System and method for generating secure Web service architectures using a Web Services security assessment methodology

US 8,346,929 B1
Filed: 09/09/2003
Issued: 01/01/2013
Est. Priority Date: 08/18/2003
Status: Active Grant

First Claim

Patent Images

1. A Web Service system, comprising:

a service provider comprising one or more computer systems configured to provide one or more secure Web Services on the Web Service system; and

one or more service requesters each comprising one or more computer systems and each configured to access the one or more secure Web Services from the service provider via a network;

wherein the Web Service system is configured according to output of a computer-implemented Web Service architecture design system for designing secure Web Services comprising a plurality of heterogeneous components and one or more security components, wherein the Web Service architecture design system is configured to;

receive one or more Web Service requirements for the Web Service system;

receive user input specifying one or more design aspects of a secure Web Service architecture for the Web Service system;

generate the Web Service architecture in accordance with the received Web Service requirements, the received user input, a Web Services security assessment structured methodology, and one or more security design patterns; and

generate the output including information indicating the secure Web Service architecture; and

wherein the Web service system further comprises a service registry implemented on one or more computer systems, wherein the service provider is further configured to register and publish the secure Web Services in the service registry, and wherein the service requester is further configured to discover the service provider through the service registry.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System and method for designing and implementing secure Web Services according to a Web Services Security Assessment structured methodology and design patterns. Lifecycles of the Web Services Security Assessment structured methodology may include, but are not limited to: vision and strategy, architecture design, development, integration, and deployment. In one embodiment, security components may be identified based on one or more use case requirements. Web Services objects that need to be protected may be identified. The object relationship for security protection may be defined, and associated trust domains, security policy and strategy and threat profiles may be identified. Protection schemes for these Web Services objects may be generated. Web Services security design patterns may be applied. One embodiment may be implemented as a secure Web Services architecture design mechanism that may receive Web Services requirements as input and assist a user in designing and generating a secure Web Services architecture.

446 Citations

57 Claims

1. A Web Service system, comprising:
- a service provider comprising one or more computer systems configured to provide one or more secure Web Services on the Web Service system; and
  
  one or more service requesters each comprising one or more computer systems and each configured to access the one or more secure Web Services from the service provider via a network;
  
  wherein the Web Service system is configured according to output of a computer-implemented Web Service architecture design system for designing secure Web Services comprising a plurality of heterogeneous components and one or more security components, wherein the Web Service architecture design system is configured to;
  
  receive one or more Web Service requirements for the Web Service system;
  
  receive user input specifying one or more design aspects of a secure Web Service architecture for the Web Service system;
  
  generate the Web Service architecture in accordance with the received Web Service requirements, the received user input, a Web Services security assessment structured methodology, and one or more security design patterns; and
  
  generate the output including information indicating the secure Web Service architecture; and
  
  wherein the Web service system further comprises a service registry implemented on one or more computer systems, wherein the service provider is further configured to register and publish the secure Web Services in the service registry, and wherein the service requester is further configured to discover the service provider through the service registry.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The Web Service system as recited in claim 1, wherein, to generate the Web Service architecture in accordance with the Web Services security assessment structured methodology, the Web Service architecture design system is configured to:
    - determine one or more security components of the Web Service architecture according to one or more Use Case requirements for the Web Service architecture;
      
      determine one or more Web Service objects of the Web Service architecture to be protected;
      
      define an object relationship for security protection in the Web Service architecture;
      
      determine one or more associated trust domains, security policy and strategy, and one or more threat profiles for the Web Service architecture;
      
      determine one or more protection schemes and measures for the Web Services objects; and
      
