US Patent 9954899 Applying a network traffic policy to an application session

Embodiments of the present technology relate to a method for applying a security policy to an application session, comprising: determining, by a security gateway, a first user identity and a second user identity from a data packet for an application session; obtaining, by the security gateway, a security policy for the application session; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.