Constraint definition for conditional policy attachments

US 9,043,864 B2
Filed: 03/31/2012
Issued: 05/26/2015
Est. Priority Date: 09/30/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

retrieving, by a computer system, policy attachment metadata identifying a web service policy and a policy subject prior to the web service policy attaching to the policy subject at runtime, the policy attachment metadata indicating that the web service policy attaches to the policy subject at runtime;

receiving, by the computer system, a constraint expression configured to return a Boolean result prior to the web service policy attaching to the policy subject at runtime, the constraint expression being dependent on at least one parameter whose value is only available at runtime of the policy subject; and

modifying, by the computer system, the policy attachment metadata prior to the web service policy attaching to the policy subject at runtime to include a reference to the constraint expression,wherein the modified policy attachment metadata indicates that the web service policy attaches to the policy subject when the constraint expression is satisfied at runtime of the policy subject,wherein the modified policy attachment metadata indicates that the web service policy does not attach to the policy subject when the constraint expression fails to be satisfied at runtime of the policy subject.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Framework for conditionally attaching web service policies to a policy subject (e.g., a web service client or service endpoint) at subject runtime. In one set of embodiments, a constraint expression can be defined that specifies one or more runtime conditions under which a policy should be attached to a policy subject. The constraint expression can be associated with the policy and the policy subject via policy attachment metadata. The constraint expression can then be evaluated at runtime of the policy subject to determine whether attachment of the policy to the policy subject should occur. If the evaluation indicates that the policy should be attached, the attached policy can be processed at the policy subject (e.g., enforced or advertised) as appropriate. Using these techniques, the policy subject can be configured to dynamically exhibit different behaviors based on its runtime context.

100 Citations

View as Search Results

19 Claims

1. A method comprising:
- retrieving, by a computer system, policy attachment metadata identifying a web service policy and a policy subject prior to the web service policy attaching to the policy subject at runtime, the policy attachment metadata indicating that the web service policy attaches to the policy subject at runtime;
  
  receiving, by the computer system, a constraint expression configured to return a Boolean result prior to the web service policy attaching to the policy subject at runtime, the constraint expression being dependent on at least one parameter whose value is only available at runtime of the policy subject; and
  
  modifying, by the computer system, the policy attachment metadata prior to the web service policy attaching to the policy subject at runtime to include a reference to the constraint expression,wherein the modified policy attachment metadata indicates that the web service policy attaches to the policy subject when the constraint expression is satisfied at runtime of the policy subject,wherein the modified policy attachment metadata indicates that the web service policy does not attach to the policy subject when the constraint expression fails to be satisfied at runtime of the policy subject.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 wherein the policy subject is a web service endpoint.
  - 3. The method of claim 2 wherein the at least one parameter corresponds to a transport-level characteristic of a request message received at runtime of the policy subject.
  - 4. The method of claim 3 wherein the at least one parameter corresponds to a value of an HTTP header in the request message.
  - 5. The method of claim 4 wherein the HTTP header is a virtual host type header.
  - 6. The method of claim 2 wherein the at least one parameter corresponds to a payload characteristic of a request message received at runtime of the policy subject.
  - 7. The method of claim 1 wherein the at least one parameter corresponds to a system-level characteristic of an application server configured to execute the policy subject.
  - 8. The method of claim 1 wherein the constraint expression comprises a single Boolean function.
  - 9. The method of claim 1 wherein the constraint expression comprises a plurality of Boolean functions joined by one or more logical operators.
  - 10. The method of claim 9, wherein the constraint expression further comprises one or more special characters that collect two or more of the plurality of Boolean functions into a group.
  - 11. The method of claim 1 wherein the web service policy comprises one or more policy assertions conforming to WS-SecurityPolicy.
  - 12. The method of claim 1 wherein the policy attachment metadata is stored as an Extensible Markup Language (XML) file, and wherein the web service policy and the policy subject are identified via separate XML elements in the XML file.
  - 13. The method of claim 12 wherein modifying the policy attachment metadata comprises inserting a new XML attribute within the XML element identifying the policy subject, the new XML attribute identifying the reference to the constraint expression.

14. A non-transitory computer-readable medium having stored thereon program code executable by a computer system, the program code comprising:
- code that causes the computer system to retrieve policy attachment metadata identifying a web service policy and a policy prior to the web service policy attaching to the policy subject at runtime, the policy attachment metadata indicating that the web service policy attaches to the policy subject at runtime;
  
  code that causes the computer system to receive, from an end-user, a constraint expression configured to return a Boolean result prior to the web service policy attaching to the policy subject at runtime, the constraint expression being dependent on at least one parameter whose value is only available at runtime of the policy subject; and
  
  code that causes the computer system to modify the policy attachment metadata prior to the web service policy attaching to the policy subject at runtime to include a reference to the constraint expression,wherein the modified policy attachment metadata indicates that the web service policy attaches to the policy subject when the constraint expression is satisfied at runtime of the policy subject,wherein the modified policy attachment metadata indicates that the web service policy does not attach to the policy subject when the constraint expression fails to be satisfied at runtime of the policy subject.
- View Dependent Claims (15, 16)
- - 15. The non-transitory computer-readable medium of claim 14 wherein the policy subject is a web service endpoint.
  - 16. The non-transitory computer-readable medium of claim 15 wherein the at least one parameter corresponds to a transport-level characteristic of a request message received at runtime of the policy subject.

17. A system comprising:
- a hardware processor configured to;
  
  retrieve policy attachment metadata identifying a web service policy and a policy subject prior to the web service policy attaching to the policy subject at runtime, the policy attachment metadata indicating that the web service policy attaches to the policy subject at runtime;
  
  receive, from an end-user, a constraint expression configured to return a Boolean result prior to the web service policy attaching to the policy subject at runtime, the constraint expression being dependent on at least one parameter whose value is only available at runtime of the policy subject; and
  
  modify the policy attachment metadata prior to the web service policy attaching to the policy subject at runtime to include a reference to the constraint expression,wherein the modified policy attachment metadata indicates that the web service policy attaches to the policy subject when the constraint expression is satisfied at runtime of the policy subject,wherein the modified policy attachment metadata indicates that the web service policy does not attach to the policy subject when the constraint expression fails to be satisfied at runtime of the policy subject.
- View Dependent Claims (18, 19)
- - 18. The system of claim 17 wherein the policy subject is a web service endpoint.
  - 19. The system of claim 18 wherein the at least one parameter corresponds to a transport-level characteristic of a request message received at runtime of the policy subject.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Kavantzas, Nickolas, Bryan, Jeffrey Jason
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
CHANG, KENNETH W

Application Number

US13/436,933
Publication Number

US 20130086626A1
Time in Patent Office

1,151 Days
Field of Search

726/1
US Class Current

726/1
CPC Class Codes

H04L 41/0246   Exchanging or transporting ...

H04L 41/0873   Checking configuration conf...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

Constraint definition for conditional policy attachments

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

100 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Constraint definition for conditional policy attachments

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

100 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others