Securing asynchronous client server transactions
First Claim
1. A computer implemented method for securing an asynchronous client server transaction, the computer implemented method comprising:
- receiving a request at a first application executing in a data processing system, the request including an application identifier and a version associated with a second application;
generating a service identifier responsive to a session with the second application being valid, the session comprising the asynchronous client server transaction, and wherein the service identifier is uniquely associated with the asynchronous client server transaction;
generating a registry at the first application, the registry including information about a set of services available to execute on the data processing system and data available at the data processing system, wherein the second application is permitted to use the set of services and the data;
sending the service identifier and the information about the set of services and the data from the registry to the second application;
receiving a sub-request, the sub-request being a part of the asynchronous client server transaction, the sub-request including the service identifier;
determining a validity of the sub-request by determining whether the service identifier is used in conjunction with the second application and whether the sub-request requests a service identified in the information; and
providing, responsive to the sub-request being valid, the service in response to the sub-request.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for securing asynchronous client server transactions is provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided.
-
Citations
13 Claims
-
1. A computer implemented method for securing an asynchronous client server transaction, the computer implemented method comprising:
-
receiving a request at a first application executing in a data processing system, the request including an application identifier and a version associated with a second application; generating a service identifier responsive to a session with the second application being valid, the session comprising the asynchronous client server transaction, and wherein the service identifier is uniquely associated with the asynchronous client server transaction; generating a registry at the first application, the registry including information about a set of services available to execute on the data processing system and data available at the data processing system, wherein the second application is permitted to use the set of services and the data; sending the service identifier and the information about the set of services and the data from the registry to the second application; receiving a sub-request, the sub-request being a part of the asynchronous client server transaction, the sub-request including the service identifier; determining a validity of the sub-request by determining whether the service identifier is used in conjunction with the second application and whether the sub-request requests a service identified in the information; and providing, responsive to the sub-request being valid, the service in response to the sub-request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer implemented method for securing an asynchronous client server transaction, the computer implemented method comprising:
-
receiving, from a first application executing on a first data processing system, at a second application executing in a second data processing system, in a session comprising the asynchronous client server transaction, a service identifier and a catalog responsive to sending an application identifier and an application version associated with the second application, the catalog including a transformed subset of a registry associated with the first application, wherein the service identifier is uniquely associated with the asynchronous client server transaction, the catalog comprising information about a set of services available to execute on the first data processing system and data available at the first data processing system, wherein the second application is permitted to use the set of services and the data; dynamically constructing a sub-request, the sub-request being a part of the asynchronous client server transaction, the sub-request including the service identifier, and the sub-request further including a request for a service identified in the catalog; determining a validity of the sub-request; and receiving, responsive to the sub-request being valid according to the first application, data associated with the service. - View Dependent Claims (12, 13)
-
Specification