ACCESS CONTROL POLICY CONVERSION

ACCESS CONTROL POLICY CONVERSION

Methods and apparatus are provided for generating an access control policy data structure for a single-authorization-query access control system from a source policy data structure of an access control system in which primary authorizations can be subject to auxiliary constraints. Authorizations in...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: VAN HERREWEGHEN ELSIE A, KARJOTH GUENTER
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Methods and apparatus are provided for generating an access control policy data structure for a single-authorization-query access control system from a source policy data structure of an access control system in which primary authorizations can be subject to auxiliary constraints. Authorizations in the data structures are defined in terms of subject, resource and action elements. For each resource in a set of resources in the source policy data structure, the data structure is analyzed to identify primary authorizations relating to that resource. For each primary authorization, policy data which represents a policy defining an access rule expressing that authorization is generated and stored in system memory and analyzed to identify any auxiliary constraints associated with that primary authorization. For each auxiliary constraint so identified, policy data is generated and stored in system memory.