-
公开(公告)号:US09208332B2
公开(公告)日:2015-12-08
申请号:US12978451
申请日:2010-12-24
申请人: Paul Leach , David McPherson , Vishal Agarwal , Mark Fishel Novak , Ming Tang , Ramaswamy Ranganathan , Pranav Kukreja , Andrey Popov , Nir Ben Zvi , Arun K. Nanda
发明人: Paul Leach , David McPherson , Vishal Agarwal , Mark Fishel Novak , Ming Tang , Ramaswamy Ranganathan , Pranav Kukreja , Andrey Popov , Nir Ben Zvi , Arun K. Nanda
CPC分类号: G06F21/604 , G06Q10/06
摘要: Resource authorization policies and resource scopes may be defined separately, thereby decoupling a set of authorization rules from the scope of resources to which those rules apply. In one example, a resource includes anything that can be used in a computing environment (e.g., a file, a device, etc.). A scope describes a set of resources (e.g., all files in folder X, all files labeled “Y”, etc.). Policies describe what can be done with a resource (e.g., “read-only,” “read/write,” “delete, if requestor is a member of the admin group,” etc.). When scopes and policies have been defined, they may be linked, thereby indicating that the policy applies to any resource within the scope. When a request for the resource is made, the request is evaluated against all policies associated with scopes that contain the resource. If the conditions specified in the policies apply, then the request may be granted.
摘要翻译: 可以单独定义资源授权策略和资源作用域,从而将一组授权规则与这些规则适用的资源范围分离。 在一个示例中,资源包括可以在计算环境(例如,文件,设备等)中使用的任何内容。 范围描述一组资源(例如,文件夹X中的所有文件,标记为“Y”的所有文件等)。 策略描述了资源可以做什么(例如,“只读”,“读/写”,“删除,如果请求者是管理组的成员”等)。 当定义了范围和策略时,可以链接它们,从而指示策略适用于范围内的任何资源。 当对资源进行请求时,会根据与包含资源的范围相关联的所有策略来评估该请求。 如果策略中指定的条件适用,则可以授予请求。
-
公开(公告)号:US08813170B2
公开(公告)日:2014-08-19
申请号:US13294162
申请日:2011-11-10
申请人: Mark F. Novak , Paul Leach , Vishal Agarwal , David McPherson , Sunil Gottumukkala , Jignesh Shah , Arun K. Nanda , Nir Ben Zvi , Pranav Kukreja , Ramaswamy Ranganathan
发明人: Mark F. Novak , Paul Leach , Vishal Agarwal , David McPherson , Sunil Gottumukkala , Jignesh Shah , Arun K. Nanda , Nir Ben Zvi , Pranav Kukreja , Ramaswamy Ranganathan
IPC分类号: G06F17/00
摘要: A policy that governs access to a resource may be tested against real-world access requests before being used to control access to the resource. In one example, access to a resource is governed by a policy, referred to as an effective policy. When the policy is to be modified or replaced, the modification or replacement may become a test policy. When a request is made to access the resource, the request may be evaluated under both the effective policy and the test policy. Whether access is granted is determined under the effective policy, but the decision that would be made under the test policy is noted, and may be logged. If the test policy is determined to behave acceptably when confronted with real-world access requests, then the current effective policy may be replaced with the test policy.
