Appeal 2007-0153
Application 09/792,918
the reference includes no information that the testing is performed without
granting authorization to said resource, as recited in claim 1.
With respect to claim 24, we also agree with Appellant (Br. 7; Reply
Br. 4-5) that the portions of Pachauri relied on by the Examiner contain no
teachings related to identifying a policy domain to which the resource
belongs and determining authorization based on rules associated with the
policy domain. The Examiner responds by stating that “policy domain” is
not materially different from “authorization rule set” since Appellant has not
defined what “policy domain” is (Answer 10).
As pointed out by Appellant (id.), the recited policy domain is defined
(Specification ¶ [102]) as “a logical grouping of Web Server host ID’s, host
names, URL prefixes, and rules.” We are persuaded by Appellant’s
arguments and find that the Examiner offers inadequate support for the
contention that the claimed limitations related to the policy domain and their
association with the resources is taught by Pachauri.
Turning now to claim 35, we note that the claim merely requires
testing whether access to a resource is authorized based on some received
access information. The claim, however, neither specifies any rules or
policies for determining authorization nor requires such determination
without granting authorization, as recited in claims 1 and 24. While an
access management system and an identity management system included in
the access system are recited, their functions in the testing step are not
recited. Additionally, we agree with the Examiner (Answer 11) that the
claimed access management system and the identity management system
reads on the design security profile module 210 and implement security
6
Page: Previous 1 2 3 4 5 6 7 8 9 10 Next
Last modified: September 9, 2013