System and method for secure message-based leasing of resources in a distributed computing environment
First Claim
1. A method for managing resources provided for clients by services in a distributed computing environment, comprising:
- a client obtaining a credential for allowing said client to lease access to a resource provided by a service;
said client sending a service request message in a data representation language referencing said resource, wherein said service request message includes said credential and specifies a first requested lease period;
said service receiving said service request message;
examining said credential included in said service request message to determine if said credential is authentic;
said service granting to said client access to said referenced resource for a first granted lease period if said examining determines said credential is authentic; and
said service not granting to said client access to said referenced resource if said examining determines said credential is not authentic.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for providing message-based leasing of resources in a distributed computing environment. Services may issue leases to clients and provide operations on those leases. The lease functionality of a service may be defined in an XML message schema. Gates may be used to perform lease operations. Leases may be granted for a period that may be negotiated. Leasing messages for performing leasing operations may be defined. The leasing messages may include messages to renew a lease and to cancel a lease. Leasing messages may include embedded credentials for authenticating the sender of the message. A client may embed a credential in messages sent to the service. The service may then authenticate the credential when received in a message from the client. The issuing and embedding of credentials in leasing messages may be used to provide a secure leasing environment, effectively prohibiting anyone but an authorized, credentialed client (and the service issuing the lease) from performing functions on the lease.
215 Citations
68 Claims
-
1. A method for managing resources provided for clients by services in a distributed computing environment, comprising:
-
a client obtaining a credential for allowing said client to lease access to a resource provided by a service; said client sending a service request message in a data representation language referencing said resource, wherein said service request message includes said credential and specifies a first requested lease period; said service receiving said service request message; examining said credential included in said service request message to determine if said credential is authentic; said service granting to said client access to said referenced resource for a first granted lease period if said examining determines said credential is authentic; and said service not granting to said client access to said referenced resource if said examining determines said credential is not authentic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A method for managing resources provided by services in a distributed computing environment, comprising:
-
receiving from a client a service request message in a data representation language referencing a resource provided by a service, wherein said service request message specifies a first requested lease period and includes a credential for allowing said client lease access to resources provided by said service; examining said credential included in said service request message to determine if said credential is authentic; granting to said client access to said referenced resource for a first granted lease period if said examining determines said credential is authentic; and not granting to said client access to said referenced resource if said examining determines said credential is not authentic. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A distributed computing system, comprising:
-
a service device; and a client device configured to; obtain a credential for allowing said client device to lease access to a resource provided by said service device; send a service request message in a data representation language referencing said resource, wherein said service request message includes said credential and specifies a first requested lease period; wherein said service device is configured to; receive said service request message; examine said credential included in said service request message to determine if said credential is authentic; grant to said client device access to said referenced resource for a first granted lease period if said examining determines said credential is authentic; and not grant to said client device access to said referenced resource if said examining determines said credential is not authentic. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44)
-
-
45. A distributed computing system, comprising:
-
a client device; and a service device comprising a service process executable within said service device, wherein the service device is configured to; receive from said client device a service request message in a data representation language referencing a resource provided by said service process, wherein said service request message specifies a first requested lease period and includes a credential for allowing said client device lease access to resources provided by said service process; examine said credential included in said service request message to determine if said credential is authentic; grant to said client device access to said referenced resource for a first granted lease period if said examining determines said credential is authentic; and not grant to said client device access to said referenced resource if said examining determines said credential is not authentic. - View Dependent Claims (46, 47, 48, 49, 50, 51, 52, 53)
-
-
54. A tangible computer-accessible medium comprising program instructions, wherein the program instructions are computer-executable to implement:
-
a client obtaining a credential for allowing said client to lease access to a resource provided by a service; said client sending a service request message in a data representation language referencing said resource, wherein said service request message includes said credential and specifies a first requested lease period; said service receiving said service request message; examining said credential included in said service request message to determine if said credential is authentic; said service granting to said client access to said referenced resource for a first granted lease period if said examining determines said credential is authentic; and said service not granting to said client access to said referenced resource if said examining determines said credential is not authentic. - View Dependent Claims (55, 56, 57, 58, 59, 60)
-
-
61. A tangible computer-accessible medium comprising program instructions, wherein the program instructions are computer-executable to implement:
-
receiving from a client a service request message in a data representation language referencing a resource provided by a service, wherein said service request message specifies a first requested lease period and includes a credential for allowing said client lease access to resources provided by said service; examining said credential included in said service request message to determine if said credential is authentic; granting to said client access to said referenced resource for a first granted lease period if said examining determines said credential is authentic; and not granting to said client access to said referenced resource if said examining determines said credential is not authentic. - View Dependent Claims (62, 63, 64, 65, 66, 67, 68)
-
Specification