Mechanism and apparatus for security of newly spawned repository spaces in a distributed computing environment

US 6,973,493 B1
Filed: 08/31/2000
Issued: 12/06/2005
Est. Priority Date: 05/09/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method comprising:

accessing a first space, wherein the first space comprises a first network-addressable storage location, wherein information usable to access the first space is provided in an advertisement for the first space, wherein the advertisement for the first space comprises a first schema, and wherein the first schema specifies one or more messages usable to invoke functions of the first space;

a requesting client requesting creation of a second space by sending to the first space one of the messages specified by the first schema;

creating the second space in response to the requesting client requesting creation of the second space, wherein the second space is initially configured to permit access only to the requesting client, wherein the second space comprises a second network-addressable storage location, wherein information usable to access the second space is provided in an advertisement for the second space, wherein the advertisement for the second space comprises a second schema, and wherein the second schema specifies one or more messages usable to invoke functions of the second space; and

the requesting client accessing the second space by sending to the second space one of the messages specified by the second schema.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for providing security for newly spawned spaces in a distributed computing environment. A client may access a first space service. The creation of a second space may be requested, such as by the client sending an appropriate request to an interface of the first space. In one embodiment, the first space and second space may share a common storage model, storage facility, and/or XML schema. The second space may initially be configured to permit access only to the requesting client. In one embodiment, a root authentication token is created for the second space. An authentication service associated with the second space may be initialized, whereby the second space is configured to permit access only to a client holding the root authentication token. The root authentication token may be sent to the requesting client or service. The requesting client may send the root authentication token to a second client. The second client may then access the second space by sending to the second space at least one of the messages specified in the second schema along with the root authentication token. The requesting client may also modify the initially configured security policy of the second space such that the second space is configured to permit access to other clients.

Citations

33 Claims

1. A method comprising:
- accessing a first space, wherein the first space comprises a first network-addressable storage location, wherein information usable to access the first space is provided in an advertisement for the first space, wherein the advertisement for the first space comprises a first schema, and wherein the first schema specifies one or more messages usable to invoke functions of the first space;
  
  a requesting client requesting creation of a second space by sending to the first space one of the messages specified by the first schema;
  
  creating the second space in response to the requesting client requesting creation of the second space, wherein the second space is initially configured to permit access only to the requesting client, wherein the second space comprises a second network-addressable storage location, wherein information usable to access the second space is provided in an advertisement for the second space, wherein the advertisement for the second space comprises a second schema, and wherein the second schema specifies one or more messages usable to invoke functions of the second space; and
  
  the requesting client accessing the second space by sending to the second space one of the messages specified by the second schema.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising:
    - creating a root authentication token for the second space;
      
      initializing an authentication service associated with the second space, whereby the second space is configured to permit access only to a client holding the root authentication token; and
      
      sending the root authentication token to the requesting client.
  - 3. The method of claim 2, further comprising:
    - the requesting client sending the root authentication token to a second client; and
      
      the second client accessing the second space by sending to the second space one of the messages specified by the second schema.
  - 4. The method of claim 1, further comprising:
    - the requesting client modifying a security policy of the second space, whereby the second space is configured to permit access to a second client.
  - 5. The method of claim 4, further comprising:
    - the second client reading a service advertisement from the second space, wherein the service advertisement comprises information usable to execute a corresponding service.
  - 6. The method of claim 1,wherein the accessing the first space comprises sending information to the first space at a first Uniform Resource Identifier (URI);
    - andwherein the requesting client accessing the second space comprises the requesting client sending information to the second space at a second URI.
  - 7. The method of claim 1,wherein the first schema is expressed in a data representation language;
    - andwherein the second schema is expressed in the data representation language.
  - 8. The method of claim 7,wherein the data representation language comprises eXtensible Markup Language (XML).
  - 9. The method of claim 1, further comprising:
    - reading a service advertisement stored in the first space, wherein the service advertisement comprises information which is usable to access and execute a second service;
      
