主权项 |
1. A method of controlling access to a resource, comprising:
extracting by an extracting computer one or more atomic rules from an access control policy defining access to a resource, each said atomic rule being characterized by a triplet of entities comprising a subject entity having a single subject value, an action entity having a single action value, and a resource entity having a single resource value, and being characterized by a decision value; losslessly compressing each entity value of said triplet and said decision value into corresponding numeric values; indexing by an indexing computer in an index said atomic rule using an index value for said atomic rule formed by concatenating the corresponding numeric values of the entities of said triplet; decomposing by a receiving computer a request for access to a resource into one or more atomic requests, each atomic request comprising a request triplet having an identified subject, an identified action, and an identified resource; deriving by the receiving computer an index key for each atomic request by converting the parts of the request triplet into other corresponding numeric values and concatenating said other corresponding numeric values; searching said index using said index key to locate applicable atomic rules; and evaluating said atomic request relative to said applicable atomic rules to provide an access decision. |