摘要 |
Method and apparatus for assigning policies <B>[210]</B> which are rules <B>[210]</B> that govern the use of or access to network <B>[120]</B> services. Each rule <B>[210]</B> defines conditions that when evaluated true trigger actions to allow or deny the service. Techniques are disclosed which provide for explicit, flexible, and centralized assignment of policy <B>[210]</B> to targets <B>[110]</B> which are specified network <B>[120]</B> services. These techniques include explicitly associating a policy <B>[210]</B> with a network <B>[120]</B> resource or process, grouping policy <B>[210]</B> related processes, grouping related targets <B>[110]</B>, associating groups of targets <B>[300]</B> not shown with groups of policies <B>[400]</B> not shown, mapping a user name <B>[980]</B> not shown contained in a policy <B>[210]</B> to an associated network address <B>[690]</B> such as an Internet Protocol (IP) address <B>[690]</B>, and providing dynamically mapped policy identified user and host names <B>[980,680]</B> not shown with associated network addresses <B>[690]</B>, such as IP addresses <B>[690]</B>, to client processes <B>[660]</B>.
|