1. Statement of the Technical Field
The present invention relates to a policy based classification of network requests and more particularly to the minimization of string operations when performing a policy based classification.
2. Description of the Related Art
The vast majority of computing devices process computer processing requests indiscriminately. That is, regardless of the requester, each request can be processed with equal priority. Given the exponential increase in network traffic across the Internet, however, more recent network-oriented computing devices have begun to provide varying levels of computing services based upon what has been referred to as a “policy based service differentiation model”. In this model, the computing devices can offer many levels of service where different requests originating from different requestors receive different levels of treatment depending upon administratively defined policies.
The policy based service differentiation model is the logical result of several factors. Firstly, the number and variety of computing applications which generate requests across networks both private and public has increased dramatically in the last decade. Each of these applications, however, has different service requirements. Secondly, technologies and protocols that enable the provision of different services having different levels of security and quality of service (QoS) have become widely available. Yet, access to these different specific services must be regulated because these specific services can consume important computing resources such as network bandwidth, memory and processing cycles. Finally, business objectives or organizational goals can be best served when discriminating between different requests rather than treating all requests for computer processing in a like manner.
A central requirement in enabling policy based service differentiation in the network context is that network requests must be classified into categories based upon applicable policy rules. Policy rules are well-known in the art inasmuch as policy rules specify service differentiation policies. Typically, policy rules take the form:                if (policy condition) then (policy action)In the context of an Internet protocol (IP) based network, the policy condition can be specified according to packet attributes including header fields which identify not only the source and the destination of a network request, but also the value of the protocol field, the type of service requested, etc. Additionally, conventional policy conditions can include other criteria, for instance the identification of the requestor and the location and identity of the requested resource, commonly referred to as a Uniform Resource Indicator (URI). Generally speaking, these attributes and criteria can be referred to as “selector attributes”. In that regard, it has become common for policy conditions to be specified in terms of ranges of selector attribute values, e.g. a range of IP addresses or ports, or a range of times.        
Policy actions, by comparison, specify an operation or operations which are to be performed if and only if the policy condition associated with the policy action in the policy rule evaluates to true. The classification process to determine the applicability of a set of policy rules can be in of itself a time and resource consuming process. Specifically, in conventional policy based classifications, a computing module can sequentially scan a list of policy rules to determine whether a given policy rule ought to apply to a particular request. The process can continue until a first match can be found, or until the list of policy rules has been completely exhausted. Also, when evaluating the policy condition based upon string-based selector attributes such as a URI, user identification, or user group, string comparison operations are performed liberally during the matching process.
As is well-known in the art, however, string operations can be resource intensive when compared to integer operations. Furthermore, sequential searches are order n/2 searches and are considered highly inefficient, especially when searching a large list of data. Given the increasing importance of policy based service differentiation, however, it is important not only to scan the list of policy rules in the most efficient manner possible, but also, where string operations are required to perform policy rule matching, the number of string operations performed ought to be minimized.