Declarative permission requests in a computer system

Assignee

• Microsoft Corporation · US

Inventors

• Michael Jerger · Kirkland, US
• Jeffrey A. Bisset · Redmond, US
• Craig T. Sinclair · Sammamish, US
• Michael J. Toutonghi · Seattle, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/52
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Computer-based systems and methods are disclosed for a comprehensive security model for managing active content downloaded from a computer network. The security model includes the configuration of a system security policy that is stored on a host computer. The system security policy is configured by security zone in progressively “finer grain” levels with each level associated with and defining the previous level. These levels may include: protected operations; user permission sets, permissions, parameters and primitives. In the disclosed method and systems, a publisher of active content specifies a requested permission set that includes a list the permissions (defined by parameters, which are defined by primitives) that the active content requires in order to run on the host system. The requested permission set is external to the active content so that it is not necessary to run the active content in order to discover the permissions that the active content requires in order to run. The requested permission set may be included in a signed code package wherein the identity of the active content publisher is guaranteed. A digital signature of the signed code package also…