Method and system for creating a protected object namespace for a WSDL resource description

US 20130276137A1
Filed: 06/10/2013
Published: 10/17/2013
Est. Priority Date: 05/06/2005
Status: Active Grant

First Claim

Patent Images

1. A method for performing access control decisions, comprising:

specifying a protected object namespace based on a Web Service Description Language (WSDL) document such that a Web Services Addressing-defined endpoint reference provides a reference into the protected object namespace, wherein the protected object namespace is based on an abstract part of the WSDL document, the WSDL document also including a concrete part that is based on the Web Services Addressing-defined endpoint reference;

de-referencing the Web Services Addressing-defined endpoint reference into a pointer into the protected object namespace; and

using a computing device having a hardware processor to perform an access control decision with respect to a resource using one of a set of authorization mechanisms represented by the pointer into the protected object namespace.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system is presented to parse a WSDL description and build a hierarchical protected object namespace for authorization of access to the resource, wherein the protected object namespace is based on the abstract part of a WSDL but can be used to assist in authorization decisions for multiple different concrete bindings of this WSDL, wherein the concrete binding/request is based on the WS-Addressing endpoint reference.

Citations

16 Claims

1. A method for performing access control decisions, comprising:
- specifying a protected object namespace based on a Web Service Description Language (WSDL) document such that a Web Services Addressing-defined endpoint reference provides a reference into the protected object namespace, wherein the protected object namespace is based on an abstract part of the WSDL document, the WSDL document also including a concrete part that is based on the Web Services Addressing-defined endpoint reference;
  
  de-referencing the Web Services Addressing-defined endpoint reference into a pointer into the protected object namespace; and
  
  using a computing device having a hardware processor to perform an access control decision with respect to a resource using one of a set of authorization mechanisms represented by the pointer into the protected object namespace.
- View Dependent Claims (2, 3, 4, 5, 6, 14)
- - 2. The method as described in claim 1 wherein the specifying step generates a tree or a sub-tree within the protected object namespace.
  - 3. The method as described in claim 1 further including associating an access control policy with a node in the protected object namespace.
  - 4. The method as described in claim 1 wherein the authorization mechanisms are associated with disparate web services.
  - 5. The method as described in claim 1 wherein the Web Services Addressing-defined endpoint reference is derived from a web services request.
  - 6. The method as described in claim 1 wherein the protected object namespace is a hierarchical data structure.
  - 14. The method as described in claim 1 wherein the abstract part of the WSDL document is used for authorization decisions for multiple, distinct bindings of the WSDL document associated with the disparate web services.

7. A data processing system, comprising:
- a processor;
  
  a memory; and
  
  program code stored in the memory and executed by the processor for parsing a Web Services Description Language (WSDL) document into a protected object namespace, wherein the protected object namespace is based on an abstract part of the WSDL document, the WSDL document also including a concrete part that is based on a Web Services Addressing-defined endpoint reference, the program code comprising;
  
  a first functional unit that parses the WSDL document;
  
  a second functional unit that constructs the protected object namespace from one or more web service elements that are located in the WSDL document by the first functional unit; and
  
  a third functional unit that de-references the Web Services Addressing-defined endpoint reference into a pointer into the protected object namespace; and
  
  program code stored in the memory and executed by the processor for performing an access control decision with respect to a resource using at least one authorization mechanism represented by the pointer into the protected object namespace.
- View Dependent Claims (8, 9, 15)
- - 8. The data processing system as described in claim 7 wherein the protected object namespace is stored in memory in the data processing system.
  - 9. The data processing system as described in claim 7 further including program code stored in the memory and executed by the processor for associating an access control policy with a node in the protected object namespace.
  - 15. The apparatus as described in claim 7 wherein the abstract part of the WSDL document is used for authorization decisions for multiple, distinct bindings of the WSDL document associated with the disparate web services.

10. A non-transitory computer readable medium comprising a set of computer program instructions that, when executed by a processor, perform the following machine-implemented method steps:
- specifying a protected object namespace based on a Web Service Description Language (WSDL) document such that a Web Services Addressing-defined endpoint reference provides a reference into the protected object namespace, wherein the protected object namespace is based on an abstract part of the WSDL document, the WSDL document also including a concrete part that is based on the Web Services Addressing-defined endpoint reference;
  
  de-referencing the Web Services Addressing-defined endpoint reference into a pointer into the protected object namespace; and
  
  performing an access control decision with respect to a resource using one of a set of authorization mechanisms represented by the pointer into the protected object namespace.
- View Dependent Claims (11, 12, 13, 16)
- - 11. The computer readable medium as described in claim 10 wherein the method further includes associating an access control policy with a node in the protected object namespace.
  - 12. The computer readable medium as described in claim 10 wherein the authorization mechanisms are associated with disparate web services.
  - 13. The computer readable medium as described in claim 10 wherein the Web Services Addressing-defined endpoint reference is derived from a web services request.
  - 16. The computer readable medium as described in claim 10 wherein the abstract part of the WSDL document is used for authorization decisions for multiple, distinct bindings of the WSDL document associated with the disparate web services.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hinton, Heather M., Moran, Anthony S., Wardrop, Patrick R.

Granted Patent

US 8,844,053 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/27
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

H04L 63/101   Access control lists [ACL]

H04L 63/20   for managing network securi...

Method and system for creating a protected object namespace for a WSDL resource description

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for creating a protected object namespace for a WSDL resource description

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links