System and methods for secure service oriented architectures
First Claim
Patent Images
1. A method of controlling and securing a service oriented architecture, comprising:
- a plurality of intermediaries, one intermediary for each web service of a plurality of web services, each intermediary intercepting a message between a requesting web service and a source web service, and each intermediary being associated with a requesting web service or a source web service;
each intermediary examining the message to determine whether a security profile is embedded therein, wherein the security profile comprises a data security privilege, a services security privilege, and a user security privilege determined based on a security policy;
each intermediary adding a security profile to the message if a security profile is not already present; and
when a security profile is embedded in the message, each intermediary validating the message comprises comparing the security profile embedded in the message with a second security profile associated with the requesting web service, said second security profile also comprising a data security privilege, a services security privilege, and a user security privilege.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided is a method for intercepting a message between a requesting web service and a source web service, validating the message, logging the result of the validations, and adding a security profile to the message. The method may also include examining the message to determine whether a security profile is embedded therein. If the message is valid, access to the message by the requesting web service is permitted. If the message is not valid, access to the message by the requesting web service is prevented.
-
Citations
17 Claims
-
1. A method of controlling and securing a service oriented architecture, comprising:
-
a plurality of intermediaries, one intermediary for each web service of a plurality of web services, each intermediary intercepting a message between a requesting web service and a source web service, and each intermediary being associated with a requesting web service or a source web service; each intermediary examining the message to determine whether a security profile is embedded therein, wherein the security profile comprises a data security privilege, a services security privilege, and a user security privilege determined based on a security policy; each intermediary adding a security profile to the message if a security profile is not already present; and when a security profile is embedded in the message, each intermediary validating the message comprises comparing the security profile embedded in the message with a second security profile associated with the requesting web service, said second security profile also comprising a data security privilege, a services security privilege, and a user security privilege. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory computer-readable medium storing a software program that, when executed by a processor, causes the processor to:
-
intercept a message between a requesting web service and a source web service; examine the message to determine whether a security profile is embedded therein, wherein the security profile comprises a data security privilege, a services security privilege, and a user security privilege determined based on a security policy; add a security profile to the message if a security profile is not already present; when a security profile is embedded in the message, validate the message by comparing the security profile embedded in the message with a second security profile associated with the requesting web service, said second security profile also comprising a data security privilege, a services security privilege, and a user security privilege; wherein the software operates as an intermediary, and wherein the intermediary is associated with either the requesting web service or the source web service. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
-
13. A computer system organized according to a secure service oriented architecture, comprising:
-
at least one computer on which a plurality of web services are implemented to pass data messages between the web services; and at least one computer on which a plurality of intermediaries are implemented; wherein each web service is coupled for communication of data messages through an intermediary, each web service associated with a different intermediary; and wherein each of the plurality of intermediaries performs a method comprising; intercepting a message between a requesting web service and a source web service; examining the message to determine whether a security profile is embedded therein, wherein the security profile comprises a data security privilege, a services security privilege, and a user security privilege determined based on a security policy; adding a security profile to the message if a security profile is not already present; and when a security profile is embedded in the message, validating the message by comparing the security profile embedded in the message with a second security profile associated with the requesting web service, said second security profile also comprising a data security privilege, a services security privilege, and a user security privilege. - View Dependent Claims (14, 15, 16, 17)
-
Specification