Systems and methods for exposing functionality with strict access controls
First Claim
Patent Images
1. A system, comprising:
- a service gateway in communication with a first entity and a second entity, the service gateway comprising;
a first interface module to receive, from the first entity, a message requesting performance of a service in an extensible set of services offered by the second entity, the message including a service name that corresponds to the service and an argument that includes data used to perform the service;
an access control module to;
make a first determination of whether the first entity is permitted to request performance of the service corresponding to the service name,make a second determination of whether the argument is permitted to be provided by the first entity, andmake a third determination of whether the argument is permitted to be requested for the service corresponding to the service name; and
a second interface module to selectively request performance of the service by the second entity based, at least in part, on results of the first, second, and third determinations of the access control module.
1 Assignment
0 Petitions
Accused Products
Abstract
A service provider system connects to systems associated with a group of business-partners. Each of the business-partners sells services, of an extensible set of services provided by the service provider system, to its customers. The service provider system provides a common interface via which the business-partner systems can request one or more services from the extensible set of services. The service provider system exposes subsets of the common interface to each of the business-partner systems by controlling access to the extensible set of services by the business-partner systems.
-
Citations
22 Claims
-
1. A system, comprising:
a service gateway in communication with a first entity and a second entity, the service gateway comprising; a first interface module to receive, from the first entity, a message requesting performance of a service in an extensible set of services offered by the second entity, the message including a service name that corresponds to the service and an argument that includes data used to perform the service; an access control module to; make a first determination of whether the first entity is permitted to request performance of the service corresponding to the service name, make a second determination of whether the argument is permitted to be provided by the first entity, and make a third determination of whether the argument is permitted to be requested for the service corresponding to the service name; and a second interface module to selectively request performance of the service by the second entity based, at least in part, on results of the first, second, and third determinations of the access control module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
11. A wholesaler system that provides services to subscribers associated with a plurality of retailer systems, the wholesaler system comprising:
-
a service activation component to provide the services to the subscribers; and a service gateway to act as a single point of contact between the retailer systems and the service activation component, the service gateway providing controlled access, by the retailer systems, to the services provided by the service activation component, the service gateway permitting each of the retailer systems access to a subset of the services provided by the service activation component via the controlled access, the service gateway comprising; a first interface module to receive, from one of the retailer systems, a message requesting performance of one of the services by the service activation component, the message including at least one argument that includes data used to perform the one service, an access control module to; make a first determination of whether the one retailer system is permitted to request performance of the one service, make a second determination of whether the at least one argument is permissible for the one retailer system, and make a third determination of whether the at least one argument is valid for the one service, and a second interface module to selectively interact with the service activation component based, at least in part, on the first, second, and third determinations of the access control module. - View Dependent Claims (12, 13, 14)
-
-
15. A method performed by a service gateway in communication with a first entity and a second entity, the method comprising:
-
receiving, from the first entity, a message requesting performance of a network service of an extensible set of network services offered by the second entity, the message including a service name that corresponds to the network service and an argument that includes data used to perform the network service; generating a first result based, at least in part, on a determination of whether the first entity is permitted to request performance of the network service corresponding to the service name; generating a second result based, at least in part, on a determination of whether the first entity is permitted to provide the argument; generating a third result based, at least in part, on a determination of whether the argument is permissible for the network service corresponding to the service name; and selectively requesting performance of the network service by the second entity based, at least in part, on the first, second, and third results. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A device, comprising:
-
means for receiving, from a requester, a message requesting performance of one of a plurality of network services offered by a server, the message including an argument that includes data used to perform the one network service; means for performing a first determination of whether the requestor is permitted to request performance of the one network service; means for performing a second determination of whether the requestor is permitted to provide the argument; means for performing a third determination of whether the argument is permissible for the one network service; and means for requesting performance of the one network service by the server based, at least in part, on the first, second, and third determinations.
-
Specification