      using the information in the service advertisement to execute the second service;
      
      generating a set of results of the second service in response to the executing the second service; and
      
      publishing the set of results of the second service in the second space;
      
      wherein the requesting creation of the second space comprises requesting creation of the second space for storage of the set of results of the service.
  - 10. The method of claim 1,wherein the accessing the first space comprises accessing the first space at a first address to a storage facility;
    - wherein the creating the second space comprises creating a second address to the storage facility; and
      
      wherein the accessing the second space comprises accessing the second space at the second address to the storage facility.
  - 11. The method of claim 1,wherein the functions of the first space comprise storing information in the first space and reading information from the first space;
    - andwherein the functions of the second space comprise storing information in the second space and reading information from the second space.

12. A system comprising:
- a first client;
  
  a first space which is communicatively coupled to the client, wherein the first space comprises a first network-addressable storage location, wherein information usable to access the first space is provided in an advertisement for the first space, wherein the advertisement for the first space comprises a first schema, and wherein the first schema specifies one or more messages usable to invoke functions of the first space;
  
  wherein the first client is operable to;
  
  access the first space;
  
  request creation of a second space by sending to the first space one of the messages specified by the first schema, wherein the second space is initially configured to permit access only to the first client, wherein the second space comprises a second network-addressable storage location, wherein information usable to access the second space is provided in an advertisement for the second space, wherein the advertisement for the second space comprises a second schema, and wherein the second schema specifies one or more messages usable to invoke functions of the second space; and
  
  access the second space by sending to the second space one of the messages specified by the second schema.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The system of claim 12,wherein the second space is configured to permit access only to a client holding a root authentication token;
    - andwherein the second space is operable to send the root authentication token to the first client.
  - 14. The system of claim 13, further comprising:
    - a second client which is communicatively coupled to the first client and the second space;
      
      wherein the first client is operable to send the root authentication token to the second client; and
      
      wherein the second client is operable to access the second space by sending to the second space one of the messages specified by the second schema.
  - 15. The system of claim 12, further comprising:
    - a second client which is communicatively coupled to the first client and the second space;
      
      wherein the first client is operable to modify a security policy of the second space, whereby the second space is configured to permit access to the second client.
  - 16. The system of claim 15,wherein the second client is operable to read a service advertisement from the second space, wherein the service advertisement comprises information usable to execute a corresponding service.
  - 17. The system of claim 12,wherein in accessing the first space, the first client is operable to send information to the first space at a first URI;
    - andwherein in accessing the second space, the first client is operable to send information to the second space at a second URI.
  - 18. The system of claim 12,wherein the first schema is expressed in a data representation language;
    - andwherein the second schema is expressed in the data representation language.
  - 19. The system of claim 18,wherein the data representation language comprises eXtensible Markup Language (XML).
  - 20. The system of claim 12, further comprising:
    - a service which is communicatively coupled to the first client and to the first space;
      
      wherein the first client is operable to read a service advertisement stored in the first space, wherein the service advertisement comprises information which is usable to access and execute the service;
      
      wherein the service is operable to;
      
      generate a set of results of executing the service;
      
      create the second space; and
      
      publish the set of results in the second space.
  - 21. The system of claim 12,wherein in accessing the first space, the first client is operable to access the first space at a first address to a storage facility;
    - wherein in requesting creation of the second space, the first client is operable to request creation of a second address to the storage facility; and
      
      wherein in accessing the second space, the first client is operable to access the second space at the second address to the storage facility.
  - 22. The system of claim 12,wherein the functions of the first space comprise storing information in the first space and reading information from the first space;
    - andwherein the functions of the second space comprise storing information in the second space and reading information from the second space.