      apply one or more Web Services design patterns including the one or more security design patterns to the Web Service architecture.
  - 3. The Web Service system as recited in claim 1, wherein the secure Web Service architecture incorporates Quality of Services including reliability, scalability, and availability on the Web Service system.
  - 4. The Web Service system as recited in claim 1, further comprising a service broker implemented on one or more computer systems and configured to securely interact with the service provider and service requester to negotiate and provide the secure Web Services to the service requester.
  - 5. The Web Service system as recited in claim 4, wherein the service provider is configured as the service broker.
  - 6. The Web Service system as recited in claim 1, wherein the Web Service system is a Business-to-Consumer Web Service, wherein the service provider is a business service provider, and wherein the service requester is an end user.
  - 7. The Web Service system as recited in claim 1, wherein the Web Service system is a Business-to-Business Web Service, wherein the service provider is a business service provider, and wherein the service requester is a server.
  - 8. The Web Service system as recited in claim 1, wherein the Web Service system comprises a plurality of layers, wherein the plurality of layers comprises two or more of:
    - a network layer configured to serve as an underlying network for services;
      
      a transport layer for delivering messages between components of the Web Service system;
      
      a service description language layer configured to describe service type and functionality of the services of the service provider;
      
      a transaction routing layer configured to route messages on the transport layer;
      
      a service discovery layer configured to search for and locate services;
      
      a service negotiation layer configured to negotiate exchanges between the service requesters and the service provider;
      
      a management layer configured for provisioning of the services and for monitoring and administration of the services;
      
      a Quality of Service layer configured to provide reliability, scalability, and availability on the Web Service system;
      
      a security layer configured to provide authentication, entitlement, and non-repudiation security on the transport layer; and
      
      an Open Standards layer.
  - 9. The Web Service system as recited in claim 8, wherein the Open Standards layer is XML.
  - 10. The Web Service system as recited in claim 8, wherein the network layer is the public Internet over TCP/IP.
  - 11. The Web Service system as recited in claim 8, wherein the transport layer is one of HTTP, SMTP, and SOAP over HTTP.
  - 12. The Web Service system as recited in claim 1, wherein the security design patterns comprise one or more of:
    - a Single Sign-on Design Pattern; and
      
      a Messaging Transport Design Pattern.
  - 13. The Web Service system as recited in claim 1, wherein the Web Service system comprises two or more of:
    - a client tier;
      
      a presentation tier;
      
      a business tier;
      
      an integration tier; and
      
      a resource tier.

14. A system for designing and implementing secure Web Services comprising a plurality of heterogeneous components, comprising:
- means for applying a Web Services security assessment structured methodology and one or more security design patterns to generate output indicating a Web Service architecture; and
  
  means for implementing a secure Web Service according to the generated output indicating the Web Service architectures;
  
  wherein said Web Services security assessment structured methodology comprises;
  
  means for determining one or more security components according to one or more Use Case requirements for the Web Service architecture;
  
  means for determining one or more Web Service objects of the Web Service architecture to be protected;
  
  means for defining an object relationship for security protection in the Web Service architecture;
  
  means for determining one or more associated trust domains, security policy and strategy, and one or more threat profiles for the Web Service architecture;
  
  means for determining one or more protection schemes and measures for the Web Services objects; and
  
  means for applying one or more Web Services design patterns to the Web Service architecture.
- View Dependent Claims (15)
- - 15. The system as recited in claim 14, further comprising means for assessing security levels of the secure Web Service implemented according to the Web Service Architecture.

16. A system for generating a vendor-independent Web Service architecture, comprising:
- a processor; and
  
  a memory comprising program instructions, wherein the program instructions are executable by the processor to;
  
  determine one or more security components of a Web Service architecture according to one or more Use Case requirements for the Web Service architecture;
  
  determine one or more Web Service objects of the Web Service architecture to be protected;
  
  define an object relationship for security protection in the Web Service architecture;
  
  determine one or more associated trust domains, security policy and strategy, and one or more threat profiles for the Web Service architecture;
  
  determine one or more protection schemes and measures for the Web Services objects;
  
  apply one or more Web Services design patterns to the Web Service architecture; and
  
