Propagating security identity information to components of a composite application
First Claim
1. A method for propagating identity information in a composite application, the method comprising:
- processing, by a computer system, a first step of the composite application for an entity, wherein;
the entity is a web service client;
the entity is linked with a set of subject information;
the set of subject information comprises an identity attribute linked with the entity and a security attribute linked with the entity; and
the first step is processed if the security attribute is authenticated;
transferring, by the computer system, state data of the composite application as executed for the entity to a non-transitory computer-readable storage medium, wherein;
the state data comprises at least a portion of the set of subject information linked with the entity; and
the security attribute is not present in at least the portion of the set of subject information in the state data transferred to the non-transitory computer-readable storage medium;
storing, by the computer system, the state data of the composite application as executed for the entity using the non-transitory computer-readable storage medium;
retrieving, by the computer system, the state data of the composite application as executed for the entity from the non-transitory computer-readable storage medium;
following retrieving the state data of the composite application as executed for the entity, determining, by the computer system, the security attribute of the set of subject information linked with the entity; and
populating, by the computer system, the security attribute of the set of subject information linked with the entity;
wherein a restart is tolerated while the state data of the composite application as executed for the entity is stored by the non-transitory computer-readable storage medium.
1 Assignment
0 Petitions
Accused Products
Abstract
Various methods and systems for propagating identity information in a composite application are presented. State data of a composite application, as executed for a particular entity, may be transferred to and stored by a computer-readable storage medium. The state data may include a portion of a set of subject information linked with the entity. A security attribute of the subject may not be present in the portion of the set of subject information in the state data transferred to the non-transitory computer-readable storage medium. After a period of time, such as an hour or a day, the state data of the composite application as executed for the entity may be retrieved and the security attribute of the set of subject information linked with the entity may be determined. The composite application may then continue to be executed for the entity.
-
Citations
19 Claims
-
1. A method for propagating identity information in a composite application, the method comprising:
-
processing, by a computer system, a first step of the composite application for an entity, wherein; the entity is a web service client; the entity is linked with a set of subject information; the set of subject information comprises an identity attribute linked with the entity and a security attribute linked with the entity; and the first step is processed if the security attribute is authenticated; transferring, by the computer system, state data of the composite application as executed for the entity to a non-transitory computer-readable storage medium, wherein; the state data comprises at least a portion of the set of subject information linked with the entity; and the security attribute is not present in at least the portion of the set of subject information in the state data transferred to the non-transitory computer-readable storage medium; storing, by the computer system, the state data of the composite application as executed for the entity using the non-transitory computer-readable storage medium; retrieving, by the computer system, the state data of the composite application as executed for the entity from the non-transitory computer-readable storage medium; following retrieving the state data of the composite application as executed for the entity, determining, by the computer system, the security attribute of the set of subject information linked with the entity; and populating, by the computer system, the security attribute of the set of subject information linked with the entity;
wherein a restart is tolerated while the state data of the composite application as executed for the entity is stored by the non-transitory computer-readable storage medium. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer program product residing on a non-transitory computer-readable storage medium and comprising processor-readable instructions configured to cause a processor to:
-
process a first step of a composite application for an entity, wherein; the entity is a web service client; the entity is linked with a set of subject information; the set of subject information comprises an identity attribute linked to the entity and a security attribute; and the first step is processed if the security attribute is authenticated; transfer state data of the composite application as executed for the entity to a non-transitory computer-readable storage medium, wherein; the state data comprises a portion of the set of subject information linked with the entity; and the security attribute is not stored by the non-transitory computer-readable storage medium; cause the state data of the composite application as executed for the entity to be stored using the non-transitory computer-readable storage medium; cause the state data of the composite application as executed for the entity to be retrieved from the non-transitory computer-readable storage medium; following the state data of the composite application being retrieved, determine the security attribute of the set of subject information linked with the entity; and populate the security attribute of the set of subject information linked with the entity;
wherein a restart is tolerated while the state data of the composite application as executed for the entity is stored by the non-transitory computer-readable storage medium. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system for propagating identity information in a composite application, the system comprising:
-
