Patent attributes
A method of providing access control for a software defined network (SDN) controller includes triggering, by the SDN controller upon receiving a trigger event from a data plane of the software defined network, one or more applications that are installed to run at a control plane of the software defined network atop the SDN controller to react to the trigger event, applying, by the SDN controller before triggering applications due to a trigger event, a conflict resolution scheme. The conflict resolution scheme includes determining all flow spaces that are affected by the trigger event and selecting from these flow spaces a single selected flow space that complies with a predetermined policy, determining, a single master application according to predefined criteria, and triggering, in addition to the master application, only those applications whose reactions to the trigger event do not conflict with the master application.