Policies as workflows

US 8,032,920 B2
Filed: 12/27/2004
Issued: 10/04/2011
Est. Priority Date: 12/27/2004
Status: Active Grant

First Claim

Patent Images

1. A method of enforcing policies on communications, comprising:

receiving a communication to a processing device;

analyzing at least one criteria of the received communication to determine one or more policies to be applied to the communication, wherein the at least one criteria includes at least one of the following;

a requester of the received communication, a target resource of the received communication, or a responder of the received communication;

prior to passing the target resource the received communication, modifying the received communication based on the one or more policies from the target resource;

using a workflow to enforce the one or more policies on the modified received communication;

executing the workflow using an interface to apply the determined one or more policies to the communication, the workflow including a logical combination of one or more conditions to be satisfied, wherein executing the workflow comprises;

executing a first action to invoke a policy object associated with a first one of the policies to be applied to the communication, the policy object including a second combination of one or more conditions associated with the first policy, wherein the executing of the first action is performed by a first delegated process, andexecuting a second action to invoke a second policy object associated with a second one of the policies to be applied to the communication, wherein the executing of the second action is performed by a second delegated process, where at least one of the delegated processes is delegated to a private interface, wherein the private interface executes at least one of the actions, and where the action executed by the private interface is not known to the workflow interface, and wherein the first action and the second action are at least partially executed in parallel;

determining that the one or more conditions have been satisfied and that the first and second actions have been executed;

in response to the one or more conditions having been satisfied and the first and second actions having been executed, validating the one or more policies; and

based upon the applied one or more policies, processing the received communication.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and machine-readable mediums are disclosed for policy enforcement. In one embodiment, the method comprises receiving a communication and executing a workflow to apply one or more policies to the communication. The workflow includes a logical combination of one or more conditions to be satisfied and one or more actions to be executed to enforce the one or more policies on the communication.

190 Citations

19 Claims

1. A method of enforcing policies on communications, comprising:
- receiving a communication to a processing device;
  
  analyzing at least one criteria of the received communication to determine one or more policies to be applied to the communication, wherein the at least one criteria includes at least one of the following;
  
  a requester of the received communication, a target resource of the received communication, or a responder of the received communication;
  
  prior to passing the target resource the received communication, modifying the received communication based on the one or more policies from the target resource;
  
  using a workflow to enforce the one or more policies on the modified received communication;
  
  executing the workflow using an interface to apply the determined one or more policies to the communication, the workflow including a logical combination of one or more conditions to be satisfied, wherein executing the workflow comprises;
  
  executing a first action to invoke a policy object associated with a first one of the policies to be applied to the communication, the policy object including a second combination of one or more conditions associated with the first policy, wherein the executing of the first action is performed by a first delegated process, andexecuting a second action to invoke a second policy object associated with a second one of the policies to be applied to the communication, wherein the executing of the second action is performed by a second delegated process, where at least one of the delegated processes is delegated to a private interface, wherein the private interface executes at least one of the actions, and where the action executed by the private interface is not known to the workflow interface, and wherein the first action and the second action are at least partially executed in parallel;
  
  determining that the one or more conditions have been satisfied and that the first and second actions have been executed;
  
  in response to the one or more conditions having been satisfied and the first and second actions having been executed, validating the one or more policies; and
  
  based upon the applied one or more policies, processing the received communication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, further comprising validating the first policy if the policy object executes successfully.
  - 3. The method of claim 1, wherein the policy object is a Business Process Express Language (BPEL) object.
  - 4. The method of claim 1, further comprising if the policy returns an error result, performing error recovery.
  - 5. The method of claim 1, wherein executing the workflow comprises evaluating one or more conditions to determine whether to apply a potential policy to the communication.
  - 6. The method of claim 1, wherein executing a workflow comprises executing a Business Process Express Language (BPEL) workflow.
  - 7. The method of claim 1, wherein receiving the communication comprises intercepting a communication targeted for a resource.
  - 8. The method of claim 7, further comprising if the one or more policies are validated, transmitting the communication to the resource.
  - 9. The method of claim 8, further comprising before transmitting the communication, modifying the communication based on the workflow execution.
  - 10. The method of claim 1, further comprising transmitting a response indicating a result of the policy evaluation.
  - 11. The method of claim 1, wherein the workflow comprises an authorization policy including one or more conditions to evaluate and one or more actions to execute to enforce the authorization policy.
  - 12. The method of claim 1, wherein the workflow comprises a prioritization policy including one or more conditions to evaluate and one or more actions to execute to enforce the prioritization policy.
  - 13. The method of claim 1, wherein the workflow comprises an authentication policy including one or more conditions to evaluation and one or more actions to execute to enforce the authentication policy.
  - 14. The method of claim 1, wherein receiving a communication comprises receiving a Simple Object Access Protocol (SOAP) message.
  - 15. The method of claim 1, wherein the private interface evaluates at least one of any of the one or more of the conditions, and where the condition evaluated by the private interface is not known to the workflow interface.

