BROKERING DATA ACCESS REQUESTS AND RESPONSES
First Claim
Patent Images
1. A computer system, the computer system comprising:
- one or more processors;
system memory;
a brokering service, using the one or more processors, configured to;
receive a data access request from an entity outside a security boundary, the data access request requesting data maintained inside the security boundary;
access a response for the data access request from an exposed endpoint, the exposed endpoint for an internal identity used inside the security boundary, the entity having been mapped to the internal identity;
decouple the exposed endpoint from the entity by rewriting the response to make it appear that a component of a brokering pipeline generated the response; and
send the re-written response to the entity.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention extends to methods, systems, and computer program products for brokering data access requests and responses. Aspects of the invention include a brokering pipeline that sequentially processes data access requests and data access responses. The brokering pipeline manages access authentications, request brokering, response rewrite, cache, and hosting multiple (e.g., business) entities.
-
Citations
20 Claims
-
1. A computer system, the computer system comprising:
-
one or more processors; system memory; a brokering service, using the one or more processors, configured to; receive a data access request from an entity outside a security boundary, the data access request requesting data maintained inside the security boundary; access a response for the data access request from an exposed endpoint, the exposed endpoint for an internal identity used inside the security boundary, the entity having been mapped to the internal identity; decouple the exposed endpoint from the entity by rewriting the response to make it appear that a component of a brokering pipeline generated the response; and send the re-written response to the entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 18, 19)
-
-
10. A method for use at a computer system, the computer system including a processor, a method for brokering a data access request, the method comprising the processor:
-
receiving a data access request from an entity outside a security boundary, the data access request requesting data maintained inside the security boundary; accessing a response for the data access request from an exposed endpoint, the exposed endpoint for an internal identity used inside the security boundary, the entity having been mapped to the internal identity; decoupling the exposed endpoint from the entity by rewriting the response to make it appear that a component of a brokering pipeline inside the security boundary generated the response; and sending the re-written response to the entity. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
20. A computer program product for use at a computer system, the computer program product for implementing a method for brokering a data access request, the computer program product comprising one or more computer storage devices having stored thereon computer-executable instructions that, when executed at a processor, cause the computer system to perform the method, including the following:
-
receive a data access request from an entity outside a security boundary, the data access request requesting data maintained inside the security boundary; access a response for the data access request from an exposed endpoint, the exposed endpoint for an internal identity used inside the security boundary, the entity having been mapped to the internal identity; decouple the exposed endpoint from the entity by rewriting the response to make it appear that a component of a brokering pipeline inside the security boundary generated the response; and send the re-written response to the entity.
-
Specification