主权项 |
1. An apparatus comprising:
a memory operable to:
store a plurality of token-based rules, wherein a token-based rule facilitates access to a resource by a device associated with a user, wherein access to the resource is based at least in part upon:
a numeric assurance level whose value is based at least in part upon a form of authentication performed by the user;a numeric trust level whose value is based at least in part upon a form of security provided by the resource; anda numeric risk level;store a plurality of tokens, wherein the plurality of tokens includes a risk token and a session token associated with access to the resource, wherein:
access to the resource is granted based at least in part upon the numeric assurance level, the numeric trust level, and the numeric risk level;the device is further associated with at least one of a car and a home; andthe numeric risk level is based at least in part upon the risk token; and a processor communicatively coupled to the memory and operable to:
receive a first token indicating that at least one of a car alarm and a home alarm associated with the device has been triggered;determine that the numeric risk level has changed in response to receiving the first token;in response to the determination that the numeric risk level has changed, determine, based at least in part upon at least one token-based rule from the plurality of token-based rules, the numeric assurance level, the numeric trust level, and the numeric risk level, that access to the resource should be terminated in response to receiving the first token;terminate the session token in response to the determination that access to the resource should be terminated;receive a second token indicating that the at least one of the car alarm and home alarm has been resolved;determine that the numeric risk level has changed in response to receiving the second token;determine, based at least in part upon the at least one token-based rule, the numeric assurance level, the numeric trust level, and the numeric risk level, that access to the resource should be reestablished;generate a first decision token indicating that access to the resource should be reestablished in response to the determination that access to the resource should be reestablished; andtransmit the first decision token. |