Mapping policies to messages

US 8,005,901 B2
Filed: 07/14/2004
Issued: 08/23/2011
Est. Priority Date: 07/14/2004
Status: Active Grant

First Claim

Patent Images

1. In a Web services environment for exchanging messages in a distributed system, a method of identifying policies mapped to messages associated with an application, without having to have code within the application for determining what policies may apply to the messages, the method comprising the acts of:

receiving a message at a Web service engine associated with an application that is external to the Web service engine, the application configured to exchange messages in a distributed system;

based on the contents of the received message, determining at least;

a particular destination endpoint identifier related to the received message, wherein the particular destination endpoint identifier includes at least an address of a destination endpoint for the message;

a particular request action identifier; and

a particular request-reply property related to the received message;

accessing a policy mapping file that includes;

at least one endpoint section, wherein each of the at least one endpoint sections are related to a different destination endpoint identifier;

at least one operation section, wherein each of the at least one operation sections is hierarchically within one of the at least one endpoint sections, wherein each of the at least one operation sections is related to a different operation and is represented by a corresponding different request action identifier; and

at least one operation element, wherein each of the at least one operation elements is hierarchically within one of the at least one operation sections, wherein each of the at least one operation elements is related to a different request-reply property, and wherein each of the at least one operation elements indicates a type of interaction pattern for messages, wherein one or more of the at least one operation elements identifies one or more policy expressions with one or more policy assertions representing policies associated with exchanging messages with the application;

scanning the policy mapping file for identifying an endpoint section relating to the address of the particular destination endpoint identifier, the scanning being performed by a processing unit of a computing device;

after identifying the endpoint section relating to the particular destination endpoint identifier, scanning the identified endpoint section for identifying an operation section hierarchically within the identified endpoint section and which is represented by the particular request action identifier; and

after identifying the operation section represented by the particular request action identifier, scanning the identified operation section for an operation element hierarchically within the identified operation section and which relates to the particular request-reply property, such that the identified operation element relates to, and is dependent upon, each of the address of the particular destination endpoint identifier, the particular request action identifier, and the particular request-reply property.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Within a distributed system, e.g., Web service environment, the present invention provides a way for identifying policies mapped to messages associated with an application, without having to have code within the application for determining what policies should apply to the messages. A centralized Web service engine is provided that receives incoming and outgoing messages associated with an application. The messages have associated with them destination endpoint identifiers and request-reply properties, which the Web service engine can access. The Web service engine can then use at least the identifiers and properties for scanning policy message files corresponding to the applications in order to identify what policies, if any, should be applied to the messages.

18 Citations

View as Search Results

38 Claims

1. In a Web services environment for exchanging messages in a distributed system, a method of identifying policies mapped to messages associated with an application, without having to have code within the application for determining what policies may apply to the messages, the method comprising the acts of:
- receiving a message at a Web service engine associated with an application that is external to the Web service engine, the application configured to exchange messages in a distributed system;
  
  based on the contents of the received message, determining at least;
  
  a particular destination endpoint identifier related to the received message, wherein the particular destination endpoint identifier includes at least an address of a destination endpoint for the message;
  
  a particular request action identifier; and
  
  a particular request-reply property related to the received message;
  
  accessing a policy mapping file that includes;
  
  at least one endpoint section, wherein each of the at least one endpoint sections are related to a different destination endpoint identifier;
  
  at least one operation section, wherein each of the at least one operation sections is hierarchically within one of the at least one endpoint sections, wherein each of the at least one operation sections is related to a different operation and is represented by a corresponding different request action identifier; and
  
  at least one operation element, wherein each of the at least one operation elements is hierarchically within one of the at least one operation sections, wherein each of the at least one operation elements is related to a different request-reply property, and wherein each of the at least one operation elements indicates a type of interaction pattern for messages, wherein one or more of the at least one operation elements identifies one or more policy expressions with one or more policy assertions representing policies associated with exchanging messages with the application;
  
  scanning the policy mapping file for identifying an endpoint section relating to the address of the particular destination endpoint identifier, the scanning being performed by a processing unit of a computing device;
  
  after identifying the endpoint section relating to the particular destination endpoint identifier, scanning the identified endpoint section for identifying an operation section hierarchically within the identified endpoint section and which is represented by the particular request action identifier; and
  
  after identifying the operation section represented by the particular request action identifier, scanning the identified operation section for an operation element hierarchically within the identified operation section and which relates to the particular request-reply property, such that the identified operation element relates to, and is dependent upon, each of the address of the particular destination endpoint identifier, the particular request action identifier, and the particular request-reply property.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 24, 25)
- - 2. The method of claim 1, wherein the at least one endpoint sections of the mapping file include a plurality of endpoint sections of the mapping file, each of the plurality of endpoint sections relating to a different destination endpoint address.
  - 3. The method of claim 2, further comprising the acts of:
    - determining that the particular request-reply property is a reply or failure;
      
