Methods and apparatus for facilitating security in a network
First Claim
1. A method for facilitating security in a system, wherein the system includes a manager module used in routing a security request associated with an application to a security service module, comprising:
- receiving data indicative of a security request from a first module associated with an application, wherein said first module identified said security request and said security request is associated with said application;
selecting a security service module capable of processing said security request after said receiving said data indicative of a security request from said first modules, wherein said selecting a security service module is performed dynamically based at least in part on information associated with at least one of said data indicative of a security request and data indicative of a security policy; and
providing at least some of said data indicative of said security request to a second module capable of calling said security service module to process said security request, wherein said second module is associated with said security service module.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, method, apparatus, means, and computer program code for facilitating security in a network, particularly a distributed network. According to embodiments of the present invention an apparatus or system may include a manager in communication with one or more mappers and one or more adapters for facilitating security requests that may be associated with an application or its environment. An adapter may be associated with an application to identify security requests associated with the application. Similarly, a mapper may be associated with a security service to facilitate communication to and from the security service regarding security requests.
221 Citations
47 Claims
-
1. A method for facilitating security in a system, wherein the system includes a manager module used in routing a security request associated with an application to a security service module, comprising:
-
receiving data indicative of a security request from a first module associated with an application, wherein said first module identified said security request and said security request is associated with said application;
selecting a security service module capable of processing said security request after said receiving said data indicative of a security request from said first modules, wherein said selecting a security service module is performed dynamically based at least in part on information associated with at least one of said data indicative of a security request and data indicative of a security policy; and
providing at least some of said data indicative of said security request to a second module capable of calling said security service module to process said security request, wherein said second module is associated with said security service module. - View Dependent Claims (2, 3, 4, 5, 6, 7)
receiving from said second module associated with said security service module data indicative of a response from said security service module regarding said security request, wherein said data indicative of a response is in a format independent of said security service module.
-
-
3. The method of claim 2, further comprising:
providing at least some of said data indicative of said response to said first module associated with said application, wherein said data indicative of said response is in a format independent of said application.
-
4. The method of claim 1, further comprising:
initiating a module capable of configuring said manager module.
-
5. The method of claim 4, wherein said configuring adds said manager module to said system.
-
6. The method of claim 1, wherein said data indicative of a security request is in a format independent of said application.
-
7. A computer readable storage media having computer readable code implementing a method for facilitating security in a system, wherein said code includes statements for performing the method of claim 1.
-
8. A method for facilitating security in a system, wherein the system includes an adapter module associated with an application, comprising:
-
identifying a security request associated with said application; and
providing data indicative of said security request to a module in said system that can dynamically select a security service module to process said security request based at least in part on at least one of said security request and a security policy of said system, wherein said data indicative of said security request is in a format independent of said application. - View Dependent Claims (9, 10, 11, 12, 13)
receiving from said module data indicative of a response to said security request, wherein said data indicative of a response is independent of said security service module.
-
-
10. The method of claim 9, further comprising:
providing a response regarding said security request to said application, wherein said response is based on said data indicative of a response.
-
11. The method of claim 8, further comprising:
initiating a module capable of configuring said adapter module and associating said adapter module with said application.
-
12. The method of claim 11, wherein said configuring adds said adapter module to said system.
-
13. A computer readable storage media having computer readable code implementing a method for facilitating security in a system, wherein said code includes statements for performing the method of claim 8.
-
14. A method for facilitating security in a system, wherein the system includes a mapper module associated with a security service module, comprising:
-
receiving data indicative of a security request associated with an application from a module capable of dynamically selecting said security service module to process said security request based at least in part on at least one of said security request and a security policy of said system, wherein said data associated with said security request is in a format independent of said application; and
providing data indicative of said security request to said security service module. - View Dependent Claims (15, 16, 17, 18, 19)
receiving a response regarding said security request from said security service module.
-
-
16. The method of claim 15, further comprising:
providing data indicative of said response to said module, wherein said data indicative of said response is in a format independent of said security service module.
-
17. The method of claim 14, further comprising:
initiating a module capable of configuring said mapper module and associating said mapper module with said security service module.
-
18. The method of claim 17, wherein said configuring adds said mapper module to said system.
-
19. A computer readable storage media having computer readable code implementing a method for facilitating security in a system, wherein said code includes statements for performing the method of claim 14.
