Subject matching for distributed access control scenarios

• Main Authors: Smith, Ned M, Heldt-Sheller, Nathan
• Format: Patent
• Language: English
• Published: 19.04.2022
• Subjects: ELECTRIC COMMUNICATION TECHNIQUE; ELECTRICITY; WIRELESS COMMUNICATIONS NETWORKS

Various systems and methods for implementing an access control policy that provides subject matching in distributed access control scenarios, such as Internet of Things (IoT) device interconnection settings, are described. In an example, a determining an access control policy with an access evaluator includes: receiving a request from a subject to perform an operation with an object; evaluating the first type of access policy of the subject, and a second type of access policy of the object, to determine a first and second access scope for performing the requested operation; identifying an access control object that provides a mapping between the first access scope and the second access scope for performing the requested operation; and providing access from the subject to the object based on a security level determined from the mapping between the first access scope and the second access scope provided with the access control object.