Chaining of services
First Claim
1. A method for a first Web service provider to invoke a service hosted on a second Web service provider on behalf of a principal in a computer environment, comprising the steps of:
- said principal logging in with a discovery service;
said discovery service passing to said principal an identity assertion associated with said principal and a discovery service descriptor associated with said discovery service for use by principal for future authentication;
said principal authenticating using said identity assertion and using said discovery service descriptor at a Web service client, said Web service client linking to and representing a desired commerce site of said principal;
in response to an action related to said desired commercial site, said Web service client requesting a first service descriptor associated with said first Web service and a first service assertion associated with said first Web service from said discovery service;
in response to receiving said first service descriptor and said first service assertion, said Web service client invoking a desired service at said first Web service;
upon said first Web service determining a need to invoke a second desired service at a second Web service, said first Web service requesting from said discovery service a second service descriptor associated with said second Web service and a second service assertion associated with said second Web service; and
in response to receiving said request for said second service descriptor and said second service assertion, said discovery service adding said second service assertion to said first service assertion and subsequently passing said first service assertion and said second service descriptor to said first Web service;
in response to receiving said first service assertion and second service descriptor, said first Web service invoking said desired second service at said second Web service.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus is provided for invoking authenticated transactions on behalf of a user when the user is not present. For example, the invention allows a subscription to take actions that would otherwise require authentication. A method and apparatus is provided that gives apparent authority to a service that allows the service to get services from other services without revisiting the client. Thus, the architecture enables a Web Services Provider to assume the role of a Web Services Client and invoke other services required to perform its service. As each Web Services Provider calls another Web Services Provider, the Discovery Service adds the Web Services Provider'"'"'s footprint to the Service Assertions it passes on such that a trail of Web Services Providers is imprinted into the Service Assertion and is visible to the Discovery Service. Each Web Services Provider in the chain can also add permission requests.
-
Citations
21 Claims
-
1. A method for a first Web service provider to invoke a service hosted on a second Web service provider on behalf of a principal in a computer environment, comprising the steps of:
-
said principal logging in with a discovery service;
said discovery service passing to said principal an identity assertion associated with said principal and a discovery service descriptor associated with said discovery service for use by principal for future authentication;
said principal authenticating using said identity assertion and using said discovery service descriptor at a Web service client, said Web service client linking to and representing a desired commerce site of said principal;
in response to an action related to said desired commercial site, said Web service client requesting a first service descriptor associated with said first Web service and a first service assertion associated with said first Web service from said discovery service;
in response to receiving said first service descriptor and said first service assertion, said Web service client invoking a desired service at said first Web service;
upon said first Web service determining a need to invoke a second desired service at a second Web service, said first Web service requesting from said discovery service a second service descriptor associated with said second Web service and a second service assertion associated with said second Web service; and
in response to receiving said request for said second service descriptor and said second service assertion, said discovery service adding said second service assertion to said first service assertion and subsequently passing said first service assertion and said second service descriptor to said first Web service;
in response to receiving said first service assertion and second service descriptor, said first Web service invoking said desired second service at said second Web service. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus for a first Web service provider to invoke a service hosted on a second Web service provider on behalf of a principal in a computer environment, comprising:
-
means for said principal logging in with a discovery service;
means for said discovery service passing to said principal an identity assertion associated with said principal and a discovery service descriptor associated with said discovery service for use by principal for future authentication;
means for said principal authenticating using said identity assertion and using said discovery service descriptor at a Web service client, said Web service client linking to and representing a desired commerce site of said principal;
in response to an action related to said desired commercial site, means for said Web service client requesting a first service descriptor associated with said first Web service and a first service assertion associated with said first Web service from said discovery service;
in response to receiving said first service descriptor and said first service assertion, means for said Web service client invoking a desired service at said first Web service;
upon said first Web service determining a need to invoke a second desired service at a second Web service, means for said first Web service requesting from said discovery service a second service descriptor associated with said second Web service and a second service assertion associated with said second Web service; and
in response to receiving said request for said second service descriptor and said second service assertion, means for said discovery service adding said second service assertion to said first service assertion and subsequently passing said first service assertion and said second service descriptor to said first Web service;
