access to said data, said method comprising:
- intercepting a request by a user for accessing said data stored in said data repository;
determining user access restrictions to said data according to said rules;
providing requested data to said user upon successfully validating said user according to said rules;
identifying an obligation associated with access to a specific data item, said obligation comprising a specified action invoked by said data-handling policy as a result of said access to said specific data item, and said obligation being associated with an appropriate time for execution;
identifying rules in said data-handling policy having said obligation;
generating a list of data access events, based on said rules, for associating the specific data item requested by said user with said obligation; and
responsive to said requested data comprising said specific data item, automatically executing said obligation at said appropriate time after access to said specific data item requested by said user.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems and computer program products for automatically enforcing obligations in accordance with a data-handling policy are disclosed. Requests by users for accessing data stored in a data repository are intercepted. A determination is made whether any obligations apply to each data item requested in accordance with the data handling policy. The determination may relate to whether rules having associated obligations identified in the data-handling policy apply to data items requested by a user. The obligations are automatically executed at an appropriate time after access of the data. Association of a data item requested by the user with an obligation may be recorded and tracked to determine the appropriate time for executing the obligation.
60 Citations
27 Claims
-
1. A method for automatically enforcing obligations in accordance with a data-handling policy, said data-handling policy comprising rules for access to data stored in a data repository and obligations based on said access to said data, said method comprising:
-
intercepting a request by a user for accessing said data stored in said data repository; determining user access restrictions to said data according to said rules; providing requested data to said user upon successfully validating said user according to said rules; identifying an obligation associated with access to a specific data item, said obligation comprising a specified action invoked by said data-handling policy as a result of said access to said specific data item, and said obligation being associated with an appropriate time for execution; identifying rules in said data-handling policy having said obligation; generating a list of data access events, based on said rules, for associating the specific data item requested by said user with said obligation; and responsive to said requested data comprising said specific data item, automatically executing said obligation at said appropriate time after access to said specific data item requested by said user. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for automatically enforcing obligations that apply to access of data items stored in a data repository, said method comprising:
-
intercepting a request by a user for accessing data stored in said data repository; executing said request on said data repository; determining whether access to a data item returned in response to said request is governed by rules of a data-handling policy; providing requested data to said user upon successfully validating said user according to said rules; determining whether an obligation is associated with said data item returned in response to said request, said obligation comprising a specified action invoked by said rules of said data handling policy as a result of said access to a specific data item; responsive to said requested data comprising said specific data item, automatically tracking said specific data item and said obligation to determine an appropriate time for said obligation to be executed; identifying rules in said data-handling policy having said obligation; generating a list of data access events, based on said rules, for associating the specific data item requested by said user with said obligation; and automatically executing said obligation at said appropriate time. - View Dependent Claims (8, 9)
-
-
10. A system for automatically enforcing obligations in accordance with a data handling policy, said data handling policy comprising rules for access to data stored in a data repository and obligations based on said access to said data, said system comprising:
-
a processor operatively connected to said data repository; a user interface operatively connected to said processor, said user interface receiving a request for accessing said data stored in said repository; and an output device operatively connected to said processor, said processor comprising; a content manager; a request interceptor that intercepts said request for accessing said data stored in said repository and executes said request on said content manager, which returns requested data to said output device according to said request; an event handler that determines whether said request is approved according to said rules and determines if an obligation is associated with access to a specific data item returned in response to said request in accordance with said data handling policy, said obligation comprising a specified action invoked by said data-handling policy as a result of said access to said specific data item, and said obligation being associated with an appropriate time for execution; and a policy translator that identifies rules in said data handling policy having said obligation and generates a list of data access events, based on said rules, for associating the specific data item requested by said user with said obligation; and responsive to said requested data comprising said specific data item, said processor executing said obligation at said appropriate time after access of said specific data item. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A computer system for automatically enforcing obligations that apply to data items stored in a data repository, said system comprising:
-
a memory for storing data and computer instructions; and a processor connected to said memory, said processor executing said computer instructions to perform the tasks of; intercepting a request for accessing data stored in said repository; executing said request on said data repository; determining whether access to a data item returned in response to said request is governed by rules of a data-handling policy; identifying if an obligation is associated with said data item returned in response to said request in accordance with said data handling policy, said obligation comprising a specified action invoked by said data-handling policy as a result of said access to a specific data item, and said obligation being associated with an appropriate time for execution; marking said data item returned in response to said request having an obligation according to said data handling policy; automatically tracking said data item returned in response to said request having an associated obligation and said associated obligation to determine an appropriate time when said obligation should be executed; identifying rules in said data-handling policy having said obligation; generating a list of data access events, based on said rules, for associating said specific data item requested with said obligation; and automatically executing said associated obligation at said appropriate time. - View Dependent Claims (16, 17, 18)
-
-
19. A non-transitory computer readable medium, tangibly storing instructions executable by a computer to perform a method for automatically enforcing obligations in accordance with a data-handling policy, said method comprising:
-
intercepting a request for accessing data stored in a data repository; determining user access restrictions to said data according to rules of said data-handling policy; providing requested data to a user upon successfully validating said user according to said rules; identifying an obligation associated with access to a specific data item, said obligation comprising a specified action invoked by said data-handling policy as a result of said access to said specific data item, and said obligation being associated with an appropriate time for execution; identifying rules in said data-handling policy having said obligation; generating a list of data access events, based on said rules, for associating the specific data item requested by said user with said obligation; and responsive to said requested data comprising said specific data item, automatically executing said obligation at said appropriate time after access to said specific data item requested by said user. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25. A non-transitory computer readable medium, tangibly storing instructions executable by a computer to perform a method for automatically enforcing obligations in accordance with a data-handling policy, said method comprising:
-
intercepting a request for accessing data stored in a data repository; executing said request on said data repository; determining whether access to a data item returned in response to said request is governed by rules of said data-handling policy; determining whether an obligation is associated with said data item returned in response to said request, said obligation comprising a specified action invoked by said rules of said data handling policy, as a result of said access to a specific data item; identifying rules in said data-handling policy having said obligation; generating a list of data access events, based on said rules, for associating said specific data item requested with said obligation; responsive to said data item returned in response to said request comprising said specific data item, automatically tracking said specific data item and said obligation to determine an appropriate time for said obligation to be executed; and automatically executing said obligation at said appropriate time. - View Dependent Claims (26, 27)
-
Specification