-
公开(公告)号:US10027551B1
公开(公告)日:2018-07-17
申请号:US15696094
申请日:2017-09-05
发明人: Neil Rickards , James Baker , Marco Gelmi , Radu-Cosmin Balan , Savino Sguera
摘要: Techniques for implementing a node-based access control system are described herein. In an embodiment, a server computer stores a node based policy system wherein each node identifies a resource and a policy for the resource. The server computer identifies a policy for a first node and an identifier of a second node wherein the second node is a parent node to the first node. The server computer maps an effective policy identifier to the policy for the first node and the identifier of the second node. The server computer stores data associating the effective policy identifier with the first node. The server computer identifies a policy for a third node and an identifier of the second node, wherein the second node is a parent node to the third node and wherein the policy for the third node is equivalent to the policy for the first node. The server computer then stores data associating the effective policy identifier with the third node.
-
公开(公告)号:US10362064B1
公开(公告)日:2019-07-23
申请号:US15807180
申请日:2017-11-08
发明人: Mark Elliot , Jason Zhao , Brian Schimpf , Jacob Meacham , Marco Gelmi , Benjamin Duffield , Savino Sguera , James Baker , Neil Rickards , Javier Campanini , Qinfeng Chen , Derek Cicerone , Nathan Ziebart
摘要: Aspects of the present disclosure include a system comprising a computer-readable storage medium storing at least one program and a method for managing access permissions associated with data resources. The method includes providing a user interface for registering a policy to a client device, and receiving a policy registration associated with a data resource stored in a first network database. The method further includes registering a policy associated with the data resource based on the policy registration. The registering of the policy includes creating a policy object that is linked to the data resource and storing the policy object in a second network database.
-
公开(公告)号:US10432469B2
公开(公告)日:2019-10-01
申请号:US16009120
申请日:2018-06-14
发明人: Neil Rickards , James Baker , Marco Gelmi , Radu-Cosmin Balan , Savino Sguera
摘要: Techniques for implementing a node-based access control system are described herein. In an embodiment, a server computer stores a node based policy system wherein each node identifies a resource and a policy for the resource. The server computer identifies a policy for a first node and an identifier of a second node wherein the second node is a parent node to the first node. The server computer maps an effective policy identifier to the policy for the first node and the identifier of the second node. The server computer stores data associating the effective policy identifier with the first node. The server computer identifies a policy for a third node and an identifier of the second node, wherein the second node is a parent node to the third node and wherein the policy for the third node is equivalent to the policy for the first node. The server computer then stores data associating the effective policy identifier with the third node.
-
公开(公告)号:US20190007271A1
公开(公告)日:2019-01-03
申请号:US16009120
申请日:2018-06-14
发明人: Neil Rickards , James Baker , Marco Gelmi , Radu-Cosmin Balan , Savino Sguera
CPC分类号: H04L41/0893 , G06F21/604 , G06F21/6218 , G06F21/6227 , G06F2221/2141 , H04L41/12 , H04L63/104 , H04L63/105 , H04L65/608 , H04L67/10
摘要: Techniques for implementing a node-based access control system are described herein. In an embodiment, a server computer stores a node based policy system wherein each node identifies a resource and a policy for the resource. The server computer identifies a policy for a first node and an identifier of a second node wherein the second node is a parent node to the first node. The server computer maps an effective policy identifier to the policy for the first node and the identifier of the second node. The server computer stores data associating the effective policy identifier with the first node. The server computer identifies a policy for a third node and an identifier of the second node, wherein the second node is a parent node to the third node and wherein the policy for the third node is equivalent to the policy for the first node. The server computer then stores data associating the effective policy identifier with the third node.
-
公开(公告)号:US11431753B2
公开(公告)日:2022-08-30
申请号:US16431169
申请日:2019-06-04
发明人: Mark Elliot , Jason Zhao , Brian Schimpf , Jacob Meacham , Marco Gelmi , Benjamin Duffield , Savino Sguera , James Baker , Neil Rickards , Javier Campanini , Qinfeng Chen , Derek Cicerone , Nathan Ziebart
摘要: Aspects of the present disclosure include a system comprising a computer-readable storage medium storing at least one program and a method for managing access permissions associated with data resources. Example embodiments involve evaluating user access permissions with respect to shared data resources of a group of network applications. The method includes receiving a request to access a data resource. The method further includes accessing a policy object linked to the data resource that includes an effective policy for the data resource. The method further includes evaluating a user's access permissions with respect to the data resource based on the policy object and communicating a response to the network application that includes the access permission of the user.
-
公开(公告)号:US20190289036A1
公开(公告)日:2019-09-19
申请号:US16431169
申请日:2019-06-04
发明人: Mark Elliot , Jason Zhao , Brian Schimpf , Jacob Meacham , Marco Gelmi , Benjamin Duffield , Savino Sguera , James Baker , Neil Rickards , Javier Campanini , Qinfeng Chen , Derek Cicerone , Nathan Ziebart
IPC分类号: H04L29/06
摘要: Aspects of the present disclosure include a system comprising a computer-readable storage medium storing at least one program and a method for managing access permissions associated with data resources. Example embodiments involve evaluating user access permissions with respect to shared data resources of a group of network applications. The method includes receiving a request to access a data resource. The method further includes accessing a policy object linked to the data resource that includes an effective policy for the data resource. The method further includes evaluating a user's access permissions with respect to the data resource based on the policy object and communicating a response to the network application that includes the access permission of the user.
-
公开(公告)号:US09888039B2
公开(公告)日:2018-02-06
申请号:US15204866
申请日:2016-07-07
发明人: Mark Elliot , Jason Zhao , Brian Schimpf , Jacob Meacham , Marco Gelmi , Benjamin Duffield , Savino Sguera , James Baker , Neil Rickards , Javier Campanini , Qinfeng Chen , Derek Cicerone , Nathan Ziebart
CPC分类号: H04L63/20 , G06F21/60 , H04L63/08 , H04L63/10 , H04L2463/121
摘要: Aspects of the present disclosure include a system comprising a computer-readable storage medium storing at least one program and a method for managing access permissions associated with data resources. Example embodiments involve evaluating user access permissions with respect to shared data resources of a group of network applications. The method includes receiving a request, from one of the network applications, to access a particular data resource. The request includes an identifier of a requesting user. The method further includes accessing a policy object associated with the data resource that includes policy information specifying operations the user is authorized to perform with respect to the data resource based on satisfaction of one or more conditions. The method further includes evaluating the user's access permissions with respect to the data resource based on the policy object, and communicating a response to the network application that includes the access permission of the user.
-
-
-
-
-
-
搜索结果
7 条记录 (耗时 0.016 秒)
