Allocation of network resources
First Claim
Patent Images
1. A method implemented in a machine-readable medium that executes on a machine and for allocating a resource, comprising:
- receiving a request to allocate at least a portion of a resource, availability of the portion of the resource was previously published to a trusted third party along with resource characteristics that include a processing speed for the resource, a memory speed for the resource, a memory size for the resource, a storage size for the resource, and a bandwidth capability for the resource, and a decision to make the portion of the resource available was based on a deciding event that is represented as a trust credential that conforms to contractual arrangements for the resource, the portion of the resource is not available unless the trust credential remains valid;
dynamically establishing a trust relationship between the resource and a requestor that issues the request via the trusted third party and the trusted third party is remotely located over a network separately from the resource and the requestor, the trust relationship is established by acquiring authentication information and an authentication technique for the requestor to use with the authentication information, the authentication information and the authentication technique acquired from the trusted third party;
allocating at least the portion of the resource to the requestor, when the trust relationship was successfully established, and the resource and the requestor securely interact with one another thereafter;
providing a consumption specification to the requestor, the consumption specification defining utilization restrictions on usage of the resource by the requestor, the consumption specification hierarchical having global specifications of an enterprise that override local specifications for groups of users for conflicts occurring with the utilization restrictions.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques are provided for allocating resources over a network. A resource consumer requests access to a resource over a network. As part of that request, the resource consumer acquires information that permits it to securely communicate with a resource provider. The resource provider controls the resource and once satisfied with the security of a request from a resource consumer allocates the resource for access by the resource consumer.
-
Citations
31 Claims
-
1. A method implemented in a machine-readable medium that executes on a machine and for allocating a resource, comprising:
-
receiving a request to allocate at least a portion of a resource, availability of the portion of the resource was previously published to a trusted third party along with resource characteristics that include a processing speed for the resource, a memory speed for the resource, a memory size for the resource, a storage size for the resource, and a bandwidth capability for the resource, and a decision to make the portion of the resource available was based on a deciding event that is represented as a trust credential that conforms to contractual arrangements for the resource, the portion of the resource is not available unless the trust credential remains valid; dynamically establishing a trust relationship between the resource and a requestor that issues the request via the trusted third party and the trusted third party is remotely located over a network separately from the resource and the requestor, the trust relationship is established by acquiring authentication information and an authentication technique for the requestor to use with the authentication information, the authentication information and the authentication technique acquired from the trusted third party; allocating at least the portion of the resource to the requestor, when the trust relationship was successfully established, and the resource and the requestor securely interact with one another thereafter; providing a consumption specification to the requestor, the consumption specification defining utilization restrictions on usage of the resource by the requestor, the consumption specification hierarchical having global specifications of an enterprise that override local specifications for groups of users for conflicts occurring with the utilization restrictions. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method implemented in a machine-readable medium that executes on a machine and for facilitating the allocation of resources, comprising:
-
receiving, at an identity service, registrations from resource providers, wherein the registrations identify resources that may be accessed over a network by resource consumers; receiving, at the identity service, requests from the resource consumers for desired consumption of the resources; and facilitating, at the identity service, allocation of the resources to the resource consumers by providing the resource consumers with authentication information and authentication techniques for acquiring specific ones of the resources from the resource providers, at least some of the authentication information distributed as alias names for anonymous usage of the resources by one or more of the resource consumers, the identity service is separately and remotely located over the network from the resource providers and the resource consumers, and the resource consumers use the authentication information and the authentication techniques to authenticate to the resources via the resource providers, and the identity service receives the requests with characteristics that the identity services matches to published characteristics for the resources, the identity service validates trust specifications for the resource consumers before matching the characteristics received with the requests to the published characteristics to identify the resources to allocate to the resource consumers, and the characteristics and the published characteristics include processing speed of the resources, memory speed of the resources, memory size of the resources, storage size of the resources, and bandwidth capability of the resources. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. A method implemented in a machine-readable medium that executes on a machine and for acquiring allocation of a resource, comprising:
-
querying an identity service for available resources using characteristics that the identity service matches to published characteristics to identify the resources, and the identity validates a trust specification for the resources before matching the characteristics to the published characteristics, and the characteristics and the published characteristics include processing speed of the resources, memory speed of the resources, memory size of the resources, storage size of the resources, and bandwidth capability of the resources; receiving at least one resource identifier for a specific resource; receiving a trust certificate and authentication technique from the identity service for a resource provider of the specific resource, the resource provider is separate and remote from the identity service over a network; and initiating communication with the resource provider by supplying the trust certificate and using the authentication technique, the communication results in the specific resource being allocated for use and the usage of the specific resource circumscribed by a consumption specification received from the identity service, the consumption specification defined as hierarchical policies having global rules used to enforce priority of the usage on the specific resource. - View Dependent Claims (15, 16)
-
-
17. A network resource allocation system implemented in a machine-readable medium that executes on a machine, comprising:
-
a resource located on a resource provider; and an identity service, the resource provider registers the resource with the identity service, the identity service identifies the resource to a resource consumer in response to characteristics received from the resource consumer that match the resource, and the characteristics include processing speed of the resource, memory speed of the resource, memory size of the resource, storage size of the resource, and bandwidth capability of the resource and when a trust specification for the resource with respect to the resource consumer is validated, the resource consumer is located remotely over a network from the resource provider and from the identity service, and the identity service provides to the resource consumer authentication information and authentication techniques for authenticating anonymously to the resource provider via an alias name and acquiring allocation to the resource, and the identity service is remotely located over the network from the resource provider and the resource, and resource consumer uses the authentication information and the authentication techniques to authenticate to the resource via the resource provider and thereafter the resource consumer and resource securely communicate with one another. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A network resource allocation system implemented in a machine-readable medium that executes on a machine, comprising:
-
a resource provider; and a resource consumer, wherein the resource provider identifies one or more resources which are available to be allocated to the resource consumer when trust specifications for the resources permit and in response to characteristics supplied by the resource consumer that match published characteristics of the resources, the characteristics and the published characteristics include processing speed of the resources, memory speed of the resources, memory size of the resources, storage size of the resources, and bandwidth capability of the resources, the resource consumer acquires the identity of the resource and authentication information for interacting with the resource provider in order to acquire allocation to at least a portion of the one or more resources, and the resource consumer acquires the identity and the authentication information via a third party service that is remotely located over a network from the resource provider and from the resource consumer, and the resource consumer also acquires an authentication technique that the resource consumer uses with the authentication information to authenticate to a particular resource via the resource provider and thereafter the resource consumer securely communicates with that particular resource and usage of the particular resource is circumscribed by a particular trust specification that is hierarchical having global specifications that override local specifications for conflicts occurring with the usage. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
-
Specification