| 摘要 |
An access control system provides access control to at least one information resource associated with at least one application within a computer network. The system comprises a plurality of context sources being relevant for the at least one application and providing context information, a constraint specification console providing an interface to specify application specific constraints based on the context sources, a rule engine capable of handling facts and applying inference rules on those facts, an application specific constraint enforcement point configured for receiving access requests, hence querying facts and further being responsible for making access decisions regarding the information resource based on those facts and on application specific constraints and a rule engine adaptor acting as intermediary in communication of the rule engine with the context sources, the constraint specification console and the enforcement point, respectively, so as to allow access control to the at least one information resource based on specified application specific constraints with regard to context information originating from the context sources.
|