in response to receiving said first service assertion and second service descriptor, means for said first Web service invoking said desired second service at said second Web service. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A program storage medium readable by a computer, tangibly embodying a program of instructions executable by the computer to perform a method for updating address information in a computer environment, the method comprising the steps of:
-
said principal logging in with a discovery service;
said discovery service passing to said principal an identity assertion associated with said principal and a discovery service descriptor associated with said discovery service for use by principal for future authentication;
said principal authenticating using said identity assertion and using said discovery service descriptor at a Web service client, said Web service client linking to and representing a desired commerce site of said principal;
in response to an action related to said desired commercial site, said Web service client requesting a first service descriptor associated with said first Web service and a first service assertion associated with said first Web service from said discovery service;
in response to receiving said first service descriptor and said first service assertion, said Web service client invoking a desired service at said first Web service;
upon said first Web service determining a need to invoke a second desired service at a second Web service, said first Web service requesting from said discovery service a second service descriptor associated with said second Web service and a second service assertion associated with said second Web service; and
in response to receiving said request for said second service descriptor and said second service assertion, said discovery service adding said second service assertion to said first service assertion and subsequently passing said first service assertion and said second service descriptor to said first Web service;
in response to receiving said first service assertion and second service descriptor, said first Web service invoking said desired second service at said second Web service. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A process for a first Web service provider to invoke a service hosted on a second Web service provider on behalf of a principal in a computer environment, comprising the steps of:
-
said principal logs in with a discovery service for subsequent authentication;
in response to said log in, said discovery service passing an identity assertion and a discovery service descriptor to said principal;
said principal uses said identity assertion and said discovery service descriptor to access a Web commerce site with a Web service client software interface application;
said Web service client software interface application requesting a first service descriptor and a first service assertion for a first desired service at a first Web server from said discovery service;
in response to receiving said first service descriptor and said first service assertion from said discovery service said Web service client software interface application invoking said first desired service at said first Web server;
said first Web server requesting a second service descriptor and a second service assertion for a second desired service at a second Web server from said discovery service; and
in response to receiving said second service descriptor and said second service assertion from said discovery service, said first Web server invoking said second desired service at said second Web server on behalf of said principal.
-
-
20. An apparatus for a first Web service provider to invoke a service hosted on a second Web service provider on behalf of a principal in a computer environment, comprising:
-
means for said principal logs in with a discovery service for subsequent authentication;
in response to said log in, means for said discovery service passing an identity assertion and a discovery service descriptor to said principal;
means for said principal using said identity assertion and said discovery service descriptor to access a Web commerce site with a Web service client software interface application;
means for said Web service client software interface application requesting a first service descriptor and a first service assertion for a first desired service at a first Web server from said discovery service;
in response to receiving said first service descriptor and said first service assertion from said discovery service, means for said Web service client software interface application invoking said first desired service at said first Web server;
means for said first Web server requesting a second service descriptor and a second service assertion for a second desired service at a second Web server from said discovery service; and
in response to receiving said second service descriptor and said second service assertion from said discovery service, means for said first Web server invoking said second desired service at said second Web server on behalf of said principal.
-
-
21. A program storage medium readable by a computer, tangibly embodying a program of instructions executable by the computer to perform a method for updating address information in a computer environment, the method comprising the steps of:
-
said principal logs in with a discovery service for subsequent authentication;
in response to said log in, said discovery service passing an identity assertion and a discovery service descriptor to said principal;
said principal uses said identity assertion and said discovery service descriptor to access a Web commerce site with a Web service client software interface application;
said Web service client software interface application requesting a first service descriptor and a first service assertion for a first desired service at a first Web server from said discovery service;
in response to receiving said first service descriptor and said first service assertion from said discovery service, said Web service client software interface application invoking said first desired service at said first Web server;
said first Web server requesting a second service descriptor and a second service assertion for a second desired service at a second Web server from said discovery service; and
in response to receiving said second service descriptor and said second service assertion from said discovery service, said first Web server invoking said second desired service at said second Web server on behalf of said principal.
-
Specification