System and method for secure message-based leasing of resources in a distributed computing environment

US 7,188,251 B1
Filed: 08/31/2000
Issued: 03/06/2007
Est. Priority Date: 05/09/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method for managing resources provided for clients by services in a distributed computing environment, comprising:

a client obtaining a credential for allowing said client to lease access to a resource provided by a service;

said client sending a service request message in a data representation language referencing said resource, wherein said service request message includes said credential and specifies a first requested lease period;

said service receiving said service request message;

examining said credential included in said service request message to determine if said credential is authentic;

said service granting to said client access to said referenced resource for a first granted lease period if said examining determines said credential is authentic; and

said service not granting to said client access to said referenced resource if said examining determines said credential is not authentic.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for providing message-based leasing of resources in a distributed computing environment. Services may issue leases to clients and provide operations on those leases. The lease functionality of a service may be defined in an XML message schema. Gates may be used to perform lease operations. Leases may be granted for a period that may be negotiated. Leasing messages for performing leasing operations may be defined. The leasing messages may include messages to renew a lease and to cancel a lease. Leasing messages may include embedded credentials for authenticating the sender of the message. A client may embed a credential in messages sent to the service. The service may then authenticate the credential when received in a message from the client. The issuing and embedding of credentials in leasing messages may be used to provide a secure leasing environment, effectively prohibiting anyone but an authorized, credentialed client (and the service issuing the lease) from performing functions on the lease.

215 Citations

68 Claims

1. A method for managing resources provided for clients by services in a distributed computing environment, comprising:
- a client obtaining a credential for allowing said client to lease access to a resource provided by a service;
  
  said client sending a service request message in a data representation language referencing said resource, wherein said service request message includes said credential and specifies a first requested lease period;
  
  said service receiving said service request message;
  
  examining said credential included in said service request message to determine if said credential is authentic;
  
  said service granting to said client access to said referenced resource for a first granted lease period if said examining determines said credential is authentic; and
  
  said service not granting to said client access to said referenced resource if said examining determines said credential is not authentic.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 2. The method as recited in claim 1, further comprising said service sending a service request response message in said data representation language advising said client of said first granted lease period, wherein said service request response message includes said credential.
  - 3. The method as recited in claim 2,wherein said service comprises a service process and a service message endpoint operatively coupled to said service process and operable to receive request messages from and send response messages to said client in said data representation language;
    - wherein said receiving said service request message and said sending a service request response message are performed by said service message endpoint on behalf of said service process; and
      
      wherein said examining said credential included in said service request message is performed by said service message endpoint.
  - 4. The method as recited in claim 3, wherein said credential is included in said service request response message by said service message endpoint.
  - 5. The method as recited in claim 2, further comprising:
    - said client receiving said service request response message; and
      
      said client examining said credential included in said service request response message to determine if said credential is the same as said credential included in said service request message sent to said service by said client.
  - 6. The method as recited in claim 5,wherein said client comprises a client process and a client message endpoint operatively coupled to said client process and operable to send request messages to and receive response messages from said service in said data representation language;
    - wherein said sending a service request message and said receiving said service request response message are performed by said client message endpoint on behalf of said client process; and
      
      wherein said credential is included in said service request message by said client message endpoint.
  - 7. The method as recited in claim 6, wherein said examining said credential included in said service request response message is performed by said client message endpoint.
  - 8. The method as recited in claim 1, further comprising:
    - said client sending, prior to said first granted lease period expiring, a lease renewal message in said data representation language referencing said resource provided by said service, wherein said lease renewal message includes said credential and specifies a second requested lease period;
      
      said service receiving, prior to said first granted lease period expiring, said lease renewal message.
  - 9. The method as recited in claim 8, further comprising:
    - said service examining said credential included in said lease renewal message to determine if said credential is authentic;
      
      said service granting to said client access to said referenced resource for a second granted lease period if said examining determines said credential is authentic; and
      
      said service not granting to said client access to said referenced resource if said examining determines said credential is not authentic.
  - 10. The method as recited in claim 9, wherein said examining said credential included in said lease renewal message by said service comprises comparing said credential included in said lease renewal message with said credential included in said service request message, wherein said credential included in said lease renewal message is determined to be authentic if identical to said credential included in said service request message.
  - 11. The method as recited in claim 9, further comprising said service sending a lease renewal response message in said data representation language advising said client of said second granted lease period, wherein said lease renewal response message includes said credential.
  - 12. The method as recited in claim 11, further comprising:
    - said client receiving said lease renewal response message; and
      