      retrieving from the message a message identifier; and
      
      using the message identifier to retrieve the particular destination endpoint identifier and the particular request action identifier from a store.
  - 4. The method of claim 2, wherein the identified endpoint section, the identified operation section, or the identified operation element is a default endpoint section, default operation section or default operation element, respectively.
  - 5. The method of claim 2, wherein the particular destination endpoint identifier and the particular request action identifier are URIs.
  - 6. The method of claim 2, wherein the particular request-reply property is one of a request, reply or failure.
  - 7. The method of claim 1, further comprising the act of:
    - determining whether the message is either outgoing or incoming from the application; and
      
      based on the determination, validating or enforcing one or more policy expressions relating to the determined operation element.
  - 8. The method of claim 1, wherein the policy assertions represent preferences, requirements, capabilities or other properties associated with exchanging messages with the application.
  - 9. The method of claim 8, wherein the policy assertions are security policies that provide one or more of security token propagation, message integrity and message confidentiality through one or more of a signature, encryption, token, and username/password credentials.
  - 10. The method of claim 1, wherein the Web service engine receives messages, validates and enforces policies for a plurality of applications.
  - 11. The method of claim 1, wherein the policy mapping file is an eXtensible Markup Language (XML) document.
  - 12. The method of claim 1, wherein the received message is an outgoing message from the application, and wherein the message cannot be processed according to one or more policy assertions for the identified operation element, and wherein an error is returned to the application.
  - 13. The method of claim 1, wherein the operation element does not identify a policy expression with one or more policy assertions.
  - 24. The method of claim 1, wherein the identified operation element is a default operation element.
  - 25. The method of claim 1, wherein the received message is an outgoing message from the application, and wherein the message cannot be processed according to one or more policy assertions for the determined operation element, and wherein an error is returned to the application.

14. In a Web services environment for exchanging messages in a distributed system, a method of identifying policies mapped to messages associated with an application, without having code within the application for determining what policies may apply to the messages, the method comprising:
- receiving a message at a Web service engine associated with an application that is external to the Web service engine, the application configured to exchange messages in a distributed system;
  
  based on the contents of the received message, determining at least;
  
  a particular destination endpoint identifier relating to the received message, wherein the particular destination endpoint identifier includes a URI of a destination endpoint for the message;
  
  a particular request action identifier associated with the received message and associated with a particular operation requested in the received message; and
  
  a particular request-reply property associated with the received message and associated with a particular type of message;
  
  accessing a policy mapping file that includes;
  
  at least one endpoint section, wherein each of the at least one endpoint sections are related to a different URI;
  
  at least one operation section, wherein each of the at least one operation sections is hierarchically within the at least one endpoint section, and wherein each of the at least one operation sections is related to a different operation; and
  
  at least one operation element, wherein each of the at least one operation elements is hierarchically within the at least one operation section, wherein each of the at least one operation elements is related to a different request-reply property, and wherein each operation element indicates a type of interaction pattern for messages, wherein one or more of the at least one operation elements identifies one or more policy expressions with one or more policy assertions representing policies associated with exchanging messages with the application;
  
  scanning the policy mapping file for identifying an endpoint section relating to the URI of the particular destination endpoint identifier, the scanning being performed by a processing unit of a computing device;
  
  after identifying the endpoint section relating to the particular destination endpoint identifier, scanning the identified endpoint section for identifying an operation section hierarchically within the identified endpoint section and which is represented by the particular request action identifier; and
  
  after identifying the operation section represented by the particular request action identifier, scanning the identified operation section for an operation element hierarchically within the identified operation section and which relates to the particular request-reply property, such that the identified operation element relates to, and is dependent upon, each of the URI of the particular destination endpoint identifier, the particular request action identifier, and the particular request-reply property.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The method of claim 14, wherein the at least one endpoint sections of the mapping file include a plurality of endpoint sections, each of the plurality of endpoint sections relating to a different endpoint address.
  - 16. The method of claim 15, further comprising the acts of:
    - determining that the particular request-reply property is a reply or failure;
      
      retrieving from the message a message identifier; and
      
      using the message identifier to retrieve the particular destination endpoint identifier and that particular request action identifier from a store.
  - 17. The method of claim 15, wherein the particular destination endpoint identifier and the particular request action identifier are URIs.
  - 18. The method of claim 14, further comprising the acts of:
    - determining whether the message is either outgoing or incoming from the application; and
      
      based on the determination, validating or enforcing one or more policy expressions relating to the identified operation element.
  - 19. The method of claim 14, wherein the policy assertions represent preferences, requirements, capabilities or other properties associated with exchanging messages with the application.
  - 20. The method of claim 19, wherein the policy assertions are security policies that provide one or more of security token propagation, message integrity and message confidentiality through one or more of a signature, encryption, token, and username/password credentials.
  - 21. The method of claim 14, wherein the Web service engine receives messages, validates and enforces policies for a plurality of applications.
  - 22. The method of claim 14, wherein the policy mapping file is an eXtensible Markup Language (XML) document created.
  - 23. The method of claim 14, wherein the particular request-reply property relating to the message is one of a request, reply or failure.