  generate output including information indicating the generated Web Service architecture, wherein the generated output is configured for use in implementing the Web Service architecture.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 17. The system as recited in claim 16, wherein the program instructions are further executable by the processor to assess security levels of a secure Web Service implemented according to the Web Service architecture.
  - 18. The system as recited in claim 16, wherein the generated output is configured for use in implementing a secure Web Service in accordance with the Web Service architecture.
  - 19. The system as recited in claim 18, wherein the program instructions are further executable by the processor to apply one or more Web Services security tools to implement the protection schemes in the secure Web Service.
  - 20. The system as recited in claim 18, wherein the secure Web Service comprises:
    - a service provider comprising one or more computer systems configured to provide one or more services of the secure Web Service on a network; and
      
      one or more service requesters each comprising one or more computer systems and each configured to access the one or more services of the secure Web Service on the service provider via the network.
  - 21. The system as recited in claim 20, wherein the secure Web Service further comprises a service registry implemented on one or more computer systems, wherein the service provider is further configured to register and publish the one or more services of the secure Web Service in the service registry, and wherein the service requester is further configured to discover the service provider through the service registry.
  - 22. The system as recited in claim 20, wherein the secure Web Service is a Business-to-Consumer Web Service, wherein the service provider is a business service provider, and wherein the service requester is an end user.
  - 23. The system as recited in claim 20, wherein the secure Web Service is a Business-to-Business Web Service, wherein the service provider is a business service provider, and wherein the service requester is a server.
  - 24. The system as recited in claim 18, wherein the Web Service architecture comprises a plurality of layers, where the layers comprise two or more of:
    - a network layer configured to serve as an underlying network for secure Web Services implemented according to the Web Service architecture;
      
      a transport layer for delivering messages between components of the secure Web Services;
      
      a service description language layer configured to describe service type and functionality of the secure Web Services;
      
      a transaction routing layer configured to route messages on the transport layer;
      
      a service discovery layer configured to search for and locate the secure Web Services;
      
      a service negotiation layer configured to negotiate exchanges between service requesters and service providers implemented according to the Web Service architecture;
      
      a management layer configured for provisioning of the secure Web Services and for monitoring and administration of the secure Web Services;
      
      a Quality of Service layer configured to provide reliability, scalability, and availability for the secure Web Services;
      
      a security layer configured to provide authentication, entitlement, and non-repudiation security on the transport layer; and
      
      an Open Standards layer.
  - 25. The system as recited in claim 18, wherein the Web Service architecture comprises a plurality of tiers, wherein the tiers comprise two or more of:
    - a client tier;
      
      a presentation tier;
      
      a business tier;
      
      an integration tier; and
      
      a resource tier.
  - 26. The system as recited in claim 18, wherein the Web Services design patterns comprise one or more of:
    - one or more Quality of Services design patterns;
      
      one or more integration design patterns; and
      
      one or more security design patterns.
  - 27. The system as recited in claim 18, wherein the Web Services design patterns comprise one or more security design patterns.
  - 28. The system as recited in claim 27, wherein the security design patterns comprise one or more of:
    - a Single Sign-on design pattern; and
      
      a Messaging Transport design pattern.

29. A computer-implemented method for generating a vendor-independent Web Service architecture, the method comprising:
- determining one or more security components according to one or more Use Case requirements for the Web Service architecture;
  
  determining one or more Web Service objects of the Web Service architecture to be protected;
  
  defining an object relationship for security protection in the Web Service architecture;
  
  determining one or more associated trust domains, security policy and strategy, and one or more threat profiles for the Web Service architecture;
  
  determining one or more protection schemes and measures for the Web Services objects;
  
  applying one or more Web Services design patterns to the Web Service architecture; and
  
