Secure and stable hosting of third-party extensions to web services
First Claim
1. One or more computer operating environments, comprising:
- a host computing system, having one or more processing cores and one or more memory subsystems, configured to execute computer-executable instructions of an operating system (OS) which support and provide at least a first executing isolation process (isoproc) and a second executing isoproc that execute on the OS;
an isolation boundary provided by the OS for each executing isoproc, wherein the isolation boundary includes a separate and distinct interface between the OS and each executing isoproc; and
one or more defined typed communication channels between the first executing isoproc and the second executing isoproc, wherein each executing isoproc is capable of communication with the other executing isoproc via the one or more defined communication channels therebetween;
a communication-channel regulator of the OS configured to selectively grant the first executing isoproc express permission to communicate over the one or more defined typed communication channels to the second executing isoproc, wherein the express permission defines communication properties of the one or more defined typed communication channels, and wherein the first executing isoproc is capable of accessing resources on the host computing system via the second executing isoproc across the one or more defined typed communication channels; and
a cloaking or filtering mechanism configured to hide data from the executing isoprocs by replacing the data with replacement data.
2 Assignments
0 Petitions
Accused Products
Abstract
Described herein are one or more computer operating environments that include a standard set of web services via a communications network (e.g., the Internet) and a mechanism for extending the standard set of web services to execute one or more extended web services. Since these extended web services may be produced by an unconfirmed or untrusted source (e.g., a third-party software developer), the described computer operating environments isolate the extended web services from the standard set of web services and from the communication network. Furthermore, each extended web service is an isolated process (isoproc) with a limited ability to communicate with other services. In particular, each isoproc'"'"'s ability to communicate is limited to only associated defined communication channels over which it has express permission to communicate.
-
Citations
20 Claims
-
1. One or more computer operating environments, comprising:
-
a host computing system, having one or more processing cores and one or more memory subsystems, configured to execute computer-executable instructions of an operating system (OS) which support and provide at least a first executing isolation process (isoproc) and a second executing isoproc that execute on the OS; an isolation boundary provided by the OS for each executing isoproc, wherein the isolation boundary includes a separate and distinct interface between the OS and each executing isoproc; and one or more defined typed communication channels between the first executing isoproc and the second executing isoproc, wherein each executing isoproc is capable of communication with the other executing isoproc via the one or more defined communication channels therebetween; a communication-channel regulator of the OS configured to selectively grant the first executing isoproc express permission to communicate over the one or more defined typed communication channels to the second executing isoproc, wherein the express permission defines communication properties of the one or more defined typed communication channels, and wherein the first executing isoproc is capable of accessing resources on the host computing system via the second executing isoproc across the one or more defined typed communication channels; and a cloaking or filtering mechanism configured to hide data from the executing isoprocs by replacing the data with replacement data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. One or more computer-readable storage devices storing computer-executable instructions that, when executed by one or more processors, cause one or more processors to perform acts comprising:
-
executing instructions of a defined standard isolation process (isoproc); executing instructions of an extended isoproc; establishing one or more defined typed communication channels between the extended executing isoproc and the standard executing isoproc, each executing isoproc being capable of communication with the other executing isoproc via the one or more defined communication channels therebetween; granting express permission for the extended executing isoproc to communicate over the one or more defined typed communication channels to the standard executing isoproc, wherein the express permission defines communication properties of the one or more defined typed communication channels, and wherein the extended executing isoproc is capable of accessing resources on a computing system via the standard executing isoproc across the one or more defined typed communication channels; limiting the extended executing isoproc from communicating with other executing isoprocs; and hiding data from the extended executing isoproc by replacing the data with replacement data. - View Dependent Claims (13, 14, 15)
-
-
16. One or more computer-readable storage devices storing computer-executable instructions that, when executed by one or more processors, cause one or more processors to perform acts comprising:
-
providing a standard set of web services via a communications network wherein the standard set of web services are comprised of executing isolation processes (isoprocs); extending the standard set of web services to execute at least one extended process as an extension isoproc; isolating the extension isoproc from the standard set of web services and from the communication network, wherein the isolating includes; establishing one or more defined typed communication channels between the executing extension isoproc and at least one of the executing isoprocs of the standard set of web services, the at least one executing isoproc being capable of communication with the other executing isoprocs via the one or more defined communication channels therebetween; and granting express permission for the executing extension isoproc to communicate over the one or more defined typed communication channels to the at least one executing isoproc, wherein the express permission defines communication properties of the one or more defined typed communication channels, and wherein the executing extension isoproc is capable of accessing resources on a computing system via at least one of the executing isoprocs across the one or more defined typed communication channels; and hiding data associated with the web services from the one or more isoprocs by replacing the data with replacement data unrelated to the web services. - View Dependent Claims (17, 18, 19, 20)
-
Specification