Propagating security identity information to components of a composite application
First Claim
1. A method for handling security for a web service client, the method comprising:
- processing, by a web service computer system, using a first processing thread, a first step of an application for the web service client based on a security attribute being valid, wherein;
the web service client is associated with an identity attribute stored by the web service computer system and the security attribute stored by the web service computer system;
the identity attribute identifies the web service client; and
the security attribute defines a right of the web service client to access one or more portions of the application;
after processing the first step, transferring, by the web service computer system, state data of the application as processed for the web service client and the identity attribute to a database stored using a non-transitory computer-readable storage medium;
storing the identity attribute and the state data of the application as processed for the web service client to the database, the security attribute not being stored;
after storing the identity attribute and the state data of the application, ending the first processing thread;
in response to a trigger, retrieving the state data of the application as processed for the web service client from the database;
following retrieval of the state data of the application as executed for the entity, reevaluating, by the computer system, the security attribute for the web service client, wherein the security attribute was initially evaluated prior to the first step of the application being processed for the web service client; and
processing a second step of the application for the web service client based on the reevaluated security attribute being valid.
0 Assignments
0 Petitions
Accused Products
Abstract
Various methods and systems for propagating identity information in a composite application are presented. State data of a composite application, as executed for a particular entity, may be transferred to and stored by a computer-readable storage medium. The state data may include a portion of a set of subject information linked with the entity. A security attribute of the subject may not be present in the portion of the set of subject information in the state data transferred to the non-transitory computer-readable storage medium. After a period of time, such as an hour or a day, the state data of the composite application as executed for the entity may be retrieved and the security attribute of the set of subject information linked with the entity may be determined The composite application may then continue to be executed for the entity.
-
Citations
18 Claims
-
1. A method for handling security for a web service client, the method comprising:
-
processing, by a web service computer system, using a first processing thread, a first step of an application for the web service client based on a security attribute being valid, wherein; the web service client is associated with an identity attribute stored by the web service computer system and the security attribute stored by the web service computer system; the identity attribute identifies the web service client; and the security attribute defines a right of the web service client to access one or more portions of the application; after processing the first step, transferring, by the web service computer system, state data of the application as processed for the web service client and the identity attribute to a database stored using a non-transitory computer-readable storage medium; storing the identity attribute and the state data of the application as processed for the web service client to the database, the security attribute not being stored; after storing the identity attribute and the state data of the application, ending the first processing thread; in response to a trigger, retrieving the state data of the application as processed for the web service client from the database; following retrieval of the state data of the application as executed for the entity, reevaluating, by the computer system, the security attribute for the web service client, wherein the security attribute was initially evaluated prior to the first step of the application being processed for the web service client; and processing a second step of the application for the web service client based on the reevaluated security attribute being valid. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A web service system for handling security for a web service client, the system comprising:
-
one or more processors; and a memory communicatively coupled with and readable by the one or more processors and having stored therein processor-readable instructions which, when executed by the one or more processors, cause the one or more processors to; process a first step of an application for the web service client, using a first processing thread, based on a security attribute being valid, wherein; the web service client is associated with an identity attribute and a security attribute; the identity attribute identifies the web service client; and the security attribute defines a right of the web service client to access one or more portions of the application; after processing the first step, transfer state data of the application as processed for the web service client and the identity attribute to a database stored using a non-transitory computer-readable storage medium; store the identity attribute and the state data of the application as processed for the web service client to the database, the security attribute not being stored; after storing the identity attribute and the state data of the application, end the first processing thread; in response to a trigger, retrieve the state data of the application as processed for the web service client from the database; following retrieval of the state data of the application as executed for the entity, reevaluate the security attribute for the web service client, wherein the security attribute was initially evaluated prior to the first step of the application being processed for the web service client; and process a second step of the application for the web service client based on the reevaluated security attribute being valid. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory processor-readable medium for handling security for a web service client, comprising processor-readable instructions configured to cause one or more processors to:
-
process a first step of an application, using a first processing thread, for the web service client based on a security attribute being valid, wherein; the web service client is associated with an identity attribute stored by the web service computer system and the security attribute stored by the web service computer system; the identity attribute identifies the web service client; and the security attribute defines a right of the web service client to access one or more portions of the application after processing the first step, transfer state data of the application as processed for the web service client and the identity attribute to a database stored using a non-transitory computer-readable storage medium; store the identity attribute and the state data of the application as processed for the web service client to the database; after storing the identity attribute and the state data of the application, end the first processing thread; in response to a trigger, retrieve the state data of the application as processed for the web service client from the database; following retrieval of the state data of the application as executed for the entity, reevaluate the security attribute for the web service client, wherein the security attribute was previously evaluated prior to the first step of the application being processed for the web service client; and process a second step of the application for the web service client based on the reevaluated security attribute being valid. - View Dependent Claims (18)
-
Specification