| CPC G06F 16/24564 (2019.01) [G06F 16/2246 (2019.01); G06F 16/258 (2019.01)] | 20 Claims |
|
1. One or more non-transitory computer-readable media storing computer-executable instructions that, when executed by a processor, perform a method for processing software authorization policies in order to translate the software authorization policies from a first format to a second format via a neutral format, the method comprising:
receiving a user request for an authorization access comprising a first policy tree, said first policy tree comprising at least one first condition expression and at least one first combination rule;
responsive to receiving the first policy tree, searching a second policy tree stored in a policy repository to select a sub-policy tree, said second policy tree comprising at least one second condition expression and at least one second combination rule,
wherein policies of the first policy tree and the second policy tree are organized in the neutral format, wherein the neutral format is a reduced tree data structure comprising at least one node having at least one first or second combination rule and at least one leaf having at least one first or second condition expression,
wherein a depth of the reduced tree data structure is reduced through a removal of any redundant combination rules and combination of evaluated leaf condition expressions;
selecting the sub-policy tree from the stored second policy tree based upon comparing against the first policy tree;
copying the selected sub-policy tree to a third policy tree, said third policy tree comprising at least one third condition expression and at least one third combination rule,
wherein said at least one first condition expression, said at least one second condition expression, and said at least one third condition expression defines a scope, a range, or a condition of an attribute value, and
wherein said at least one first combination rule, said at least one second combination rule, and said at least one third combination rule comprises: “AllOf”, “And”, “AnyOf” or “Or”;
evaluating at least one leaf of the third policy tree against the at least one leaf of the first policy tree;
joining the at least one node having the at least one third combination rule of the third policy tree against the at least one node having the at least one first combination rule of the first policy tree;
reducing the third policy tree to the neutral format by combining the at least one evaluated leaf and removing redundant combination rules; and
responding to the user request with the third policy tree, wherein said response indicates the authorization access associated with the user request.
|