Secure service oriented architecture

US 8,688,972 B2
Filed: 12/29/2010
Issued: 04/01/2014
Est. Priority Date: 05/21/2004
Status: Active Grant

First Claim

Patent Images

1. A system for use in a service oriented architecture (SOA) environment, for processing messages using one or more service proxies, comprising:

a computer, which includes a computer readable storage medium and a processor;

a service bus, which supports web services security and includes a credential manager, wherein the credential manager retrieves and maps credentials to the service bus, one or more service consumers, and one or more service providers;

a software interface associated with a service proxy on the service bus, wherein the software interface is configured to receive messages for processing by the SOA environment;

a plurality of system-defined context variables stored on the service bus, wherein said context variables are initialized using data in a message received by the service bus, wherein one or more said context variables are selected to provide values thereof to construct an outgoing message to a service, and wherein the selection of the one or more said context variables is based on a message type expected by the service;

a message processing graph, defined by the service proxy on the service bus, which includes a message processing pathway, and a plurality of message processing nodes associated with paths defined by the message processing pathway, wherein at least one said message processing node includes a sequence of stages, wherein each said stage implements at least one of a programmatic interface and a protocol compatible with the node, and is configured to modify one or more said context variables associated with the message;

wherein, when a message is received from a sender directed to a recipient by the service proxy via the software interface, the message is processed according to the message processing graph.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and media for a service oriented architecture. This description is not intended to be a complete description of, or limit the scope of, the invention. Other features, aspects and objects of the invention can be obtained from a review of the specification, the figures and the claims.

Citations

18 Claims

1. A system for use in a service oriented architecture (SOA) environment, for processing messages using one or more service proxies, comprising:
- a computer, which includes a computer readable storage medium and a processor;
  
  a service bus, which supports web services security and includes a credential manager, wherein the credential manager retrieves and maps credentials to the service bus, one or more service consumers, and one or more service providers;
  
  a software interface associated with a service proxy on the service bus, wherein the software interface is configured to receive messages for processing by the SOA environment;
  
  a plurality of system-defined context variables stored on the service bus, wherein said context variables are initialized using data in a message received by the service bus, wherein one or more said context variables are selected to provide values thereof to construct an outgoing message to a service, and wherein the selection of the one or more said context variables is based on a message type expected by the service;
  
  a message processing graph, defined by the service proxy on the service bus, which includes a message processing pathway, and a plurality of message processing nodes associated with paths defined by the message processing pathway, wherein at least one said message processing node includes a sequence of stages, wherein each said stage implements at least one of a programmatic interface and a protocol compatible with the node, and is configured to modify one or more said context variables associated with the message;
  
  wherein, when a message is received from a sender directed to a recipient by the service proxy via the software interface, the message is processed according to the message processing graph.
- View Dependent Claims (2, 3, 4, 5, 16)
- - 2. The system of claim 1, wherein the plurality of system-defined context variables a lookup variable, and are accessible to each message processing stage through which the message processing stages exchange information.
  - 3. The system of claim 2, wherein a branch node, in the plurality of message processing nodes, processes the message including selecting, based on the lookup variable, one of the plurality of paths to further process the message.
  - 4. The system of claim 1, wherein when the message is received by the service proxy via the software interface, the message is further processed, including:
    - transforming the message using a transformation mapping between a protocol associated with the message and a transmission protocol, wherein the transformation mapping defines how the selected system-defined context variables and transport-specific details within the message are to be modified, to conform the message with requirements of the transmission protocol.
  - 5. The system of claim 1, wherein the service proxy is clustered to allow multiple instances of the service proxy to process multiple incoming messages concurrently.
  - 16. The system of claim 1, wherein processing the message further comprisesthe service bus decrypts the message using a private decryption key of the service bus after the message arrives at the service bus;
    - andthe service bus encrypts the message using a public encryption key of the recipient before sending message.

6. A method for use in a service oriented architecture (SOA) environment, for processing messages using one or more service proxies, comprising the steps of:
- providing a service bus, which includes a credential manager, wherein the service bus receives messages on a transport, and the credential manager retrieves and maps credentials to the service bus, one or more service consumers, and one or more service providers;
  
  providing a software interface associated with a service proxy on a service bus executing on one or more microprocessors, wherein the service proxy is configured to receive messages for processing by the SOA environment;
  
  storing a plurality of system-defined context variables on the service bus, wherein said context variables are initialized using data in a message received by the service bus, wherein one or more said context variables are selected to provide values thereof to construct an outgoing message to a service, and wherein the selection of the one or more said context variables is based on a message type expected by the service;
  
