POLICY DIRECTED SECURITY-CENTRIC MODEL DRIVEN ARCHITECTURE TO SECURE CLIENT AND CLOUD HOSTED WEB SERVICE ENABLED PROCESSES
First Claim
1. A system of securing a cloud computing or service-oriented architecture automated business process of internal and external hosted web services, said web services exchanging web service messages, said system comprising:
- a plurality of data dictionary engines;
a security-centric model driven architecture that is instantiated by a hierarchical class tree of security policy object class information and enterprise business object class information, wherein the security policy object class information comprises a tree hierarchy structure of security model objects representing security policy and said tree hierarchy structure comprises a plurality of security profile objects stored throughout a plurality of data dictionary engines, and wherein the enterprise business object class information comprises a tree hierarchy structure of business process model objects representing a prescribed operation of the secured automated business process and comprising a plurality of enterprise business objects stored throughout the plurality of data dictionary engines;
wherein each security profile object comprises a data security profile, a service security profile, and a user security profile, and each web service message is assigned a data security profile identifying scope, ownerships, and allowed/disallowed actions, each web service defined has a service security profile to establish how such web service is regulated, and each defined user entity has an associated user security profile identifying roles, responsibilities, and privileges;
wherein each enterprise business object describes a component datum or interoperation of the automated business process being secured;
wherein each data dictionary engine is associated with a plurality of web security services, each data dictionary engine containing at least one instance of a metadata repository containing a subset of the plurality of security profile objects and enterprise business objects, and said data dictionary engines communicating with each other to exchange information and functionality as defined by the security-centric model driven architecture; and
wherein said data dictionary engines and metadata repositories are executed on a computer network.
1 Assignment
0 Petitions
Accused Products
Abstract
A policy directed, security-centric model driven architecture is described to secure internal web services, such as those implementing service-oriented architecture (SOA), and external web services such as those hosted on a cloud computing platform. A distributed data dictionary hosted across multiple dictionary engines and operating in conjunction with web security services are used to embed security profiles in web services messages and to validate messages that contain such security profiles.
167 Citations
16 Claims
-
1. A system of securing a cloud computing or service-oriented architecture automated business process of internal and external hosted web services, said web services exchanging web service messages, said system comprising:
-
a plurality of data dictionary engines; a security-centric model driven architecture that is instantiated by a hierarchical class tree of security policy object class information and enterprise business object class information, wherein the security policy object class information comprises a tree hierarchy structure of security model objects representing security policy and said tree hierarchy structure comprises a plurality of security profile objects stored throughout a plurality of data dictionary engines, and wherein the enterprise business object class information comprises a tree hierarchy structure of business process model objects representing a prescribed operation of the secured automated business process and comprising a plurality of enterprise business objects stored throughout the plurality of data dictionary engines; wherein each security profile object comprises a data security profile, a service security profile, and a user security profile, and each web service message is assigned a data security profile identifying scope, ownerships, and allowed/disallowed actions, each web service defined has a service security profile to establish how such web service is regulated, and each defined user entity has an associated user security profile identifying roles, responsibilities, and privileges; wherein each enterprise business object describes a component datum or interoperation of the automated business process being secured; wherein each data dictionary engine is associated with a plurality of web security services, each data dictionary engine containing at least one instance of a metadata repository containing a subset of the plurality of security profile objects and enterprise business objects, and said data dictionary engines communicating with each other to exchange information and functionality as defined by the security-centric model driven architecture; and wherein said data dictionary engines and metadata repositories are executed on a computer network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method, comprising:
-
an invoking client process web service generating a message; the invoking client process web service causing a source web security service to be invoked for the message; the invoking client process web service sending the message with embedded security profile to the invoked client process web service; the invoked client process web service causing a destination web security service to be invoked for the message; and the invoked client process web service processing the message returned by the destination web security service; wherein said invoking and invoked client process web services execute on a computer network. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
Specification