Trusted construction of message endpoints in a distributed computing environment
First Claim
1. A method for creating a message endpoint on a device in a distributed computing environment, the method comprising:
- receiving a request to create a message endpoint for a client on the device to communicate with a service within the distributed computing environment;
obtaining an indication of a message schema for communication with the service and obtaining a service address for communication with the service;
constructing said message endpoint, wherein said message endpoint is configured to send messages according to said message schema to said service address; and
wherein said constructing is performed within a runtime environment of said device.
2 Assignments
0 Petitions
Accused Products
Abstract
In a distributed computing environment, a message gate may be the message endpoint for a client or service to communicate with another client or service. Devices may have a gate factory (e.g. message endpoint constructor) that is trusted code on the device for generating gates based on XML message descriptions. The use of the gate factory may ensure that the gate it generates is also trusted code, and that the code is correct with respect to a service advertisement. A service advertisement may indicate, for a particular service, a message schema, service URI and authentication service URI. In one embodiment, the pieces the gate factory needs to construct a gate are the XML schema of the service and the URI of the service. In another embodiment, an authentication credential may also be obtained and used in gate construction by running an authentication service specified in the service advertisement. A gate factory for a device may generate gate code that may incorporate the language, security, type safety, and/or execution environment characteristics of the local device platform. By constructing gates itself, a device has the ability to ensure that the generated gate code is relatively bug-free, produces only valid data, and provides type-safety.
337 Citations
43 Claims
-
1. A method for creating a message endpoint on a device in a distributed computing environment, the method comprising:
-
receiving a request to create a message endpoint for a client on the device to communicate with a service within the distributed computing environment;
obtaining an indication of a message schema for communication with the service and obtaining a service address for communication with the service;
constructing said message endpoint, wherein said message endpoint is configured to send messages according to said message schema to said service address; and
wherein said constructing is performed within a runtime environment of said device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
locating a service advertisement for said service, wherein said service advertisement indicates said message schema, said service and an authentication service; and
requesting an authentication credential from said authentication service, wherein said authentication credential indicates that said client is authorized to access said service; and
wherein said constructing said message endpoint is not performed until said authentication credential is received.
-
-
10. The method as recited in claim 9, wherein said authentication credential indicates that said client is authorized to access a portion capabilaties of said service, wherein said obtaining an indication of a message schema comprises obtaining a portion of the message schema corresponding only to said portion capabilities of said service that said client is authorized to access, and wherein said constructing said message endpoint comprises constructing said message endpoint to verify that messages sent from said client to said service correspond to messages described by said portion of the message schema.
-
11. The method as recited in claim 9, wherein said requesting an authentication credential from said authentication service comprises a message endpoint constructor sending an authentication credential request message to an address for said authentication service specified in said service advertisement.
-
12. The method as recited in claim 11, wherein said authentication credential request message is sent from a dedicated authentication service message endpoint within said message endpoint constructor.
-
13. The method as recited in claim 1, wherein said obtaining an indication of a message schema comprises obtaining said message schema, wherein said message schema describes messages to be sent from said client to said service to access said service, and wherein said constructing said message endpoint comprises constructing said message endpoint to verify that messages sent from said client to said service comply with said message schema.
-
14. The method as recited in claim 13, wherein said message schema further describes messages to be sent from said service to said client, and wherein said constructing said message endpoint comprises constructing said message endpoint to verify that messages received from said service comply with said message schema.
-
15. The method as recited in claim 13, wherein said schema is an eXtensible Markup Language (XML) schema and said messages described by said schema are XML messages.
-
16. The method as recited in claim 1, wherein said constructing said message endpoint comprises binding said message endpoint to said service address so that said message endpoint is configured to send messages only to said service.
-
17. The method as recited in claim 1, wherein said constructing said message endpoint comprises associating a security check with said message endpoint wherein only said client is authorized to send messages from said message endpoint.
-
18. The method as recited in claim 1, wherein said message endpoint comprises computer executable code configured to run within said runtime environment of said device.
-
19. The method as recited in claim 1, further comprising constructing a service message endpoint for said service for receiving messages from said message endpoint for said client.
-
20. The method as recited in claim 19, wherein said service message endpoint is configured to send messages only to said client and said message endpoint for said client is configured for sending messages only to said service, wherein said service message endpoint and said message endpoint for said client provide for a bi-directional communication channel between said service and said client.
