POLICY SEPARATION
The present invention relates to a policy decision point (PDP, 204) for interacting with a computer system comprising a plurality of resources (110), to which subjects' access is controlled by corresponding policy enforcement points (PEPs, 202). The PDP (204) comprises: a memory (130) storing a...
Gespeichert in:
| 1. Verfasser: | |
|---|---|
| Format: | Patent |
| Sprache: | eng ; fre ; ger |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | The present invention relates to a policy decision point (PDP, 204) for interacting with a computer system comprising a plurality of resources (110), to which subjects' access is controlled by corresponding policy enforcement points (PEPs, 202). The PDP (204) comprises: a memory (130) storing at least two policy packages, each controlling access rights to resources (110), and a connection table (304) associating each policy package with an end point address (302a-c); a network interface (212) operable to communicate with the PEPs (202), wherein the network interface (212) obtains access requests from a PEP (202) and returns access decisions to the PEP (202), each access request comprising an end point address for directing the access request to the PDP (204); and a processor (210) operable to: analyze an access request and determine, based on the end point address (302a-c) receiving the access request, an associated policy package; and evaluate the access request against the policy package thus determined. |
|---|