Web service gateway filtering
First Claim
Patent Images
1. A firewall device that receives and passes messages to and from a destination web service comprising:
- one or more web service filters to verify that a message received by the firewall device is from an authorized client, wherein the one or more filters use policies to verify the message and to define access rights of the authorized client if the message is verified;
a first logical web service processing module to monitor services available from the destination web service, and to determine if a request in the message for a particular service is available from the destination web service; and
a second logical web service processing module to process data representing the request in the message based on the policies that define access rights of the authorized client.
2 Assignments
0 Petitions
Accused Products
Abstract
A firewall device implements policies for a destination web service, where the policies determine the access rights of clients and other web services to services that are available at the destination web service. The clients and web services send requests in the form of web service messages which are processed by the firewall server based on the policies.
119 Citations
42 Claims
-
1. A firewall device that receives and passes messages to and from a destination web service comprising:
-
one or more web service filters to verify that a message received by the firewall device is from an authorized client, wherein the one or more filters use policies to verify the message and to define access rights of the authorized client if the message is verified;
a first logical web service processing module to monitor services available from the destination web service, and to determine if a request in the message for a particular service is available from the destination web service; and
a second logical web service processing module to process data representing the request in the message based on the policies that define access rights of the authorized client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method of managing policy for a destination web service implemented at a firewall server comprising:
-
receiving a web service message containing a request for a service at the destination web service;
verifying that the web service message is from an authorized particular client;
applying policies which define access rights to applications of the destination web service that are available to the particular client;
inspecting the request contained in the message as to whether the request is valid per the access rights available to the particular client; and
providing an application if the message is verified, the particular client has access rights, and the request is valid per the access rights available to the particular client. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. For use with a firewall device, a storage medium having instructions that, when executed on the firewall computer, performs acts comprising:
-
receiving requests from clients for applications in a destination web service;
verifying the clients submitting the requests;
determining access rights of the clients to the applications based on policies implemented at the firewall computer; and
providing applications to a client if a request is valid. - View Dependent Claims (36, 37, 38)
-
-
39. A firewall device comprising:
-
means for receiving web service messages from clients, wherein the web service messages are destined to a web service;
means for verifying that the web service messages are from authorized clients; and
means for applying policies as to applications available to authorized clients from the web service. - View Dependent Claims (40, 41, 42)
-
Specification