ENFORCEMENT OF CONDITIONAL POLICY ATTACHMENTS

US 20130086184A1
Filed: 08/28/2012
Published: 04/04/2013
Est. Priority Date: 09/30/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

detecting, by a computer system, occurrence of a runtime event at a web service endpoint;

updating, by the computer system, a runtime context component based on the runtime event, the runtime context component specifying a set of data regarding a current runtime context of the web service endpoint;

determining, by the computer system based on the runtime context component and an association between a web service policy and a constraint expression, whether the web service policy should be attached to the web service endpoint, the constraint expression being dependent on one or more runtime values specified by the runtime context component, the determining comprising evaluating the constraint expression in view of the one or more runtime values; and

if the web service policy should be attached to the web service endpoint, enforcing, by the computer system, the web service policy at the web service endpoint with respect to the detected runtime event.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Framework for conditionally attaching web service policies to a policy subject (e.g., a web service client or service endpoint) at subject runtime. In one set of embodiments, a constraint expression can be defined that specifies one or more runtime conditions under which a policy should be attached to a policy subject. The constraint expression can be associated with the policy and the policy subject via policy attachment metadata. The constraint expression can then be evaluated at runtime of the policy subject to determine whether attachment of the policy to the policy subject should occur. If the evaluation indicates that the policy should be attached, the attached policy can be processed at the policy subject (e.g., enforced or advertised) as appropriate. Using these techniques, the policy subject can be configured to dynamically exhibit different behaviors based on its runtime context.

Citations

16 Claims

1. A method comprising:
- detecting, by a computer system, occurrence of a runtime event at a web service endpoint;
  
  updating, by the computer system, a runtime context component based on the runtime event, the runtime context component specifying a set of data regarding a current runtime context of the web service endpoint;
  
  determining, by the computer system based on the runtime context component and an association between a web service policy and a constraint expression, whether the web service policy should be attached to the web service endpoint, the constraint expression being dependent on one or more runtime values specified by the runtime context component, the determining comprising evaluating the constraint expression in view of the one or more runtime values; and
  
  if the web service policy should be attached to the web service endpoint, enforcing, by the computer system, the web service policy at the web service endpoint with respect to the detected runtime event.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1 wherein the runtime event is the reception of an incoming message at the web service endpoint.
  - 3. The method of claim 2 wherein updating the runtime context component comprises:
    - extracting one or more pieces of data from the incoming message; and
      
      updating the runtime context component with the extracted pieces of data.
  - 4. The method of claim 3 wherein the one or more pieces of data include an HTTP header of the incoming message, and identification of a sender of the incoming message, or a portion of a payload of the incoming message.
  - 5. The method of claim 2 wherein the one or more runtime values include a transport-level characteristic of the incoming message, a payload characteristic of the incoming message, or a system-level characteristic of an application server hosting the web service endpoint.
  - 6. The method of claim 5 wherein a transport-level characteristic of the incoming message includes an HTTP header of the incoming message.
  - 7. The method of claim 5 wherein a payload characteristic of the incoming message includes an identification of a user associated with the incoming message.
  - 8. The method of claim 5 wherein a system-level characteristic of the application server includes a server performance metric.
  - 9. The method of claim 1 wherein the constraint expression is a Boolean expression comprising a set of one or more Boolean functions grouped by zero or more logical operators.
  - 10. The method of claim 1 wherein the web service policy comprises a set of assertions, and wherein enforcing the web service policy comprises enforcing each assertion in the set of assertions.
  - 11. The method of claim 10 wherein the set of assertions relates to security or management-related behaviors of the web service endpoint.
  - 12. The method of claim 11 wherein at least one assertion in the set of assertions relates to user authentication at the web service endpoint.
  - 13. The method of claim 1, further comprising:
    - ignoring, by the computer system, the web service policy with respect to the detected runtime event if the web service policy should not be attached to the web service endpoint.
  - 14. The method of claim 1 wherein the web service endpoint corresponds to a port of a Service-Oriented Architecture (SOA) application.

15. A non-transitory computer-readable medium having stored thereon program code executable by a computer system, the program code comprising:
- code that causes the computer system to detect occurrence of a runtime event at a web service endpoint;
  
  code that causes the computer system to update a runtime context component based on the runtime event, the runtime context component specifying a set of data regarding a current runtime context of the web service endpoint;
  
  code that causes the computer system to determine, based on the runtime context component and an association between a web service policy and a constraint expression, whether the web service policy should be attached to the web service endpoint, the constraint expression being dependent on one or more runtime values specified by the runtime context component, the determining comprising evaluating the constraint expression in view of the one or more runtime values; and
  
  if the web service policy should be attached to the web service endpoint, code that causes the computer system to enforce the web service policy at the web service endpoint with respect to the detected runtime event.

16. A system comprising:
- a processor configured to;
  
  detect occurrence of a runtime event at a web service endpoint;
  
  update a runtime context component based on the runtime event, the runtime context component specifying a set of data regarding a current runtime context of the web service endpoint;
  
  determine, based on the runtime context component and an association between a web service policy and a constraint expression, whether the web service policy should be attached to the web service endpoint, the constraint expression being dependent on one or more runtime values specified by the runtime context component, the determining comprising evaluating the constraint expression in view of the one or more runtime values; and
  
  if the web service policy should be attached to the web service endpoint, enforce the web service policy at the web service endpoint with respect to the detected runtime event.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Kavantzas, Nickolas, Bryan, Jeffrey Jason, Zhao, Cecilia

Granted Patent

US 9,003,478 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/206
CPC Class Codes

H04L 41/0246   Exchanging or transporting ...

H04L 41/0873   Checking configuration conf...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

ENFORCEMENT OF CONDITIONAL POLICY ATTACHMENTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

ENFORCEMENT OF CONDITIONAL POLICY ATTACHMENTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links