| 摘要 |
According to one embodiment, a policy update system includes a server apparatus configured to be able to provide a plurality of services to a user, the server apparatus including storage device for storing a first user ID; a policy storage device configured to store a plurality of policies, each policy being composed of condition describing user attribute information in which a plurality of items including a second user ID corresponding to the first user ID are associated, and each policy specifying a use privilege of each service; a policy update apparatus configured to be able to update each stored policy; and a user attribute information storage device configured to store post-change user attribute information, and a change content for each second user ID. |
| 代理机构 |
Oblon, McClelland, Maier & Neustadt, L.L.P. |
代理人 |
Oblon, McClelland, Maier & Neustadt, L.L.P. |
| 主权项 |
1. A policy update system comprising:
a server apparatus configured to be able to provide a plurality of services to a user, the server apparatus including storage device for storing, with respect to each of the services, at least a first user ID which identifies a user who can use the services; a policy storage device configured to store a plurality of policies, each policy being composed of at least one condition describing user attribute information which is identity information relating to the user and in which a plurality of items including at least a second user ID corresponding to the first user ID are associated, and each policy specifying a use privilege of each service, which permits use of the services when a value of the user attribute information satisfies the condition; a policy update processing apparatus configured to be able to update each stored policy when the user attribute information was changed; and a user attribute information storage device configured to store post-change user attribute information, and a change content for each second user ID, the change content indicating values which are different between pre-change user attribute information and the post-change user attribute information, and including a value of the pre-change user attribute information and a value of the post-change user attribute information, the policy update processing apparatus comprising:
detection circuitry configured to detect a modification-target policy which requires modification and the policies excluding the modification-target policy, among the policies stored in the policy storage device, based on the change content stored in the user attribute information storage device;creation circuitry configured to create a modified policy in which the value of the user attribute information, which is described in the detected modification-target policy, was modified from the value of the pre-change user attribute information in the stored change content to the value of the post-change user attribute information;collection circuitry configured to collect the post-change user attribute information including the second user ID of the user, who can use the services provided by the server apparatus, as user attribute information for policy evaluation, from the user attribute information storage device;evaluation circuitry configured to evaluate whether the collected user attribute information for policy evaluation satisfies the policies excluding the modification-target policy and the modified policy with respect to each second user ID, based on the policies excluding the modification-target policy, among the policies stored in the policy storage device, and the created modified policy;specifying circuitry configured to specify the second user ID which is indicative of, among evaluation results by the evaluation circuitry, an evaluation result to an effect that the policy is satisfied by the pre-change user attribute information in the change content stored in the user attribute information storage device but the policy and/or modified policy is not satisfied by the value of the collected user attribute information for policy evaluation;update circuitry configured to for updating the policy corresponding to the created modified policy, among the policies stored in the policy storage device, to the modified policy; and deletion circuitry configured to delete the first user ID, which corresponds to the specified second user ID, from the storage device in the server apparatus. |
