Mapping policies to messages

US 20060015625A1
Filed: 07/14/2004
Published: 01/19/2006
Est. Priority Date: 07/14/2004
Status: Active Grant

First Claim

Patent Images

1. In a Web services environment for exchanging messages in a distributed system, a method of identifying policies mapped to messages associated with an application, without having to have code within the application for determining what policies may apply to the messages, the method comprising the acts of:

receiving a message at a Web service engine associated with an application that is external to the Web service engine, the application configured to exchange messages in a distributed system;

based on the contents of the received message, determining at least a destination endpoint identifier associated with the message;

accessing a policy mapping file that includes one or more endpoint sections, each of the one or more endpoint sections including one or more operation elements that indicate a type of interaction pattern for messages, wherein at least one of the one or more operation elements identifies one or more policy expression with one or more policy assertions representing policies associated with exchanging messages with the application; and

scanning the policy mapping file for identifying an operation element corresponding to the destination endpoint identifier.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Within a distributed system, e.g., Web service environment, the present invention provides a way for identifying policies mapped to messages associated with an application, without having to have code within the application for determining what policies should apply to the messages. A centralized Web service engine is provided that receives incoming and outgoing messages associated with an application. The messages have associated with them destination endpoint identifiers and request-reply properties, which the Web service engine can access. The Web service engine can then use at least the identifiers and properties for scanning policy message files corresponding to the applications in order to identify what policies, if any, should be applied to the messages.

Citations

40 Claims

1. In a Web services environment for exchanging messages in a distributed system, a method of identifying policies mapped to messages associated with an application, without having to have code within the application for determining what policies may apply to the messages, the method comprising the acts of:
- receiving a message at a Web service engine associated with an application that is external to the Web service engine, the application configured to exchange messages in a distributed system;
  
  based on the contents of the received message, determining at least a destination endpoint identifier associated with the message;
  
  accessing a policy mapping file that includes one or more endpoint sections, each of the one or more endpoint sections including one or more operation elements that indicate a type of interaction pattern for messages, wherein at least one of the one or more operation elements identifies one or more policy expression with one or more policy assertions representing policies associated with exchanging messages with the application; and
  
  scanning the policy mapping file for identifying an operation element corresponding to the destination endpoint identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 25, 26)
- - 2. The method of claim 1, wherein based on the contents of the received message a request action identifier and a request-reply property are also determined that are associated with the received message, and wherein the one or more endpoint sections of the mapping file include one or more operation sections with the one or more operation elements, and wherein the identified operation element further corresponds to the request action identifier and the request-reply property.
  - 3. The method of claim 2, wherein the act of scanning the policy mapping file further comprises the acts of:
    - using the destination endpoint identifier for identifying an endpoint section associated with the message from among the one or more endpoint sections within the policy mapping file;
      
      using the request action identifier for identifying an operation section associated with the message from among the one or more operation sections within the determined endpoint section; and
      
      using the request-reply property for identifying the operation element associated with the message from among the one or more operation elements within the determined operation section.
  - 4. The method of claim 2, further comprising the acts of:
    - determining that the request-reply property is a reply or failure;
      
      retrieving from the message a message identifier; and
      
      using the message identifier to retrieve the destination endpoint identifier and request action identifier from a store.
  - 5. The method of claim 2, wherein one or more of the identified endpoint section, the identified operation section or the identified operation element is a default endpoint section, default operation section or default operation element, respectively.
  - 6. The method of claim 2, wherein the destination endpoint identifier and request action identifier are URIs.
  - 7. The method of claim 2, wherein the request-reply property is one of a request, reply or failure.
  - 8. The method of claim 1, further comprising the act of:
    - determining if the message is either outgoing or incoming from the application; and
      
      based on the determination, validating or enforcing one or more policy expressions corresponding to the determined operation element.
  - 9. The method of claim 1, wherein the policy assertions represent preferences, requirements, capabilities or other properties associated with exchanging messages with the application.
  - 10. The method of claim 9, wherein the policy assertions are security policies that provide one or more of security token propagation, message integrity and message confidentiality through one or more of a signature, encryption, token, and username/password credentials.
  - 11. The method of claim 1, wherein the Web service engine receives messages, validates and enforces policies for a plurality of applications.
  - 12. The method of claim 1, wherein the policy mapping file is an eXtensible Markup Language (XML) document.
  - 13. The method of claim 1, wherein the received message is an outgoing message from the application, and wherein the message cannot be processed according to one or more policy assertions for the identified operation element, and wherein an error is returned to the application.
  - 14. The method of claim 1, wherein the operation element does not identify a policy expression with one or more policy assertions.
  - 25. The method of claim 1, wherein the identified operation element is a default operation element.
  - 26. The method of claim 1, wherein the received message is an outgoing message from the application, and wherein the message cannot be processed according to one or more policy assertions for the determined operation element, and wherein an error is returned to the application.