摘要翻译: 管理对资源的访问的策略可以在被用于控制对资源的访问之前被针对真实的访问请求进行测试。 在一个示例中,对资源的访问受政策管辖,被称为有效策略。 当修改或更换策略时,修改或替换可能成为测试策略。 当请求访问资源时,可以根据有效策略和测试策略对请求进行评估。 是否授予访问是根据有效策略确定的,但是将根据测试策略作出的决定被注明,并可能被记录。 如果测试策略在面对现实访问请求时被确定为可接受的行为,则可以用测试策略替换当前的有效策略。
-
公开(公告)号:US20120167158A1
公开(公告)日:2012-06-28
申请号:US12978451
申请日:2010-12-24
申请人: Paul Leach , David McPherson , Vishal Agarwal , Mark Fishel Novak , Ming Tang , Ramaswamy Ranganathan , Pranav Kukreja , Andrey Popov , Nir Ben Zvi , Arun K. Nanda
发明人: Paul Leach , David McPherson , Vishal Agarwal , Mark Fishel Novak , Ming Tang , Ramaswamy Ranganathan , Pranav Kukreja , Andrey Popov , Nir Ben Zvi , Arun K. Nanda
IPC分类号: G06F17/00
CPC分类号: G06F21/604 , G06Q10/06
摘要: Resource authorization policies and resource scopes may be defined separately, thereby decoupling a set of authorization rules from the scope of resources to which those rules apply. In one example, a resource includes anything that can be used in a computing environment (e.g., a file, a device, etc.). A scope describes a set of resources (e.g., all files in folder X, all files labeled “Y”, etc.). Policies describe what can be done with a resource (e.g., “read-only,” “read/write,” “delete, if requestor is a member of the admin group,” etc.). When scopes and policies have been defined, they may be linked, thereby indicating that the policy applies to any resource within the scope. When a request for the resource is made, the request is evaluated against all policies associated with scopes that contain the resource. If the conditions specified in the policies apply, then the request may be granted.
摘要翻译: 可以单独定义资源授权策略和资源作用域,从而将一组授权规则与这些规则适用的资源范围分离。 在一个示例中,资源包括可以在计算环境(例如,文件,设备等)中使用的任何内容。 范围描述一组资源(例如,文件夹X中的所有文件,标记为“Y”的所有文件等)。 策略描述了资源可以做什么(例如,“只读”,“读/写”,“删除,如果请求者是管理组的成员”等)。 当定义了范围和策略时,可以链接它们,从而指示策略适用于范围内的任何资源。 当对资源进行请求时,会根据与包含资源的范围相关联的所有策略来评估该请求。 如果策略中指定的条件适用,则可以授予请求。
-
公开(公告)号:US20130125199A1
公开(公告)日:2013-05-16
申请号:US13294162
申请日:2011-11-10
申请人: Mark F. Novak , Paul Leach , Vishal Agarwal , David McPherson , Sunil Gottumukkala , Jignesh Shah , Arun K. Nanda , Nir Ben Zvi , Pranav Kukreja , Ramaswamy Ranganathan
发明人: Mark F. Novak , Paul Leach , Vishal Agarwal , David McPherson , Sunil Gottumukkala , Jignesh Shah , Arun K. Nanda , Nir Ben Zvi , Pranav Kukreja , Ramaswamy Ranganathan
IPC分类号: G06F21/00
摘要: A policy that governs access to a resource may be tested against real-world access requests before being used to control access to the resource. In one example, access to a resource is governed by a policy, referred to as an effective policy. When the policy is to be modified or replaced, the modification or replacement may become a test policy. When a request is made to access the resource, the request may be evaluated under both the effective policy and the test policy. Whether access is granted is determined under the effective policy, but the decision that would be made under the test policy is noted, and may be logged. If the test policy is determined to behave acceptably when confronted with real-world access requests, then the current effective policy may be replaced with the test policy.
摘要翻译: 管理对资源的访问的策略可以在被用于控制对资源的访问之前被针对真实的访问请求进行测试。 在一个示例中,对资源的访问受政策管辖,被称为有效策略。 当修改或更换策略时,修改或替换可能成为测试策略。 当请求访问资源时,可以根据有效策略和测试策略对请求进行评估。 是否授予访问是根据有效策略确定的,但是将根据测试策略作出的决定被注明,并可能被记录。 如果测试策略在面对现实访问请求时被确定为可接受的行为,则可以用测试策略替换当前的有效策略。
-
-
-
搜索结果
4 条记录 (耗时 0.008 秒)
