Delegation metasystem for composite services
First Claim
1. A computing device to provide a composite service, the computing device comprising:
- one or more processors;
memory; and
a plurality of generic resource descriptions stored in the memory, including service requirements for the composite service, and wherein the generic resource descriptions are mapped to available resources at runtime based at least in part on the service requirements for the composite service, the available resources comprising metadata, the metadata comprising at least one of;
data identifying an access control model associated with the resource and a management endpoint for the resource, and a dependency between a user of the composite service and at least one of the available resources;
the one or more processors being configured to select one plug-in of a first plurality of plug-ins different from a second plurality of plug-ins, selection of one of the second plurality of plug-ins being part of a delegation of access rights to the composite service for at least one available resource, based at least in part on credentials for the at least one available service provided to the composite service.
3 Assignments
0 Petitions
Accused Products
Abstract
A delegation metasystem for composite services is described, where a composite service is a service which calls other services during its operation. In an embodiment, the composite service is defined using generic descriptions for any services (and their access control models) which may be called by the composite service during operation. At run time, these generic descriptions and potentially other factors, such as the user of the composite service, are used to select actual available services which may be called by the composite service and access rights for the selected services are delegated to the composite service. These access rights may subsequently be revoked when the composite service terminates.
17 Citations
16 Claims
-
1. A computing device to provide a composite service, the computing device comprising:
-
one or more processors; memory; and a plurality of generic resource descriptions stored in the memory, including service requirements for the composite service, and wherein the generic resource descriptions are mapped to available resources at runtime based at least in part on the service requirements for the composite service, the available resources comprising metadata, the metadata comprising at least one of;
data identifying an access control model associated with the resource and a management endpoint for the resource, and a dependency between a user of the composite service and at least one of the available resources;the one or more processors being configured to select one plug-in of a first plurality of plug-ins different from a second plurality of plug-ins, selection of one of the second plurality of plug-ins being part of a delegation of access rights to the composite service for at least one available resource, based at least in part on credentials for the at least one available service provided to the composite service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of initiating a composite service comprising:
-
at a runtime; accessing generic service requirements for the composite service; mapping the generic service requirements to at least one available service having an access control model, the access control model being associated with a plurality of available resources comprising metadata, the metadata comprising at least one of;
data identifying an access control model associated with the resource and a management endpoint for the resource;delegating access rights to the composite service for the at least one available service comprising, selecting one plug-in, of a first plurality of plug-ins, corresponding to the access control model of the at least one available service; and providing credentials for the at least one available service to the composite service for the composite service to select one plug-in, of a second plurality of plug-ins different from the first plurality of plug-ins, based at least in part on the provided credentials. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A delegation metasystem comprising:
-
one or more processors; memory; a composite service comprising a first set of plug-ins associated with different access control models, each of the access control models being associated with an available resource of a plurality of available resources, the composite service arranged to; receive a credential from a delegation module for at least one available resource of the plurality of available resources; select a plug-in at runtime from the first set of plug-ins based at least in part on the received credential; and access, via the plug-in selected at runtime from the first set of plug-ins, the at least one available resource at runtime to execute the composite service; a resource mapping application, stored in the memory, having computer executable instructions that when executed by the one or more processors is arranged to map generic resource requirements of the composite service to at least one available resource of the plurality of available resources at runtime, the plurality of available resources comprising metadata, the metadata comprising at least one of;
data identifying an access control model associated with the resource and a management endpoint for the resource;a second set of plug-ins, different from the first set of plug-ins, and associated with the different access control models associated with the available resources; wherein the delegation module is arranged to delegate access rights for the at least one available resource to the composite service at runtime using a plug-in selected at runtime from the second set of plug-ins, and wherein the plug-in selected at runtime from the second set of plug-ins corresponds to the access control model associated with the at least one available resource and is used to communicate with the at least one available resource. - View Dependent Claims (15, 16)
-
Specification