Policy processing model

US 20060041636A1
Filed: 07/14/2004
Published: 02/23/2006
Est. Priority Date: 07/14/2004
Status: Active Grant

First Claim

Patent Images

1. In a Web services environment for exchanging messages in a distributed system, a method of processing policies that include one or more policy assertions associated with incoming or outgoing messages of an application, without having to have code within the application for executing the one or more policy assertions, the method comprising acts of:

receiving a message at a Web service engine associated with an application that is external to the Web service engine, the application configured to exchange messages in a distributed system;

accessing a policy document associated with the application for identifying one or more objects corresponding to one or more policy assertions; and

based on one or more objects identified in the policy document, generating one or more assertion handlers, which are software entities that include executable code configured to determine if the received message can satisfy requirements described by the one or more policy assertions.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Example embodiments provide for processing policies that include policy assertions associated with incoming or outgoing messages of an application in a distributed system, without having to have code within the application for executing the policy assertions. When a message is received by a Web service engine, a policy document associated with an application may be accessed for identifying objects corresponding to policy assertions within the policy document. The objects identified can then be used to generate assertion handlers, which are software entities that include executable code configured to determine if messages can satisfy requirements described by the policy assertions.

107 Citations

View as Search Results

37 Claims

1. In a Web services environment for exchanging messages in a distributed system, a method of processing policies that include one or more policy assertions associated with incoming or outgoing messages of an application, without having to have code within the application for executing the one or more policy assertions, the method comprising acts of:
- receiving a message at a Web service engine associated with an application that is external to the Web service engine, the application configured to exchange messages in a distributed system;
  
  accessing a policy document associated with the application for identifying one or more objects corresponding to one or more policy assertions; and
  
  based on one or more objects identified in the policy document, generating one or more assertion handlers, which are software entities that include executable code configured to determine if the received message can satisfy requirements described by the one or more policy assertions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the policy document includes one or more policy identifiers for pointing to the one or more objects.
  - 3. The method of claim 1, wherein a plurality of assertion handlers are generated based on a plurality of objects identified in the policy document, and wherein a plurality of assertion handlers are configured in series to determine if the received message satisfies the requirements described by a plurality of policy assertions corresponding to the plurality of objects.
  - 4. The method of claim 3, wherein the received message is an outgoing message and one or more of the plurality of assertion handlers is evaluated to determine if the message can be changed to meet the requirements, and wherein those assertion handlers that are determined to be configured to change the message are formatted to form a compiled policy for changing the received message to meet the requirements.
  - 5. The method of claim 4, wherein the compiled policy is stored for applying to messages with a similar endpoint destination and message types.
  - 6. The method of claim 5, wherein one or more of the assertion handlers determined to be configured to change the received message are no longer capable of changing the message to conform to the requirements described by corresponding policy assertions, and wherein an error is returned to the application.
  - 7. The method of claim 6, wherein one or more of the plurality of assertion handlers is evaluated to see if the message can be changed to meet the requirements, and wherein those assertion handlers that are determined to be configured to change the message are formatted to form a second compiled policy for changing the received message to meet the requirements.
  - 8. The method of claim 1, further comprising the act of:
    - determining if the message is either outgoing or incoming from the application; and
      
      based on the determination, validating or enforcing one or more policy assertions by processing the received message through the corresponding one or more assertion handlers.
  - 9. The method of claim 1, wherein the one or more policy assertions are security policies that provide one or more of security token propagation, message integrity and message confidentiality through one or more of a signature, encryption, token, and username/password credentials.
  - 10. The method of claim 1, wherein the one or more policy assertions are one or more of a message age requirement that specifies the acceptable time period the received message should be received by or a visibility requirement that specifies one or more portions of the received message be able to be processed by an intermediary or endpoint.
  - 11. The method of claim 1, wherein at least one of the one or more objects is within the policy document and is application specific to policies defined by a developer of the application.
  - 12. The method of claim 1, wherein the Web service engine receives messages, validates and enforces policies for a plurality of applications.
  - 13. The method of claim 1, wherein the policy document is one or more of an extensible Markup Language (XML) WS-Policy or WS-Security document.

14. In a Web services environment for exchanging messages in a distributed system, a method of processing policies that includes a plurality of policy assertions that make up one or more policy expressions associated with incoming or outgoing messages of an application, without having to have code within the application for executing the one or more policy expressions, the method comprising acts of:
- receiving a message at a Web service engine associated with an application that is external to the web service engine, the application configured to exchange messages in a distributed system;
  
  accessing a policy document associated with the application for identifying a plurality of objects corresponding to a plurality of policy assertions, the policy assertions combined using one or more logical operators to form a policy expression; and
  
