Abstract: A method for controlling access to a set of data is provided. The method includes receiving, via an interface, a request from an agent to access the set of data in a database; extracting an access criterion relating to a predefined data access constraint and a predetermined data access policy from the request; and determining whether the agent is granted access to the set of data using the criterion, where the access criterion is based on an attribute that is associated with an element within the set of data.

Abstract: A system for and a method of regulating the data interconnections between applications running on an infrastructure are provided. The system/method records access permission data into metadata embedded in the source code of each such application that regulates the data that can be received or transmitted by that application. In addition to regulating the receipt or transmission of data, the metadata can serve to provide instruction to firewalls and other regulating systems in order to configure those systems to allow the applications to receive and transmit data for which permissions have been recorded.

Abstract: A method for controlling an access to a resource is provided. The method includes receiving, from a first user, a first input that relates to a business criterion for a provision of the access to the resource; receiving, from a second user, a second input that relates to an application-specific criterion for the provision of the access to the resource; generating one or more one access-control rules based on the inputs; receiving an access request; and determining whether to grant the access request based on the rules, and any conditions that pertain to the access. The method effectively decouples the business-related criterion from the application-specific criterion for the access determination, thereby ensuring that business stakeholders and application owners each have an independent ability to provide inputs for generating access-control rules and policies.

Abstract: A method for defining a policy for providing access to a system is provided. The method includes: identifying, for each of a plurality of information classes within an information model, at least one respective information attribute; defining, for at least one of the at least one respective information attribute, a respective predicate filter function; determining, based on the defined at least one respective predicate filter function, at least one access rule that relates to a corresponding information attribute; defining the policy with respect to each of the plurality of information classes based on the constructed API and each of the determined at least one access rule; and constructing an application programming interface (API) for the information model based on the defined policy. The API may be augmented by updating parameters based on the defined policy.

Abstract: A method for governing a policy for providing access to a system is provided. The method includes: receiving a plurality of policy data units, each respective policy data unit including information that relates to an access determination with respect to the system; processing the plurality of policy data units by constructing a first directed graph of policy data unit processors, and obtaining an access policy rule as a result of the processing; evaluating the obtained access policy rule across a compute environment that is distributed in time and space by using the first directed graph; generating a signed access token that relates to a predetermined user based on the obtained access policy rule; and transmitting the signed access token to the predetermined user.

Abstract: A system for and a method of regulating the data interconnections between applications running on an infrastructure are provided. The system/method records access permission data into metadata embedded in the source code of each such application that regulates the data that can be received or transmitted by that application. In addition to regulating the receipt or transmission of data, the metadata can serve to provide instruction to firewalls and other regulating systems in order to configure those systems to allow the applications to receive and transmit data for which permissions have been recorded.

Abstract: A method for controlling access to a set of data is provided. The method includes receiving, via an interface, a request from an agent to access the set of data in a database; extracting an access criterion relating to a predefined data access constraint and a predetermined data access policy from the request; and determining whether the agent is granted access to the set of data using the criterion, where the access criterion is based on an attribute that is associated with an element within the set of data.

Abstract: A system for and a method of regulating the data interconnections between applications running on an infrastructure are provided. The system/method records access permission data into metadata embedded in the source code of each such application that regulates the data that can be received or transmitted by that application. In addition to regulating the receipt or transmission of data, the metadata can serve to provide instruction to firewalls and other regulating systems in order to configure those systems to allow the applications to receive and transmit data for which permissions have been recorded.

Abstract: A method for defining a policy for providing access to a system is provided. The method includes: identifying, for each of a plurality of information classes within an information model, at least one respective information attribute; defining, for at least one of the at least one respective information attribute, a respective predicate filter function; determining, based on the defined at least one respective predicate filter function, at least one access rule that relates to a corresponding information attribute; defining the policy with respect to each of the plurality of information classes based on the constructed API and each of the determined at least one access rule; and constructing an application programming interface (API) for the information model based on the defined policy. The API may be augmented by updating parameters based on the defined policy.

Abstract: A method for controlling an access to a resource is provided. The method includes receiving, from a first user, a first input that relates to a business criterion for a provision of the access to the resource; receiving, from a second user, a second input that relates to an application-specific criterion for the provision of the access to the resource; generating one or more one access-control rules based on the inputs; receiving an access request; and determining whether to grant the access request based on the rules, and any conditions that pertain to the access. The method effectively decouples the business-related criterion from the application-specific criterion for the access determination, thereby ensuring that business stakeholders and application owners each have an independent ability to provide inputs for generating access-control rules and policies.

Abstract: A system for and a method of regulating the data interconnections between applications running on an infrastructure are provided. The system/method records access permission data into metadata embedded in the source code of each such application that regulates the data that can be received or transmitted by that application. In addition to regulating the receipt or transmission of data, the metadata can serve to provide instruction to firewalls and other regulating systems in order to configure those systems to allow the applications to receive and transmit data for which permissions have been recorded.