Federating policies from multiple policy providers

US 8,683,545 B2
Filed: 08/15/2008
Issued: 03/25/2014
Est. Priority Date: 08/15/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A method for federating policies from multiple policy providers comprising:

at least one computing device identifying a plurality of distinct policy providers, each maintaining at least one policy for a Web service, wherein each policy is a condition or requirement of the Web service, wherein a first one of the distinct policy providers provides a quality of Service (QoS) policy for the Web service, wherein a second one of the distinct policy providers provides a policy for a monitoring requirement for the Web service, wherein a third one of the distinct policy providers provides a policy for a security requirement for the Web service, wherein the first one, the second one, and the third one of the distinct policy providers are different runtime environment entities supporting operation of the Web service, wherein the first one, the second one, and the third one of the distinct policy providers are independent of one another;

at least one computing device establishing a federated policy exchange service of a federated policy server having a policy provider plug-in for each of the distinct policy providers, wherein the federated policy server is independent of any of the distinct policy providers;

the federated policy exchange service, which is a Web service that federates policy data about other Web services, receiving requests for policies from a plurality of policy requesters, wherein each request comprises a service_id used to uniquely identify the Web service;

the federated policy exchange service dynamically connecting to a plurality of the policy providers to determine policies applicable to each of the requests, wherein the determined policies for the requests comprise the Quality of Service policy, a policy for the monitoring requirement, and a policy for the security requirement;

the federated policy exchange service receiving results comprising policies from the policy providers;

the federated policy exchange service determining the results applicable to each of the requests;

the federated policy exchange service processing the results to generate a response; and

the federated policy exchange service providing the response to each policy requester responsive to each of the requests, wherein the response satisfies the Quality of Service policy, the policy for the monitoring requirement, and the policy for the security requirement.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One aspect of the present invention can include a system, a method, a computer program product and an apparatus for federating policies from multiple policy providers. The aspect can identify a set of distinct policy providers, each maintaining at least one policy related to a service or a resource. A federated policy exchange service can be established that has a policy provider plug-in for each of the distinct policy providers. The federated policy exchange service can receive requests for policies from a set of policy requesters. Each request can include a resource_id or a service_id used to uniquely identify the service or resource. The federated policy exchange service can dynamically connect to a set of the policy providers to determine policies applicable to each request. For each request, results from the policy providers can be received and processed to generate a response. The federated policy exchange service can provide the response to each policy requestor responsive in response to each response.

14 Citations

View as Search Results

18 Claims

1. A method for federating policies from multiple policy providers comprising:
- at least one computing device identifying a plurality of distinct policy providers, each maintaining at least one policy for a Web service, wherein each policy is a condition or requirement of the Web service, wherein a first one of the distinct policy providers provides a quality of Service (QoS) policy for the Web service, wherein a second one of the distinct policy providers provides a policy for a monitoring requirement for the Web service, wherein a third one of the distinct policy providers provides a policy for a security requirement for the Web service, wherein the first one, the second one, and the third one of the distinct policy providers are different runtime environment entities supporting operation of the Web service, wherein the first one, the second one, and the third one of the distinct policy providers are independent of one another;
  
  at least one computing device establishing a federated policy exchange service of a federated policy server having a policy provider plug-in for each of the distinct policy providers, wherein the federated policy server is independent of any of the distinct policy providers;
  
  the federated policy exchange service, which is a Web service that federates policy data about other Web services, receiving requests for policies from a plurality of policy requesters, wherein each request comprises a service_id used to uniquely identify the Web service;
  
  the federated policy exchange service dynamically connecting to a plurality of the policy providers to determine policies applicable to each of the requests, wherein the determined policies for the requests comprise the Quality of Service policy, a policy for the monitoring requirement, and a policy for the security requirement;
  
  the federated policy exchange service receiving results comprising policies from the policy providers;
  
  the federated policy exchange service determining the results applicable to each of the requests;
  
  the federated policy exchange service processing the results to generate a response; and
  
  the federated policy exchange service providing the response to each policy requester responsive to each of the requests, wherein the response satisfies the Quality of Service policy, the policy for the monitoring requirement, and the policy for the security requirement.
- View Dependent Claims (2, 3, 4, 5, 6, 16, 17, 18)
- - 2. The method of claim 1, wherein the plurality of distinct policy providers maintain a policy for business requirements of the Web service.
  - 3. The method of claim 1, wherein the policies are transformed runtime utilizing a transformation included within each of the policies.
  - 4. The method of claim 1, wherein the plurality of distinct policy providers maintain a policy for behavioral requirements of the Web service.
  - 5. The method of claim 1, wherein said requestors comprise at least one service registry, at least one management system, and at least one policy point.
  - 6. The method of claim 1, wherein different ones of the policy providers comprise a provider disposed in a development environment, a provider disposed in a deployment environment, and a provider that is a service registry, wherein the Web service has different constraints depending on whether it is required to execute within the development environment or the deployment environment as defined by the policies handled by the federated policy exchange service.
  - 16. The method of claim 1, wherein processing the results comprises of converting format of the received result to format used by the federated policy exchange service.
  - 17. The method of claim 1, further comprising the federated policy exchange service converting the requests to a suitably formats to query the one or more the policy providers.
  - 18. The method of claim 1, wherein different ones of the policy providers belong to different policy domains.

7. A computer program product for federating service policies comprising:
- a non-transitory computer usable storage medium having computer usable program code embodied therewith, the computer usable program code comprising;
  
  computer usable program code to accept policy requests;
  
  computer usable program code to lookup matching policies for the requests within policy stores maintained by the plurality of different policy providers, wherein different ones of the policy providers belong to different policy domains, wherein each of the different policy domains are enforced and maintained by different independent servers;
  
  computer usable program code to receive results comprising policies from the policy providers, wherein each of the policies is a condition or requirement of a Web service, wherein a first one of the different policy providers provides a quality of Service (QoS) policy for the Web service, wherein a second one of the different policy providers provides a policy for a monitoring requirement for the Web service, wherein a third one of the different policy providers provides a policy for a security requirement for the Web service, wherein the first one, the second one, and the third one of the different policy providers are different runtime environment entities supporting operation of the Web service, wherein the first one, the second one, and the third one of the different policy providers are independent of one another;
  
  computer usable program code to determine the policies applicable to each of the requests;
  
  computer usable program code to process the policies to generate responses; and
  
  computer usable program code to provide responses to the policy requests based upon lookup results, wherein the different providers comprise a provider disposed in a development environment, a provider disposed in a deployment environment, and a provider that is a service registry, wherein the Web service has different constraints depending on whether it is required to execute within the development environment or the deployment environment as defined by the policies.
- View Dependent Claims (8, 9, 10)
- - 8. The computer program product of claim 7, further comprising:
    - a plurality of policy provider plug-ins, one for each of the different policy providers, wherein each of the plug-ins permit a federated policy exchange service to communicate with an application instance of a corresponding policy provider, wherein the application instance is communicatively linked to an underlying storage repository comprising a plurality of policies, wherein the federated policy exchange service is a Web service that federates policy data about other Web services.
  - 9. The computer program product of claim 7, wherein the policy providers comprise at least one security policy server, at least one monitoring policy server, and at least one service repository.
  - 10. The computer program product of claim 7, wherein said policy requestors comprise at least one service registry, at least one management system, and at least one policy point.

11. A system for federating service policies comprising:
- a plurality of policy providers each configured to manage at least one policy for a service;
  
  a federated policy server, comprising one or more processors executing programmatic instructions stored on a non-transitory storage medium, wherein the federated policy server comprises a plurality of provider interface modules, comprising at least a portion of the programmatic instructions, one for interfacing with each of the policy providers, wherein different ones of the policy providers belong to different policy domains, wherein the federated policy server is configured to accept policy requests, to lookup matching policies for the requests within policy stores maintained by the plurality of policy providers, to obtain results comprising policies from the policy providers based upon the lookup, to determine the results applicable to each request, to convert format of the received result in a suitable formatted response for each policy request, and to provide responses to the policy requests, wherein each of the policies maintained in the different policy domains comprise is a condition or requirement of a Web service, wherein one of the policies is a Quality of Service (QoS) policy for the Web service, wherein another of the policies is a policy for a monitoring requirement for the Web service, wherein another of the policies is a policy for a security requirement for the Web service.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, further comprising:
    - a plurality of policy requesters each configured to utilize the federated policy server for policies of the Web service.
  - 13. The system of claim 11, wherein the policy providers comprise at least one security policy server, at least one monitoring policy server, and at least one service repository, wherein the security policy server provides the security policy of the Web service, wherein the monitoring policy service maintains the policy for the monitoring requirement of the Web service.
  - 14. The system of claim 11, wherein the federated policy server provides a federated policy exchange service, which is a Web service that federates policy data about other Web services.
  - 15. The system of claim 11, wherein the federated policy server comprises a policy authoring component, a service discovery component, a change management component, a policy repository, an evaluation and analysis component, a policy distribution component, a monitoring and reporting component, and a security management component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Nadalin, Anthony J., Nagaratnam, Nataraj, Muppidi, Sridhar R.
Primary Examiner(s)
Kim, Jung
Assistant Examiner(s)
Ho, Thomas

Application Number

US12/192,769
Publication Number

US 20100043050A1
Time in Patent Office

2,048 Days
Field of Search

726/1, 726/3, 726/8, 726/6
US Class Current

726/1
CPC Class Codes

H04L 63/102 Entity profiles

H04L 63/20 for managing network securi...

Federating policies from multiple policy providers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Federating policies from multiple policy providers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links