METHOD, SYSTEM AND COMPUTER PROGRAM PRODUCT FOR ENFORCING ACCESS CONTROLS TO FEATURES AND SUBFEATURES ON UNCONTROLLED WEB APPLICATION

摘要

Embodiments disclosed herein provide feature-level access control functionality useful for enforcing access controls to features and subfeatures on uncontrolled, third party Web Applications such as those associated with social networking sites. Specifically, pages of uncontrolled Web applications are programmatically inspected as they are accessed by users of an enterprise computing environment. Specific features on the pages are located and access to these features is enabled or disabled on a per user basis. A modified page is generated if feature(s) on a Web page is/are to be disabled. To block certain feature(s), content may be rewritten on-the-fly. Because embodiments disclosed herein can programmatically inspect a Web page and understand what is on the page at a much finer granularity, it is possible for enterprises to gain benefits that may come from embracing social networking sites without risking the downsides of allowing enterprise users access to uncontrolled Web applications.

主权项

1. A method, comprising:
responsive to a request destined for a networking site from a client device associated with a user in a computing environment, examining unstructured application data of the networking site originated outside of the computing environment, the examining performed by a computer utilizing at least one filter specific to the networking site and stored on non-transitory computer memory accessible by the computer; identifying types of information in the unstructured application data, the identifying performed by the computer, the types of information corresponding to features of the networking site, the features allowing users of the networking site to interact with the networking site; determining if any feature of the features of the networking site is to be controlled for the user in the computing environment, the determining performed by the computer based at least in part on a policy applicable to the user in the computing environment; and when a feature of the networking site is determined by the computer to be controlled for the user in the computing environment, sending a notification via the client device to the user, the notification indicating that the feature of the networking site is to be controlled for the user.