  instantiating a message processing graph defined by the service proxy, wherein the message processing graph includes a message processing pathway and is associated with a plurality of message processing nodes which are associated with paths defined by the message processing pathway, wherein at least one said message processing node includes a sequence of stages, wherein each said stage implements at least one of a programmatic interface and a protocol compatible with the node, and is configured to modify one or more said context variables associated with the message;
  
  receiving a message from a sender directed to a recipient by the service proxy through the software interface; and
  
  processing the message according to the message processing graph.
- View Dependent Claims (7, 8, 9, 10, 17)
- - 7. The method of claim 6, wherein the plurality of system-defined context variables includes a lookup variable, and are accessible to each message processing stage through which the message processing stages exchange information.
  - 8. The method of claim 7, further comprising:
    - processing the message by a branch node, in the plurality of message processing nodes, including selecting, based on the lookup variable, one of the plurality of message processing paths to further process the message.
  - 9. The method of claim 6, wherein processing the message according to the message processing graph further comprises:
    - transforming the message using a transformation mapping between a protocol associated with the message and a transmission protocol, wherein the transformation mapping defines how the selected system-defined context variables and transport-specific details within the message are to be modified, to conform the message with requirements of the transmission protocol.
  - 10. The method of claim 6, wherein the service proxy is clustered to allow multiple instances of the service proxy to process multiple incoming messages concurrently.
  - 17. The method of claim 6, wherein the step of processing the message further comprisesdecrypting the message using a private decryption key of the service bus after receiving the message on the service bus;
    - andencrypting the message using a public encryption key of the recipient before sending message.

11. A non-transitory computer readable storage medium including instructions stored therein which, when executed by a computer, cause the computer to perform the steps comprising:
- providing a service bus, which includes a credential manager, wherein the service bus receives messages on a transport, and the credential manager retrieves and maps credentials to the service bus, one or more service consumers, and one or more service providers;
  
  providing a software interface associated with a service proxy on a service bus executing on one or more microprocessors, wherein the service proxy is configured to receive messages for processing by the SOA environment;
  
  storing a plurality of system-defined context variables on the service bus, wherein said context variables are initialized using data in a message received by the service bus, wherein one or more said context variables are selected to provide values thereof to construct an outgoing message to a service, and wherein the selection of the one or more said context variables is based on a message type expected by the service;
  
  instantiating a message processing graph defined by the service proxy, wherein the message processing graph includes a message processing pathway and is associated with a plurality of message processing nodes which are associated with paths defined by the message processing pathway, wherein at least one said message processing node includes a sequence of stages, wherein each said stage implements at least one of a programmatic interface and a protocol compatible with the node, and is configured to modify one or more said context variables associated with the message;
  
  receiving a message from a sender directed to a recipient by the service proxy through the software interface; and
  
  processing the message according to the message processing graph.
- View Dependent Claims (12, 13, 14, 15, 18)
- - 12. The non-transitory computer readable storage medium of claim 11, wherein the plurality of system-defined context variables includes a lookup variable, and are accessible to each message processing stage through which the message processing stages exchange information.
  - 13. The non-transitory computer readable storage medium of claim 12, further comprising:
    - processing the message by a branch node, in the plurality of message processing nodes, including selecting, based on the lookup variable, one of the plurality of message processing paths to further process the message.
  - 14. The non-transitory computer readable storage medium of claim 11, wherein processing the message according to the message processing graph and the message processing pathway defined by the service proxy, comprises:
    - transforming the message using a transformation mapping between a protocol associated with the message and a transmission protocol, wherein the transformation mapping defines how the selected system-defined context variables and transport-specific details within the message are to be modified, to conform the message with requirements of the transmission protocol.
  - 15. The non-transitory computer readable storage medium of claim 11, wherein the service proxy is clustered to allow multiple instances of the service proxy to process multiple incoming messages concurrently.
  - 18. The non-transitory computer readable storage medium of claim 11, wherein processing the message further comprisesdecrypting the message using a private decryption key of the service bus after receiving the message on the service bus;
    - andencrypting the message using a public encryption key of the recipient before sending message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Patrick, Paul B., Aletty, Ashok, Kasi, Jayaram, Kapoor, Chet, Urhan, Tolga, Mihic, Matthew
Primary Examiner(s)
LANIER, BENJAMIN E

Application Number

US12/981,280
Publication Number

US 20110099558A1
Time in Patent Office

1,189 Days
Field of Search

None
US Class Current

713/153
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/04   for providing a confidentia...

H04L 63/08   for authentication of entit...

H04L 63/18   using different networks or...

H04L 67/00   Network arrangements or pro...

Secure service oriented architecture

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Secure service oriented architecture

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links