Abstract: A method of implementing requirements applicable to systems of an enterprise includes modeling the requirements as contents of policies applicable to target domains of the enterprise. The policy contents are integrated into a policy model. The policy model is adapted to obtain representations of domain-specific requirements corresponding to target systems in the target domains. The representations are integrated with the corresponding target systems to implement the domain-specific requirements.

Abstract: A method of implementing access control requirements to control access to a plurality of system resources. The requirements are modeled as contents of security policies. The security policy contents are integrated into a policy set. Representations of the integrated policy set are generated, each representation corresponding to a target system that controls access to the resources. The policy set representation(s) are integrated with the corresponding target system(s) to implement the policy set. This method makes it possible to implement high-level security requirements correctly and consistently across systems of a system-of-systems (SoS) and/or distributed system.

Abstract: An apparatus to implement role based access control which reduces administrative expenses associated with managing access in accordance with policies and roles. The apparatus includes a memory storing a first role based access control condition associated with an action and a subsystem executing an enforcement entity and a decision entity. In various forms, the two entities are independent entities. The enforcement entity receives a request for the action from a requestor with a role. Additionally, the enforcement entity communicates the role and the request to the decision entity for the decision entity's decision of whether the role satisfies the first condition. The decision entity then communicates the decision to the enforcement entity. Accordingly, the enforcement entity allows or denies the requester the action based on the decision made by the decision entity.

Abstract: A method of implementing requirements applicable to systems of an enterprise includes modeling the requirements as contents of policies applicable to target domains of the enterprise. The policy contents are integrated into a policy model. The policy model is adapted to obtain representations of domain-specific requirements corresponding to target systems in the target domains. The representations are integrated with the corresponding target systems to implement the domain-specific requirements.

Abstract: A method of implementing access control requirements to control access to a plurality of system resources. The requirements are modeled as contents of security policies. The security policy contents are integrated into a policy set. Representations of the integrated policy set are generated, each representation corresponding to a target system that controls access to the resources. The policy set representation(s) are integrated with the corresponding target system(s) to implement the policy set. This method makes it possible to implement high-level security requirements correctly and consistently across systems of a system-of-systems (SoS) and/or distributed system.

Abstract: An apparatus to implement role based access control which reduces administrative expenses associated with managing access in accordance with policies and roles. The apparatus includes a memory storing a first role based access control condition associated with an action and a subsystem executing an enforcement entity and a decision entity. In one preferred form, the two entities are independent entities. The enforcement entity receives a request for the action from a requestor with a role. Additionally, the enforcement entity communicates the role and the request to the decision entity for the decision entity's decision of whether the role satisfies the first condition. The decision entity then communicates the decision to the enforcement entity. Accordingly, the enforcement entity allows or denies the requestor the action based on the decision made by the decision entity.