Automated security analysis for federated relationship
First Claim
1. At a computer system, the computer system including a processor, the computer system connection to a Wide Area Network (WAN) along with a first organization and a second organization, the first organization including a first gateway that separates a domain network for the first organization from the Wide Area Network (WAN), the second organization including a second gateway that separates a domain network for the second organization from the Wide Area Network (WAN), a method for configuring data sharing between the first organization and the second organization to perform a collaborative function, the method comprising:
- comparing a first access policy organization for the first organization to a second access policy for the second organization;
determining the first access policy and the second access policy have one or more common security access definitions;
determining the first access policy and the second access policy have one or more differing security access definitions, at least one differing security access definition indicating a more restrictive data access policy for the first organization relative to the second organization, at least one other differing security access definition indicating a different more restrictive data access policy for the second organization relative to the first organization;
creating a federation data access policy, the federation data access policy representing the one or more common security access definitions;
the processor creating a separate shared repository on the Wide Area Network (WAN) for sharing data related to the collaborative function between the first organization and the second organization, the shared repository created to conform to the federation access policy;
the processor configuring the shared repository to;
take in data related to the collaborative function from the second organization for sharing with the first organization in accordance with the federation data access policy; and
take in data related to the collaborative function from the first organization for sharing with the second organization in accordance with federation data access policy;
the processor configuring an input filter between the first organization and the shared repository to limit what data related to the collaborative function can be sent from the first organization into the shared repository, the input filter compensating for the more restrictive data access policy for the first organization;
the processor configuring a second input filter between the second organization and the shared repository, the second input filter configured to limit what data related to the collaborative function can be sent from the second organization into the shared repository by removing at least one item from the data from the second organization so as to modify the data from the second organization to conform to the second access policy, the second input filter compensating for the different more restrictive data access policy for the second organization; and
the processor permitting users from both the first organization and the second organization to access data related to the collaborative function from the shared repository.
2 Assignments
0 Petitions
Accused Products
Abstract
A secure collaboration mechanism between two organizations may be created based on a set of security system definitions provided by a receiving organization to a providing organization. The providing organization may create a shared portal that has a federated access between both organizations and has access and other security functions. The data collection process may be automated using digitally signed forms or other documents to analyze the security practices of the receiving organization and create a shared portal that has increased or decreased security provisions compared to the providing organization'"'"'s standard procedures. The collaboration mechanism may be implemented in a bilateral arrangement, a hub and spoke arrangement, and a multilateral arrangement.
12 Citations
19 Claims
-
1. At a computer system, the computer system including a processor, the computer system connection to a Wide Area Network (WAN) along with a first organization and a second organization, the first organization including a first gateway that separates a domain network for the first organization from the Wide Area Network (WAN), the second organization including a second gateway that separates a domain network for the second organization from the Wide Area Network (WAN), a method for configuring data sharing between the first organization and the second organization to perform a collaborative function, the method comprising:
-
comparing a first access policy organization for the first organization to a second access policy for the second organization; determining the first access policy and the second access policy have one or more common security access definitions; determining the first access policy and the second access policy have one or more differing security access definitions, at least one differing security access definition indicating a more restrictive data access policy for the first organization relative to the second organization, at least one other differing security access definition indicating a different more restrictive data access policy for the second organization relative to the first organization; creating a federation data access policy, the federation data access policy representing the one or more common security access definitions; the processor creating a separate shared repository on the Wide Area Network (WAN) for sharing data related to the collaborative function between the first organization and the second organization, the shared repository created to conform to the federation access policy; the processor configuring the shared repository to; take in data related to the collaborative function from the second organization for sharing with the first organization in accordance with the federation data access policy; and take in data related to the collaborative function from the first organization for sharing with the second organization in accordance with federation data access policy; the processor configuring an input filter between the first organization and the shared repository to limit what data related to the collaborative function can be sent from the first organization into the shared repository, the input filter compensating for the more restrictive data access policy for the first organization; the processor configuring a second input filter between the second organization and the shared repository, the second input filter configured to limit what data related to the collaborative function can be sent from the second organization into the shared repository by removing at least one item from the data from the second organization so as to modify the data from the second organization to conform to the second access policy, the second input filter compensating for the different more restrictive data access policy for the second organization; and the processor permitting users from both the first organization and the second organization to access data related to the collaborative function from the shared repository. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for configuring data sharing between a provider domain and a recipient domain to perform collaborative function, the system comprising:
