Remote method invocation with secure messaging in a distributed computing environment
First Claim
1. A method for remotely invoking methods in a distributed computing environment, comprising:
- a service providing to a client a service advertisement comprising a data representation language message schema comprising descriptions of data representation language messages the client is authorized to send to the service;
the client generating a message in a data representation language, wherein the message includes information representing a computer programming language method call, wherein said generating a message is performed in accordance with a description of the message comprised in the message schema, and wherein the message further includes a credential for allowing the client access to a service configured to perform functions on behalf of clients in the distributed computing environment;
the client sending the message to the service;
the service examining the credential included in the message;
if said examining determines the credential is authentic, the service performing a function on behalf of the client in accordance with the information representing the computer programming language method call included in the message; and
if said examining determines the credential is not authentic, the service not performing the function on behalf of the client.
2 Assignments
0 Petitions
Accused Products
Abstract
A secure interface between clients and services in a distributed computing environment is described. Method gates may provide an interface to remotely invoke functions of a service. A method gate may be generated from an advertisement that may include definitions for one or more messages for remotely invoking functions of the service. A client may generate messages containing representations of method calls. The service may invoke functions that correspond to the set of messages. A method gate on the service may unmarshal the message and invoke the function. The client may receive the results of the function directly. Alternatively, the results may be stored, an advertisement to the results may be provided, and a gate may be generated to access the results. Message gates may perform the sending and receiving of the messages between the client and service. In one embodiment, functions of the service may be computer programming language (e.g. Java) methods. In one embodiment, a message including a representation of a method call may be generated when no actual method call was made. In one embodiment, a method call may be transformed into messages that may be sent to the service; the service may not know that the messages were generated from a method call. In one embodiment, a service may transform messages requesting functions into method calls; the client may not know that the service is invoking methods to perform the functions. A credential may be embedded in messages and used for message authentication on the service.
191 Citations
63 Claims
-
1. A method for remotely invoking methods in a distributed computing environment, comprising:
-
a service providing to a client a service advertisement comprising a data representation language message schema comprising descriptions of data representation language messages the client is authorized to send to the service; the client generating a message in a data representation language, wherein the message includes information representing a computer programming language method call, wherein said generating a message is performed in accordance with a description of the message comprised in the message schema, and wherein the message further includes a credential for allowing the client access to a service configured to perform functions on behalf of clients in the distributed computing environment; the client sending the message to the service; the service examining the credential included in the message; if said examining determines the credential is authentic, the service performing a function on behalf of the client in accordance with the information representing the computer programming language method call included in the message; and if said examining determines the credential is not authentic, the service not performing the function on behalf of the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A distributed computing system, comprising:
-
a service device comprising one or more functions executable on the service device on behalf of client devices in the distributed computing system; a client device configured to; generate a message in a data representation language, wherein the message includes information representing a computer programming language method call, and wherein the message further includes a credential for allowing the client device access to the service device; and send the message to the service device; wherein the service device is configured to; provide to the client device a service advertisement comprising a data representation language message schema comprising descriptions of data representation language messages a client device is authorized to send to the service device, wherein said generate a message is performed in accordance with a description of the message comprised in the message schema; examine the credential included in the message; if said examining verifies the credential, perform a function on behalf of the client in accordance with the information representing the computer programming language method call included in the message; and if said examining does not verify the credential, not perform the function on behalf of the client. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
-
43. A device, comprising:
-
a client component; and a method gate; wherein the client component is configured to generate a computer programming language method call; wherein the method gate is configured to; access the computer programming language method call generated by the client component; generate a message in a data representation language, wherein the message includes information representing a computer programming language method call, and wherein the message further includes an encrypted credential for allowing the client device access to a service in a distributed computing environment; wherein the method gate comprises a data representation language message schema comprising descriptions of data representation language messages the device is authorized to send to the service, wherein said generating a message is performed in accordance with a description of the message comprised in the message schema; and send the message to the service; wherein the service is operable to verify the message as authentic by examining the credential included in the message, and to perform a function on behalf of the client component in accordance with the information representing the computer programming language method call included in the message if the message is verified as authentic. - View Dependent Claims (44, 45)
-
-
46. A device, comprising:
-
a client component configured to generate a message in a data representation language, wherein the message includes information representing a computer programming language method call; and a message endpoint configured to; attach an encrypted credential to the message for allowing the client component access to a service in a distributed computing environment; and send the message to a service in a distributed computing environment; wherein the service is operable to verify the message as authentic by examining the credential included in the message, and to perform a function on behalf of the client component in accordance with the information representing the computer programming language method call included in the message if the message is authentic; wherein the service is further operable to store results data generated by the function to a space service in the distributed computing environment; and wherein the client component is further configured to; access a data representation language advertisement for the results data, wherein the advertisement comprises information to enable access by the client component to the results data; and access the results data from the space service in accordance with the information in the provided advertisement for the stored results data. - View Dependent Claims (47, 48, 49, 50)
-
-
51. A device comprising:
-
a message endpoint configured to; receive a message in a data representation language sent by a client of the device in a distributed computing environment, wherein the message includes information representing a computer programming language method call, and wherein the message further includes a credential for allowing the client access to the device; and verify the message as authentic by examining the credential included in the message; a service component configured to; perform a function on behalf of the client in accordance with the information representing the computer programming language method call included in the message if the message is verified as authentic by the message endpoint; store results data generated by said performing a function to a space service in the distributed computing environment; and provide an advertisement for the stored results data to the client, wherein the advertisement comprises information to enable access by the client to the stored results data. - View Dependent Claims (52, 53, 54)
-
-
55. A computer-readable, storage medium comprising program instructions, wherein the program instructions are computer-executable to implement:
-
a service providing to a client a service advertisement comprising a data representation language message schema comprising descriptions of data representation language messages the client is authorized to send to the service; the client generating a message in a data representation language, wherein the message includes information representing a computer programming language method call, wherein said generating a message is performed in accordance with a description of the message comprised in the message schema, and wherein the message further includes a credential for allowing the client access to a service configured to perform functions on behalf of clients in the distributed computing environment; the client sending the message to the service; the service examining the credential included in the message; if said examining determines the credential is authentic, the service performing a function on behalf of the client in accordance with the information representing the computer programming language method call included in the message; and if said examining determines the credential is not authentic, the service not performing the function on behalf of the client. - View Dependent Claims (56, 57, 58, 59, 60, 61, 62, 63)
-
Specification