CONTROLLING APPLICATION ACCESS TO SENSITIVE DATA

CONTROLLING APPLICATION ACCESS TO SENSITIVE DATA

Some embodiments control access by applications to resources in a computing environment. An embodiment notes a request from an application to access a resource, determines a compliance status of the application based on access control policy compliance criteria, ascertains an authorization status of...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: PUTTAGUNTA, Vasundhara, SEHGAL, Richa, MENON, Anand Madhava, JINDAL, Himanshu, MUSTAFI, Sanjoyan, DANI, Rajalakshmi, CHAUHAN, Sumit Kumar, ROY, Shuvam Singha, VAHIDNIA, Arash, MAYOR, JR., Rufino Louie, BOREDDY, Nikhil Reddy, ARORA, Neha, BAKER, Caleb Geoffrey, ARORA, Himani
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Some embodiments control access by applications to resources in a computing environment. An embodiment notes a request from an application to access a resource, determines a compliance status of the application based on access control policy compliance criteria, ascertains an authorization status of the request based on an authorization credential of the request and an authorization requirement of the resource, and responds to the request based on the compliance status and also based on the authorization status, thereby providing fine-grained access control. Access may also be controlled based on a request's beneficiary. An access request response may allow access, deny access, or ask for additional authorization. A compliance classifier reduces risk by dynamically updating compliance status after compliance criteria changes or attribute changes. An identity service access control architecture uses a compliance attribute to improve efficiency. Applications may be access control grouped according to resource sensitivity labels.