-
a processor; system memory; a network connection to a first domain, the first domain having a provider gateway between the first domain and Wide Area Network (WAN); a network connection to a second domain, the second domain having a recipient gateway between the second domain and the Wide Area Network (WAN); a security gathering mechanism that receives security descriptors from the recipient domain and from the provider domain; a security analyzer that; analyzes the security descriptors from the recipient domain and from the provider domain to; determine that the security descriptors from the first domain and the security descriptors from the second domain have one or more common security descriptors; and determine that the security descriptors from the first domain and the security descriptors from the second domain have one or more differing security descriptors, at least one different security descriptor indicating a more restrictive data access policy for the first domain relative to the second domain, at least one other differing security access definition indicating a different more restrictive data access policy for the second domain relative to the first domain; and creates a federation data access policy, the federation data access policy representing the one or more common security descriptors; and
a repository engine that;creates a separate shared repository on the Wide Area Network (WAN) for sharing data related to the collaborative function between the first domain and the second domain, the shared repository being; accessible from the first domain and from the second domain, configures the shared repository to take in data related to the collaborative function from the provider domain for sharing with the recipient domain in accordance with federation data access policy; configures an input filter between the provider organization first domain and the shared repository to limit what data related to the collaborative function can be sent from the first organization into the shared repository, the input filter compensating for the more restrictive data access policy for the first domain; configures a second input filter between the second organization and the shared repository, the second input filter configured to limit what data related to the collaborative function can be sent from the second organization into the shared repository by removing at least one item from the data from the second organization so as to modify the data from the second organization to conform to the second access policy, the second input filter compensating for the different more restrictive data access policy for the second organization; and permits users from both the first domain and the second domain to access data related to the collaborative function from the shared repository. - View Dependent Claims (7, 8, 9, 10, 11, 12, 18, 19)
-
-
13. A computer-program product for use at computer system, the computer system connection to a Wide Area Network (WAN) along with a first organization and a second organization, the first organization including a first gateway that separates a domain network for the first organization from the Wide Area Network (WAN), the second organization including a second gateway that separates a domain network for the second organization from the Wide Area Network (WAN), the computer program product for implementing a method for configuring data sharing between the first organization and the second organization to perform a collaborative function, the computer program product comprising one or more computer storage devices having stored thereon computer-executable instructions that, when executed by a processor, cause the computer system to perform the method, including the following:
-
compare a first access policy organization for the first organization to a second access policy for the second organization; determine the first access policy and the second access policy have one or more common security access definitions; determine the first access policy and the second access policy have one or more differing security access definitions, at least one differing security access definition indicating a more restrictive data access policy for the first organization relative to the second organization, at least one other differing security access definition indicating a different more restrictive data access policy for the second organization relative to the first organization; create a federation data access policy, the federation data access policy representing the one or more common security access definitions; create a separate shared repository on the Wide Area Network (WAN) for sharing data related to the collaborative function between the first organization and the second organization, the shared repository created to conform to the federation access policy; configure the shared repository to; take in data related to the collaborative function from the second organization for sharing with the first organization in accordance with the federation data access policy; and take in data related to the collaborative function from the first organization for sharing with the second organization in accordance with federation data access policy; configure an input filter on the Wide Area Network (WAN) between the first organization and the shared repository to limit what data related to the collaborative function can be sent from the first organization into the shared repository, the input filter compensating for the more restrictive data access policy for the first organization; configure a second input filter on the Wide Area Network (WAN) between the second organization and the shared repository to limit what data related to the collaborative function can be sent from the second organization into the shared repository by removing at least one item from the data from the second organization so as to modify the data from the second organization to conform to the second access policy, the second input filter compensating for the different more restrictive data access policy for the second organization; and permit users from both the first organization and the second organization to access data related to the collaborative function from the shared repository. - View Dependent Claims (14, 15, 16, 17)
-
Specification