a processor, wherein the processor is configured to; process a first step of the composite application for an entity, wherein; the entity is a web service client; the entity is linked with a set of subject information; the set of subject information comprises an identity attribute linked to the entity and a security attribute; and the first step is processed if the security attribute is authenticated; transfer state data of the composite application as executed for the entity to a non-transitory computer-readable storage medium, wherein; the state data comprises a portion of the set of subject information linked with the entity; and the security attribute is not stored by the non-transitory computer-readable storage medium; retrieve the state data of the composite application as executed for the entity from the non-transitory computer-readable storage medium; following retrieving the state data of the composite application, determine the security attribute of the set of subject information linked with the entity; and populate the security attribute of the set of subject information linked with the entity; and the non-transitory computer-readable storage medium configured to; store the state data of the composite application as executed for the entity;
wherein a restart is tolerated while the state data of the composite application as executed for the entity is stored by the non-transitory computer-readable storage medium. - View Dependent Claims (14, 15, 16)
-
-
17. A method for propagating identity information in a composite application, the method comprising:
-
processing, by a computer system, a first step of the composite application for an entity, wherein; the entity is a web service client; the entity is linked with a set of subject information; the set of subject information comprises an identity attribute linked with the entity and a security attribute linked with the entity; and the first step is processed if the security attribute is authenticated; transferring, by the computer system, state data of the composite application as executed for the entity to a non-transitory computer-readable storage medium, wherein; the state data comprises at least a portion of the set of subject information linked with the entity; and the security attribute is not present in at least the portion of the set of subject information in the state data transferred to the non-transitory computer-readable storage medium; storing, by the computer system, the state data of the composite application as executed for the entity using the non-transitory computer-readable storage medium; retrieving, by the computer system, the state data of the composite application as executed for the entity from the non-transitory computer-readable storage medium wherein; following the transfer of the state data of the composite application as executed for the entity to the non-transitory computer-readable storage medium, but before retrieving the state data of the composite application from the non-transitory computer-readable storage medium, a period of time elapses, wherein the period of time is selected from a group consisting of; at least an hour; at least a day; and at least a week; following retrieving the state data of the composite application as executed for the entity, determining, by the computer system, the security attribute of the set of subject information linked with the entity; and populating, by the computer system, the security attribute of the set of subject information linked with the entity.
-
-
18. A computer program product residing on a non-transitory computer-readable storage medium and comprising processor-readable instructions configured to cause a processor to:
-
process a first step of a composite application for an entity, wherein; the entity is a web service client; the entity is linked with a set of subject information; the set of subject information comprises an identity attribute linked to the entity and a security attribute; and the first step is processed if the security attribute is authenticated; transfer state data of the composite application as executed for the entity to a non-transitory computer-readable storage medium, wherein; the state data comprises a portion of the set of subject information linked with the entity; and the security attribute is not stored by the non-transitory computer-readable storage medium; cause the state data of the composite application as executed for the entity to be stored using the non-transitory computer-readable storage medium; cause the state data of the composite application as executed for the entity to be retrieved from the non-transitory computer-readable storage medium wherein; following transfer of the state data of the composite application as executed for the entity to the non-transitory computer-readable storage medium, but before retrieval of the state data of the composite application from the non-transitory computer-readable storage medium, a period of time elapses, wherein the period of time is selected from a group consisting of; at least an hour; at least a day; and at least a week; following the state data of the composite application being retrieved, determine the security attribute of the set of subject information linked with the entity; and populate the security attribute of the set of subject information linked with the entity.
-
-
19. A system for propagating identity information in a composite application, the system comprising:
-
a processor, wherein the processor is configured to; process a first step of the composite application for an entity, wherein; the entity is a web service client; the entity is linked with a set of subject information; the set of subject information comprises an identity attribute linked to the entity and a security attribute; and the first step is processed if the security attribute is authenticated; transfer state data of the composite application as executed for the entity to a non-transitory computer-readable storage medium, wherein; the state data comprises a portion of the set of subject information linked with the entity; and the security attribute is not stored by the non-transitory computer-readable storage medium; retrieve the state data of the composite application as executed for the entity from the non-transitory computer-readable storage medium wherein; following the transfer of the state data of the composite application as executed for the entity to the non-transitory computer-readable storage medium, but before retrieving the state data of the composite application from the non-transitory computer-readable storage medium, a period of time elapses, wherein the period of time is selected from a group consisting of; at least an hour; at least a day; and at least a week; following retrieving the state data of the composite application, determine the security attribute of the set of subject information linked with the entity; and populate the security attribute of the set of subject information linked with the entity; and the non-transitory computer-readable storage medium configured to; store the state data of the composite application as executed for the entity.
-
Specification