| 发明名称 |
QUERY INTERFACE TO POLICY SERVER |
| 摘要 |
A scalable access filter that is used together with others like it in a virtual private network to control access by users at clients in the network to information resources provided by servers in the network. Each access filter uses a local copy of an access control data base to determine whether an access request is made by a user. Each user belongs to one or more user groups and each information resource belongs to one or more information sets. Access is permitted or denied according to access policies which define access in terms of the user groups and information sets. The first access filter in the path performs the access check, encrypts and authenticates the request; the other access filters in the path do not repeat the access check. The interface used by applications to determine whether a user has access to an entity is now an SQL entity. The policy server assembles the information needed for the response to the query from various information sources, including source external to the policy server. |
| 申请公布号 |
US2017118221(A1) |
申请公布日期 |
2017.04.27 |
| 申请号 |
US201615257747 |
申请日期 |
2016.09.06 |
| 申请人 |
DELL SOFTWARE INC. |
发明人 |
Hannel Clifford Lee;May Anthony |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for managing user access to computing resources, the method comprising:
receiving a first access policy, wherein the first access policy identifies that resources associated with a first set of information can be accessed by a first set of one or more users assigned to a first user group; receiving a second access policy, wherein the second access policy identifies that resources associated with a second set of information can be accessed by a second set of one or more uses assigned to a second user group; receiving an indication of a hierarchical relationship between the first user group and the second user group; receiving a request to access a resource associated with the first set of resources is received from a user of the second user group; identifying that the second user group is hierarchically related to the first user group according to the received hierarchical relationship between the second user group and the first user group; and allowing access to the resource based on the received hierarchical relationship. |
| 地址 |
Round Rock TX US |
