Rule-driven specification of web service policy

US 7,661,124 B2
Filed: 10/05/2004
Issued: 02/09/2010
Est. Priority Date: 10/05/2004
Status: Active Grant

First Claim

Patent Images

1. At a computer system in a Web Services environment, a method of assisting a user in generating a more secure policy document by providing a rule-based tool that automatically selects security conditions for the user'"'"'s general security criteria such that the user does not have exposure to all security details, the method comprising acts of:

at a generation phase of the secure policy document;

presenting a set of Web Service security options to the user at a user interface, which abstracts the user from any specific code that will be generated for a secure policy document that satisfies one or more of the set of Web Service security options;

receiving user input selecting a general security criteria from the set of Web Service security options presented;

based on the received user input, accessing one or more security rules from a repository of extensible security metadata, the one or more security rules corresponding to the general security criteria;

determining whether the secure policy document to be generated is a client policy document or a service policy document; and

using the one or more security rules corresponding to the general security criteria to generate the secure policy document in accordance with the general security criteria, wherein generating the secure policy document includes automatically selecting specific security conditions that enforce the general security criteria input by the user, and wherein the security conditions that are more specific than the general security criteria input by the user are automatically selected based at least in part on whether the secure policy document is determined to be a client policy document or a service policy document, such that different one or more security rules are selected and applied in creating the secure policy document when the secure policy document is a client policy document as compared to when the secure policy document is a service policy document.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Example embodiments provide for a rule-based wizard type tool for generating secure policy documents. Wizard pages present a user with general Web Service security options or questions at a user interface, which abstracts the user from any specific code, e.g., XML code, used for creating a Web Service policy document. Based on user input selecting general criteria, security rules are accessed and evaluated for automatically making choices on behalf of the user for creating a secure policy document. Other embodiments also provide for presenting the user with an easily understandable visual representation of selected criteria of a policy document in, e.g., a tree like structure that shows relationships between various elements of the criteria.

153 Citations

33 Claims

1. At a computer system in a Web Services environment, a method of assisting a user in generating a more secure policy document by providing a rule-based tool that automatically selects security conditions for the user'"'"'s general security criteria such that the user does not have exposure to all security details, the method comprising acts of:
- at a generation phase of the secure policy document;
  
  presenting a set of Web Service security options to the user at a user interface, which abstracts the user from any specific code that will be generated for a secure policy document that satisfies one or more of the set of Web Service security options;
  
  receiving user input selecting a general security criteria from the set of Web Service security options presented;
  
  based on the received user input, accessing one or more security rules from a repository of extensible security metadata, the one or more security rules corresponding to the general security criteria;
  
  determining whether the secure policy document to be generated is a client policy document or a service policy document; and
  
  using the one or more security rules corresponding to the general security criteria to generate the secure policy document in accordance with the general security criteria, wherein generating the secure policy document includes automatically selecting specific security conditions that enforce the general security criteria input by the user, and wherein the security conditions that are more specific than the general security criteria input by the user are automatically selected based at least in part on whether the secure policy document is determined to be a client policy document or a service policy document, such that different one or more security rules are selected and applied in creating the secure policy document when the secure policy document is a client policy document as compared to when the secure policy document is a service policy document.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the one or more security rules are based on Web Service industry wisdom from input given by experts in the industry for security purposes.
  - 3. The method of claim 1, wherein the one or more security rules are based on governmental policies and the one or more security rules assist the user in creating a governmental conformant secure policy document.
  - 4. The method of claim 1, wherein the one or more security rules are based on Web Service'"'"'s policies and the one or more security rules assist the user in creating a secure policy document that conforms to the Web Service'"'"'s policies.
  - 5. The method of claim 1, wherein the one or more security rules are used to generate a next set of options based on the received user input.
  - 6. The method of claim 1, wherein the one or more security rules are used to not present the user with a specific option in order to prevent the user from selecting an invalid option.
  - 7. The method of claim 1, wherein the one or more security rules are abstracted from the user.
  - 8. The method of claim 1, wherein the one or more security rules are optional, and wherein the user can choose from the one or more optional security rules.
  - 9. The method of claim 1, wherein the one or more security rules are a default value that can be overridden by the user.
  - 10. The method of claim 1, wherein the general security criteria and the one or more security rules are first stored in memory as data structures that include policy objects representing the general security criteria and the one or more security rules, the method further comprising acts of:
    - receiving user input to generate the secure policy document; and
      
      translating the data structures from policy objects to coded language for generating the secure policy document.
  - 11. The method of claim 10, wherein the coded language is extensible markup language.

12. At a computer system in a Web Services environment, a method of assisting a user in generating a more secure policy document by providing a rule-based tool that automatically selects security conditions for the user'"'"'s general security criteria such that the user does not have exposure to all security details, the method comprising:
- at a generation phase of the secure policy document;
  
  an act of presenting a set of Web Service security options to a user at a user interface, which abstracts the user from any specific code that will be generated for a secure policy document that satisfies one or more of the set of Web Service security options;
  
  an act of receiving user input selecting a general security criteria from the set of Web Service security options presented;
  
  an act of determining whether the secure policy document is a client policy document or a service policy document; and
  
  a step for automatically applying one or more security rules to the general security criteria to create the secure policy document, which secure policy document includes security conditions enforcing, and more specific than, the general security criteria input by the user, and wherein the security conditions that are more specific than the general security criteria input by the user are applied based whether the secure policy document is determined to be a client policy document or a service policy document, such that different one or more security rules are applied in creating the secure policy document when the secure policy document is a client policy document as compared to when the secure policy document is a service policy document.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The method of claim 12, wherein the one or more security rules are based on Web Service industry wisdom from input given by experts in the industry for security purposes.
  - 14. The method of claim 12, wherein the one or more security rules are based on governmental policies and the one or more security rules assist the user in creating a governmental conformant secure policy document.
  - 15. The method of claim 14, wherein the one or more security rules are further based on Web Service'"'"'s policies and the one or more security rules assist the user in creating a secure policy document that conforms to the Web Service'"'"'s policies.
  - 16. The method of claim 12, wherein the one or more security rules are used to generate a next set of options based on the received user input.
  - 17. The method of claim 16, wherein the one or more security rules are used to not present a user with a specific option in order to prevent the user from selecting an invalid option.
  - 18. The method of claim 12, wherein the one or more security rules are abstracted from the user.
  - 19. The method of claim 12, wherein the one or more security rules are optional, and wherein the user can choose from the one or more optional security rules.
  - 20. The method of claim 12, wherein the one or more security rules are a default value that can be overridden by the user.
  - 21. The method of claim 12, wherein the general security criteria and the one or more security rules are first stored in memory as data structures that include policy objects representing the general security criteria and the one or more security rules, the method further comprising acts of:
    - receiving user input to generate the secure policy document; and
      
      translating the data structures from policy objects to coded language for generating the secure policy document.
  - 22. The method of claim 21, wherein the coded language is extensible markup language.

23. At a computer system in a Web Services environment, a computer program product for implementing a method of assisting a user in generating a more secure policy document by providing a rule-based tool that automatically selects security conditions for the user'"'"'s general security criteria such that the user does not have exposure to all security details, the computer program product comprising one or more computer readable storage media having stored thereon computer executable instructions that, when executed by a processor, can cause the messaging system to perform:
- at a generation phase of the secure policy document;
  
  present a set of Web Service security options to a user at a user interface, which abstracts the user from any specific code that will be generated for a secure policy document that satisfies one or more of the set of Web Service security options, the set of Web Service security options including at least an option for communicating using a secure conversation and an option for communicating without using a secure conversation;
  
  receive user input selecting a general security criteria from the set of Web Service security options presented, the general security criteria being the option for communicating using a secure conversation;
  
  based on the received user input selecting the option for communicating using a secure conversation, access one or more security rules from a repository of extensible security metadata, the one or more security rules corresponding to the general security criteria and relating to client authentication tokens;
  
  present a set of Web Service client authentication token options to the user at the user interface, which abstracts the user from any specific code that will be generated for the secure policy document that satisfies one or more of the set of Web Service client authentication tokens to the user at the user interface;
  
