Enforcing runtime policies in a networked computing environment
First Claim
1. A computer-implemented method for enforcing runtime policies relating to execution of computer code and data of an application, in a networked computing environment, comprising:
- applying a first annotation to a first portion of computer code, the first annotation being attached during development to the first portion of computer code and comprising metadata defining a set of runtime policies for executing the first portion of computer code and associated data, wherein the runtime policies of the first annotation comprise a geographic location restriction for performing execution of the first portion of the computer code;
applying a second annotation to a second portion of computer code, the second annotation being attached during development to the second portion of computer code and comprising metadata defining a set of runtime policies for executing the second portion of computer code and associated data, wherein the runtime policies of the second annotation comprise a different geographic location restriction for performing execution of the second portion of the computer code;
receiving a request to run an application;
dynamically determining whether a set of parameters satisfy a set of conditions precedent defined in the sets of runtime policies for execution of the computer code and the data of the application; and
enforcing, at a runtime of the application, the set of runtime policies for executing the computer code by running the first portion of the computer code without running the second portion of the computer code based on satisfaction of the first geographic location restriction and non-satisfaction of the second geographic location restriction of the set of conditions precedent.
4 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide approaches for enforcing runtime policies in a networked computing environment (e.g., a cloud computing environment). Specifically, in a typical embodiment, computer code and data of an application is annotated with metadata defining a set of runtime policies for executing the computer code and data. Once a request is received to run the application, a set of parameters (e.g., geographic location) corresponding to the execution of the computer code and data of the application is dynamically determined, and compared to the runtime policies. The runtime policies for executing the computer code and data are then enforced at runtime. This includes either running the application, or preventing the running of the application in the case that the set of parameters corresponding to the execution of the computer code and data of the application do not satisfy the runtime policies.
-
Citations
20 Claims
-
1. A computer-implemented method for enforcing runtime policies relating to execution of computer code and data of an application, in a networked computing environment, comprising:
-
applying a first annotation to a first portion of computer code, the first annotation being attached during development to the first portion of computer code and comprising metadata defining a set of runtime policies for executing the first portion of computer code and associated data, wherein the runtime policies of the first annotation comprise a geographic location restriction for performing execution of the first portion of the computer code; applying a second annotation to a second portion of computer code, the second annotation being attached during development to the second portion of computer code and comprising metadata defining a set of runtime policies for executing the second portion of computer code and associated data, wherein the runtime policies of the second annotation comprise a different geographic location restriction for performing execution of the second portion of the computer code; receiving a request to run an application; dynamically determining whether a set of parameters satisfy a set of conditions precedent defined in the sets of runtime policies for execution of the computer code and the data of the application; and enforcing, at a runtime of the application, the set of runtime policies for executing the computer code by running the first portion of the computer code without running the second portion of the computer code based on satisfaction of the first geographic location restriction and non-satisfaction of the second geographic location restriction of the set of conditions precedent. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for enforcing runtime policies relating to execution of computer code and data of an application, in a networked computing environment, comprising:
-
a memory medium comprising instructions; a bus coupled to the memory medium; and a processor coupled to the bus that when executing the instructions causes the system to; apply a first annotation to a first portion of computer code, the first annotation being attached during development to the first portion of computer code and comprising metadata defining a set of runtime policies for executing the first portion of computer code and associated data, wherein the runtime policies of the first annotation comprise a geographic location restriction for performing execution of the first portion of the computer code; apply a second annotation to a second portion of computer code, the second annotation being attached during development to the second portion of computer code and comprising metadata defining a set of runtime policies for executing the second portion of computer code and associated data, wherein the runtime policies of the second annotation comprise a different geographic location restriction for performing execution of the second portion of the computer code; receive a request to run an application; dynamically determine whether a set of parameters satisfy a set of conditions precedent defined in the sets of runtime policies for execution of the computer code and the data of the application; and enforce, at a runtime of the application, the set of runtime policies for executing the computer code by running the first portion of the computer code without running the second portion of the computer code based on satisfaction of the first geographic location restriction and non-satisfaction of the second geographic location restriction of the set of conditions precedent. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product for enforcing runtime policies relating to execution of computer code and data of an application, in a networked computing environment, the computer program product comprising a computer readable hardware storage device, and program instructions stored on the computer readable hardware storage device, to:
-
apply a first annotation to a first portion of computer code, the first annotation being attached during development to the first portion of computer code and comprising metadata defining a set of runtime policies for executing the first portion of computer code and associated data, wherein the runtime policies of the first annotation comprise a geographic location restriction for performing execution of the first portion of the computer code; apply a second annotation to a second portion of computer code, the second annotation being attached during development to the second portion of computer code and comprising metadata defining a set of runtime policies for executing the second portion of computer code and associated data, wherein the runtime policies of the second annotation comprise a different geographic location restriction for performing execution of the second portion of the computer code; receive a request to run an application; dynamically determine whether a set of parameters satisfy a set of conditions precedent defined in the sets of runtime policies for execution of the computer code and the data of the application; and enforce, at a runtime of the application, the set of runtime policies for executing the computer code by running the first portion of the computer code without running the second portion of the computer code based on satisfaction of the first geographic location restriction and non-satisfaction of the second geographic location restriction of the set of conditions precedent. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification