Patent attributes
Embodiments are directed to connection revocation in overlay networks. An overlay network may be employed to provide secure tunnels between clients and resources. In response to a privilege evaluation event, performing further actions, including: determining sessions associated with the secure tunnels; determining users and a portion of the resources based on the sessions such that each determined user and each determined resource are associated with a same session; comparing privilege information associated with each determined user with privilege requirements associated with each determined resource. In response to determining one or more mismatches of the privilege information and the privilege requirements based on the comparison, performing further actions, including: determining revocable sessions based on the mismatches; providing revoke messages to agents such that the agents close connections associated with the revocable sessions.