      said client examining said credential included in said lease renewal response message to determine if said credential is the same as said credential included in said lease renewal message sent to said service.
  - 13. The method as recited in claim 1, further comprising:
    - said client sending a lease cancel message in said data representation language referencing said resource, wherein said lease cancel message includes said credential;
      
      said service receiving said lease cancel message;
      
      said service examining said credential included in said lease cancel message to determine if said credential is authentic;
      
      said service terminating said first granted lease period for accessing said resource if said examining determines said credential is authentic; and
      
      said service not terminating said first granted lease period for accessing said resource if said examining determines said credential is not authentic.
  - 14. The method as recited in claim 13, further comprising:
    - said service sending a lease cancel acknowledgment message in said data representation language advising said first granted lease period for accessing said resource is terminated; and
      
      said client receiving said lease cancel acknowledgment message.
  - 15. The method as recited in claim 1, further comprising said service providing a service advertisement comprising:
    - a data representation language message schema comprising descriptions of data representation language messages for managing leases of resources provided by said service; and
      
      an address for said service receiving said data representation language messages for managing leases of resources provided by said service.
  - 16. The method as recited in claim 15, further comprising said client generating said service request message in accordance with a description of said service request message comprised in said descriptions of data representation language messages.
  - 17. The method as recited in claim 15, wherein said service request message is sent by said client to said address, and wherein said service request message is received by said service at said address.
  - 18. The method as recited in claim 15, wherein said address is a Uniform Resource Identifier (URI).
  - 19. The method as recited in claim 1, wherein said obtaining said credential comprises:
    - said client sending to an authentication service information identifying said client; and
      
      said client receiving from said authentication service said credential.
  - 20. The method as recited in claim 19, wherein said examining said credential included in said service request message comprises:
    - said service sending to said authentication service said credential included in said service request message; and
      
      said service receiving from said authentication service indication if said credential is authentic.
  - 21. The method as recited in claim 1, further comprising terminating said granted access when said first granted lease period expires.
  - 22. The method as recited in claim 1, wherein said service is a space service comprising a plurality of service advertisements for enabling access by clients to resources provided by a plurality of services, and wherein said resource is a service advertisement for a first service of the plurality of services.
  - 23. The method as recited in claim 1, wherein said data representation language is extensible Markup Language (XML).
  - 24. The method as recited in claim 1, wherein said first granted lease period is less than or equal to said first requested lease period.

25. A method for managing resources provided by services in a distributed computing environment, comprising:
- receiving from a client a service request message in a data representation language referencing a resource provided by a service, wherein said service request message specifies a first requested lease period and includes a credential for allowing said client lease access to resources provided by said service;
  
  examining said credential included in said service request message to determine if said credential is authentic;
  
  granting to said client access to said referenced resource for a first granted lease period if said examining determines said credential is authentic; and
  
  not granting to said client access to said referenced resource if said examining determines said credential is not authentic.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 26. The method as recited in claim 25, further comprising:
    - said client sending to an authentication service information identifying said client; and
      
      said client receiving said credential from said authorization service.
  - 27. The method as recited in claim 25, wherein said examining said credential comprises:
    - said service sending to an authentication service said credential included in said service request message; and
      
      said service receiving from said authentication service indication if said credential is authentic.
  - 28. The method as recited in claim 25, further comprising sending a service request response message in said data representation language advising said client of said first granted lease period, wherein said service request response message includes said credential.
  - 29. The method as recited in claim 25, wherein said receiving and, said examining are performed by said service.
  - 30. The method as recited in claim 25,wherein said receiving a service request message and said examining said credential are performed by a space service, wherein said space service comprises a plurality of service advertisements for enabling access by clients to resources provided by a plurality of services including said service;
    - andwherein said space service obtains said first granted lease period from said service on behalf of said client.
  - 31. The method as recited in claim 25,wherein said service comprises a service process and a service message endpoint operatively coupled to said service process and operable to receive request messages from and send response messages to said client in said data representation language;
    - andwherein said receiving a service request message and said sending a service request response message are performed by said service message endpoint on behalf of said service process; and
      
      wherein said examining said credential included in said service request message is performed by said service message endpoint.
  - 32. The method as recited in claim 25, further comprising:
    - receiving from said client, prior to said first granted lease period expiring, a lease renewal message in said data representation language referencing said resource provided by said service, wherein said lease renewal message specifies a second requested lease period and includes said credential;
      
