Rule-driven specification of Web Service policy

US 20060075465A1
Filed: 10/05/2004
Published: 04/06/2006
Est. Priority Date: 10/05/2004
Status: Active Grant

First Claim

Patent Images

1. At a computer system in a Web Services environment, a method of assisting a user in generating a more secure policy document by providing a rule-based tool that automatically selects security conditions for the user'"'"'s general security criteria such that the user does not have exposure to all of the security details, the method comprising acts of:

presenting a set of Web Service security options to a user at a user interface, which abstracts the user from any specific code that will be generated for a secure policy document that satisfies one or more of the set of Web Service security options;

receiving user input selecting a general security criteria from the set of Web Service security options presented;

based on the received user input, accessing one or more security rules from a repository of extensible security metadata; and

using the one or more security rules corresponding to the general security criteria to generate the secure policy in accordance with the general security criteria.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Example embodiments provide for a rule-based wizard type tool for generating secure policy documents. Wizard pages present a user with general Web Service security options or questions at a user interface, which abstracts the user from any specific code, e.g., XML code, used for creating a Web Service policy document. Based on user input selecting general criteria, security rules are accessed and evaluated for automatically making choices on behalf of the user for creating a secure policy document. Other embodiments also provide for presenting the user with an easily understandable visual representation of selected criteria of a policy document in, e.g., a tree like structure that shows relationships between various elements of the criteria.

115 Citations

View as Search Results

36 Claims

1. At a computer system in a Web Services environment, a method of assisting a user in generating a more secure policy document by providing a rule-based tool that automatically selects security conditions for the user'"'"'s general security criteria such that the user does not have exposure to all of the security details, the method comprising acts of:
- presenting a set of Web Service security options to a user at a user interface, which abstracts the user from any specific code that will be generated for a secure policy document that satisfies one or more of the set of Web Service security options;
  
  receiving user input selecting a general security criteria from the set of Web Service security options presented;
  
  based on the received user input, accessing one or more security rules from a repository of extensible security metadata; and
  
  using the one or more security rules corresponding to the general security criteria to generate the secure policy in accordance with the general security criteria.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the one or more security rules are based on Web Service industry wisdom from input given by experts in the industry for security purposes.
  - 3. The method of claim 1, wherein the one or more security rules are based on governmental policies and the one or more security rules assist the user in creating a governmental conformant secure policy document.
  - 4. The method of claim 1, wherein the one or more security rules are based on Web Service'"'"'s policies and the one or more security rules assist the user in creating a policy document that conforms to the Web Service'"'"'s policies.
  - 5. The method of claim 1, wherein the one or more security rules are used to generate a next set of options based on the received user input.
  - 6. The method of claim 1, wherein the one or more security rules are used to not present the user with a specific option in order to prevent the user from selecting an invalid option.
  - 7. The method of claim 1, wherein the one or more security rules are further based on whether a client or a service policy document is being generated.
  - 8. The method of claim 1, wherein the one or more security rules are abstracted from the user.
  - 9. The method of claim 1, wherein the one or more security rules are optional, and wherein the user can choose from the one or more optional security rules.
  - 10. The method of claim 1, wherein the one or more security rules are a default value that can be overridden by the user.
  - 11. The method of claim 1, wherein the general security criteria and the one or more security rules are first stored in memory as data structures that include policy objects representing the general security criteria and the one or more security rules, the method further comprising acts of:
    - receiving user input to generate the secure policy document; and
      
      translating the data structures from policy objects to coded language for generating the secure policy document.
  - 12. The method of claim 11, wherein the coded language is extensible markup language.

13. At a computer system in a Web Services environment, a method of assisting a user in generating a more secure policy document by providing a rule-based tool that automatically selects security conditions for the user'"'"'s general security criteria such that the user does not have exposure to all of the security details, the method comprising:
- an act of presenting a set of Web Service security options to a user at a user interface, which abstracts the user from any specific code that will be generated for a secure policy document that satisfies one or more of the set of Web Service security options;
  
  an act of receiving user input selecting a general security criteria from the set of Web Service security options presented; and
  
