Infrastructure to secure federated web services
First Claim
1. An apparatus, comprising:
- one or more processors;
memory and storage; and
a federation participant in communication with other participants of a federation according to a federation protocol, the federation participant further comprising;
a business logic, the business logic being one of a web service consumer (WSC) business logic or a web service provider (WSP) business logic, the business logic being a software component configured to execute within a container on a computer, the business logic being configured to generate an outgoing message for transmission to a fictitious recipient and receive an incoming message from a WSP if the business logic is a WSC business logic and a WSC if the business logic is a WSP business logic;
a security provider, the security provider being configured to execute in the container with the business logic, the security provider receiving the generated messages and applying header information to the outgoing message according to the federation protocol and a list of permitted security mechanism types to form a modified outgoing message, the security provider then transmitting the modified outgoing message to a real recipient.
2 Assignments
0 Petitions
Accused Products
Abstract
A federation participant in communication with other participants of a federation according to a federation protocol is described. The web service participant includes business logic and a security provider. The business logic implements a web service consumer (WSC) or a web service provider (WSP) business logic. The business logic is configured to generate an outgoing message for transmission to a recipient and receive an incoming message from the recipient, the recipient being a WSP if the business logic is a WSC business logic and a WSC if the business logic is a WSP business logic. The security provider is configured to receive the generated messages and apply header information to the outgoing message according to the federation protocol to form a modified outgoing message. The security provider then transmits the modified outgoing message to the recipient. Methods of operation for the WSC and WSP are also described.
-
Citations
20 Claims
-
1. An apparatus, comprising:
-
one or more processors; memory and storage; and a federation participant in communication with other participants of a federation according to a federation protocol, the federation participant further comprising; a business logic, the business logic being one of a web service consumer (WSC) business logic or a web service provider (WSP) business logic, the business logic being a software component configured to execute within a container on a computer, the business logic being configured to generate an outgoing message for transmission to a fictitious recipient and receive an incoming message from a WSP if the business logic is a WSC business logic and a WSC if the business logic is a WSP business logic; a security provider, the security provider being configured to execute in the container with the business logic, the security provider receiving the generated messages and applying header information to the outgoing message according to the federation protocol and a list of permitted security mechanism types to form a modified outgoing message, the security provider then transmitting the modified outgoing message to a real recipient. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for accessing a web service provider (WSP) at a web service consumer (WSC), the method comprising:
-
using a WSC business logic to generate an original query message to a fictitious WSP, wherein the WSP and WSC are participants in a federation according to a federation protocol; receiving the original query message in a security provider; identifying a real WSP that is an intended recipient of the original query message; processing the original query message to generate a modified query message that conforms to the federation protocol, the modified query message including a header with a security mechanism selected by the security provider from a list of permitted security mechanism types; and transmitting the modified query message to the real WSP over a network from the security provider, the WSC business logic and the security provider each being a distinct software module executing within a container on a computer. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A method for providing a web service at a web service provider (WSP) to a web service consumer (WSC), the method comprising:
-
receiving a query message from a real WSC over a network in a security provider, wherein the WSP and WSC are participants in a federation according to a federation protocol and wherein a header for the query message conforms to the federation protocol; identifying a security mechanism incorporated into the header for the query message; verifying that the security mechanism corresponds to an acceptable type of security mechanism selected by the real WSC from a list of permitted security mechanism types; validating the security mechanism, the validating including determining that the real WSC is authenticated and that the message integrity is not compromised; extracting a message body from the query message; and sending the message body to WSP business logic from the security provider, the security provider and the business logic each comprising a distinct software module executing within a container on a computer; and using a WSP business logic to generate an original response message addressed to a fictitious WSC. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification