Propagating security identity information to components of a composite application

US 8,973,117 B2
Filed: 12/13/2013
Issued: 03/03/2015
Est. Priority Date: 11/24/2010
Status: Active Grant

First Claim

Patent Images

1. A method for handling security for a web service client, the method comprising:

processing, by a web service computer system, using a first processing thread, a first step of an application for the web service client based on a security attribute being valid, wherein;

the web service client is associated with an identity attribute stored by the web service computer system and the security attribute stored by the web service computer system;

the identity attribute identifies the web service client; and

the security attribute defines a right of the web service client to access one or more portions of the application;

after processing the first step, transferring, by the web service computer system, state data of the application as processed for the web service client and the identity attribute to a database stored using a non-transitory computer-readable storage medium;

storing the identity attribute and the state data of the application as processed for the web service client to the database, the security attribute not being stored;

after storing the identity attribute and the state data of the application, ending the first processing thread;

in response to a trigger, retrieving the state data of the application as processed for the web service client from the database;

following retrieval of the state data of the application as executed for the entity, reevaluating, by the computer system, the security attribute for the web service client, wherein the security attribute was initially evaluated prior to the first step of the application being processed for the web service client; and

processing a second step of the application for the web service client based on the reevaluated security attribute being valid.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various methods and systems for propagating identity information in a composite application are presented. State data of a composite application, as executed for a particular entity, may be transferred to and stored by a computer-readable storage medium. The state data may include a portion of a set of subject information linked with the entity. A security attribute of the subject may not be present in the portion of the set of subject information in the state data transferred to the non-transitory computer-readable storage medium. After a period of time, such as an hour or a day, the state data of the composite application as executed for the entity may be retrieved and the security attribute of the set of subject information linked with the entity may be determined The composite application may then continue to be executed for the entity.

Citations

18 Claims

1. A method for handling security for a web service client, the method comprising:
- processing, by a web service computer system, using a first processing thread, a first step of an application for the web service client based on a security attribute being valid, wherein;
  
  the web service client is associated with an identity attribute stored by the web service computer system and the security attribute stored by the web service computer system;
  
  the identity attribute identifies the web service client; and
  
  the security attribute defines a right of the web service client to access one or more portions of the application;
  
  after processing the first step, transferring, by the web service computer system, state data of the application as processed for the web service client and the identity attribute to a database stored using a non-transitory computer-readable storage medium;
  
  storing the identity attribute and the state data of the application as processed for the web service client to the database, the security attribute not being stored;
  
  after storing the identity attribute and the state data of the application, ending the first processing thread;
  
  in response to a trigger, retrieving the state data of the application as processed for the web service client from the database;
  
  following retrieval of the state data of the application as executed for the entity, reevaluating, by the computer system, the security attribute for the web service client, wherein the security attribute was initially evaluated prior to the first step of the application being processed for the web service client; and
  
  processing a second step of the application for the web service client based on the reevaluated security attribute being valid.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method for handling security for the web service client of claim 1, wherein:
    - processing the first step of the application for the web service client is performed as the first processing thread; and
      
      processing the second step of the application for the web service client is performed as a second processing thread.
  - 3. The method for handling security for the web service client of claim 1, further comprising:
    - removing the security attribute, such that the security attribute is not stored in the database with the identity attribute and the state data of the application as processed for the web service client.
  - 4. The method for handling security for the web service client of claim 1, wherein the application is a composite application functioning as a web service for a plurality of web service client, and the plurality of web service clients includes the web service client.
  - 5. The method for handling security for the web service client of claim 1, wherein storing the state data of the application as processed for the web service client to the database comprises storing the state data as a data blob to the database.
  - 6. The method for handling security for the web service client of claim 1, wherein a value of the security attribute when the first step of the software is performed differs from the value of the security attribute following reevaluation.
  - 7. The method for handling security for the web service client of claim 1, wherein while the identity attribute and the state data of the application as processed for the web service client is stored, at least an hour elapses.
  - 8. The method for handling security for the web service client of claim 7, wherein during at least the hour, the web service computer system is restarted.

