Automated policy constraint matching for computing resources

US 20060206440A1
Filed: 03/09/2005
Published: 09/14/2006
Est. Priority Date: 03/09/2005
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

accessing a first policy definition comprising one or more policy constraints, wherein each policy constraint specifies one or more acceptable values for each of one or more vocabulary items of the first policy definition;

accessing a second policy definition comprising one or more other policy constraints, each of which specifies one or more acceptable values for one or more other vocabulary items of the second policy definition;

wherein one of the acceptable values of the first policy definition and of the acceptable values of the second policy definition for a single vocabulary item common to both the first and second policy definitions are configured in a hierarchical relationship, wherein a narrower one of the acceptable values for the common vocabulary item is defined as a subset of a broader one of the acceptable values for the common vocabulary item;

wherein the narrower one of the acceptable values inherits all semantics from the broader acceptable value;

determining an intersection policy definition comprising one or more intersection policy constraints specifying one or more acceptable values for the vocabulary item common to both the first and second policy definitions, wherein said determining comprises specifying the narrower one of the acceptable values in one of the one or more intersection policy constraints for the common vocabulary item; and

communicating with a device in a distributed computing environment according to the determined intersection policy definition.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Web services interface policy constraints may be specified in a policy constraints language and policy processing, such as generating an intersection policy of two policies may be automated by a policy-processing engine. A policy constraint may be a specification of a value, range of values, or set of values that a particular requirement or offering is allowed to have. Hierarchies of requirements and/or offerings may also be expressed and matched such that a more specific case of a requirement or offering may be matched against a more general case of the same requirement or offering. Also, preferences among vocabulary items, vocabulary item values, policy constraints, and other elements of a policy may be specified and automatically determined by a policy-processing engine. Automated matching of consumer requirements against provider offerings may allow a policy-processing engine to process policies with specifications of requirements or offerings from any domain-specific schema.

209 Citations

23 Claims

1. A method, comprising:
- accessing a first policy definition comprising one or more policy constraints, wherein each policy constraint specifies one or more acceptable values for each of one or more vocabulary items of the first policy definition;
  
  accessing a second policy definition comprising one or more other policy constraints, each of which specifies one or more acceptable values for one or more other vocabulary items of the second policy definition;
  
  wherein one of the acceptable values of the first policy definition and of the acceptable values of the second policy definition for a single vocabulary item common to both the first and second policy definitions are configured in a hierarchical relationship, wherein a narrower one of the acceptable values for the common vocabulary item is defined as a subset of a broader one of the acceptable values for the common vocabulary item;
  
  wherein the narrower one of the acceptable values inherits all semantics from the broader acceptable value;
  
  determining an intersection policy definition comprising one or more intersection policy constraints specifying one or more acceptable values for the vocabulary item common to both the first and second policy definitions, wherein said determining comprises specifying the narrower one of the acceptable values in one of the one or more intersection policy constraints for the common vocabulary item; and
  
  communicating with a device in a distributed computing environment according to the determined intersection policy definition.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1, wherein said determining comprises:
    - comparing the one or more acceptable values for each of the one or more vocabulary items of the first policy definition to the one or more acceptable values for each of the one or more vocabulary items of the second policy definition to determine the one or more intersection values for each of the one or more vocabulary items common to both the first and second policy definitions; and
      
      generating the one or more intersection policy constraints, wherein said generating comprises determining one or more acceptable policy constraints, wherein each of the acceptable policy constraints specifies one or more acceptable values for the one or more vocabulary items common to both the first and second policy definitions.
  - 3. The method of claim 2, wherein said determining one or more acceptable policy constraints comprises identifying one or more policy constraints of either the first or the second policy definition that include acceptable values for vocabulary items common to both the first and the second policy definition.
  - 4. The method of claim 2, wherein said determining one or more acceptable policy constraints comprises determining intersections of one or more policy constraints of the first policy definition and a corresponding one or more policy constraints of the second policy definition, wherein the intersected policy constraints specify acceptable values for vocabulary items common to both policy definitions.
  - 5. The method of claim 2, wherein said determining further comprises analyzing the one or more generated intersection policy constraints and the one or more intersection values to determine one or more inconsistent ones of the intersection policy constraints, wherein each of the one or more inconsistent ones of the intersection policy constraints comprises one or more values which conflict with one or more other values for the same vocabulary item.
  - 6. The method of claim 1, wherein one of the policy constraints for the first policy definition and one of the policy constraints for the second policy definition each specifies a preference order for one or more acceptable values for one of the one or more vocabulary items common to both the first policy definition and the second policy definition;
    - and wherein said determining comprises determining a preference order for one or more acceptable values for the common vocabulary item based on the preference orders by the policy constraints for the first and second policy definition.
  - 7. The method of claim 1, wherein the first policy definition specifies a preference order for the one or more policy constraints of the first policy definition, and wherein said determining comprises determining a preference order for the one or more policy constraints for the intersection policy definition based on the preference order specified by the first policy definition.
  - 8. The method of claim 1, further comprising translating the set of vocabulary items referenced by the first or second policy to a different vocabulary item syntax prior to accessing the first or second policy, respectively.
  - 9. The method of claim 8, wherein the one or more transformation definitions comprise Extensible Stylesheet Language Transformations (XSLT).
  - 10. The method of claim 8, wherein the one or more transformation definitions comprise XML Path Language (XPATH).
  - 11. The method of claim 1, wherein the one or more policy constraints of the first policy definition and the one or more policy constraints of the second policy definition are defined using a policy constraints language.
  - 12. The method of claim 11, wherein the policy constraints language comprises the WS-PolicyConstraints language.
  - 13. The method of claim 1, wherein the first policy definition further comprises one or more policy sets each comprising one or more of the one or more policy constraints of the first policy definition, wherein each of the one or more policy sets is specified in a policy definition language, wherein the one or more policy constraints comprise a policy constraints language different from the policy definition language.
  - 14. The method of claim 1, wherein said accessing the first policy definition comprises receiving the first policy definition from a service provider in a distributed computing environment, wherein the first policy definition includes information specifying one or more service interfaces for the service provider;
    - and wherein said accessing the second policy definition comprises receiving the second policy definition from a consumer in the distributed computing environment, wherein the second policy definition includes information specifying one or more interfaces the consumer is capable of using.
  - 15. The method of claim 14, wherein the first policy definition and the second policy definition define web services policies for communicating in the distributed computing environment.
  - 16. The method of claim 14, wherein a service broker in the distributed computing environment performs said accessing a first policy definition, said accessing a second policy definition, and said determining in response to said receiving the first policy definition and receiving the second policy definition.
  - 17. The method of claim 14, wherein a policy-processing engine for the consumer performs said accessing a first policy definition, said accessing a second policy definition, and said determining.
  - 18. The method of claim 14, further comprising sending the intersection policy definition to the consumer.
  - 19. The method of claim 18, further comprising the consumer validating the intersection policy definition against the second policy definition, wherein said validating comprises comparing each of one or more of the specifications for acceptable values specified by the intersection policy definition to one or more of the specifications for acceptable values specified by the second policy definition for the vocabulary item common to both the intersection policy definition and the second policy definition to identify one or more specifications for acceptable values in the intersection policy definition that conflict with one or more of the compared specifications for acceptable values of the second policy definition.
  - 20. The method of claim 18, further comprising the consumer initiating communication with the service provider according to the intersection policy definition, wherein said initiating communication comprises the consumer sending the intersection policy definition to the service provider as part of initiating communication with the service provider.
  - 21. The method of claim 20, further comprising:
    - the consumer sending a message generated in accordance with the intersection policy definition, wherein the message comprises one or more vocabulary items and one or more values for each of the vocabulary items, wherein the one or more vocabulary items match one of the sets of vocabulary items specified by the intersection policy definition; and
      
      the service provider, in response to receiving the message, verifying that each of the one or more values for each of the one or more vocabulary items in the message matches one or more of the acceptable values for the respective vocabulary item specified by the intersection policy definition.

22. A device, comprising:
- a processor; and
  
  a memory coupled to the processor, wherein the memory comprises program instructions configured to;
  
  access a first policy definition comprising one or more policy constraints, wherein each policy constraint specifies one or more acceptable values for each of one or more vocabulary items of the first policy definition;
  
  access a second policy definition comprising one or more other policy constraints, each of which specifies one or more acceptable values for one or more other vocabulary items of the second policy definition;
  
  wherein one of the acceptable values of the first policy definition and of the acceptable values of the second policy definition for a single vocabulary item common to both the first and second policy definitions are configured in a hierarchical relationship, wherein a narrower one of the acceptable values for the common vocabulary item is defined as a subset of a broader one of the acceptable values for the common vocabulary item;
  
  wherein the narrower one of the acceptable values inherits all semantics from the broader acceptable value;
  
  determine an intersection policy definition comprising one or more intersection policy constraints specifying one or more acceptable values for each of one or more vocabulary items common to both the first and second policy definitions, wherein said determining comprises specifying the narrower one of the acceptable values in one of the one or more intersection policy constraints for the common vocabulary item; and
  
  communicate with a device in a distributed computing environment according to the determined intersection policy definition.

23. A computer accessible medium, comprising program instructions configured to implement:
- accessing a first policy definition comprising one or more policy constraints, wherein each policy constraint specifies one or more acceptable values for each of one or more vocabulary items of the first policy definition;
  
  accessing a second policy definition comprising one or more other policy constraints, each of which specifies one or more acceptable values for one or more other vocabulary items of the second policy definition;
  
  wherein one of the acceptable values of the first policy definition and of the acceptable values of the second policy definition for a single vocabulary item common to both the first and second policy definitions are configured in a hierarchical relationship, wherein a narrower one of the acceptable values for the common vocabulary item is defined as a subset of a broader one of the acceptable values for the common vocabulary item;
  
  wherein the narrower one of the acceptable values inherits all semantics from the broader acceptable value;
  
  determining an intersection policy definition comprising one or more intersection policy constraints specifying one or more acceptable values for each of one or more vocabulary items common to both the first and second policy definitions, wherein said determining comprises specifying the narrower one of the acceptable values in one of the one or more intersection policy constraints for the common vocabulary item; and
  
  communicating with a device in a distributed computing environment according to the determined intersection policy definition.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Anderson, Anne H., Devaraj, Balasubramanian

Granted Patent

US 7,478,419 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/500
CPC Class Codes

G06F 9/44505 Configuring for program ini...

G06Q 99/00 Subject matter not provided...

Automated policy constraint matching for computing resources

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

209 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Automated policy constraint matching for computing resources

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

209 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links