摘要 |
An authorization system includes an authorization node, a storage device and a reference monitor. The authorization node executes an authorization policy, and the storage device stores an authorization state associated with the authorization policy. Requests for access to a secured resource are received at the reference monitor, and the reference monitor queries the authorization node, which uses the authorization policy to determine whether to grant access to the secured resource based on a rule having at least one access condition. The rule, executed as part of the authorization policy on the authorization node, is configured to update all the entries in the authorization state for which an update condition is met. |