  generating output including information indicating the generated Web Service architecture, wherein the generated output is configured for use in implementing the Web Service architecture.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 30. The method as recited in claim 29, further comprising generating the one or more Use Cases for the Web Service architecture.
  - 31. The method as recited in claim 29, further comprising building the one or more security components according to the one or more Use Case requirements for the Web Service architecture.
  - 32. The method as recited in claim 29, further comprising implementing a secure Web Service in accordance with the generated output.
  - 33. The method as recited in claim 32, further comprising assessing security levels of the secure Web Service according to two or more tiers of the Web Service architecture.
  - 34. The method as recited in claim 32, further comprising applying one or more Web Services security tools to implement the protection schemes in the secure Web Service.
  - 35. The method as recited in claim 32, wherein the secure Web Service comprises a service provider comprising one or more computer systems and a service requester comprising one or more computer systems, the method further comprising:
    - the service provider providing one or more services of the secure Web Service on a network; and
      
      the service requester accessing the one or more services of the secure Web Service on the service provider via the network.
  - 36. The method as recited in claim 35, wherein the secure Web Service further comprises a service registry implemented on one or more computer systems, the method further comprising:
    - the service provider registering and publishing the one or more services of the secure Web Service in the service registry; and
      
      the service requester discovering the service provider through the service registry.
  - 37. The method as recited in claim 35, wherein the secure Web Service is a Business-to-Consumer Web Service, wherein the service provider is a business service provider, and wherein the service requester is an end user.
  - 38. The method as recited in claim 35, wherein the secure Web Service is a Business-to-Business Web Service, wherein the service provider is a business service provider, and wherein the service requester is a server.
  - 39. The method as recited in claim 29, wherein the Web Service architecture comprises a plurality of layers, where the layers comprise two or more of:
    - a network layer configured to serve as an underlying network for secure Web Services implemented according to the Web Service architecture;
      
      a transport layer for delivering messages between components of the secure Web Services;
      
      a service description language layer configured to describe service type and functionality of the secure Web Services;
      
      a transaction routing layer configured to route messages on the transport layer;
      
      a service discovery layer configured to search for and locate the secure Web Services;
      
      a service negotiation layer configured to negotiate exchanges between service requesters and service providers implemented according to the Web Service architecture;
      
      a management layer configured for provisioning of the secure Web Services and for monitoring and administration of the secure Web Services;
      
      a Quality of Service layer configured to provide reliability, scalability, and availability for the secure Web Services;
      
      a security layer configured to provide authentication, entitlement, and non-repudiation security on the transport layer; and
      
      an Open Standards layer.
  - 40. The method as recited in claim 29, wherein the Web Service architecture comprises a plurality of tiers, wherein the tiers comprise two or more of:
    - a client tier;
      
      a presentation tier;
      
      a business tier;
      
      an integration tier; and
      
      a resource tier.
  - 41. The method as recited in claim 29, wherein the Web Services design patterns comprise one or more of:
    - one or more Quality of Services design patterns;
      
      one or more integration design patterns; and
      
      one or more security design patterns.
  - 42. The method as recited in claim 29, wherein the Web Services design patterns comprise one or more security design patterns.
  - 43. The method as recited in claim 42, wherein the security design patterns comprise one or more of:
    - a Single Sign-on design pattern; and
      
      a Messaging Transport design pattern.

44. A computer-accessible storage medium comprising program instructions, wherein the program instructions are computer-executable to implement:
- determining one or more security components according to one or more Use Case requirements for the Web Service architecture;
  
  determining one or more Web Service objects of the Web Service architecture to be protected;
  
  defining an object relationship for security protection in the Web Service architecture;
  
  determining one or more associated trust domains, security policy and strategy, and one or more threat profiles for the Web Service architecture;
  
  determining one or more protection schemes and measures for the Web Services objects;
  
  applying one or more Web Services design patterns to the Web Service architecture; and
  
