Constraint definition for conditional policy attachments
First Claim
1. A method comprising:
- retrieving, by a computer system, policy attachment metadata identifying a web service policy and a policy subject prior to the web service policy attaching to the policy subject at runtime, the policy attachment metadata indicating that the web service policy attaches to the policy subject at runtime;
receiving, by the computer system, a constraint expression configured to return a Boolean result prior to the web service policy attaching to the policy subject at runtime, the constraint expression being dependent on at least one parameter whose value is only available at runtime of the policy subject; and
modifying, by the computer system, the policy attachment metadata prior to the web service policy attaching to the policy subject at runtime to include a reference to the constraint expression,wherein the modified policy attachment metadata indicates that the web service policy attaches to the policy subject when the constraint expression is satisfied at runtime of the policy subject,wherein the modified policy attachment metadata indicates that the web service policy does not attach to the policy subject when the constraint expression fails to be satisfied at runtime of the policy subject.
1 Assignment
0 Petitions
Accused Products
Abstract
Framework for conditionally attaching web service policies to a policy subject (e.g., a web service client or service endpoint) at subject runtime. In one set of embodiments, a constraint expression can be defined that specifies one or more runtime conditions under which a policy should be attached to a policy subject. The constraint expression can be associated with the policy and the policy subject via policy attachment metadata. The constraint expression can then be evaluated at runtime of the policy subject to determine whether attachment of the policy to the policy subject should occur. If the evaluation indicates that the policy should be attached, the attached policy can be processed at the policy subject (e.g., enforced or advertised) as appropriate. Using these techniques, the policy subject can be configured to dynamically exhibit different behaviors based on its runtime context.
100 Citations
19 Claims
-
1. A method comprising:
-
retrieving, by a computer system, policy attachment metadata identifying a web service policy and a policy subject prior to the web service policy attaching to the policy subject at runtime, the policy attachment metadata indicating that the web service policy attaches to the policy subject at runtime; receiving, by the computer system, a constraint expression configured to return a Boolean result prior to the web service policy attaching to the policy subject at runtime, the constraint expression being dependent on at least one parameter whose value is only available at runtime of the policy subject; and modifying, by the computer system, the policy attachment metadata prior to the web service policy attaching to the policy subject at runtime to include a reference to the constraint expression, wherein the modified policy attachment metadata indicates that the web service policy attaches to the policy subject when the constraint expression is satisfied at runtime of the policy subject, wherein the modified policy attachment metadata indicates that the web service policy does not attach to the policy subject when the constraint expression fails to be satisfied at runtime of the policy subject. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory computer-readable medium having stored thereon program code executable by a computer system, the program code comprising:
-
code that causes the computer system to retrieve policy attachment metadata identifying a web service policy and a policy prior to the web service policy attaching to the policy subject at runtime, the policy attachment metadata indicating that the web service policy attaches to the policy subject at runtime; code that causes the computer system to receive, from an end-user, a constraint expression configured to return a Boolean result prior to the web service policy attaching to the policy subject at runtime, the constraint expression being dependent on at least one parameter whose value is only available at runtime of the policy subject; and code that causes the computer system to modify the policy attachment metadata prior to the web service policy attaching to the policy subject at runtime to include a reference to the constraint expression, wherein the modified policy attachment metadata indicates that the web service policy attaches to the policy subject when the constraint expression is satisfied at runtime of the policy subject, wherein the modified policy attachment metadata indicates that the web service policy does not attach to the policy subject when the constraint expression fails to be satisfied at runtime of the policy subject. - View Dependent Claims (15, 16)
-
-
17. A system comprising:
-
a hardware processor configured to; retrieve policy attachment metadata identifying a web service policy and a policy subject prior to the web service policy attaching to the policy subject at runtime, the policy attachment metadata indicating that the web service policy attaches to the policy subject at runtime; receive, from an end-user, a constraint expression configured to return a Boolean result prior to the web service policy attaching to the policy subject at runtime, the constraint expression being dependent on at least one parameter whose value is only available at runtime of the policy subject; and modify the policy attachment metadata prior to the web service policy attaching to the policy subject at runtime to include a reference to the constraint expression, wherein the modified policy attachment metadata indicates that the web service policy attaches to the policy subject when the constraint expression is satisfied at runtime of the policy subject, wherein the modified policy attachment metadata indicates that the web service policy does not attach to the policy subject when the constraint expression fails to be satisfied at runtime of the policy subject. - View Dependent Claims (18, 19)
-
Specification