发明申请
US20060206931A1 Access control policy engine controlling access to resource based on any of multiple received types of security tokens
有权
基本信息:
- 专利标题: Access control policy engine controlling access to resource based on any of multiple received types of security tokens
- 专利标题(中):访问控制策略引擎基于多种接收到的安全令牌中的任何一种来控制对资源的访问
- 申请号:US11080806 申请日:2005-03-14
- 公开(公告)号:US20060206931A1 公开(公告)日:2006-09-14
- 发明人: Blair Dillaway , John Manferdelli , Shawn Woods
- 申请人: Blair Dillaway , John Manferdelli , Shawn Woods
- 申请人地址: US WA Redmond
- 专利权人: Microsoft Corporation
- 当前专利权人: Microsoft Corporation
- 当前专利权人地址: US WA Redmond
- 主分类号: H04L9/32
- IPC分类号: H04L9/32
摘要:
An access control policy engine associated with a resource determines whether to allow a request to access same. The engine receives the request with an security token, retrieves the token determines a type thereof, and maps access decision information in the token to a common format as at least one security claim setting forth adequate information to determine a right of the requestor. Thereafter, the engine retrieves a set of rules for accessing the resource, applies the rules to the security claims to determine whether to allow the request from the requestor, and if the request is to be allowed, provides the requestor access to the resource in accordance with the request and the rights of the requestor as determined based on the security claims.
摘要(中):
与资源相关联的访问控制策略引擎确定是否允许请求访问它。 引擎使用安全令牌接收请求,检索令牌确定其类型,并将令牌中的访问决策信息映射到通用格式作为至少一个安全权利要求,其中提供足够的信息以确定请求者的权利。 此后,引擎检索用于访问资源的一组规则,将规则应用于安全声明以确定是否允许来自请求者的请求,并且如果请求被允许,则根据请求提供对资源的请求者访问 请求者的请求和权利根据担保权利要求确定。
公开/授权文献:
IPC结构图谱:
| H | 电学 |
| --H04 | 电通信技术 |
| ----H04L | 数字信息的传输,例如电报通信 |
| ------H04L9/00 | 保密或安全通信装置 |
| --------H04L9/32 | .包括用于检验系统用户的身份或凭据的装置 |