The invention is related to the field of information security, and in particular to information security applications having configurable operation.
An information security application may employ a configuration structure to store configuration information that is used during operation to tailor operation in a manner that depends on the current operating environment. For example, a user authentication application may employ different authentication criteria depending on whether the user being authenticated is accessing a protected system locally via a protected network or remotely via a public network. The configuration structure stores configuration information specifying this variable operation based on the type of access for which authentication is being requested.
Known configuration structures employ a tree-like hierarchical organization of configuration information in which different variables define the levels of the tree. The organization reflects a predetermined dependence among the variables in terms of their relative weight or importance in determining what action may be taken. In use, an application obtains relevant information as far down in the tree (i.e., as close to a leaf) as possible, so that the most specific configuration information is used for each situation.