Message gates in a distributed computing environment
First Claim
1. A method for communicating in a distributed computing environment, comprising:
- receiving a message in a data representation language from a source to be sent to a destination, wherein said source is a client in the distributed computing environment and said destination is a service in the distributed computing environment;
receiving a data representation language schema, wherein said data representation language schema defines a message interface for accessing the service;
generating a message endpoint for the client according to said data representation language schema, wherein said message endpoint performs;
verifying type correctness of said message according to a said data representation language schema; and
attaching an authentication credential to said message, wherein said authentication credential identifies said client; and
sending said message to said service.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of message gates are described. A message gate is the message endpoint for a client or service in a distributed computing environment. A message gate may provide a secure endpoint that sends and receives type-safe messages. Gates may perform the sending and receiving of messages between clients and services using a protocol specified in a service advertisement. In one embodiment, the messages are eXtensible Markup Language (XML) messages. For a client, a message gate represents the authority to use some or all of a service'"'"'s capabilities. Each capability may be expressed in terms of a message that may be sent to the service. Creation of a message gate may involve an authentication service that generates an authentication credential, and that may negotiate the desired level of security and the set of messages that may be passed between client and service. A message gate may perform verification of messages against a message schema to ensure that the messages are allowed. Message gates may embed the authentication credential in outgoing messages so that the receiving message gate may authenticate the message. Messages may also include information to allow the receiving gate to verify that the message has not been compromised prior to receipt.
425 Citations
40 Claims
-
1. A method for communicating in a distributed computing environment, comprising:
-
receiving a message in a data representation language from a source to be sent to a destination, wherein said source is a client in the distributed computing environment and said destination is a service in the distributed computing environment;
receiving a data representation language schema, wherein said data representation language schema defines a message interface for accessing the service;
generating a message endpoint for the client according to said data representation language schema, wherein said message endpoint performs;
verifying type correctness of said message according to a said data representation language schema; and
attaching an authentication credential to said message, wherein said authentication credential identifies said client; and
sending said message to said service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A device, comprising:
-
a processor;
a memory coupled to said processor comprising program instructions, wherein the program instructions are configured to implement;
a message gate unit configured to;
receive a message in a data representation language from a source to be sent to a destination, wherein said source is a process executed by said processor from said memory, wherein said source is a client process in a distributed computing environment and said destination is a service in the distributed computing environment;
receive a data representation language schema, wherein said data representation language schema defines a message interface for accessing the service;
generate said message gate unit according to said data representation language schema, wherein said message gate unit is configured to;
verify type correctness of said message according to said data representation language schema; and
attach an authentication credential to said message, wherein said authentication credential identifies said source; and
send said message to said destination. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A carrier medium comprising program instructions, wherein the program instructions are computer-executable to implement:
-
receiving a message in a data representation language from a source to be sent to a destination, wherein said source is a client in a distributed computing environment and said destination is a service in the distributed computing environment;
receiving a data representation language schema, wherein said data representation language schema defines a message interface for accessing the service;
generating a message endpoint for the client according to said data representation language schema, wherein said message endpoint performs;
verifying type correctness of said message according to a said data representation language schema;
attaching an authentication credential to said message, wherein said authentication credential identifies said source; and
sending said message to said destination. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40)
-
Specification