      granting to said client access to said referenced resource for a second granted lease period if said examining determines said credential is authentic; and
      
      not granting to said client access to said referenced resource if said examining determines said credential is not authentic.
  - 33. The method of claim 32, further comprising sending a lease renewal response message in said data representation language advising said client of said second granted lease period, wherein said lease renewal response message includes said credential.
  - 34. The method as recited in claim 25, further comprising:
    - receiving from said client a lease cancel message in said data representation language referencing said resource, wherein said lease cancel message includes said credential;
      
      examining said credential included in said lease cancel message to determine if said credential is authentic;
      
      terminating said first granted lease period for accessing said resource if said examining determines said credential is authentic; and
      
      not terminating said first granted lease period for accessing said resource if said examining determines said credential is not authentic.
  - 35. The method as recited in claim 25, further comprising providing to said client a Uniform Resource Identifier (URI) for sending data representation language messages for managing leases of resources provided by said service, wherein said service request message is received by said service at said address provided to said client.
  - 36. The method as recited in claim 25, wherein said data representation language is eXtensible Markup Language (XML).

37. A distributed computing system, comprising:
- a service device; and
  
  a client device configured to;
  
  obtain a credential for allowing said client device to lease access to a resource provided by said service device;
  
  send a service request message in a data representation language referencing said resource, wherein said service request message includes said credential and specifies a first requested lease period;
  
  wherein said service device is configured to;
  
  receive said service request message;
  
  examine said credential included in said service request message to determine if said credential is authentic;
  
  grant to said client device access to said referenced resource for a first granted lease period if said examining determines said credential is authentic; and
  
  not grant to said client device access to said referenced resource if said examining determines said credential is not authentic.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44)
- - 38. The system as recited in claim 37, wherein said service device is further configured to send a service request response message in said data representation language advising said client device of said first granted lease period, wherein said service request response message includes said credential.
  - 39. The system as recited in claim 38, wherein said client device is further configured to:
    - receive said service request response message; and
      
      examine said credential included in said service request response message to determine if said credential is the same as said credential included in said service request message sent to said service device by said client device.
  - 40. The system as recited in claim 37,wherein said client device is further configured to send, prior to said first granted lease period expiring, a lease renewal message in said data representation language referencing said resource provided by said service device,wherein said lease renewal message includes said credential and specifies a second requested lease period;
    - andwherein said service device is further configured to receive, prior to said first granted lease period expiring, said lease renewal message.
  - 41. The system as recited in claim 40, wherein said service device is further configured to:
    - examine said credential included in said lease renewal message to determine if said credential is authentic;
      
      grant to said client device access to said referenced resource for a second granted lease period if said examining determines said credential is authentic; and
      
      not grant to said client device access to said referenced resource if said examining determines said credential is not authentic.
  - 42. The system as recited in claim 37,wherein said client device is further configured to send a lease cancel message in said data representation language referencing said resource, wherein said lease cancel message includes said credential;
    - andwherein said service device is further configured to;
      
      receive said lease cancel message;
      
      examine said credential included in said lease cancel message to determine if said credential is authentic;
      
      terminate said first granted lease period for accessing said resource if said examining determines said credential is authentic; and
      
      not terminate said first granted lease period for accessing said resource if said examining determines said credential is not authentic.
  - 43. The system as recited in claim 37, wherein said service device is a space service device comprising a plurality of service advertisements for enabling access by clients to resources provided by a plurality of service devices, and wherein said resource is a service advertisement for a first service device of the plurality of service devices.
  - 44. The system as recited in claim 37, wherein said data representation language is extensible Markup Language (XML).

45. A distributed computing system, comprising:
- a client device; and
  
  a service device comprising a service process executable within said service device, wherein the service device is configured to;
  
  receive from said client device a service request message in a data representation language referencing a resource provided by said service process, wherein said service request message specifies a first requested lease period and includes a credential for allowing said client device lease access to resources provided by said service process;
  
  examine said credential included in said service request message to determine if said credential is authentic;
  
  grant to said client device access to said referenced resource for a first granted lease period if said examining determines said credential is authentic; and
  
  not grant to said client device access to said referenced resource if said examining determines said credential is not authentic.
- View Dependent Claims (46, 47, 48, 49, 50, 51, 52, 53)
- - 46. The system as recited in claim 45, further comprising:
    - an authorization service device;
      
      wherein said client device is configured to;
      