23. A carrier medium comprising program instructions which are computer-executable to implement:
- accessing a first space, wherein the first space comprises a first network-addressable storage location, wherein information usable to access the first space is provided in an advertisement for the first space, wherein the advertisement for the first space comprises a first schema, and wherein the first schema specifies one or more messages usable to invoke functions of the first space;
  
  a requesting client requesting creation of a second space by sending to the first space one of the messages specified by the first schema;
  
  creating the second space in response to the requesting client requesting creation of the second space, wherein the second space is initially configured to permit access only to the requesting client, wherein the second space comprises a second network-addressable storage location, wherein information usable to access the second space is provided in an advertisement for the second space, wherein the advertisement for the second space comprises a second schema, and wherein the second schema specifies one or more messages usable to invoke functions of the second space; and
  
  the requesting client accessing the second space by sending to the second space one of the messages specified by the second schema.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 24. The carrier medium of claim 23, wherein the program instructions are further computer-executable to implement:
    - creating a root authentication token for the second space;
      
      initializing an authentication service associated with the second space, whereby the second space is configured to permit access only to a client holding the root authentication token; and
      
      sending the root authentication token to the requesting client.
  - 25. The carrier medium of claim 24, wherein the program instructions are further computer-executable to implement:
    - the requesting client sending the root authentication token to a second client; and
      
      the second client accessing the second space by sending to the second space one of the messages specified by the second schema.
  - 26. The carrier medium of claim 23, wherein the program instructions are further computer-executable to implement:
    - the requesting client modifying a security policy of the second space, whereby the second space is configured to permit access to a second client.
  - 27. The carrier medium of claim 26, wherein the program instructions are further computer-executable to implement:
    - the second client reading a service advertisement from the second space, wherein the service advertisement comprises information usable to execute a corresponding service.
  - 28. The carrier medium of claim 23,wherein in the accessing the first space, the program instructions are further computer-executable to implement sending information to the first space at a first URI;
    - andwherein in the requesting client accessing the second space, the program instructions are further computer-executable to implement the requesting client sending information to the second space at a second URI.
  - 29. The carrier medium of claim 23,wherein the first schema is expressed in a data representation language;
    - andwherein the second schema is expressed in the data representation language.
  - 30. The carrier medium of claim 29,wherein the data representation language comprises eXtensible Markup Language (XML).
  - 31. The carrier medium of claim 23, wherein the program instructions are further computer-executable to implement:
    - reading a service advertisement stored in the first space, wherein the service advertisement comprises information which is usable to access and execute a second service;
      
      using the information in the service advertisement to execute the second service;
      
      generating a set of results of the second service in response to the executing the second service; and
      
      publishing the set of results of the second service in the second space;
      
      wherein in the requesting creation of the second space, the program instructions are further computer-executable to implement requesting creation of the second space for storage of the set of results of the second service.
  - 32. The carrier medium of claim 23,wherein in the accessing the first space, the program instructions are further computer-executable to implement accessing the first space at a first address to a storage facility;
    - wherein in the creating the second space, the program instructions are further computer-executable to implement creating a second address to the storage facility; and
      
      wherein in the accessing the second space, the program instructions are further computer-executable to implement accessing the second space at the second address to the storage facility.
  - 33. The carrier medium of claim 23,wherein the functions of the first space comprise storing information in the first space and reading information from the first space;
    - andwherein the functions of the second space comprise storing information in the second space and reading information from the second space.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Slaughter, Gregory L., Abdelaziz, Mohamed M., Saulpaugh, Thomas E., Traversat, Bernard A.
Primary Examiner(s)
Wiley, David
Assistant Examiner(s)
Lezak, Arrienne M.

Application Number

US09/653,241
Time in Patent Office

1,923 Days
Field of Search

709/225, 709/212, 709/216, 709/229
US Class Current

709/225
CPC Class Codes

G06Q 30/0231   Awarding of a frequent usag...

G06Q 30/0277   Online advertisement

H04L 63/08   for authentication of entit...

H04L 67/10   in which an application is ...

Mechanism and apparatus for security of newly spawned repository spaces in a distributed computing environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Mechanism and apparatus for security of newly spawned repository spaces in a distributed computing environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links