Abstract: An embedded policy takes the form of an executable entity local to the endpoint or end application attempting to access target data. The executable entity is compiled from a declarative remote policy based on objects, subjects and actions, and includes a library and API (Application Programming Interface) in conjunction with a client application seeking access according to the policy. Evaluation of appropriate access is resolved with a local function call to the executable entity, rather than a network message exchange, thus providing data target access according to the policy without incurring network latency.

Abstract: A network device for enforcing an authorization policy to a database includes identifying an authorization policy based on declarative designations of a set of objects, subjects and actions affected by an access request, and distributing the executable entity to a plurality if endpoints of a network of users. Each endpoint of the plurality of endpoints has one or more client applications. The endpoint embeds the executable entity in the client application, the executable entity responsive to access requests from the client application, and the endpoint node grants the access request based on evaluating the access request against the authorization policy, evaluating based only on instructions in the executable entity.

Abstract: An embedded policy takes the form of an executable entity local to the endpoint or end application attempting to access target data. The executable entity is compiled from a declarative remote policy based on objects, subjects and actions, and includes a library and API (Application Programming Interface) in conjunction with a client application seeking access according to the policy. Evaluation of appropriate access is resolved with a local function call to the executable entity, rather than a network message exchange, thus providing data target access according to the policy without incurring network latency.