Enhanced Security Framework for Composite Applications

US 20090099882A1
Filed: 10/15/2007
Published: 04/16/2009
Est. Priority Date: 10/15/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

applying a security framework to a business process, the security framework comprising;

a definition phase identifying security objectives of a composite application,a realization phase implementing security patterns that accomplish the identified security objectives, anda declaration phase implementing the identified security objectives using security annotations within the composite application that are based on the security patterns;

conducting an external policy negotiation to specify a common policy between the composite application and an external service based on applying the security framework;

enforcing the common policy for each interaction between the composite application and the external service; and

regulating access by the external service to local services and objects based on the security objectives.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Automatic secure application composition, in applying a security framework is applied to a business process. An external policy negotiation is conducted to specify a common policy between the composite application and an external service based on applying the security framework, the common policy is enforced for each interaction between the composite application and the external service, and access by the external service to local services and objects is regulated based on the security objectives.

63 Citations

View as Search Results

13 Claims

1. A method comprising:
- applying a security framework to a business process, the security framework comprising;
  
  a definition phase identifying security objectives of a composite application,a realization phase implementing security patterns that accomplish the identified security objectives, anda declaration phase implementing the identified security objectives using security annotations within the composite application that are based on the security patterns;
  
  conducting an external policy negotiation to specify a common policy between the composite application and an external service based on applying the security framework;
  
  enforcing the common policy for each interaction between the composite application and the external service; and
  
  regulating access by the external service to local services and objects based on the security objectives.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the definition phase further comprises:
    - a security risk analysis component performing a security risk analysis,a security pattern definition component preparing security solutions cast as security patterns, anda security intention definition component defining security intentions realized by combining the security patterns.
  - 3. The method of claim 2, wherein performing the security risk analysis further comprises:
    - analyzing threats in the business process, andidentifying associated risks in the business process.
  - 4. The method of claim 2, wherein performing the security risk analysis further comprises:
    - identifying service interaction mechanisms associated with the business process; and
      
      performing a thread analysis for the identified service interaction mechanisms.
  - 5. The method of claim 2, wherein preparing the security solutions further comprises providing an intention ontology enabling a unified definition of security objectives.
  - 6. The method of claim 2, wherein the realization phase further comprises:
    - a security pattern implementation component binding domain-independent patterns to specific contexts, thereby implementing the security patterns, anda security pattern provisioning component storing the implemented security patterns in a pattern repository.
  - 7. The method of claim 3, wherein the declaration phase further comprises:
    - an application-level intention declaration component declaring security intentions to be followed by the composite application; and
      
      a service-level intention declaration component defining security intentions to a local component prior to exposing the composite application as a service.
  - 8. The method of claim 1, further comprising generating authorization policies and inserting missing policies into a backend policy database, using a policy update protocol.
  - 9. The method of claim 1, wherein the security intentions specify roles that are allowed to execute a task or an order in which the task is executed.
  - 10. The method of claim 1, wherein the security annotations are expressed using a policy domain-specific language.
  - 11. The method of claim 1, wherein the security intentions declare an external enforcement policy when using an external web service, declare policies when exposing the invoked business process as a web service, declare a tasked-based authorization requirement when the task requires a human interaction, and declare task-based authorization constraints which specify an order in which the task is executed.

12. A computer program product, tangibly embodied in a machine readable medium, the computer program product comprising instructions that, when read by a machine, operate to cause a data processing apparatus to:
- apply a security framework to a business process, the security framework comprising;
  
  a definition phase identifying security objectives of a composite application,a realization phase implementing security patterns that accomplish the identified security objectives, anda declaration phase implementing the identified security objectives using security annotations within the composite application that are based on the security patterns;
  
  conduct an external policy negotiation to specify a common policy between the composite application and an external service based on applying the security framework;
  
  enforce the common policy for each interaction between the composite application and the external service; and
  
  regulate access by the external service to local services and objects based on the security objectives.

13. A system comprising an enterprise configured to:
- apply a security framework to a business process, the security framework comprising;
  
  a definition phase identifying security objectives of a composite application,a realization phase implementing security patterns that accomplish the identified security objectives, anda declaration phase implementing the identified security objectives using security annotations within the composite application that are based on the security patterns;
  
  conduct an external policy negotiation to specify a common policy between the composite application and an external service based on applying the security framework;
  
  enforce the common policy for each interaction between the composite application and the external service; and
  
  regulate access by the external service to local services and objects based on the security objectives.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Karabulut, Yuecel

Application Number

US11/872,358
Publication Number

US 20090099882A1
Time in Patent Office

Days
Field of Search
US Class Current

713/152
CPC Class Codes

G06Q 10/06 Resources, workflows, human...

Enhanced Security Framework for Composite Applications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

63 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Enhanced Security Framework for Composite Applications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links