PRIORITY ASSIGNMENTS FOR POLICY ATTACHMENTS
First Claim
1. A method comprising:
- retrieving, by a computer system, policy attachment information identifying a plurality of web service policies attached to a policy subject, wherein the policy attachment information includes, for each web service policy, an identifier of the web service policy, a scope at which the web service policy is attached to the policy subject, and a priority value;
determining, by the computer system, that a first web service policy in the plurality of web service policies should be given precedence over a second, conflicting web service policy in the plurality of web service policies, the determining being based on the priority values and the scopes of the first and second web service policies; and
adding, by the computer system, the first web service policy to an effective policy set of the policy subject, the effective policy set representing policies that will be enforced at the policy subject at runtime of an application hosting the policy subject.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for resolving conflicts between web service policies that are attached (via LPA and/or GPA metadata) to a policy subject (e.g., a WS client/service endpoint). In one set of embodiments, a priority value can be assigned to each policy attached to a policy subject via the policy'"'"'s corresponding policy attachment metadata file. These priority values can be taken into account when determining whether one policy should be given precedence over another, conflicting policy attached to the same policy subject. In certain embodiments, as part of this determination, the priority value of a policy can be given greater weight than the scope at which the policy is attached.
52 Citations
18 Claims
-
1. A method comprising:
-
retrieving, by a computer system, policy attachment information identifying a plurality of web service policies attached to a policy subject, wherein the policy attachment information includes, for each web service policy, an identifier of the web service policy, a scope at which the web service policy is attached to the policy subject, and a priority value; determining, by the computer system, that a first web service policy in the plurality of web service policies should be given precedence over a second, conflicting web service policy in the plurality of web service policies, the determining being based on the priority values and the scopes of the first and second web service policies; and adding, by the computer system, the first web service policy to an effective policy set of the policy subject, the effective policy set representing policies that will be enforced at the policy subject at runtime of an application hosting the policy subject. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer-readable medium having stored thereon program code executable by a computer system, the program code comprising:
-
code that causes the computer system to retrieve policy attachment information identifying a plurality of web service policies attached to a policy subject, wherein the policy attachment information includes, for each web service policy, an identifier of the web service policy, a scope at which the web service policy is attached to the policy subject, and a priority value; code that causes the computer system to determine that a first web service policy in the plurality of web service policies should be given precedence over a second, conflicting web service policy in the plurality of web service policies, the determining being based on the priority values and the scopes of the first and second web service policies; and code that causes the computer system to add the first web service policy to an effective policy set of the policy subject, the effective policy set representing policies that will be enforced at the policy subject at runtime of an application hosting the policy subject. - View Dependent Claims (12, 13, 14)
-
-
15. A system comprising:
-
a processor configured to; retrieve policy attachment information identifying a plurality of web service policies attached to a policy subject, wherein the policy attachment information includes, for each web service policy, an identifier of the web service policy, a scope at which the web service policy is attached to the policy subject, and a priority value; determine that a first web service policy in the plurality of web service policies should be given precedence over a second, conflicting web service policy in the plurality of web service policies, the determining being based on the priority values and the scopes of the first and second web service policies; and add the first web service policy to an effective policy set of the policy subject, the effective policy set representing policies that will be enforced at the policy subject at runtime of an application hosting the policy subject. - View Dependent Claims (16, 17, 18)
-
Specification