摘要 |
<p>Techniques are provided for controlling access to a resource based on access policies and attributes. A principal issues a request to a service for purposes of accessing a resource. The principal is authenticated (110, 240) and a service contract for the principal, the service, and the resource is generated (130,260). The service contract defmes resource access policies and attributes which can be permissibly performed by the service on behalf of the principal during a session. Moreover, the session between the service and the resource is controlled (170,280) by the service contract.</p> |