Method and system for creating a protected object namespace for a WSDL resource description
First Claim
Patent Images
1. A method for performing access control decisions, comprising:
- specifying a protected object namespace based on a Web Service Description Language (WSDL) document such that a Web Services Addressing-defined endpoint reference provides a reference into the protected object namespace, wherein the protected object namespace is based on an abstract part of the WSDL document, the WSDL document also including a concrete part that is based on the Web Services Addressing-defined endpoint reference;
de-referencing the Web Services Addressing-defined endpoint reference into a pointer into the protected object namespace; and
using a computing device having a hardware processor to perform an access control decision with respect to a resource using one of a set of authorization mechanisms represented by the pointer into the protected object namespace.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system is presented to parse a WSDL description and build a hierarchical protected object namespace for authorization of access to the resource, wherein the protected object namespace is based on the abstract part of a WSDL but can be used to assist in authorization decisions for multiple different concrete bindings of this WSDL, wherein the concrete binding/request is based on the WS-Addressing endpoint reference.
-
Citations
16 Claims
-
1. A method for performing access control decisions, comprising:
-
specifying a protected object namespace based on a Web Service Description Language (WSDL) document such that a Web Services Addressing-defined endpoint reference provides a reference into the protected object namespace, wherein the protected object namespace is based on an abstract part of the WSDL document, the WSDL document also including a concrete part that is based on the Web Services Addressing-defined endpoint reference; de-referencing the Web Services Addressing-defined endpoint reference into a pointer into the protected object namespace; and using a computing device having a hardware processor to perform an access control decision with respect to a resource using one of a set of authorization mechanisms represented by the pointer into the protected object namespace. - View Dependent Claims (2, 3, 4, 5, 6, 14)
-
-
7. A data processing system, comprising:
-
a processor; a memory; and program code stored in the memory and executed by the processor for parsing a Web Services Description Language (WSDL) document into a protected object namespace, wherein the protected object namespace is based on an abstract part of the WSDL document, the WSDL document also including a concrete part that is based on a Web Services Addressing-defined endpoint reference, the program code comprising; a first functional unit that parses the WSDL document; a second functional unit that constructs the protected object namespace from one or more web service elements that are located in the WSDL document by the first functional unit; and a third functional unit that de-references the Web Services Addressing-defined endpoint reference into a pointer into the protected object namespace; and program code stored in the memory and executed by the processor for performing an access control decision with respect to a resource using at least one authorization mechanism represented by the pointer into the protected object namespace. - View Dependent Claims (8, 9, 15)
-
-
10. A non-transitory computer readable medium comprising a set of computer program instructions that, when executed by a processor, perform the following machine-implemented method steps:
-
specifying a protected object namespace based on a Web Service Description Language (WSDL) document such that a Web Services Addressing-defined endpoint reference provides a reference into the protected object namespace, wherein the protected object namespace is based on an abstract part of the WSDL document, the WSDL document also including a concrete part that is based on the Web Services Addressing-defined endpoint reference; de-referencing the Web Services Addressing-defined endpoint reference into a pointer into the protected object namespace; and performing an access control decision with respect to a resource using one of a set of authorization mechanisms represented by the pointer into the protected object namespace. - View Dependent Claims (11, 12, 13, 16)
-
Specification