Techniques for virtual representational state transfer (REST) interfaces

US 10,182,074 B2
Filed: 05/22/2015
Issued: 01/15/2019
Est. Priority Date: 08/11/2009
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

transparently intercepting, by a server, a Representational State Transfer (REST) service request from a client within a local processing environment of the REST service, wherein the REST service request is sent from the client to a REST service to the REST service and the REST service request is a REST-formatted request;

enforcing, by the server, enterprise policy against the REST service request, wherein enforcing further includes at least and independently enforcing security associated with the local processing environment as a portion of the enterprise policy, wherein the security is outside the scope of REST processing that is performed by the REST service when provided the REST service request;

forwarding, by the server, the REST service request to the REST service when the enterprise policy is validated, wherein the REST service is unaware of the enforcement of the enterprise policy and assumes the REST service request is being sent directly from the client to the REST service, and wherein the client and the REST service were riot preconfigured to directly interact with the server and the client is unaware of the server; and

processing the method on the server as a reverse proxy within a firewalled environment that is the local processing environment of the REST service and simultaneously processing the method as a transparent proxy to the client that is associated with an external processing environment that is external to the local processing environment.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for virtual Representational State Transfer (REST) interfaces are provided. A proxy is interposed between a client and a REST service over a network. The proxy performs independent authentication of the client and provides credentials to the client and for the client to authenticate to the REST service using a REST service authentication mechanism. The proxy inspects requests and responses and translates the requests and responses into formats expected by the client and the REST service. Moreover, the proxy enforces policy and audits the requests and responses occurring between the client and the REST service over the network.

29 Citations

View as Search Results

17 Claims

1. A method, comprising:
- transparently intercepting, by a server, a Representational State Transfer (REST) service request from a client within a local processing environment of the REST service, wherein the REST service request is sent from the client to a REST service to the REST service and the REST service request is a REST-formatted request;
  
  enforcing, by the server, enterprise policy against the REST service request, wherein enforcing further includes at least and independently enforcing security associated with the local processing environment as a portion of the enterprise policy, wherein the security is outside the scope of REST processing that is performed by the REST service when provided the REST service request;
  
  forwarding, by the server, the REST service request to the REST service when the enterprise policy is validated, wherein the REST service is unaware of the enforcement of the enterprise policy and assumes the REST service request is being sent directly from the client to the REST service, and wherein the client and the REST service were riot preconfigured to directly interact with the server and the client is unaware of the server; and
  
  processing the method on the server as a reverse proxy within a firewalled environment that is the local processing environment of the REST service and simultaneously processing the method as a transparent proxy to the client that is associated with an external processing environment that is external to the local processing environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising, auditing, by the server, interaction between the client and the REST service.
  - 3. The method of claim 1 further comprising, providing, by the server, single-sign on access to a second REST service for a user operating the client based on successful authentication of the user, by the server, to the REST service.
  - 4. The method of claim 1 further comprising, authenticating, by the server, a user operating the client for access to the REST service by enlisting a third-party authentication service.
  - 5. The method of claim 1, wherein enforcing further includes enforcing security restrictions as the enterprise policy against the REST service request.
  - 6. The method of claim 5, wherein forwarding further includes enforcing the security restrictions for interactions between the client and the REST service after the REST service request is forwarded to the REST service.
  - 7. The method of claim 1, wherein enforcing further includes evaluating an authentication policy that is defined by the enterprise policy, and authenticating a user operating the client in accordance with the authentication policy.
  - 8. The method of claim 7, wherein evaluating further includes processing a second authentication mechanism that is different from that which was defined by the authentication policy to authenticate the user to the REST service.
  - 9. The method of claim 8 further comprising, processing a third authentication mechanism from that which was defined by the authentication policy and the second authentication mechanism to authenticate the user to a second REST service for a second REST service request issued from the client.