16. A system of enforcing policies on communications comprising:
- a processor;
  
  an interface configured to receive a communication; and
  
  memory storing instructions that, when executed by the processor, provide workflow logic for analyzing at least one criteria of the communication received through the interface, wherein the at least one criteria includes at least one of the following;
  
  a requester of the received communication, a target resource of the received communication, or a responder of the received communication and determining a logical combination of at least one condition to evaluate, wherein executing the workflow includes executing a first action to invoke a policy object associated with a first one of the policies to be applied to the communication, the policy object including a second combination of one or more conditions associated with the first policy, wherein the executing of the first action is performed by a first delegated process, and executing a second action to invoke a second policy object associated with a second one of the policies to be applied to the communication, wherein the executing of the second action is performed by a second delegated process, where at least one of the delegated processes is delegated to a private interface, wherein the private interface executes at least one of the actions, and where the action executed by the private interface is not known to the workflow interface, and wherein the first action and the second action are at least partially executed in parallel, determine that the one or more conditions have been satisfied and that the first and second actions have been executed, in response to the one or more conditions having been satisfied and the first and second actions having been executed, validate the one or more policies, prior to passing the target resource the received communication, modifying the received communication based on the one or more policies from the target resource and using a workflow to enforce the one or more policies on the modified received communication, the instructions further providing logic that processes the communication based at least in part upon a result of the one or more policies as executed on the communication using an interface.
- View Dependent Claims (17)
- - 17. The system of claim 16, wherein the logic comprises a Business Process Execution Language (BPEL) work engine.

18. At least one non-transitory machine-readable medium, having stored thereon sequences of instructions, which, when executed by a machine cause the machine to:
- receive a communication; and
  
  analyze at least one criteria of the received communication to determine one or more policies to be applied to the communication, wherein the at least one criteria includes at least one of the following;
  
  a requester of the received communication, a target resource of the received communication, or a responder of the received communication;
  
  prior to passing the target resource the received communication, modify the received communication based on the one or more policies from the target resource;
  
  use a workflow to enforce the one or more policies on the modified received communication;
  
  execute the workflow using an interface to apply one or more policies to the communication, the workflow including a logical combination of one or more conditions to be satisfied, wherein executing the workflow comprises;
  
  executing a first action to invoke a policy object associated with a first one of the policies to be applied to the communication, the policy object including a second combination of one or more conditions associated with the first policy, wherein the executing of the first action is performed by a first delegated process, and executing a second action to invoke a second policy object associated with a second one of the policies to be applied to the communication, wherein the executing of the second action is performed by a second delegated process, where at least one of the delegated processes is delegated to a private interface, wherein the private interface executes at least one of the actions, and where the action executed by the private interface is not known to the workflow interface, and wherein the first action and the second action are at least partially execute in parallel;
  
  determining that the one or more conditions have been satisfied and that the first and second actions have been executed;
  
  in response to the one or more conditions having been satisfied and the first and second actions having been executed, validating the one or more policies; and
  
  based upon the applied one or more policies, process the received communication.

19. A system of enforcing policies on communications, the system comprising:
- a processor; and
  
  a memory coupled to the processor, wherein the memory includes sets of instructions which when executed by the processor, cause the processor to;
  
  receive a communication to a processing device;
  
  analyze at least one criteria of the received communication to determine one or more policies to be applied to the communication, wherein the at least one criteria includes at least one of the following;
  
  a requester of the received communication, a target resource of the received communication, or a responder of the received communication;
  
  prior to passing the target resource of the received communication, modify the received communication based on the one or more policies from the target resource;
  
  use a workflow to enforce the one or more policies on the modified received communication;
  
  execute the workflow using the interface to apply the one or more policies to the communication, the workflow including a logical combination of one or more conditions to be satisfied, wherein executing the workflow comprises;
  
  executing a first action to invoke a policy object associated with a first one of the policies to be applied to the communication, the policy object including a second combination of one or more conditions associated with the first policy, wherein the executing of the first action is performed by a first delegated process, andexecuting a second action of the one or more actions to invoke a second policy object associated with a second one of the policies to be applied to the communication, wherein the executing of the second action is performed by a second delegated process, where at least one of the delegated processes is delegated to a private interface, wherein the private interface executes at least one of the actions, and where the action executed by the private interface is not known to the workflow interface, and wherein the first action and the second action are at least partially executed in parallel;
  
  determining that the one or more conditions have been satisfied and that the first and second actions have been executed;
  
  in response to the one or more conditions having been satisfied and the first and second actions having been executed, validating the one or more policies; and
  
  based upon the applied one or more policies, process the received communication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Maes, Stephane H.
Primary Examiner(s)
Lanier; Benjamin
Assistant Examiner(s)
ZECHER, CORDELIA P K

Application Number

US11/024,160
Publication Number

US 20060143686A1
Time in Patent Office

2,472 Days
Field of Search

726/1
US Class Current

726/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 63/20   for managing network securi...

Policies as workflows

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

190 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Policies as workflows

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

190 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links