US Patent 10395050 Policy storage using syntax graphs

Techniques for generating syntax graphs corresponding to user-defined policy statement are disclosed. In one or more embodiments, a policy management service receives a user-defined policy statement that includes a requestor variable value, an action variable value, a resource variable value, and a location variable value. The user-defined policy statement describes an authorization policy. The policy authorization service converts the user-defined policy statement to a canonical policy statement, which involves: mapping the requestor variable value to a unique system-wide requestor identifier, and mapping the location variable value to a unique system-wide location identifier. The policy management service generates a syntax graph of the canonical policy statement. The syntax graph is traversable to determine whether the authorization policy is satisfied for a particular authorization request. The policy management service stores the syntax graph for use by an authorization service.