CPC G06F 21/6218 (2013.01) [G06F 3/0482 (2013.01); G06F 3/0483 (2013.01); G06F 16/211 (2019.01); G06F 16/256 (2019.01); G06F 21/31 (2013.01); G06F 21/604 (2013.01); G06F 40/106 (2020.01); G06N 5/01 (2023.01); H04L 63/101 (2013.01); H04L 63/102 (2013.01); H04L 63/105 (2013.01); H04L 63/205 (2013.01); G06F 2221/2141 (2013.01)] | 20 Claims |
1. A method for secure policies-based information governance, the method comprising:
displaying a Graphical User Interface (GUI), the graphical user interface receiving a business rule input from a business user;
receiving a policy from a policy engine based on the business rule input and at least one guardrail policy comprising a rule having a level of precedence higher than the business rule of the business rule input, the policy engine generating a policy hierarchy;
defining a plurality of domain objects and a plurality of domain object representations in the Graphical User Interface (GUI) based on the policy, the at least one guardrail policy, and the policy hierarchy;
defining an extensible hierarchical domain model definition using the policy hierarchy, the extensible hierarchical domain model definition being modified using the plurality of domain object representations in the Graphical User Interface (GUI);
defining a Policy Enforcement Point (PEP) in an application based on the extensible hierarchical domain model definition;
providing a mapping from the Policy Enforcement Point (PEP) in the application to the plurality of domain object representations in the Graphical User Interface (GUI);
receiving, by the Policy Enforcement Point (PEP), a user request to access a resource on the application, the user request comprising attributes of the business user;
sending, by the Policy Enforcement Point (PEP), the user request to access the resource on the application to a Policy Decision Point (PDP);
evaluating, by the Policy Decision Point (PDP), the user request to access the resource on the application, the evaluating using the extensible hierarchical domain model definition;
generating, by the Policy Decision Point (PDP), a decision regarding the user request to access the resource on the application based on the evaluating; and
enforcing, by the Policy Enforcement Point (PEP), the decision regarding the user request to access the resource on the application.
|