| CPC H04L 63/20 (2013.01) [H04L 43/50 (2013.01); H04L 63/101 (2013.01)] | 20 Claims |
|
1. A method comprising:
compiling, by a first provider network, a first source access control policy into a first target access control policy;
compiling, by the first provider network, a second source access control policy into a second target access control policy;
compiling, by the first provider network, a third source access control policy into a third target access control policy;
quotienting, by the first provider network, the first target access control policy to yield a first quotiented target access control policy, wherein the quotienting defines equivalence relations for types of identifiers including at least one of principals, actions, resources, or conditions, such that the equivalence relations group together semantically equivalent ones of the identifiers across different provider networks;
quotienting, by the first provider network, the second target access control policy to yield a second quotiented target access control policy;
quotienting, by the first provider network, the third target access control policy to yield a third quotiented target access control policy;
using, by the first provider network, an automated reasoning tool to verify a quotiented property against the first quotiented target access control policy;
using, by the first provider network, an automated reasoning tool to verify the quotiented property against the second quotiented target access control policy; and
using, by the first provider network, an automated reasoning tool to verify the quotiented property against the third quotiented target access control policy.
|