×

Policy directed security-centric model driven architecture to secure client and cloud hosted web service enabled processes

  • US 9,037,711 B2
  • Filed: 05/12/2010
  • Issued: 05/19/2015
  • Est. Priority Date: 12/02/2009
  • Status: Active Grant
First Claim
Patent Images

1. A system, comprising:

  • a processor; and

    a storage device coupled to the processor and storing an executable web service, an executable web security service, and an executable data dictionary, all executable by the processor, the data dictionary implementing an instance of a hierarchical class tree that includes a plurality of class and data objects;

    wherein the data dictionary receives a portion of a hierarchical class tree comprising client segments from another system hosting a peer data dictionary instance, said received portion includes class definitions and security profile information that specifies restrictions on use of data objects identified by the received portion and wherein said web service cannot access said data objects without the use of the web security service and without the received hierarchical class tree portion;

    wherein the data dictionary attaches the received portion to its own hierarchical class tree instance at a boundary node that is replaced with an identity node of the received portion, the identity node identifying ownership of the received portion;

    wherein, upon executing the web service, the processor generates an access request for a data object identified by the received portion and invokes the web security service to access the security profile information to validate the access request; and

    wherein, upon executing the invoked web security service, the processor, before transmitting the access request across a network, validates the access request using a security profile associated with said request performing at least three verifications;

    a first verification to determine whether the web service is authorized to send the access request, a second verification to determine whether the data object requested is permitted to be requested by the web service, and a third verification to determine whether a web service intended to receive the access request is authorized to receive the access request; and

    wherein the processor transmits the access request based on the web security service, via the processor, successfully performing each of the first, second, and third verifications.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×