Priority assignments for policy attachments
First Claim
1. A method for controlling execution behavior of policy subjects, the method comprising:
- retrieving, by a computer system, policy attachment information identifying a plurality of web service policies whose policy attachment metadata indicate attachment at runtime to a policy subject, wherein the policy attachment information comprises, for each web service policy in the plurality of web service polices, an identifier of the web service policy, a scope at which the web service policy is attached to the policy subject at runtime, and a priority value;
determining, by the computer system, an ordering of each web service policy in the plurality of web service policies based on the priority value of the web service policy and the scope at which the web service policy is attached to the policy subject;
determining, by the computer system, that a first web service policy in the plurality of web service policies is given precedence over a second web service policy in the plurality of web service policies based on the determined ordering, wherein attachment of the first web service policy and the second web service policy at the policy subject conflict;
adding, by the computer system, the first web service policy to an effective policy set of the policy subject, the effective policy set comprising policies enforced at the policy subject at runtime; and
performing one or more actions that control execution behavior of the policy subject based the effective policy set.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for resolving conflicts between web service policies that are attached (via LPA and/or GPA metadata) to a policy subject (e.g., a WS client/service endpoint). In one set of embodiments, a priority value can be assigned to each policy attached to a policy subject via the policy'"'"'s corresponding policy attachment metadata file. These priority values can be taken into account when determining whether one policy should be given precedence over another, conflicting policy attached to the same policy subject. In certain embodiments, as part of this determination, the priority value of a policy can be given greater weight than the scope at which the policy is attached.
-
Citations
20 Claims
-
1. A method for controlling execution behavior of policy subjects, the method comprising:
-
retrieving, by a computer system, policy attachment information identifying a plurality of web service policies whose policy attachment metadata indicate attachment at runtime to a policy subject, wherein the policy attachment information comprises, for each web service policy in the plurality of web service polices, an identifier of the web service policy, a scope at which the web service policy is attached to the policy subject at runtime, and a priority value; determining, by the computer system, an ordering of each web service policy in the plurality of web service policies based on the priority value of the web service policy and the scope at which the web service policy is attached to the policy subject; determining, by the computer system, that a first web service policy in the plurality of web service policies is given precedence over a second web service policy in the plurality of web service policies based on the determined ordering, wherein attachment of the first web service policy and the second web service policy at the policy subject conflict; adding, by the computer system, the first web service policy to an effective policy set of the policy subject, the effective policy set comprising policies enforced at the policy subject at runtime; and performing one or more actions that control execution behavior of the policy subject based the effective policy set. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A non-transitory computer-readable medium having stored thereon program code executable by a computer system, the program code comprising:
-
code that causes the computer system to retrieve policy attachment information identifying a plurality of web service policies whose policy attachment metadata indicate attachment at runtime to a policy subject, wherein the policy attachment information comprises, for each web service policy in the plurality of web service polices, an identifier of the web service policy, a scope at which the web service policy is attached to the policy subject at runtime, and a priority value; code that causes the computer system to determine an ordering of each web service policy in the plurality of web service policies based on the priority value of the web service policy and the scope at which the web service policy is attached to the policy subject; code that causes the computer system to that a first web service policy in the plurality of web service policies is given precedence over a second web service policy in the plurality of web service policies based on the determined ordering, wherein attachment of the first web service policy and the second web service policy at the policy subject conflict; code that causes the computer system to add the first web service policy to an effective policy set of the policy subject, the effective policy set comprising policies enforced at the policy subject at runtime; and code that causes the computer system to perform one or more actions that control execution behavior of the policy subject based the effective policy set. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A system comprising:
-
a hardware processor configured to; retrieve policy attachment information identifying a plurality of web service policies whose policy attachment metadata indicate attachment at runtime to a policy subject, wherein the policy attachment information comprises, for each web service policy in the plurality of web service polices, an identifier of the web service policy, a scope at which the web service policy is attached to the policy subject at runtime, and a priority value; determine an ordering of each web service policy in the plurality of web service policies based on the priority value of the web service policy and the scope at which the web service policy is attached to the policy subject; determine that a first web service policy in the plurality of web service policies is given precedence over a second web service policy in the plurality of web service policies based on the determined ordering, wherein attachment of the first web service policy and the second web service policy at the policy subject conflict; add the first web service policy to an effective policy set of the policy subject, the effective policy set comprising policies enforced at the policy subject at runtime; and perform one or more actions that control execution behavior of the policy subject based the effective policy set. - View Dependent Claims (18, 19, 20)
-
Specification