-
21. The method as recited in claim 1, wherein said obtaining an indication of a message schema comprises:
-
negotiating an authentication credential from an authentication service specified by a service advertisement for the service, wherein said authentication credential indicates a level of capabilities of the service that the client is authorized to access; and
receiving said authentication credential; and
wherein said constructing said message endpoint comprises constructing said message endpoint according to said message schema for the level of capabilities that the client is authorized.
-
-
22. A device in a distributed computing environment, comprising:
-
a client on the device configured to request a message endpoint to communicate with a service within the distributed computing environment;
a message endpoint constructor configured to obtain an indication of a message schema for communication with said service and to obtain a service address for communication with the service;
said message endpoint constructor configured to construct said message endpoint, wherein said messages configured to send messages according to said message schema to said service address; and
wherein said message endpoint constructor operates within a runtime environment of said client device. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
wherein said client is configured to locate a service advertisement for said service, wherein said service advertisement indicates said message schema, said service and an authentication service; - and
wherein said message endpoint constructor is configured to;
request an authentication credential from said authentication service, wherein said authentication credential indicates that said client is authorized to access said service; and
not construct said message endpoint until said authentication credential is received.
-
-
31. The device as recited in claim 30, wherein said authentication credential indicates that said client is authorized to access a portion capabilities of said service, wherein said message endpoint constructor is configured to obtain a portion of the message schema corresponding only to said portion capabilities of said service that said client is authorized to access, and wherein said message endpoint constructor is further configured to construct said message endpoint to verify that messages sent from said client to said service correspond to messages described by said portion of the message schema.
-
32. The device as recited in claim 30, wherein said message endpoint constructor is configured to send an authentication credential request message to an address for said authentication service specified in said service advertisement.
-
33. The device as recited in claim 32, wherein said message endpoint constructor comprises a dedicated authentication service message endpoint for sending said authentication credential request message.
-
34. The device as recited in claim 22, wherein said message endpoint constructor is configured to obtain said message schema, wherein said message schema describes messages to be sent from said client to said service to access said service, and wherein said message endpoint constructor is further configured to construct said message endpoint to verify that messages sent from said client to said service comply with said message schema.
-
35. The device as recited in claim 34, wherein said message schema further describes messages to be sent from said service. to said client, and wherein said message endpoint constructor is configured to construct said message endpoint to verify that messages received from said service comply with said message schema.
-
36. The method as recited in claim 34, wherein said schema is an eXtensible Markup Language (XML) schema and said messages described by said schema are XML messages.
-
37. The device as recited in claim 22, wherein said message endpoint constructor is configured to bind said message endpoint to said service address so that said message endpoint is configured to send messages only to said service.
-
38. The device as recited in claim 22, wherein said message endpoint constructor is configured to associate a security check with said message endpoint wherein only said client is authorized to send messages from said message endpoint.
-
39. The device as recited in claim 22, wherein said message endpoint comprises computer executable code configured to run within said runtime environment of said device.
-
40. The device as recited in claim 22, wherein said message endpoint for said client is configured for sending messages to a service message endpoint for said service.
-
41. The device as recited in claim 40, wherein said service message endpoint is configured to send messages only to said client and said message endpoint for said client is configured for sending messages only to said service, wherein said service message endpoint and said message endpoint for said client provide for a bi-directional communication channel between said service and said client.
-
42. The device as recited in claim 22, wherein said wherein said message endpoint constructor is configured to:
-
negotiate an authentication credential from an authentication service specified by a service advertisement for the service, wherein said authentication credential indicates a level of capabilities of the service that the client is authorized to access; and
receive said authentication credential; and
construct said message endpoint according to said message schema for the level of capabilities that the client is authorized.
-
-
43. A carrier medium comprising program instructions, wherein the program instructions are computer-executable on a device to implement:
-
receiving a request to create a message endpoint for a client on the device to communicate with a service within the distributed computing environment;
obtaining an indication of a message schema for communication with the service and obtaining a service address for communication with the service;
constructing said message endpoint, wherein said message endpoint is configured to send messages according to said message schema to said service address; and
wherein said constructing is performed within a runtime environment of said device.
-
Specification