      send to said authentication service device information identifying said client device; and
      
      receive said credential from said authorization service device; and
      
      wherein, in said examining said credential, said service device is further configured to;
      
      send to said authentication service device said credential included in said service request message; and
      
      receive from said authentication service device indication if said credential is authentic.
  - 47. The system as recited in claim 45, wherein said service device is further configured to send a service request response message in said data representation language advising said client of said first granted lease period, wherein said service request response message includes said credential.
  - 48. The system as recited in claim 45,wherein said service device is a space service device further comprising:
    - a space service process executable within said space service device; and
      
      a plurality of service advertisements for enabling access by client devices to resources provided by a plurality of service processes including said service process;
      
      wherein said receiving a service request message and said examining said credential are performed by said space service device; and
      
      wherein said space service device obtains said first granted lease period from said service device on behalf of said client device.
  - 49. The system as recited in claim 45,wherein said service device further comprises a service message endpoint operatively coupled to said service process and operable to receive request messages from and send response messages to said client device in said data representation language;
    - andwherein said receiving a service request message and said sending a service request response message are performed by said service message endpoint on behalf of said service process; and
      
      wherein said examining said credential included in said service request message is performed by said service message endpoint.
  - 50. The system as recited in claim 45, wherein said service device is further configured to:
    - receive from said client device, prior to said first granted lease period expiring, a lease renewal message in said data representation language referencing said resource provided by said service device, wherein said lease renewal message specifies a second requested lease period and includes said credential;
      
      grant to said client device access to said referenced resource for a second granted lease period if said examining determines said credential is authentic; and
      
      not grant to said client device access to said referenced resource if said examining determines said credential is not authentic.
  - 51. The system as recited in claim 45, wherein said service device is further configured to:
    - receive from said client device a lease cancel message in said data representation language referencing said resource, wherein said lease cancel message includes said credential;
      
      examine said credential included in said lease cancel message to determine if said credential is authentic;
      
      terminate said first granted lease period for accessing said resource if said examining determines said credential is authentic; and
      
      not terminate said first granted lease period for accessing said resource if said examining determines said credential is not authentic.
  - 52. The system as recited in claim 45, wherein said service device is further configured to provide to said client a Uniform Resource Identifier (URI) for sending data representation language messages for managing leases of resources provided by said service device, wherein said service request message is received by said service device at said address provided to said client device.
  - 53. The system as recited in claim 45, wherein said data representation language is eXtensible Markup Language (XML).

54. A tangible computer-accessible medium comprising program instructions, wherein the program instructions are computer-executable to implement:
- a client obtaining a credential for allowing said client to lease access to a resource provided by a service;
  
  said client sending a service request message in a data representation language referencing said resource, wherein said service request message includessaid credential and specifies a first requested lease period;
  
  said service receiving said service request message;
  
  examining said credential included in said service request message to determine if said credential is authentic;
  
  said service granting to said client access to said referenced resource for a first granted lease period if said examining determines said credential is authentic; and
  
  said service not granting to said client access to said referenced resource if said examining determines said credential is not authentic.
- View Dependent Claims (55, 56, 57, 58, 59, 60)
- - 55. The tangible computer-accessible medium as recited in claim 54, wherein the program instructions are further computer-executable to implement:
    - said client sending, prior to said first granted lease period expiring, a lease renewal message in said data representation language referencing said resource provided by said service, wherein said lease renewal message includes said credential and specifies a second requested lease period;
      
      said service receiving, prior to said first granted lease period expiring, said lease renewal message.
  - 56. The tangible computer-accessible medium as recited in claim 55, wherein the program instructions are further computer-executable to implement:
    - said service examining said credential included in said lease renewal message to determine if said credential is authentic;
      
      said service granting to said client access to said referenced resource for a second granted lease period if said examining determines said credential is authentic; and
      
      said service not granting to said client access to said referenced resource if said examining determines said credential is not authentic.
  - 57. The tangible computer-accessible medium as recited in claim 56, wherein the program instructions are further computer-executable to implement:
    - said service sending a lease renewal response message in said data representation language advising said client of said second granted lease period, wherein said lease renewal response message includes said credential;
      
      said client receiving said lease renewal response message; and
      
      said client examining said credential included in said lease renewal response message to determine if said credential is the same as said credential included in said lease renewal message sent to said service.
  - 58. The tangible computer-accessible medium as recited in claim 54, wherein the program instructions are further computer-executable to implement:
    - said client sending a lease cancel message in said data representation language referencing said resource, wherein said lease cancel message includes said credential;
      
