Security provider development model

US 7,603,548 B2
Filed: 10/08/2004
Issued: 10/13/2009
Est. Priority Date: 10/10/2003
Status: Active Grant

First Claim

Patent Images

1. A method for providing a security provider, said method comprising:

providing an enterprise system that includes a plurality of components wherein the components are distributed in the enterprise system;

providing an administration server that provides policy and configuration information;

providing a plurality of security service modules (SSMs), wherein each SSM includesan adaptation layer which includes an application program interface,a framework layer which is below the adaptation layer,a services layer, below the framework layer;

wherein the plurality of SSMs run on a plurality of computers distributed throughout an enterprise and each SSM is integrated with and provides security for a component, from the plurality of components, running on the same computer with that SSM and wherein each SSM receives provisioning information relevant to that SSM;

providing a framework program interface (FPI) that is included in the framework layer and wherein the adaptation layer uses the FPI to invoke services of the framework layer;

providing a service provider interface (SPI) that is included in the framework layer, wherein the framework layer uses the SPI to invoke one or more dynamically configurable security services on the services layer and exposes the one or more dynamically configurable security services to the application program interface;

providing the one or more dynamically configurable security services wherein each of the one or more dynamically configurable security services provides one authentication, authorization, auditing, role mapping and credential mapping service;

providing at least one security provider which is a set of the one or more dynamically configurable security services and wherein the at least one security provider can be dynamically integrated into each of the plurality of SSMs;

providing a plurality of security control managers (SCMs) each executing on a different computer with at least one SSM;

wherein each SCM receives the policy and configuration information from the administration server and provisions the policy and configuration information only to SSMs executing on the same computer with that SCM; and

wherein each SCM includes an extensible framework including one or more service providers wherein one of the service providers is a provisioning service provider that provisions the policy and configuration information to the SSMs.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing a security provider for a client comprises providing a service provider interface, that is compatible with a security framework layer, and one or more services. The one or more services include at least one of, authentication, authorization, auditing, role mapping and credential mapping. The one or more services can be exposed through the service provider interface and the framework layer can expose the one or more services to an application program interface.

Citations

23 Claims

1. A method for providing a security provider, said method comprising:
- providing an enterprise system that includes a plurality of components wherein the components are distributed in the enterprise system;
  
  providing an administration server that provides policy and configuration information;
  
  providing a plurality of security service modules (SSMs), wherein each SSM includesan adaptation layer which includes an application program interface,a framework layer which is below the adaptation layer,a services layer, below the framework layer;
  
  wherein the plurality of SSMs run on a plurality of computers distributed throughout an enterprise and each SSM is integrated with and provides security for a component, from the plurality of components, running on the same computer with that SSM and wherein each SSM receives provisioning information relevant to that SSM;
  
  providing a framework program interface (FPI) that is included in the framework layer and wherein the adaptation layer uses the FPI to invoke services of the framework layer;
  
  providing a service provider interface (SPI) that is included in the framework layer, wherein the framework layer uses the SPI to invoke one or more dynamically configurable security services on the services layer and exposes the one or more dynamically configurable security services to the application program interface;
  
  providing the one or more dynamically configurable security services wherein each of the one or more dynamically configurable security services provides one authentication, authorization, auditing, role mapping and credential mapping service;
  
  providing at least one security provider which is a set of the one or more dynamically configurable security services and wherein the at least one security provider can be dynamically integrated into each of the plurality of SSMs;
  
  providing a plurality of security control managers (SCMs) each executing on a different computer with at least one SSM;
  
  wherein each SCM receives the policy and configuration information from the administration server and provisions the policy and configuration information only to SSMs executing on the same computer with that SCM; and
  
  wherein each SCM includes an extensible framework including one or more service providers wherein one of the service providers is a provisioning service provider that provisions the policy and configuration information to the SSMs.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - providing a configuration schema for the security provider.
  - 3. The method of claim 1 wherein:
    - the security provider is capable of receiving configuration information at run-time.
  - 4. The method of claim 1 wherein:
    - the service provider interface can include one or more of;
      
      a programmatic interface, a protocol, and a mechanism for exchanging messages.
  - 5. The method of claim 1 wherein:
    - the application program interface can include one or more of;
      
      a programmatic interface, a protocol, and a mechanism for exchanging messages.
  - 6. The method of claim 1 wherein:
    - each security service module is capable of integrating a plurality of security providers each of which implement a service provider interface.
  - 7. The method of claim 1 wherein the plurality of components are network hardware components.
  - 8. The method of claim 1 wherein the plurality of components are application servers.
  - 9. The method of claim 1 wherein the plurality of components includes one or more web servers and proxy servers.