-
20. A method for facilitating security in system that includes an adapter module associated with an application, at least one mapper module associated with at least one respective security service module, and a manager module in communication with the adapter module and the at least one mapper module, comprising the steps of:
-
identifying, by said adapter module, a security request associated with an application;
selecting, by said manager module, a security service module that can process said security request, wherein said selecting is performed dynamically based at least in part on data associated with at least one of said security request and a security policy of said system;
calling, by said mapper module, said security service module;
receiving, by said mapper module, a response to said security request from said security service module; and
providing, by said adapter module, said response to said application. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 29, 30)
extracting data from said security request.
-
-
22. The method of claim 21, further comprising:
translating said data using a designated protocol.
-
23. The method of claim 22, wherein said protocol is independent of said application.
-
24. The method of claim 22, wherein said protocol is independent of said security service module.
-
25. The method of claim 20, further comprising:
mapping an attribute of one security domain to an attribute in another security domain.
-
26. The method of claim 20, further comprising:
determining a security requirement associated with said security request.
-
27. A computer readable storage media having computer readable code implementing a method for facilitating security in a system, wherein said code includes statements for performing the method of claim 20.
-
29. A computer readable storage media having computer readable code implementing a method for facilitating security in a system, wherein said code includes statements for performing the method of claim 23.
-
30. The method of claim 23, further comprising:
determining a security requirement associated with said security request.
-
28. A method for facilitating security in a system that includes an adapter module associated with an application, at least one mapper module associated with at least one respective security service module, and a manager module in communication with the adapter module and the at least one mapper module, comprising the steps of:
-
identifying, by said adapter module, a first security request associated with an application;
translating, by said adapter module, said first security request to create data indicative of said first security request;
selecting, by said manager module, a security service module that can process said first security request, said selecting performed dynamically based at least in part on data associated with at least one of said first security request and a security policy of said system;
creating, by said mapper module, a second security request directed to said security service module and based on said data indicative of said first security request;
calling, by said mapper module, said security service module;
receiving, by said mapper module, a first response from said security service module regarding said second security request;
translating, by said mapper module, said first response to create data indicative of said first response;
creating, by said adapter module, a second response regarding said first security request based on said data indicative of said first response; and
providing, by said adapter module, said second response to said application.
-
-
31. A system for facilitating security in a system, comprising:
-
an adapter module associated with an application;
a mapper module associated with a security service module;
a manager module in communication with said adapter module and said mapper module;
wherein said adapter module can identify a security request associated with said application, provide data indicative of said security request to said manager module, and provide a response to said application regarding said security request after receiving data indicative of said response from said manager module;
wherein said manager module can receive said data indicative of said security request from said adapter module, dynamically determine to provide said data indicative of said security request to said mapper module if said security service module associated with said mapper module can process said security request, and provide data indicative of said response to said adapter module after receiving said data indicative of said response from said mapper module; and
wherein said mapper module can receive said data indicative of said security request from said manager module, prepare a security service module version of said security request, calls said security service module to process said security service module version of said security request, receives a response to said security service module version of said security request from said security service module, and provide data indicative of said response to said manager module. - View Dependent Claims (33, 34, 35)
-
-
32. A module for facilitating security in a network, comprising:
an adapter module, wherein said adapter module is operative to identify a security request associated with an application, provide data indicative of said security request to a manager module capable of dynamically selecting a security service module to process said security request based at least in part on said data indicative of said security request, and provide a response to said application regarding said security request after receiving data indicative of said response from said manager module.
-
36. A module for facilitating security in a system, comprising:
a manager module, wherein said manager module is operative to receive data indicative of a security request associated with an application from an adapter module associated with said application, dynamically determine a security service module to process said security request based at least in part on said data indicative of a security request, provide data indicative of said security request to a mapper module associated with said security service module, and provide data indicative of a response regarding said security request to said adapter module after receiving said data indicative of said response from said mapper module. - View Dependent Claims (37, 38, 39, 40, 41, 42)
-
43. A module for facilitating security in a system, comprising:
a mapper module associated with a security service module, wherein said mapper module is dynamically selected by a manager module to receive from the manager module data indicative of a security request associated with an application, prepare a version of said security request specific to a security service module selected by said manager module, call said security service module to process said security service module specific version of said security request, receive a response to said security service module version of said security request from said security service module, and provide data indicative of said response to said manager module. - View Dependent Claims (44, 45, 46)
-
47. An apparatus for facilitating security in a system, wherein the system includes a manager module used in dynamically routing a security request associated with an application to a security service module, comprising:
-
means for obtaining data indicative of a security request from a first module associated with an application and that identified said security request;
means for dynamically identifying a security service module capable of processing said security request after said data indicative of a security request is obtained based at least in part on said data indicative of a security request; and
means for sending at least some of said data indicative of said security request to a second module capable of calling said security service module to process said security request.
-
Specification