      said service receiving said lease cancel message;
      
      said service examining said credential included in said lease cancel message to determine if said credential is authentic;
      
      said service terminating said first granted lease period for accessing said resource if said examining determines said credential is authentic; and
      
      said service not terminating said first granted lease period for accessing said resource if said examining determines said credential is not authentic.
  - 59. The tangible computer-accessible medium as recited in claim 54, wherein said service is a space service comprising a plurality of service advertisements for enabling access by clients to resources provided by a plurality of services, and wherein said resource is a service advertisement for a first service of the plurality of services.
  - 60. The tangible computer-accessible medium as recited in claim 54, wherein said data representation language is eXtensible Markup Language (XML).

61. A tangible computer-accessible medium comprising program instructions, wherein the program instructions are computer-executable to implement:
- receiving from a client a service request message in a data representation language referencing a resource provided by a service, wherein said service request message specifies a first requested lease period and includes a credential for allowing said client lease access to resources provided by said service;
  
  examining said credential included in said service request message to determine if said credential is authentic;
  
  granting to said client access to said referenced resource for a first granted lease period if said examining determines said credential is authentic; and
  
  not granting to said client access to said referenced resource if said examining determines said credential is not authentic.
- View Dependent Claims (62, 63, 64, 65, 66, 67, 68)
- - 62. The tangible computer-accessible medium as recited in claim 61, wherein the program instructions are further computer-executable to implement sending a service request response message in said data representation language advising said client of said first granted lease period, wherein said service request response message includes said credential.
  - 63. The tangible computer-accessible medium as recited in claim 61,wherein said receiving a service request message and said examining said credential are performed by a space service, wherein said space service comprises a plurality of service advertisements for enabling access by clients to resources provided by a plurality of services including said service;
    - andwherein said space service obtains said first granted lease period from said service on behalf of said client.
  - 64. The tangible computer-accessible medium as recited in claim 61,wherein said service comprises a service process and a service message endpoint operatively coupled to said service process and operable to receive request messages from and send response messages to said client in said data representation language;
    - andwherein said receiving a service request message and said sending a service request response message are performed by said service message endpoint on behalf of said service process; and
      
      wherein said examining said credential included in said service request message is performed by said service message endpoint.
  - 65. The tangible computer-accessible medium as recited in claim 61, wherein the program instructions are further computer-executable to implement:
    - receiving from said client, prior to said first granted lease period expiring, a lease renewal message in said data representation language referencing said resource provided by said service, wherein said lease renewal message specifies a second requested lease period and includes said credential;
      
      granting to said client access to said referenced resource for a second granted lease period if said examining determines said credential is authentic; and
      
      not granting to said client access to said referenced resource if said examining determines said credential is not authentic.
  - 66. The tangible computer-accessible medium as recited in claim 61, wherein the program instructions are further computer-executable to implement:
    - receiving from said client a lease cancel message in said data representation language referencing said resource, wherein said lease cancel message includes said credential;
      
      examining said credential included in said lease cancel message to determine if said credential is authentic;
      
      terminating said first granted lease period for accessing said resource if said examining determines said credential is authentic; and
      
      not terminating said first granted lease period for accessing said resource if said examining determines said credential is not authentic.
  - 67. The tangible computer-accessible medium as recited in claim 61, wherein the program instructions are further computer-executable to implement providing to said client a Uniform Resource Identifier (URI) for sending data representation language messages for managing leases of resources provided by said service, wherein said service request message is received by said service at said address provided to said client.
  - 68. The tangible computer-accessible medium as recited in claim 61, wherein said data representation language is eXtensible Markup Language (XML).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Slaughter, Gregory L., Saulpaugh, Thomas E., Traversat, Bernard A.
Primary Examiner(s)
Revak; Christopher
Assistant Examiner(s)
Abrishamkar; Kaveh

Application Number

US09/653,609
Time in Patent Office

2,378 Days
Field of Search

713/132, 713/185, 713/182, 709/226
US Class Current

713/182
CPC Class Codes

G06F 9/5011   the resources being hardwar...

H04L 63/08   for authentication of entit...

H04L 67/51   Discovery or management the...

System and method for secure message-based leasing of resources in a distributed computing environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

215 Citations

68 Claims

Specification

Use Cases

Quick Links

Others

System and method for secure message-based leasing of resources in a distributed computing environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

215 Citations

68 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others