  generating output including information indicating the generated Web Service architecture, wherein the generated output is configured for use in implementing the Web Service architecture.
- View Dependent Claims (45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
- - 45. The computer-accessible storage medium as recited in claim 44, wherein the program instructions are further computer-executable to implement generating the one or more Use Cases for the Web Service architecture.
  - 46. The computer-accessible storage medium as recited in claim 44, wherein the generated output is configured for use in implementing a secure Web Service in accordance with the Web Service architecture.
  - 47. The computer-accessible storage medium as recited in claim 46, wherein the program instructions are further computer-executable to implement assessing security levels of the secure Web Service according to two or more tiers of the Web Service architecture.
  - 48. The computer-accessible storage medium as recited in claim 46, wherein the program instructions are further computer-executable to implement applying one or more Web Services security tools to implement the protection schemes in the secure Web Service.
  - 49. The computer-accessible storage medium as recited in claim 46, wherein the secure Web Service comprises:
    - a service provider comprising one or more computer systems configured to provide one or more services of the secure Web Service on a network; and
      
      a service requester comprising one or more computer systems configured to access the one or more services of the secure Web Service on the service provider via the network.
  - 50. The computer-accessible storage medium as recited in claim 49, wherein the secure Web Service further comprises a service registry implemented on one or more computer systems, wherein the service provider is further configured to register and publish the one or more services of the secure Web Service in the service registry, and wherein the service requester is further configured to discover the service provider through the service registry.
  - 51. The computer-accessible storage medium as recited in claim 49, wherein the secure Web Service is a Business-to-Consumer Web Service, wherein the service provider is a business service provider, and wherein the service requester is an end user.
  - 52. The computer-accessible storage medium as recited in claim 49, wherein the secure Web Service is a Business-to-Business Web Service, wherein the service provider is a business service provider, and wherein the service requester is a server.
  - 53. The computer-accessible storage medium as recited in claim 44, wherein the Web Service architecture comprises a plurality of layers, where the layers comprise two or more of:
    - a network layer configured to serve as an underlying network for secure Web Services implemented according to the Web Service architecture;
      
      a transport layer for delivering messages between components of the secure Web Services;
      
      a service description language layer configured to describe service type and functionality of the secure Web Services;
      
      a transaction routing layer configured to route messages on the transport layer;
      
      a service discovery layer configured to search for and locate the secure Web Services;
      
      a service negotiation layer configured to negotiate exchanges between service requesters and service providers implemented according to the Web Service architecture;
      
      a management layer configured for provisioning of the secure Web Services and for monitoring and administration of the secure Web Services;
      
      a Quality of Service layer configured to provide reliability, scalability, and availability for the secure Web Services;
      
      a security layer configured to provide authentication, entitlement, and non-repudiation security on the transport layer; and
      
      an Open Standards layer.
  - 54. The computer-accessible storage medium as recited in claim 44, wherein the Web Service architecture comprises a plurality of tiers, wherein the tiers comprise two or more of:
    - a client tier;
      
      a presentation tier;
      
      a business tier;
      
      an integration tier; and
      
      a resource tier.
  - 55. The computer-accessible storage medium as recited in claim 44, wherein the Web Services design patterns comprise one or more of:
    - one or more Quality of Services design patterns;
      
      one or more integration design patterns; and
      
      one or more security design patterns.
  - 56. The computer-accessible storage medium as recited in claim 44, wherein the Web Services design patterns comprise one or more security design patterns.
  - 57. The computer-accessible storage medium as recited in claim 56, wherein the security design patterns comprise one or more of:
    - a Single Sign-on design pattern; and
      
      a Messaging Transport design pattern.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Oracle America, Inc. (Oracle Corporation)
Inventors
Lai, Ray Y
Primary Examiner(s)
EL CHANTI, HUSSEIN A

Application Number

US10/657,992
Time in Patent Office

3,402 Days
Field of Search

709220-226
US Class Current

709/226
CPC Class Codes

G06F 21/41   where a single sign-on prov...

G06F 9/44505   Configuring for program ini...

G06Q 10/10   Office automation; Time man...

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

H04L 67/51   Discovery or management the...

System and method for generating secure Web service architectures using a Web Services security assessment methodology

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

446 Citations

57 Claims

Specification

Use Cases

Quick Links

Others

System and method for generating secure Web service architectures using a Web Services security assessment methodology

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

446 Citations

57 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others