Public and private network service management systems and methods
First Claim
1. An apparatus for managing network services in a private services network, the apparatus comprising:
- a policy enforcement module configured to enforce rules for access to the private services network by a client of the services network through a public network in accordance with an authentication policy of the private services network, and to control use, by an authenticated client of the private services network, of a network service which is provided by another client of the private services network, in accordance with a service access policy associated with the network service.
5 Assignments
0 Petitions
Accused Products
Abstract
Public and private network service management systems and methods are disclosed. Rules for accessing a private services network in which network services are available are enforced so as to restrict access to the services network through a public network in accordance with policies of the services network. Use of network services by a client of the private services network through the public network is controlled according to network service access policies associated with the network services. Network services provided by clients of the services network which access the services network through a public network may also be offered to other clients of the services network through the services network and the public network.
309 Citations
27 Claims
-
1. An apparatus for managing network services in a private services network, the apparatus comprising:
a policy enforcement module configured to enforce rules for access to the private services network by a client of the services network through a public network in accordance with an authentication policy of the private services network, and to control use, by an authenticated client of the private services network, of a network service which is provided by another client of the private services network, in accordance with a service access policy associated with the network service.
-
2. The apparatus of claim 1, further comprising:
a services network interface configured to provide for communications between the public network and the private services network.
-
3. The apparatus of claim 1, wherein the access policy comprises a service policy stored in a service policies registry of the private services network, a client policy stored in the public network gateway, and a services network policy stored in a registry of the private services network.
-
4. The apparatus of claim 1, wherein the policy enforcement module is configured to determine the access policy associated with the network service by accessing, in a services registry of the private services network, information associated with network services available in the private services network.
-
5. The apparatus of claim 1, further comprising:
a Universal Description, Discovery, and Integration (UDDI) proxy module configured to apply the service access policy by controlling exposure of the network service through publication of information associated with the network service to a services registry accessible by the client.
-
6. The apparatus of claim 1, wherein the policy enforcement module is further configured to allow the authenticated client to make a network service which it provides available in the private services network.
-
7. The apparatus of claim 5, wherein the policy enforcement module is further configured to allow the authenticated client to make a network service which it provides available in the private services network, and wherein the UDDI proxy module is further configured to identify a public network service available in the public network by accessing a public services registry of the public network, and to make the identified public network service available in the private services network by publishing information associated with the network service to a services registry of the private services network.
-
8. The apparatus of claim 1, wherein the policy enforcement module is further configured to enforce a transform policy of the services network, the transform policy specifying respective formats for transfer of communication traffic in the services network and the public network.
-
9. The apparatus of claim 1, further comprising at least one of:
-
a forwarding/routing module configured to route communication traffic from the public network to the private services network, the forwarding/routing module supporting at least one of;
a Layer1 forwarding method, a layer 2 forwarding method, Internet Protocol (IP) routing, and extensible Markup Language (XML) routing;
a Simple Object Access Protocol (SOAP) proxy module configured to adapt service messages associated with network services between addressing schemes of the public network and the private services network;
a service handling module configured to handle service messages, associated with network services, from both the private services network and the public network;
a Universal Description, Discovery, and Integration (UDDI) proxy configured to mediate publishing of network service descriptions for network services available in the services network, to extract services policies from the network service descriptions for enforcement by the policy enforcement module, and to cache the network service descriptions;
a data collector module for collecting logs of transactions between the services network and clients of the services network through the public network; and
a security module for providing secure communications services for the apparatus and to secure communications and provide security assertions in both the private services network and the public network.
-
-
10. A system for managing network services in a private services network, the system comprising:
-
at least one public network gateway operatively coupled to the services network and to a respective public network, each of the at least one public network gateway comprising the apparatus of claim 1;
anda network controller operatively coupled to the at least one public network gateway for managing policies enforced by the policy enforcement module and a registry of network services available in the services network.
-
-
11. The system of claim 10, wherein the network controller is configured to provide to each public network gateway information associated with only those network services available in the services network having access policies which allow access to clients using respective public networks to reach the services network.
-
12. The system of claim 10, further comprising:
a client gateway operatively coupled to the services network for providing an access point to the services network for a respective group of services network clients
-
13. An apparatus for managing policies associated with network services available in a private services network, the apparatus comprising:
-
a gateway interface to be operatively coupled to a public network gateway through which a network service consumer client of the services network in a public network accesses the services network to use a network service provided by another client of the services network; and
a policy manager operatively coupled to the gateway interface and configured to distribute network service policies specifying respective access controls for network services, provided by network service provider clients of the services network, to the public network gateway through the gateway interface to cause the public network gateway to control use of the network services by the network service consumer client in the public network in accordance with the network service policies.
-
-
14. The apparatus of claim 13, wherein the policy manager is further configured to establish a client policy from a client profile for the network service consumer client based on information provided by the client during membership initiation with the services network.
-
15. The apparatus of claim 13, wherein a network service provider client of the services network in the public network accesses the services network through the public network gateway to make a network service available in the services network through the public network, and wherein the policy manager is further configured to establish a network service policy specifying access controls for the network service, based on information provided by the network service provider client and received through the gateway interface, and to distribute the service policy in the services network.
-
16. The apparatus of claim 15, wherein the policy manager is further configured to establish a client profile for the network service provider client based on information provided by the network service provider client, the client profile specifying members of client relationship classes, and wherein the network service policy for the network service provided by the network service provider client specifies the access controls based on the client relationship classes.
-
17. The apparatus of claim 13, wherein the network service policies comprise network service policies stored in a network service policies registry maintained by the policy manager.
-
18. The apparatus of claim 13, further comprising:
a registries manager configured to maintain a registry of the network services available in the private services network.
-
19. The apparatus of claim 18, wherein the registries manager is further configured to receive from the public network gateway through the gateway interface information associated with a public network service provided by a network service provider in the public network, and to store the information in the registry of network services.
-
20. The apparatus of claim 13, further comprising at least one of:
-
a security manager operatively coupled to the gateway interface and configured to manage security of communications through the private services network;
a registries manager operatively coupled to the gateway interface and configured to manage at least one of;
a registry of network services available in the private services network, service timeout information, extensible Markup Language (XML) schemas, service contracts, Quality of Service (QoS) parameters, subscription information, addressing information, billing information, Service Level Agreement (SLA) monitoring information, transactional network service activity monitoring information, activity logs, performance auditing information, and exception alerts; and
a system manager operatively coupled to the gateway interface and configured to receive and manage audit records captured by the public network gateway.
-
-
21. A system for managing a private services network in which network services provided by network service providers are made accessible to network service consumers, the system comprising:
-
at least one public network gateway to be operatively coupled to clients of the services network in a public network for providing the services network clients with access to the private services network through the public network to use a network service provided by another client of the services network or to make a network service available in the services network; and
a network controller operatively coupled to the at least one public network gateway and comprising the apparatus of claim 13.
-
-
22. The system of claim 21, further comprising:
a client gateway operatively coupled to the services network for providing an access point to the services network for a respective group of services network clients connected to the services network over a private network, each group of services network clients comprising a network service provider, a network service consumer, or both.
-
23. An apparatus for managing network services in a private services network, the apparatus comprising:
a policy enforcement module configured to enforce rules for access to the private services network by a client of the services network through a public network in accordance with an authentication policy of the private services network, and to allow an authenticated client to make a network service which it provides available in the private services network.
-
24. A method of managing network services of a private services network, the method comprising:
-
identifying a network service, provided by a client of the private services network and available in the private services network, having an access policy which allows access to the network service by clients of the services network which connect to the services network over the public network; and
making the identified network service available to a clients of the services network through the public network.
-
-
25. The method of claim 24, further comprising:
-
authenticating a client of the services network over the public network; and
allowing the authenticated client to offer, consume, or both offer and consume network services in the services network.
-
-
26. The method of claim 25, wherein allowing the authenticated client to offer and consume network services in the services network comprises, respectively:
-
publishing information associated with network services provided by the authenticated client from a services registry of the authenticated client to the services network; and
publishing information associated with the identified network service from a services registry of the services network to the authenticated client over the public network.
-
-
27. A machine-readable medium storing instructions which when executed perform the method of claim 24.
Specification