  a step for automatically applying one or more security rules to the general security criteria to create the secure policy document.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The method of claim 13, wherein the one or more security rules are based on Web Service industry wisdom from input given by experts in the industry for security purposes.
  - 15. The method of claim 13, wherein the one or more security rules are based on governmental policies and the one or more security rules assist the user in creating a governmental conformant secure policy document.
  - 16. The method of claim 15, wherein the one or more security rules are further based on Web Service'"'"'s policies and the one or more security rules assist the user in creating a policy document that conforms to the Web Service'"'"'s policies.
  - 17. The method of claim 13, wherein the one or more security rules are used to generate a next set of options based on the received user input.
  - 18. The method of claim 17, wherein the one or more security rules are used to not present a user with a specific option in order to prevent the user from selecting an invalid option.
  - 19. The method of claim 13, wherein the one or more security rules are further based on whether a client or a service policy document is being generated.
  - 20. The method of claim 13, wherein the one or more security rules are abstracted from the user.
  - 21. The method of claim 13, wherein the one or more security rules are optional, and wherein the user can choose from the one or more optional security rules.
  - 22. The method of claim 13, wherein the one or more security rules are a default value that can be overridden by the user.
  - 23. The method of claim 13, wherein the general security criteria and the one or more security rules are first stored in memory as data structures that include policy objects representing the general security criteria and the one or more security rules, the method further comprising acts of:
    - receiving user input to generate the secure policy document; and
      
      translating the data structures from policy objects to coded language for generating the secure policy document.
  - 24. The method of claim 23, wherein the coded language is extensible markup language.

25. At a computer system in a Web Services environment, a computer program product for implementing a method of assisting a user in generating a more secure policy document by providing a rule-based tool that automatically selects security conditions for the user'"'"'s general security criteria such that the user does not have exposure to all of the security details, the computer program product comprising one or more computer readable media having stored thereon computer executable instructions that, when executed by a processor, can cause the messaging system to perform the following:
- present a set of Web Service security options to a user at a user interface, which abstracts the user from any specific code that will be generated for a secure policy document that satisfies one or more of the set of Web Service security options;
  
  receive user input selecting a general security criteria from the set of Web Service security options presented;
  
  based on the received user input, access one or more security rules from a repository of extensible security metadata; and
  
  use the one or more security rules corresponding to the general security criteria to generate the secure policy in accordance with the general security criteria.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 26. The computer program product of claim 25, wherein the one or more security rules are based on Web Service industry wisdom from input given by experts in the industry for security purposes.
  - 27. The computer program product of claim 25, wherein the one or more security rules are based on governmental policies and the one or more security rules assist the user in creating a governmental conformant secure policy document.
  - 28. The computer program product of claim 25, wherein the one or more security rules are based on Web Service'"'"'s policies and the one or more security rules assist the user in creating a policy document that conforms to the Web Service'"'"'s policies.
  - 29. The computer program product of claim 25, wherein the one or more security rules are used to generate a next set of options based on the received user input.
  - 30. The computer program product of claim 25, wherein the one or more security rules are used to not present the user with a specific option in order to prevent the user from selecting an invalid option.
  - 31. The computer program product of claim 25, wherein the one or more security rules are further based on whether a client or a service policy document is being generated.
  - 32. The computer program product of claim 25, wherein the one or more security rules are abstracted from the user.
  - 33. The computer program product of claim 25, wherein the one or more security rules are optional, and wherein the user can choose from the one or more optional security rules.
  - 34. The computer program product of claim 25, wherein the one or more security rules are a default value that can be overridden by the user.
  - 35. The computer program product of claim 25, wherein the general security criteria and the one or more security rules are first stored in memory as data structures that include policy objects representing the general security criteria and the one or more security rules, the computer program product further comprising executable instruction that cause the messaging system to perform the following:
    - receive user input to generate the secure policy document; and
      
      translate the data structures from policy objects to coded language for generating the secure policy document.
  - 36. The computer program product of claim 35, wherein the coded language is extensible markup language.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Wilson, Hervey O., Ballinger, Keith W., Mukherjee, Vick B., Ramanathan, Govindaraj

Granted Patent

US 7,661,124 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/16   using machine learning or a...

H04L 41/5003   Managing SLA; Interaction b...

H04L 41/5083   wherein the managed service...

H04L 63/168   above the transport layer

H04L 63/20   for managing network securi...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

Rule-driven specification of Web Service policy

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

115 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Rule-driven specification of Web Service policy

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

115 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links