Rule-driven specification of web service policy
First Claim
1. At a computer system in a Web Services environment, a method of assisting a user in generating a more secure policy document by providing a rule-based tool that automatically selects security conditions for the user'"'"'s general security criteria such that the user does not have exposure to all security details, the method comprising acts of:
- at a generation phase of the secure policy document;
presenting a set of Web Service security options to the user at a user interface, which abstracts the user from any specific code that will be generated for a secure policy document that satisfies one or more of the set of Web Service security options;
receiving user input selecting a general security criteria from the set of Web Service security options presented;
based on the received user input, accessing one or more security rules from a repository of extensible security metadata, the one or more security rules corresponding to the general security criteria;
determining whether the secure policy document to be generated is a client policy document or a service policy document; and
using the one or more security rules corresponding to the general security criteria to generate the secure policy document in accordance with the general security criteria, wherein generating the secure policy document includes automatically selecting specific security conditions that enforce the general security criteria input by the user, and wherein the security conditions that are more specific than the general security criteria input by the user are automatically selected based at least in part on whether the secure policy document is determined to be a client policy document or a service policy document, such that different one or more security rules are selected and applied in creating the secure policy document when the secure policy document is a client policy document as compared to when the secure policy document is a service policy document.
2 Assignments
0 Petitions
Accused Products
Abstract
Example embodiments provide for a rule-based wizard type tool for generating secure policy documents. Wizard pages present a user with general Web Service security options or questions at a user interface, which abstracts the user from any specific code, e.g., XML code, used for creating a Web Service policy document. Based on user input selecting general criteria, security rules are accessed and evaluated for automatically making choices on behalf of the user for creating a secure policy document. Other embodiments also provide for presenting the user with an easily understandable visual representation of selected criteria of a policy document in, e.g., a tree like structure that shows relationships between various elements of the criteria.
153 Citations
33 Claims
-
1. At a computer system in a Web Services environment, a method of assisting a user in generating a more secure policy document by providing a rule-based tool that automatically selects security conditions for the user'"'"'s general security criteria such that the user does not have exposure to all security details, the method comprising acts of:
at a generation phase of the secure policy document; presenting a set of Web Service security options to the user at a user interface, which abstracts the user from any specific code that will be generated for a secure policy document that satisfies one or more of the set of Web Service security options; receiving user input selecting a general security criteria from the set of Web Service security options presented; based on the received user input, accessing one or more security rules from a repository of extensible security metadata, the one or more security rules corresponding to the general security criteria; determining whether the secure policy document to be generated is a client policy document or a service policy document; and using the one or more security rules corresponding to the general security criteria to generate the secure policy document in accordance with the general security criteria, wherein generating the secure policy document includes automatically selecting specific security conditions that enforce the general security criteria input by the user, and wherein the security conditions that are more specific than the general security criteria input by the user are automatically selected based at least in part on whether the secure policy document is determined to be a client policy document or a service policy document, such that different one or more security rules are selected and applied in creating the secure policy document when the secure policy document is a client policy document as compared to when the secure policy document is a service policy document. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
12. At a computer system in a Web Services environment, a method of assisting a user in generating a more secure policy document by providing a rule-based tool that automatically selects security conditions for the user'"'"'s general security criteria such that the user does not have exposure to all security details, the method comprising:
at a generation phase of the secure policy document; an act of presenting a set of Web Service security options to a user at a user interface, which abstracts the user from any specific code that will be generated for a secure policy document that satisfies one or more of the set of Web Service security options; an act of receiving user input selecting a general security criteria from the set of Web Service security options presented; an act of determining whether the secure policy document is a client policy document or a service policy document; and a step for automatically applying one or more security rules to the general security criteria to create the secure policy document, which secure policy document includes security conditions enforcing, and more specific than, the general security criteria input by the user, and wherein the security conditions that are more specific than the general security criteria input by the user are applied based whether the secure policy document is determined to be a client policy document or a service policy document, such that different one or more security rules are applied in creating the secure policy document when the secure policy document is a client policy document as compared to when the secure policy document is a service policy document. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
23. At a computer system in a Web Services environment, a computer program product for implementing a method of assisting a user in generating a more secure policy document by providing a rule-based tool that automatically selects security conditions for the user'"'"'s general security criteria such that the user does not have exposure to all security details, the computer program product comprising one or more computer readable storage media having stored thereon computer executable instructions that, when executed by a processor, can cause the messaging system to perform:
-
at a generation phase of the secure policy document; present a set of Web Service security options to a user at a user interface, which abstracts the user from any specific code that will be generated for a secure policy document that satisfies one or more of the set of Web Service security options, the set of Web Service security options including at least an option for communicating using a secure conversation and an option for communicating without using a secure conversation; receive user input selecting a general security criteria from the set of Web Service security options presented, the general security criteria being the option for communicating using a secure conversation; based on the received user input selecting the option for communicating using a secure conversation, access one or more security rules from a repository of extensible security metadata, the one or more security rules corresponding to the general security criteria and relating to client authentication tokens; present a set of Web Service client authentication token options to the user at the user interface, which abstracts the user from any specific code that will be generated for the secure policy document that satisfies one or more of the set of Web Service client authentication tokens to the user at the user interface; receive user input selecting one option from the set of Web Service client authentication token options; based on the received user input select one option from the set of Web Service client authentication token options, accessing one or more security rules from the repository of extensible security metadata, the one or more security rules corresponding to the Web Service client authentication token options and providing more specific rules for implementing the selected option from the set of Web Service client authentication token options; determining whether the secure policy document is a client policy document or a service policy document; and use the one or more security rules corresponding to the general security criteria and to the selected one option to generate the secure policy document in accordance with the general security criteria and the selected one option, wherein generating the secure policy document includes automatically selecting specific security conditions that enforce the general security criteria and selected one option input by the user, and wherein the security conditions that are more specific than the general security criteria and the selected one option input by the user are applied based whether the secure policy document is determined to be a client policy document or a service policy document, such that different one or more security rules are applied in creating the secure policy document when the secure policy document is a client policy document as compared to when the secure policy document is a service policy document. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification