Dynamic service composition and orchestration
First Claim
Patent Images
1. A method for interconnecting a plurality of processes in a switching fabric, comprising:
- receiving requests for communication between a plurality of processes, wherein the processes can be one or more of a client, business process, service, web service, or service proxy, and wherein the requests for communication can include requests to access resources;
associating each request for communication with a context that includes a plurality of message processing variables which are dynamically configurable as the request is processed;
resolving transport protocol variances dynamically for a particular request, using the context and the plurality of message processing variables associated with that request, among the plurality of processes;
resolving message format variances dynamically for a particular request, using the context and the plurality of message processing variables associated with that request, among the plurality of processes;
conveying, subject to authorization, the requests for communication, as resolved for transport protocol and message format variances, between the plurality of processes; and
receiving at least one of the requests for communication, and its associated context, at a security service module (SSM) that is integrated with and provides security services for a server, including controlling access to the resources at the server;
using an adjudicator and a plurality of authorization providers that are integrated with the SSM, to determine whether to convey the requests for communication or to grant the requests to access resources for a particular resource;
wherein each of the plurality of authorization providers individually renders a decision based on the request and its associated context, whether to grant access to the particular resource; and
wherein the adjudicator uses the decisions to render an overall decision with respect to access to the particular resource, and only conveys the requests for communication or grants the requests to access if each of the plurality of authorization providers would individually grant access to that resource.
2 Assignments
0 Petitions
Accused Products
Abstract
A system, method and media for service infrastructure that enables dynamic service composition and orchestration. This description is not intended to be a complete description of, or limit the scope of, the invention. Other features, aspects and objects of the invention can be obtained from a review of the specification, the figures and the claims.
-
Citations
21 Claims
-
1. A method for interconnecting a plurality of processes in a switching fabric, comprising:
-
receiving requests for communication between a plurality of processes, wherein the processes can be one or more of a client, business process, service, web service, or service proxy, and wherein the requests for communication can include requests to access resources; associating each request for communication with a context that includes a plurality of message processing variables which are dynamically configurable as the request is processed; resolving transport protocol variances dynamically for a particular request, using the context and the plurality of message processing variables associated with that request, among the plurality of processes; resolving message format variances dynamically for a particular request, using the context and the plurality of message processing variables associated with that request, among the plurality of processes; conveying, subject to authorization, the requests for communication, as resolved for transport protocol and message format variances, between the plurality of processes; and receiving at least one of the requests for communication, and its associated context, at a security service module (SSM) that is integrated with and provides security services for a server, including controlling access to the resources at the server; using an adjudicator and a plurality of authorization providers that are integrated with the SSM, to determine whether to convey the requests for communication or to grant the requests to access resources for a particular resource; wherein each of the plurality of authorization providers individually renders a decision based on the request and its associated context, whether to grant access to the particular resource; and wherein the adjudicator uses the decisions to render an overall decision with respect to access to the particular resource, and only conveys the requests for communication or grants the requests to access if each of the plurality of authorization providers would individually grant access to that resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 15, 21)
-
-
8. A non-transitory computer readable storage medium having instructions stored thereon that when used cause a system to:
-
receive requests for communication between a plurality of processes, wherein the processes can be one or more of a client, business process, service, web service, or service proxy, and wherein the requests for communication can include requests to access resources; associate each request for communication with a context that includes a plurality of message processing variables which are dynamically configurable as the request is processed; resolve transport protocol variances dynamically for a particular request, using the context and the plurality of message processing variables associated with that request, among the plurality of processes; resolve message format variances dynamically for a particular request, using the context and the plurality of message processing variables associated with that request, among the plurality of processes; convey, subject to authorization, the requests for communication, as resolved for transport protocol and message format variances, between the plurality of processes; and receive at least one of the requests for communication, and its associated context, at a security service module (SSM) that is integrated with and provides security services for a server, including controlling access to the resources at the server; use an adjudicator and a plurality of authorization providers that are integrated with the SSM, to determine whether to convey the requests for communication or to grant the requests to access resources for a particular resource; wherein each of the plurality of authorization providers individually renders a decision based on the request and its associated context, whether to grant access to the particular resource; and wherein the adjudicator uses the decisions to render an overall decision with respect to access to the particular resource, and only conveys the requests for communication or grants the requests to access if each of the plurality of authorization providers would individually grant access to that resource.
-
-
9. A service infrastructure comprising:
-
a processor a message services layer is implemented on the processor and configured to interconnect a plurality of processes through at least one service proxy, and to receive requests for communication between a plurality of processes and associate each request with a context that includes a plurality of message processing variables which are dynamically configurable as the request is processed, wherein the processes can be one or more of a client, business process, service, web service, or service proxy, and wherein the requests for communication can incorporate requests to access resources; a information services layer is implemented on the processor and configured to provide a unified view of information obtained from a plurality of information sources including resolving transport protocol variances dynamically for a particular request, using the context and the plurality of message processing variables associated with that request, among the plurality of processes; resolving message format variances dynamically for a particular request, using the context and the plurality of message processing variables associated with that request, among the plurality of processes; a security services layer is implemented on the processor and configured to provide distributed security to the message services layer through a security service module (SSM) that is integrated with and provides security services for a server, including controlling access to the resources at the server; and wherein each of a plurality of authorization providers individually renders a decision based on the request and its associated context, whether to grant access to a particular resource; wherein an adjudicator uses the decisions from the plurality of authorization providers that are integrated with the SSM, to render an overall decision with respect to access to the resource, and only conveys the requests for communication or grants the requests to access if each of the plurality of authorization providers would individually grant access to that resource. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
16. A system comprising one or more components capable of performing the following steps:
-
receiving requests for communication between a plurality of processes, wherein the processes can be one or more of a client, business process, service, web service, or service proxy, and wherein the requests for communication can include requests to access resources; associating each request for communication with a context that includes a plurality of message processing variables which are dynamically configurable as the request is processed; resolving transport protocol variances dynamically for a particular request, using the context and the plurality of message processing variables associated with that request, among the plurality of processes; resolving message format variances dynamically for a particular request, using the context and the plurality of message processing variables associated with that request, among the plurality of processes; conveying, subject to authorization, the requests for communication, as resolved for transport protocol and message format variances, between the plurality of processes; and receiving at least one of the requests for communication, and its associated context, at a security service module (SSM) that is integrated with and provides security services for a server, including controlling access to the resources at the server; using an adjudicator and a plurality of authorization providers that are integrated with the SSM, to determine whether to convey the requests for communication or to grant the requests to access resources for a particular resource; wherein each of the plurality of authorization providers individually renders a decision based on the request and its associated context, whether to grant access to the particular resource; and wherein the adjudicator uses the decisions to render an overall decision with respect to access to the particular resource, and only conveys the requests for communication or grants the requests to access if each of the plurality of authorization providers would individually grant access to that resource; wherein the system includes at least one processor. - View Dependent Claims (17, 18, 19, 20)
-
Specification