9. A web service system for handling security for a web service client, the system comprising:
- one or more processors; and
  
  a memory communicatively coupled with and readable by the one or more processors and having stored therein processor-readable instructions which, when executed by the one or more processors, cause the one or more processors to;
  
  process a first step of an application for the web service client, using a first processing thread, based on a security attribute being valid, wherein;
  
  the web service client is associated with an identity attribute and a security attribute;
  
  the identity attribute identifies the web service client; and
  
  the security attribute defines a right of the web service client to access one or more portions of the application;
  
  after processing the first step, transfer state data of the application as processed for the web service client and the identity attribute to a database stored using a non-transitory computer-readable storage medium;
  
  store the identity attribute and the state data of the application as processed for the web service client to the database, the security attribute not being stored;
  
  after storing the identity attribute and the state data of the application, end the first processing thread;
  
  in response to a trigger, retrieve the state data of the application as processed for the web service client from the database;
  
  following retrieval of the state data of the application as executed for the entity, reevaluate the security attribute for the web service client, wherein the security attribute was initially evaluated prior to the first step of the application being processed for the web service client; and
  
  process a second step of the application for the web service client based on the reevaluated security attribute being valid.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The web service system for handling security for the web service client of claim 9, wherein the processor-readable instructions are configured such that:
    - processing the first step of the application for the web service client is performed as the first processing thread; and
      
      processing the second step of the application for the web service client is performed as a second processing thread.
  - 11. The web service system for handling security for the web service client of claim 9, wherein the processor-readable instructions, when executed, further cause the one or more processors to:
    - remove the security attribute such that the security attribute is not stored in the database with the identity attribute and the state data of the application as processed for the web service client.
  - 12. The web service system for handling security for the web service client of claim 9, wherein the application is a composite application functioning as a web service for a plurality of web service client, and the plurality of web service clients includes the web service client.
  - 13. The web service system for handling security for the web service client of claim 9, wherein the processor-readable instructions that, when executed, cause the one or more processors to store the state data of the application as processed for the web service client to the database comprise processor-readable instructions which, when executed, cause the one or more processors to store the state data as a data blob to the database.
  - 14. The web service system for handling security for the web service client of claim 9, wherein a value of the security attribute when the first step of the software is performed differs from the value of the security attribute following reevaluation.
  - 15. The web service system for handling security for the web service client of claim 9, wherein while the identity attribute and the state data of the application as processed for the web service client is stored, at least an hour elapses.
  - 16. The web service system for handling security for the web service client of claim 15, wherein the web service system is configured to tolerate a restart while the identity attribute and the state data are stored to the database.

17. A non-transitory processor-readable medium for handling security for a web service client, comprising processor-readable instructions configured to cause one or more processors to:
- process a first step of an application, using a first processing thread, for the web service client based on a security attribute being valid, wherein;
  
  the web service client is associated with an identity attribute stored by the web service computer system and the security attribute stored by the web service computer system;
  
  the identity attribute identifies the web service client; and
  
  the security attribute defines a right of the web service client to access one or more portions of the applicationafter processing the first step, transfer state data of the application as processed for the web service client and the identity attribute to a database stored using a non-transitory computer-readable storage medium;
  
  store the identity attribute and the state data of the application as processed for the web service client to the database;
  
  after storing the identity attribute and the state data of the application, end the first processing thread;
  
  in response to a trigger, retrieve the state data of the application as processed for the web service client from the database;
  
  following retrieval of the state data of the application as executed for the entity, reevaluate the security attribute for the web service client, wherein the security attribute was previously evaluated prior to the first step of the application being processed for the web service client; and
  
  process a second step of the application for the web service client based on the reevaluated security attribute being valid.
- View Dependent Claims (18)
- - 18. The non-transitory processor-readable medium for handling security for the web service client of claim 17, wherein the processor-readable instructions are configured such that:
    - processing the first step of the application for the web service client is performed as the first processing thread; and
      
      processing the second step of the application for the web service client is performed as a second processing thread.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Kavantzas, Nickolas, Yamuna, Prakash
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
Anderson, Michael D

Application Number

US14/106,037
Publication Number

US 20140109195A1
Time in Patent Office

445 Days
Field of Search

726/4, 726/9, 715/803
US Class Current

726/6
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 9/461   Saving or restoring of prog...

H04L 63/08   for authentication of entit...

Propagating security identity information to components of a composite application

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Propagating security identity information to components of a composite application

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links