  based on information associated with the plurality of objects identified in the policy document, generating a policy model using one or more assertion handlers, which are software entities that include executable code configured to determine if the received message can satisfy the requirements described by the policy expression.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The method of claim 14, wherein the one or more logical operators are one or more of a usage qualifier, policy operator or policy preference.
  - 16. The method of claim 14, wherein the policy document includes policy identifiers for pointing to the plurality of objects.
  - 17. The method of claim 14, wherein the received message is an outgoing message and the policy document includes a plurality of policy expressions combined by one or more policy operators, and wherein at least one assertion handler for at least one of the plurality of policy expressions is evaluated to determine if the message can be changed to meet the requirements of the corresponding policy expression, and wherein one or more of those assertion handlers that are determined to be configured to change the message are formatted to form a compiled policy from the policy model for changing the received message to meet the requirements described by the policy expressions.
  - 18. The method of claim 17, wherein the compiled policy is stored for applying to messages with similar message types and endpoint destination.
  - 19. The method of claim 18, wherein one or more of the assertion handlers determined to be configured to change the received message are no longer capable of changing the message to conform to the requirements described by corresponding policy assertions, and wherein an error is returned to the application.
  - 20. The method of claim 19, wherein one or more of the plurality of assertion handlers is evaluated to see if the message can be changed to meet the requirements, and wherein those assertion handlers that are determined to be configured to change the message are formatted to form a second compiled policy from the policy model for changing the received message to meet the requirements.
  - 21. The method of claim 14, further comprising the act of:
    - determining if the message is either outgoing or incoming from the application; and
      
      based on the determination, validating or enforcing the policy expression by processing the received message through the corresponding one or more assertion handlers.
  - 22. The method of claim 14, wherein the one or more policy assertions are security policies that provide one or more of security token propagation, message integrity and message confidentiality through one or more of a signature, encryption, token, and username/password credentials.
  - 23. The method of claim 14, wherein the one or more policy assertions are one or more of a message age requirement that specifies the acceptable time period the received message should be received by or a visibility requirement that specifies one or more portions of the received message be able to be processed by an intermediary or endpoint.
  - 24. The method of claim 14, wherein at least one of the one or more objects is within the policy document and is application specific to policies defined by a developer of the application.
  - 25. The method of claim 14, wherein the Web service engine receives messages, validates and enforces policies for a plurality of applications.
  - 26. The method of claim 14, wherein the policy document is one or more of an extensible Markup Language (XML) WS-Policy or WS-Security document.

27. In a Web services environment for exchanging messages in a distributed system, a computer program product for implementing a method of processing policies that include one or more policy assertions associated with incoming or outgoing messages of an application, without having to have code within the application for executing the one or more policy assertions, the computer program product comprising one or more computer readable media having stored thereon computer executable instructions that, when executed by a processor, can cause the distributed computing system to perform the following:
- receive a message at a Web service engine associated with an application that is external to the Web service engine, the application configured to exchange messages in a distributed system;
  
  access a policy document associated with the application for identifying one or more objects corresponding to one or more policy assertions; and
  
  based on one or more objects identified in the policy document, generate one or more assertion handlers, which are software entities that include executable code configured to determine if the received message can satisfy requirements described by the one or more policy assertions.
- View Dependent Claims (28, 29, 30, 31)
- - 28. The computer program product of claim 27, wherein the policy document includes one or more policy identifiers for pointing to the one or more objects.
  - 29. The computer program product of claim 27, further comprising computer executable instructions that can cause the distributed computing system to perform the following:
    - determine if the message is either outgoing or incoming from the application; and
      
      based on the determination, validate or enforcing one or more policy assertions by processing the received message through the corresponding one or more assertion handlers.
  - 30. The computer program product of claim 27, wherein at least one of the one or more objects is within the policy document and is application specific to policies defined by a developer of the application.
  - 31. The computer program product of claim 27, wherein the Web service engine receives messages, validates and enforces policies for a plurality of applications.

32. In a Web services environment for exchanging messages in a distributed system, a computer program product for implementing a method of processing policies that includes a plurality of policy assertions that make up one or more policy expressions associated with incoming or outgoing messages of an application, without having to have code within the application for executing the one or more policy expressions, the computer program product comprising one or more computer readable media having stored thereon computer executable instructions that, when executed by a processor, can cause the distributed computing system to perform the following:
- receive a message at a Web service engine associated with an application that is external to the web service engine, the application configured to exchange messages in a distributed system;
  
  access a policy document associated with the application for identifying a plurality of objects corresponding to a plurality of policy assertions, the policy assertions combined using one or more logical operators to form a policy expression; and
  
  based on information associated with the plurality of objects identified in the policy document, generate a policy model using one or more assertion handlers, which are software entities that include executable code configured to determine if the received message can satisfy the requirements described by the policy expression.
- View Dependent Claims (33, 34, 35, 36, 37)
- - 33. The computer program product of claim 32, wherein the one or more logical operators are one or more of a usage qualifier, policy operator or policy preference.
  - 34. The computer program product of claim 32, wherein the policy document includes policy identifiers for pointing to the plurality of objects.
  - 35. The computer program product of claim 32, further comprising computer executable instructions that can cause the distributed computing system to perform the following:
    - determine if the message is either outgoing or incoming from the application; and
      
      based on the determination, validate or enforcing the policy expression by processing the received message through the corresponding one or more assertion handlers.
  - 36. The computer program product of claim 32, wherein at least one of the one or more objects is within the policy document and is application specific to policies defined by a developer of the application.
  - 37. The computer program product of claim 32, wherein the Web service engine receives messages, validates and enforces policies for a plurality of applications.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Wilson, Hervey O., Ballinger, Keith W., Mukherjee, Vick B.

Granted Patent

US 7,730,138 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/218
CPC Class Codes

H04L 67/51   Discovery or management the...

H04L 67/56   Provisioning of proxy servi...

H04L 67/5682   Policies or rules for updat...

Policy processing model

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

107 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Policy processing model

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

107 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links