15. In a Web services environment for exchanging messages in a distributed system, a method of identifying policies mapped to messages associated with an application, without having code within the application for determining what policies may apply to the messages, the method comprising:
- an act of receiving a message at a Web service engine associated with an application that is external to the Web service engine, the application configured to exchange messages in a distributed system; and
  
  a step for identifying an operation element from among one or more operation elements based on at least a destination endpoint identifier associated with the message, the operation element included in a policy mapping file that includes one or more endpoint sections, each of the one or more endpoint sections including the one or more operation elements that that identifies one or more policy expression with one or more policy assertions representing policies associated with exchanging messages with the application.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 16. The method of claim 15, further comprising an act of:
    - based on the contents of the received message, determining the destination endpoint identifier, a request action identifier and a request-reply property associated with the received message, and wherein the one or more endpoint sections of the mapping file include one or more operation sections with the one or more operation elements, and wherein the operation element is further identified based also on the request action identifier and the request-reply property.
  - 17. The method of claim 16, further comprising the acts of:
    - determining that the request-reply property is a reply or failure;
      
      retrieving from the message a message identifier; and
      
      using the message identifier to retrieve the destination endpoint identifier and request action identifier from a store.
  - 18. The method of claim 16, wherein the destination endpoint identifier and request action identifier are URIs.
  - 19. The method of claim 15, further comprising the act of:
    - determining if the message is either outgoing or incoming from the application; and
      
      based on the determination, validating or enforcing one or more policy expressions corresponding to the identified operation element.
  - 20. The method of claim 15, wherein the policy assertions represent preferences, requirements, capabilities or other properties associated with exchanging messages with the application.
  - 21. The method of claim 20, wherein the policy assertions are security policies that provide one or more of security token propagation, message integrity and message confidentiality through one or more of a signature, encryption, token, and username/password credentials.
  - 22. The method of claim 15, wherein the Web service engine receives messages, validates and enforces policies for a plurality of applications.
  - 23. The method of claim 15, wherein the policy mapping file is an extensible Markup Language (XML) document created.
  - 24. The method of claim 15, wherein the request-reply property corresponding to the message is one of a request, reply or failure.

27. In a Web services environment for exchanging messages in a distributed system, a computer program product for implementing a method of identifying policies mapped to messages associated with an application, without having to have code within the application for determining what policies may apply to the messages, the computer program product comprising one or more computer readable media having stored thereon computer executable instructions that, when executed by a processor, can cause the distributed computing system to perform the following:
- receive a message at a Web service engine associated with an application that is external to the Web service engine, the application configured to exchange messages in a distributed system;
  
  based on the contents of the received message, determine a destination endpoint identifier corresponding to the message;
  
  access a policy mapping file that includes one or more endpoint sections, each of the one or more endpoint sections including one or more operation elements that indicate a type of interaction pattern for messages, wherein at least one of the one or more operation elements identifies a policy expression with one or more policy assertions representing policies associated with exchanging messages with the application; and
  
  scan the policy mapping file for identifying an operation element corresponding to the destination endpoint identifier.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 28. The computer program product of claim 27, wherein based on the contents of the received message a request action identifier and a request-reply property are also determined that are associated with the received message, and wherein the one or more endpoint sections of the mapping file include one or more operation sections with the one or more operation elements, and wherein the identified operation element further corresponds to the request action identifier and the request-reply property.
  - 29. The computer program product of claim 28, wherein the scan of the policy mapping file further comprises computer executable instructions that can cause the distributed computing system to perform the following:
    - use the destination endpoint identifier for identifying an endpoint section associated with the message from among the one or more endpoint sections within the policy mapping file;
      
      use the request action identifier for identifying an operation section associated with the message from among the one or more operation sections within the determined endpoint section; and
      
      use the request-reply property for identifying the operation element associated with the message from among the one or more operation elements within the determined operation section.
  - 30. The computer program product of claim 28, further comprising computer executable instructions that can cause the distributed computing system to perform the following:
    - determine that the request-reply property is a reply or failure;
      
      retrieve from the message a message identifier; and
      
      use the message identifier to retrieve the destination endpoint identifier and request action identifier from a store.
  - 31. The computer program product of claim 28, wherein one or more of the identified endpoint section, the identified operation section or the identified operation element is a default endpoint section, default operation section or default operation element, respectively.
  - 32. The computer program product of claim 28, wherein the destination endpoint identifier and request action identifier are URIs.
  - 33. The computer program product of claim 28, wherein the destination endpoint identifier and request action identifier are URIs.
  - 34. The computer program product of claim 28, wherein the request-reply property corresponding to the message is one of a request, reply or failure.
  - 35. The method of claim 27, wherein the operation element does not identify a policy expression with one or more policy assertions.
  - 36. The computer program product of claim 27, further comprising computer executable instructions that can cause the distributed computing system to perform the following:
    - determine if the message is either outgoing or incoming from the application; and
      
      based on the determination, validate or enforcing one or more policy expressions corresponding to the determined operation element.
  - 37. The computer program product of claim 27, wherein the policy assertions represent preferences, requirements, capabilities or other properties associated with exchanging messages with the application.
  - 38. The computer program product of claim 37, wherein the policy assertions are security policies that provide one or more of security token propagation, message integrity and message confidentiality through one or more of a signature, encryption, token, and username/password credentials.
  - 39. The computer program product of claim 27, wherein the Web service engine receives messages, validates and enforces policies for a plurality of applications.
  - 40. The computer program product of claim 27, wherein the policy mapping file is an eXtensible Markup Language (XML) document created.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Wilson, Hervey O., Ballinger, Keith W., Mukherjee, Vick B.

Granted Patent

US 8,005,901 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

H04L 67/02 based on web technology, e....

H04L 67/61 taking into account QoS or ...

Mapping policies to messages

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Mapping policies to messages

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links