PRIORITY ASSIGNMENTS FOR POLICY ATTACHMENTS

US 20130086240A1
Filed: 08/28/2012
Published: 04/04/2013
Est. Priority Date: 09/30/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

retrieving, by a computer system, policy attachment information identifying a plurality of web service policies attached to a policy subject, wherein the policy attachment information includes, for each web service policy, an identifier of the web service policy, a scope at which the web service policy is attached to the policy subject, and a priority value;

determining, by the computer system, that a first web service policy in the plurality of web service policies should be given precedence over a second, conflicting web service policy in the plurality of web service policies, the determining being based on the priority values and the scopes of the first and second web service policies; and

adding, by the computer system, the first web service policy to an effective policy set of the policy subject, the effective policy set representing policies that will be enforced at the policy subject at runtime of an application hosting the policy subject.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for resolving conflicts between web service policies that are attached (via LPA and/or GPA metadata) to a policy subject (e.g., a WS client/service endpoint). In one set of embodiments, a priority value can be assigned to each policy attached to a policy subject via the policy'"'"'s corresponding policy attachment metadata file. These priority values can be taken into account when determining whether one policy should be given precedence over another, conflicting policy attached to the same policy subject. In certain embodiments, as part of this determination, the priority value of a policy can be given greater weight than the scope at which the policy is attached.

52 Citations

View as Search Results

18 Claims

1. A method comprising:
- retrieving, by a computer system, policy attachment information identifying a plurality of web service policies attached to a policy subject, wherein the policy attachment information includes, for each web service policy, an identifier of the web service policy, a scope at which the web service policy is attached to the policy subject, and a priority value;
  
  determining, by the computer system, that a first web service policy in the plurality of web service policies should be given precedence over a second, conflicting web service policy in the plurality of web service policies, the determining being based on the priority values and the scopes of the first and second web service policies; and
  
  adding, by the computer system, the first web service policy to an effective policy set of the policy subject, the effective policy set representing policies that will be enforced at the policy subject at runtime of an application hosting the policy subject.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein the policy attachment information is retrieved from one or more policy attachment metadata files associated with the policy subject.
  - 3. The method of claim 2 wherein the one or more policy attachment metadata files include a local policy attachment (LPA) metadata file and a global policy attachment (GPA) metadata file.
  - 4. The method of claim 1 wherein the determining comprises:
    - constructing a two-dimensional table based on the policy attachment information, wherein a first dimension of the table is organized by scope, wherein a second dimension of the table is organized by priority value, and wherein each cell in the table identifies a web service policy associated with the cell'"'"'s scope and priority value; and
      
      traversing the table along the first and second dimensions.
  - 5. The method of claim 1 wherein the first web service policy has a higher priority value than the second web service policy, and wherein the first web service policy is attached at a higher scope level than the second web service policy.
  - 6. The method of claim 1 wherein the first web service policy has the same priority value as the second web service policy, and wherein the first web service policy is attached at a lower scope level than the second web service policy.
  - 7. The method of claim 1 wherein the first and second web service policies conflict due to having identical policy types.
  - 8. The method of claim 7 wherein the first and second web service policies are both authentication policies.
  - 9. The method of claim 1 wherein the second web service policy is not added to the effective policy set.
  - 10. The method of claim 1 wherein the policy subject is a web service endpoint, and wherein the application hosting the policy subject is a Service-Oriented Architecture (SOA) application.

11. A non-transitory computer-readable medium having stored thereon program code executable by a computer system, the program code comprising:
- code that causes the computer system to retrieve policy attachment information identifying a plurality of web service policies attached to a policy subject, wherein the policy attachment information includes, for each web service policy, an identifier of the web service policy, a scope at which the web service policy is attached to the policy subject, and a priority value;
  
  code that causes the computer system to determine that a first web service policy in the plurality of web service policies should be given precedence over a second, conflicting web service policy in the plurality of web service policies, the determining being based on the priority values and the scopes of the first and second web service policies; and
  
  code that causes the computer system to add the first web service policy to an effective policy set of the policy subject, the effective policy set representing policies that will be enforced at the policy subject at runtime of an application hosting the policy subject.
- View Dependent Claims (12, 13, 14)
- - 12. The non-transitory computer-readable medium of claim 11 wherein the code that causes the computer system to determine that the first web service policy in the plurality of web service policies should be given precedence over the second, conflicting web service policy comprises:
    - code that causes the computer system to construct a two-dimensional table based on the policy attachment information, wherein a first dimension of the table is organized by scope, wherein a second dimension of the table is organized by priority value, and wherein each cell in the table identifies a web service policy associated with the cell'"'"'s scope and priority value; and
      
      code that causes the computer system to traverse the table along the first and second dimensions.
  - 13. The non-transitory computer-readable medium of claim 11 wherein the first web service policy has a higher priority value than the second web service policy, and wherein the first web service policy is attached at a higher scope level than the second web service policy.
  - 14. The non-transitory computer-readable medium of claim 11 wherein the first web service policy has the same priority value as the second web service policy, and wherein the first web service policy is attached at a lower scope level than the second web service policy.

15. A system comprising:
- a processor configured to;
  
  retrieve policy attachment information identifying a plurality of web service policies attached to a policy subject, wherein the policy attachment information includes, for each web service policy, an identifier of the web service policy, a scope at which the web service policy is attached to the policy subject, and a priority value;
  
  determine that a first web service policy in the plurality of web service policies should be given precedence over a second, conflicting web service policy in the plurality of web service policies, the determining being based on the priority values and the scopes of the first and second web service policies; and
  
  add the first web service policy to an effective policy set of the policy subject, the effective policy set representing policies that will be enforced at the policy subject at runtime of an application hosting the policy subject.
- View Dependent Claims (16, 17, 18)
- - 16. The system of claim 15 wherein the determining comprises:
    - constructing a two-dimensional table based on the policy attachment information, wherein a first dimension of the table is organized by scope, wherein a second dimension of the table is organized by priority value, and wherein each cell in the table identifies a web service policy associated with the cell'"'"'s scope and priority value; and
      
      traversing the table along the first and second dimensions.
  - 17. The system of claim 15 wherein the first web service policy has a higher priority value than the second web service policy, and wherein the first web service policy is attached at a higher scope level than the second web service policy.
  - 18. The system of claim 15 wherein the first web service policy has the same priority value as the second web service policy, and wherein the first web service policy is attached at a lower scope level than the second web service policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Bryan, Jeffrey Jason, Kavantzas, Nickolas

Granted Patent

US 9,088,571 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/223
CPC Class Codes

H04L 41/0246   Exchanging or transporting ...

H04L 41/0873   Checking configuration conf...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

PRIORITY ASSIGNMENTS FOR POLICY ATTACHMENTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

52 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

PRIORITY ASSIGNMENTS FOR POLICY ATTACHMENTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links