Delegation metasystem for composite services

US 8,601,482 B2
Filed: 11/02/2007
Issued: 12/03/2013
Est. Priority Date: 11/02/2007
Status: Active Grant

First Claim

Patent Images

1. A computing device to provide a composite service, the computing device comprising:

one or more processors;

memory; and

a plurality of generic resource descriptions stored in the memory, including service requirements for the composite service, and wherein the generic resource descriptions are mapped to available resources at runtime based at least in part on the service requirements for the composite service, the available resources comprising metadata, the metadata comprising at least one of;

data identifying an access control model associated with the resource and a management endpoint for the resource, and a dependency between a user of the composite service and at least one of the available resources;

the one or more processors being configured to select one plug-in of a first plurality of plug-ins different from a second plurality of plug-ins, selection of one of the second plurality of plug-ins being part of a delegation of access rights to the composite service for at least one available resource, based at least in part on credentials for the at least one available service provided to the composite service.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A delegation metasystem for composite services is described, where a composite service is a service which calls other services during its operation. In an embodiment, the composite service is defined using generic descriptions for any services (and their access control models) which may be called by the composite service during operation. At run time, these generic descriptions and potentially other factors, such as the user of the composite service, are used to select actual available services which may be called by the composite service and access rights for the selected services are delegated to the composite service. These access rights may subsequently be revoked when the composite service terminates.

17 Citations

View as Search Results

16 Claims

1. A computing device to provide a composite service, the computing device comprising:
- one or more processors;
  
  memory; and
  
  a plurality of generic resource descriptions stored in the memory, including service requirements for the composite service, and wherein the generic resource descriptions are mapped to available resources at runtime based at least in part on the service requirements for the composite service, the available resources comprising metadata, the metadata comprising at least one of;
  
  data identifying an access control model associated with the resource and a management endpoint for the resource, and a dependency between a user of the composite service and at least one of the available resources;
  
  the one or more processors being configured to select one plug-in of a first plurality of plug-ins different from a second plurality of plug-ins, selection of one of the second plurality of plug-ins being part of a delegation of access rights to the composite service for at least one available resource, based at least in part on credentials for the at least one available service provided to the composite service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A computing device to provide a composite service according to claim 1, wherein the plurality of generic resource descriptions is included within metadata associated with the composite service.
  - 3. A computing device to provide a composite service according to claim 2, wherein the metadata further comprises identity information for the composite service.
  - 4. A computing device to provide a composite service according to claim 1, further comprising a plurality of plug-ins, wherein each of the plurality of plug-ins corresponds to an access control model.
  - 5. A computing device to provide a composite service according to claim 4, further comprising a service provision module associated with the plurality of plug-ins, and arranged to select one of the plurality of plug-ins at runtime based at least in part on a verified credential for an available resource.
  - 6. A computing device to provide a composite service according to claim 1, further comprising a module arranged to verify credentials received for an available resource.
  - 7. A computing device to provide a composite service according to claim 1, further comprising a data store arranged to store credentials received for an available resource.
  - 8. A computing device to provide a composite service according to claim 1, arranged:
    - to receive credentials associated with an available resource; and
      
      on invocation of the composite service, to use the credentials to access the available resource.

9. A method of initiating a composite service comprising:
- at a runtime;
  
  accessing generic service requirements for the composite service;
  
  mapping the generic service requirements to at least one available service having an access control model, the access control model being associated with a plurality of available resources comprising metadata, the metadata comprising at least one of;
  
  data identifying an access control model associated with the resource and a management endpoint for the resource;
  
  delegating access rights to the composite service for the at least one available service comprising, selecting one plug-in, of a first plurality of plug-ins, corresponding to the access control model of the at least one available service; and
  
  providing credentials for the at least one available service to the composite service for the composite service to select one plug-in, of a second plurality of plug-ins different from the first plurality of plug-ins, based at least in part on the provided credentials.
- View Dependent Claims (10, 11, 12, 13)
- - 10. A method according to claim 9, wherein accessing generic service requirements comprises:
    - accessing metadata associated with the composite service, the metadata comprising the generic service requirements and identity data for the composite service.
  - 11. A method according to claim 9, wherein mapping the generic service requirements to at least one available service comprises:
    - accessing metadata associated with each of a plurality of available services; and
      
      mapping the generic requirements to at least one of the plurality of available services based on at least the metadata.
  - 12. A method according to claim 9, further comprising using the selected one of the plurality of plug-ins to communicate with the at least one available service.
  - 13. A method according to claim 9, further comprising:
    - on termination of the composite service;
      
      revoking the access rights.

14. A delegation metasystem comprising:
- one or more processors;
  
  memory;
  
  a composite service comprising a first set of plug-ins associated with different access control models, each of the access control models being associated with an available resource of a plurality of available resources, the composite service arranged to;
  
  receive a credential from a delegation module for at least one available resource of the plurality of available resources;
  
  select a plug-in at runtime from the first set of plug-ins based at least in part on the received credential; and
  
  access, via the plug-in selected at runtime from the first set of plug-ins, the at least one available resource at runtime to execute the composite service;
  
  a resource mapping application, stored in the memory, having computer executable instructions that when executed by the one or more processors is arranged to map generic resource requirements of the composite service to at least one available resource of the plurality of available resources at runtime, the plurality of available resources comprising metadata, the metadata comprising at least one of;
  
  data identifying an access control model associated with the resource and a management endpoint for the resource;
  
  a second set of plug-ins, different from the first set of plug-ins, and associated with the different access control models associated with the available resources;
  
  wherein the delegation module is arranged to delegate access rights for the at least one available resource to the composite service at runtime using a plug-in selected at runtime from the second set of plug-ins, andwherein the plug-in selected at runtime from the second set of plug-ins corresponds to the access control model associated with the at least one available resource and is used to communicate with the at least one available resource.
- View Dependent Claims (15, 16)
- - 15. A delegation metasystem according to claim 14, wherein the composite service comprises:
    - a composite service application arranged to receive an identifier and a credential for each of the at least one available resources; and
      
      a service provision module arranged to access the at least one available resource using the identifier and credential and the plug-in selected from the first set of plug-ins, wherein the plug-in selected from the first set of plug-ins corresponds to the access control model associated with the at least one available resource.
  - 16. A delegation metasystem according to claim 14, wherein the delegation module is further arranged to revoke access rights for the at least one available resource to the composite service using one of the plurality of plug-ins on termination of the composite service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zhigu Holdings Limited
Original Assignee
Microsoft Corporation
Inventors
Bussard, Laurent, Wojtas, Anna
Primary Examiner(s)
Tang, Kenneth

Application Number

US11/934,443
Publication Number

US 20090119672A1
Time in Patent Office

2,223 Days
Field of Search

None
US Class Current

718/104
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 9/468   Specific access rights for ...

H04L 63/101   Access control lists [ACL]

H04L 67/51   Discovery or management the...

H04L 67/63   Routing a service request d...

Delegation metasystem for composite services

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Delegation metasystem for composite services

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links