Brokering data access requests and responses
First Claim
1. At a computer system, the computer system including a brokering pipeline for brokering data access requests, a security boundary protecting the brokering pipeline and other components inside the security boundary from components outside the security boundary, a method for brokering a data access request, the method comprising:
- receiving a data access request from an external identity, the data access request requesting data maintained inside the security boundary, the external identity outside of the security boundary;
mapping the external identity to a corresponding internal identity, the internal identity configured for use inside the security boundary;
sending the data access request to an exposed endpoint for previously registered logic associated with an external entity, the previously registered logic bound to one or more data repositories that maintain the requested data;
receiving a response to the data access request, the response including the requested data;
rewriting the response to make it appear that a component of the brokering pipeline generated the response, rewriting the response decoupling the exposed endpoint from the external entity; and
sending the re-written response to the external identity.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention extends to methods, systems, and computer program products for brokering data access requests and responses. Aspects of the invention include a brokering pipeline that sequentially processes data access requests and data access responses. The brokering pipeline manages access authentications, request brokering, response rewrite, cache, and hosting multiple (e.g., business) entities.
-
Citations
20 Claims
-
1. At a computer system, the computer system including a brokering pipeline for brokering data access requests, a security boundary protecting the brokering pipeline and other components inside the security boundary from components outside the security boundary, a method for brokering a data access request, the method comprising:
-
receiving a data access request from an external identity, the data access request requesting data maintained inside the security boundary, the external identity outside of the security boundary; mapping the external identity to a corresponding internal identity, the internal identity configured for use inside the security boundary; sending the data access request to an exposed endpoint for previously registered logic associated with an external entity, the previously registered logic bound to one or more data repositories that maintain the requested data; receiving a response to the data access request, the response including the requested data; rewriting the response to make it appear that a component of the brokering pipeline generated the response, rewriting the response decoupling the exposed endpoint from the external entity; and sending the re-written response to the external identity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer program product for use at a computer system, the computer system including a brokering pipeline for brokering data access requests, a security boundary protecting the brokering pipeline and other components inside the security boundary from components outside the security boundary, the computer program product for implementing a method for brokering a data access request, the computer program product comprising one or more computer storage devices having stored thereon computer-executable instructions that, when executed at a processor, cause the computer system to perform the method, including the following:
-
receive a data access request from an external identity, the data access request requesting data maintained inside the security boundary, the external identity outside of the security boundary; map the external identity to a corresponding internal identity, the internal identity configured for use inside the security boundary; send the data access request to an exposed endpoint for previously registered logic associated with an external entity, the previously registered logic bound to one or more data repositories that maintain the requested data; receive a response to the data access request, the response including the requested data; rewrite the response to make it appear that a component of the brokering pipeline generated the response, rewriting the response decoupling the exposed endpoint from the external entity; and send the re-written response to the external identity. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer system, the computer system comprising:
-
one or more processors; system memory; one or more data repositories; a query engine; and one or more computer storage devices having stored thereon computer-executable instructions representing a brokering pipeline, the brokering pipeline configured to; receive a data access request from an external identity, the data access request requesting data maintained inside the security boundary, the external identity outside of the security boundary; map the external identity to a corresponding internal identity, the internal identity configured for use inside the security boundary; send the data access request to an exposed endpoint for previously registered logic associated with an external entity, the previously registered logic bound to one or more data repositories that maintain the requested data; receive a response to the data access request, the response including the requested data; rewrite the response to make it appear that a component of the brokering pipeline generated the response, rewriting the response decoupling the exposed endpoint from the external entity; and send the re-written response to the external identity. - View Dependent Claims (19, 20)
-
Specification