  receive user input selecting one option from the set of Web Service client authentication token options;
  
  based on the received user input select one option from the set of Web Service client authentication token options, accessing one or more security rules from the repository of extensible security metadata, the one or more security rules corresponding to the Web Service client authentication token options and providing more specific rules for implementing the selected option from the set of Web Service client authentication token options;
  
  determining whether the secure policy document is a client policy document or a service policy document; and
  
  use the one or more security rules corresponding to the general security criteria and to the selected one option to generate the secure policy document in accordance with the general security criteria and the selected one option, wherein generating the secure policy document includes automatically selecting specific security conditions that enforce the general security criteria and selected one option input by the user, and wherein the security conditions that are more specific than the general security criteria and the selected one option input by the user are applied based whether the secure policy document is determined to be a client policy document or a service policy document, such that different one or more security rules are applied in creating the secure policy document when the secure policy document is a client policy document as compared to when the secure policy document is a service policy document.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 24. The computer program product of claim 23, wherein the one or more security rules are based on Web Service industry wisdom from input given by experts in the industry for security purposes.
  - 25. The computer program product of claim 23, wherein the one or more security rules are based on governmental policies and the one or more security rules assist the user in creating a governmental conformant secure policy document.
  - 26. The computer program product of claim 23, wherein the one or more security rules are based on Web Service'"'"'s policies and the one or more security rules assist the user in creating a secure policy document that conforms to the Web Service'"'"'s policies.
  - 27. The computer program product of claim 23, wherein the one or more security rules are used to generate a next set of options based on the received user input.
  - 28. The computer program product of claim 23, wherein the one or more security rules are used to not present the user with a specific option in order to prevent the user from selecting an invalid option.
  - 29. The computer program product of claim 23, wherein the one or more security rules are abstracted from the user.
  - 30. The computer program product of claim 23, wherein the one or more security rules are optional, and wherein the user can choose from the one or more optional security rules.
  - 31. The computer program product of claim 23, wherein the one or more security rules are a default value that can be overridden by the user.
  - 32. The computer program product of claim 23, wherein the general security criteria and the one or more security rules are first stored in memory as data structures that include policy objects representing the general security criteria and the one or more security rules, the computer program product further comprising executable instruction that cause the messaging system to perform the following:
    - receive user input to generate the secure policy document; and
      
      translate the data structures from policy objects to coded language for generating the secure policy document.
  - 33. The computer program product of claim 32, wherein:
    - presenting a set of Web Service security options to the user at the user interface includes using a wizard that comprises multiple wizard pages that the user progressively progresses through by clicking on next or back buttons, and which multiple wizard pages each provide some information to the user for guiding the user through a subset of tasks necessary for completing the secure policy document;
      
      presenting a set of Web Service security options to the user at the user interface further includes using the security rules to make a subset of choices on behalf of the user regarding general security criteria by, at least determining that specific options should not be presented in subsequent wizard pages to prevent the user from selecting invalid objects;
      
      the secure policy document that is generated in an extensible markup language format according to a WS-Policy schema; and
      
      the coded language used following translation of the data structures from policy objects is extensible markup language.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Wilson, Hervey O., Ballinger, Keith W., Mukherjee, Vick B., Ramanathan, Govindaraj
Primary Examiner(s)
NGUYEN, MINH DIEU T

Application Number

US10/959,886
Publication Number

US 20060075465A1
Time in Patent Office

1,953 Days
Field of Search

726/1, 726/3, 713/182, 715/500, 715/700, 705/50, 717/100, 717/105, 709/218, 709/229
US Class Current

726/1
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/16   using machine learning or a...

H04L 41/5003   Managing SLA; Interaction b...

H04L 41/5083   wherein the managed service...

H04L 63/168   above the transport layer

H04L 63/20   for managing network securi...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

Rule-driven specification of web service policy

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

153 Citations

33 Claims

Specification

Use Cases

Quick Links

Others

Rule-driven specification of web service policy

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

153 Citations

33 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others