10. A method, comprising:
- configuring a proxy as a proxy between a client of a network and two or more independent Representational State Transfer (REST) services, wherein configuring further includes configuring the proxy as a transparent proxy to the client and simultaneously configuring the proxy as a reverse proxy to the REST services, wherein configuring further includes configuring the proxy within a local processing environment of the REST services that is external to the client;
  
  operating the proxy to present to the client as the REST services, wherein the client directs requests to the REST services during operation of the client, wherein the requests are REST-formatted requests;
  
  enforcing, by the proxy during operation, policy against the requests for access made by the client to the REST services and against interactions between the client and the REST services, wherein the client and the REST services are not preconfigured for directly interacting with the proxy and the client and the REST services are unaware of the proxy, and wherein enforcing further includes at least and independently enforcing security associated with the local processing environment as a portion of the policy, wherein the security is outside the scope of any REST processing that is performed by the REST services when provided the requests; and
  
  processing the method for all REST service requests made by the client to any of the REST services of the local processing environment.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10, wherein enforcing further includes authenticating a user operating the client and the client to at least one of the REST services using a first set of credentials supplied by the user with a first request based on the enterprise policy.
  - 12. The method of claim 11 further comprising, authenticating the user and the client to a different one of the REST services using a second set of credentials that was not supplied by the user in response to a second request issued from the user through the client for access to the different REST service.
  - 13. The method of claim 10, wherein enforcing further includes enforcing custom enterprise security against the requests and the interactions, wherein the custom enterprise security defined in the enterprise policy.
  - 14. The method of claim 10, wherein enforcing further includes auditing the requests and the interactions in response to enforcing the enterprise policy.

15. A system, comprising:
- a hardware server configured with executable instructions residing in a non-transitory computer-readable medium, the executable instructions representing a proxy service; and
  
  the proxy service configured to;
  
  i) execute on one or more processors of the hardware server, ii) intercept Representational State Transfer (REST) requests issued over a network connection from a client as REST-formatted requests, wherein the REST requests are received by the proxy server within a local processing environment associated with a plurality of REST services and the client associated with an external processing environment that is external to the local processing environment, the client making the REST requests to at least one of the REST services, and iii) enforce enterprise policy against the REST requests before forwarding the REST requests to the at least one of the REST services, and at least and independently enforce security associated with the local processing as a portion of the enterprise policy, wherein the security is outside the scope of REST processing that is performed by the REST services when provided the REST requests , wherein both the client and the REST services are unaware of the proxy service and neither the client nor the REST services are preconfigured for directly interacting with the proxy service, wherein the proxy service is a transparent proxy to the client and simultaneously a reverse proxy to the REST services.
- View Dependent Claims (16, 17)
- - 16. The system of claim 15, wherein the proxy service is further configured to:
    - iv) provide single-sign on to a user operating the client to access the REST services with a single-set of user-supplied credentials, wherein each of the REST services require authentication for the user using different sets of credentials for the user.
  - 17. e system of claim 15, wherein the proxy service is further configured to:
    - iv) enforce security restrictions defined in the enterprise policy against the REST requests, v) enforce the security restrictions against interactions between the client and the REST services, and vi) audit the REST requests and the interactions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Inventors
Burch, Lloyd Leon, Earl, Douglas Garry, Bultmeyer, Jonathan Paul, McClain, Carolyn B.
Primary Examiner(s)
Moorthy, Aravind K

Application Number

US14/719,386
Publication Number

US 20150281286A1
Time in Patent Office

1,334 Days
Field of Search

726 1, 726 7, 726 12, 726 22, 713153, 713168
US Class Current
CPC Class Codes

G06Q 10/10   Office automation; Time man...

H04L 63/0281   Proxies

H04L 63/08   for authentication of entit...

H04L 63/0884   by delegation of authentica...

H04L 63/20   for managing network securi...

Techniques for virtual representational state transfer (REST) interfaces

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for virtual representational state transfer (REST) interfaces

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links