26. In a Web services environment for exchanging messages in a distributed system, a computer program product for implementing a method of identifying policies mapped to messages associated with an application, without having to have code within the application for determining what policies may apply to the messages, the computer program product comprising one or more computer storage devices having stored thereon computer executable instructions that, when executed by a processor, can cause the distributed computing system to perform the following:
- receive a message at a Web service engine associated with an application that is external to the Web service engine, the application configured to exchange messages in a distributed system;
  
  based on the contents of the received message, determine at least;
  
  a particular destination endpoint identifier relating to the received message, wherein the particular destination endpoint identifier includes at least an address of a destination endpoint for the message;
  
  a particular request action identifier associated with the received message; and
  
  a particular request-reply property associated with the received message;
  
  access a policy mapping file that includes;
  
  at least one endpoint section, wherein each of the at least one endpoint sections is represented by a different destination endpoint identifier;
  
  a plurality of operation sections, wherein each of the plurality of operation sections is hierarchically within the at least one endpoint section, and wherein each of the plurality of operation sections represents a different operation; and
  
  at least one operation element hierarchically within each of the plurality of operation sections, wherein each of the at least one operation elements is represented by a different request-reply property, and wherein each operation element indicates a type of interaction pattern for messages, wherein one or more of the at least one operation elements identifies a policy expression with one or more policy assertions representing policies associated with exchanging messages with the application;
  
  scan the policy mapping file for identifying an endpoint section relating to the address in the particular destination endpoint identifier;
  
  after identifying the endpoint section relating to the particular destination endpoint identifier, scan the identified endpoint section for identifying an operation section represented by the particular request action identifier, which identified operation section is hierarchically within the identified endpoint section; and
  
  after identifying the operation section represented by the particular request action identifier, scan the identified operation section for identifying an operation element relating to the particular request-reply property, which identified operation element is hierarchically within the identified operation section and is such that the identified operation element relates to, and is dependent upon, each of the address of the particular destination endpoint identifier, the particular request action identifier, and the particular request-reply property.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 27. The computer program product of claim 26, wherein the at least one endpoint sections of the mapping file include a plurality of endpoint sections of the mapping file, each of the plurality of endpoint sections relating to a different destination endpoint address.
  - 28. The computer program product of claim 27, further comprising computer executable instructions that can cause the distributed computing system to perform the following:
    - determine that the particular request-reply property is a reply or failure;
      
      retrieve from the message a message identifier; and
      
      use the message identifier to retrieve the particular destination endpoint identifier and the particular request action identifier from a store.
  - 29. The computer program product of claim 27, wherein the identified endpoint section, the identified operation section or the identified operation element is a default endpoint section, default operation section or default operation element, respectively.
  - 30. The computer program product of claim 27, wherein the particular destination endpoint identifier and request action identifier are URIs.
  - 31. The computer program product of claim 27, wherein the particular request-reply property relating to the message is one of a request, reply or failure.
  - 32. The method of claim 26, wherein the operation element does not identify a policy expression with one or more policy assertions.
  - 33. The computer program product of claim 26, further comprising computer executable instructions that can cause the distributed computing system to perform the following:
    - deteimine if the message is either outgoing or incoming from the application; and
      
      based on the determination, validate or enforcing one or more policy expressions relating to the determined operation element.
  - 34. The computer program product of claim 26, wherein the policy assertions represent preferences, requirements, capabilities or other properties associated with exchanging messages with the application.
  - 35. The computer program product of claim 34, wherein the policy assertions are security policies that provide one or more of security token propagation, message integrity and message confidentiality through one or more of a signature, encryption, token, and username/password credentials.
  - 36. The computer program product of claim 26, wherein the Web service engine receives messages, validates and enforces policies for a plurality of applications.
  - 37. The computer program product of claim 26, wherein the policy mapping file is an eXtensible Markup Language (XML) document.
  - 38. The computer program product of claim 37, wherein the XML policy mapping file has at least the following structure:
    - at a first line, an identification of the policy mapping file as an XML document; and
      
      at a line immediately subsequent to the first line, the XML policy document is embedded, wherein the XML policy document includes;
      
      at least two endpoint sections, wherein a first of the at least two endpoint sections includes a destination endpoint identifier URI and two operation sections, wherein a first of the two operation sections includes three operation elements, including at least a request operation mapped to a Kerberos-sign policy, a reply operation mapped to an x509-sign policy, and a default operation element for all messages nut subject to the request operation or the reply operation, and wherein a second of the two operation sections includes at least a failure operation element.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Wilson, Hervey O., Ballinger, Keith W., Mukherjee, Vick B.
Primary Examiner(s)
Abdullahi; Salad
Assistant Examiner(s)
Fan; Hua

Application Number

US10/891,946
Publication Number

US 20060015625A1
Time in Patent Office

2,596 Days
Field of Search

709/201, 709205-207
US Class Current

709/206
CPC Class Codes

H04L 67/02 based on web technology, e....

H04L 67/61 taking into account QoS or ...

Mapping policies to messages

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

38 Claims

Specification

Use Cases

Quick Links

Others

Mapping policies to messages

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

38 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others