10. A computer readable medium having instructions stored thereon to cause a system to:
- provide an enterprise system that includes a plurality of components wherein the components are distributed in the enterprise system;
  
  provide an administration server that provides policy and configuration information;
  
  provide a plurality of security service modules (SSMs), wherein each SSM includesan adaptation layer which includes an application program interface,a framework layer which is below the adaptation layer,a services layer, below the framework layer;
  
  wherein the plurality of SSMs run on a plurality of computers distributed throughout an enterprise and each SSM is integrated with and provides security for a component, from the plurality of components, running on the same computer with that SSM and wherein each SSM receives provisioning information relevant to that SSM;
  
  provide a framework program interface (FPI) that is included in the framework layer and wherein the adaptation layer uses the FPI to invoke services of the framework layer;
  
  provide a service provider interface (SPI) that is included in the framework layer, wherein the framework layer uses the SPI to invoke one or more dynamically configurable security services on the services layer and exposes the one or more dynamically configurable security services to the application program interface;
  
  provide the one or more dynamically configurable security services wherein each of the one or more dynamically configurable security services provides one authentication, authorization, auditing, role mapping and credential mapping service;
  
  provide at least one security provider which is a set of the one or more dynamically configurable security services and wherein the at least one security provider can be dynamically integrated into each of the plurality of SSMs;
  
  provide a plurality of security control managers (SCMs) each executing on a different computer with at least one SSM;
  
  wherein each SCM receives the policy and configuration information from the administration server and provisions the policy and configuration information only to SSMs executing on the same computer with that SCM; and
  
  wherein each SCM includes an extensible framework including one or more service providers wherein one of the service providers is a provisioning service provider that provisions the policy and configuration information to the SSMs.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The computer readable medium of claim 10, further comprising instructions stored thereon that cause the system to:
    - provide a configuration schema for the at least one security provider.
  - 12. The computer readable medium of claim 10, further comprising instructions stored thereon that cause the system to:
    - integrate the at least one security provider into one of the plurality of SSMs at run-time.
  - 13. The computer readable medium of claim 10 wherein:
    - the security provider is capable of receiving configuration information at run-time.
  - 14. The computer readable medium of claim 10 wherein:
    - the service provider interface can include one or more of;
      
      a programmatic interface, a protocol, and a mechanism for exchanging messages.
  - 15. The computer readable medium of claim 10 wherein:
    - the application program interface can include one or more of;
      
      a programmatic interface, a protocol, and a mechanism for exchanging messages.
  - 16. The computer readable medium of claim 10 wherein:
    - each SSM is capable of integrating a plurality of security providers each of which implement a security provider interface.
  - 17. The computer readable medium of claim 10 wherein the plurality of components are network hardware components.
  - 18. The computer readable medium of claim 10 wherein the plurality of components are application servers.
  - 19. The computer readable medium of claim 10 wherein the plurality of components includes one or more web servers and proxy servers.

20. A distributed security system comprising:
- an enterprise system that includes a plurality of components wherein the components are distributed in the enterprise system;
  
  a plurality of computers, each with a processor operating thereon;
  
  an administration server that provides policy and configuration information;
  
  a plurality of security service modules (SSMs), executing on the plurality of computers distributed throughout an enterprise, wherein each SSM includes an adaptation layer, a framework layer, and a services layer;
  
  a framework program interface (FPI) included in the framework layer, wherein the adaptation layer uses the FPI to invoke services of the framework layer;
  
  a service provider interface (SPI) that is included in the framework layer;
  
  a plurality of security providers, wherein each security provider includes a plurality of related security services, and wherein each SSM includes at least one security provider;
  
  wherein each SSM provides security services to a component, from the plurality of components, executing on a computer with that SSM and wherein the provided security services include any security services included in the at least one security provider included with that SSM;
  
  a plurality of security control managers (SCMs) each executing on a different computer with at least one SSM;
  
  wherein each SCM receives the policy and configuration information from the administration server and provisions the policy and configuration information only to SSMs executing on the same computer with that SCM; and
  
  wherein each SCM includes an extensible framework including one or more service providers wherein one of the service providers is a provisioning service provider that provisions the policy and configuration information to the SSMs.
- View Dependent Claims (21, 22, 23)
- - 21. The system of claim 20 wherein the plurality of components are network hardware components.
  - 22. The system of claim 20 wherein the plurality of components are application servers.
  - 23. The system of claim 20 wherein the plurality of components includes one or more web servers and proxy servers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
BEA Systems Incorporated (Oracle Corporation)
Inventors
Xu, Mingde, Byrne, David, Howes, Jason, Patrick, Paul, Riendeau, Richard J., Yagen, Kenneth D., Falco, Mark A.
Primary Examiner(s)
Korzuch; William R
Assistant Examiner(s)
Su; Sarah

Application Number

US10/961,675
Publication Number

US 20050097351A1
Time in Patent Office

1,831 Days
Field of Search

726/1
US Class Current

713/152
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Security provider development model

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Security provider development model

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links