Remote method invocation with secure messaging in a distributed computing environment

US 7,243,356 B1
Filed: 09/27/2000
Issued: 07/10/2007
Est. Priority Date: 05/09/2000
Status: Active Grant

First Claim

Patent Images

1. A method for remotely invoking methods in a distributed computing environment, comprising:

a service providing to a client a service advertisement comprising a data representation language message schema comprising descriptions of data representation language messages the client is authorized to send to the service;

the client generating a message in a data representation language, wherein the message includes information representing a computer programming language method call, wherein said generating a message is performed in accordance with a description of the message comprised in the message schema, and wherein the message further includes a credential for allowing the client access to a service configured to perform functions on behalf of clients in the distributed computing environment;

the client sending the message to the service;

the service examining the credential included in the message;

if said examining determines the credential is authentic, the service performing a function on behalf of the client in accordance with the information representing the computer programming language method call included in the message; and

if said examining determines the credential is not authentic, the service not performing the function on behalf of the client.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure interface between clients and services in a distributed computing environment is described. Method gates may provide an interface to remotely invoke functions of a service. A method gate may be generated from an advertisement that may include definitions for one or more messages for remotely invoking functions of the service. A client may generate messages containing representations of method calls. The service may invoke functions that correspond to the set of messages. A method gate on the service may unmarshal the message and invoke the function. The client may receive the results of the function directly. Alternatively, the results may be stored, an advertisement to the results may be provided, and a gate may be generated to access the results. Message gates may perform the sending and receiving of the messages between the client and service. In one embodiment, functions of the service may be computer programming language (e.g. Java) methods. In one embodiment, a message including a representation of a method call may be generated when no actual method call was made. In one embodiment, a method call may be transformed into messages that may be sent to the service; the service may not know that the messages were generated from a method call. In one embodiment, a service may transform messages requesting functions into method calls; the client may not know that the service is invoking methods to perform the functions. A credential may be embedded in messages and used for message authentication on the service.

191 Citations

63 Claims

1. A method for remotely invoking methods in a distributed computing environment, comprising:
- a service providing to a client a service advertisement comprising a data representation language message schema comprising descriptions of data representation language messages the client is authorized to send to the service;
  
  the client generating a message in a data representation language, wherein the message includes information representing a computer programming language method call, wherein said generating a message is performed in accordance with a description of the message comprised in the message schema, and wherein the message further includes a credential for allowing the client access to a service configured to perform functions on behalf of clients in the distributed computing environment;
  
  the client sending the message to the service;
  
  the service examining the credential included in the message;
  
  if said examining determines the credential is authentic, the service performing a function on behalf of the client in accordance with the information representing the computer programming language method call included in the message; and
  
  if said examining determines the credential is not authentic, the service not performing the function on behalf of the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. The method as recited in claim 1, wherein the client comprises a client method gate configured to provide an interface to the service by generating data representation language messages including information representing method calls, and wherein said generating a message is performed by the client method gate.
  - 3. The method as recited in claim 2, wherein said sending the message is performed by the client method gate.
  - 4. The method as recited in claim 2, wherein the client further comprises a client process, the method further comprising:
    - the client process generating the computer programming language method call; and
      
      the client method gate receiving the method call generated by the client process;
      
      wherein said generating a message is performed in response to said receiving the method call.
  - 5. The method as recited in claim 2, wherein the client further comprises a client message endpoint, wherein said sending the message to the service comprises:
    - the client method gate sending the message to the client message endpoint, wherein the client message endpoint is configured to send messages in the data representation language to the service;
      
      the client message endpoint attaching the credential to the message; and
      
      the client message endpoint sending the message to the service.
  - 6. The method as recited in claim 1, further comprising the client generating a client method gate in accordance with the service advertisement, wherein the client method gate is configured to provide to the client an interface to the service by generating the data representation language messages described in the message schema, wherein said generating a message is performed by the client method gate.
  - 7. The method as recited in claim 1, wherein the service advertisement further comprises an address for receiving the data representation language messages on the service, wherein said sending the message to the service comprises sending the message to the address.
  - 8. The method as recited in claim 7, wherein the address is a Uniform Resource Identifier (URI).
  - 9. The method as recited in claim 7, further comprising the client generating a client message endpoint in accordance with the service advertisement, wherein the client message endpoint is configured to send messages to the address, and wherein said sending the message to the service is performed by the client message endpoint.
  - 10. The method as recited in claim 1, wherein the service comprises a service message endpoint configured to receive messages in the data representation language from the client, wherein said performing a function comprises the service message endpoint receiving the message from the client.
  - 11. The method as recited in claim 1, wherein the service comprises one or more computer programming language methods executable within the service, wherein said performing a function comprises executing a computer programming language method of the service in accordance with the information representing the computer programming language method call included in the message.
  - 12. The method as recited in claim 1, wherein the service comprises one or more computer programming language methods executable within the service, wherein the information representing the computer programming language method call includes an identifier of the method call, and wherein said performing a function comprises:
    - regenerating the method call in accordance with the identifier of the method call included in the information representing the method call; and
      
      executing a computer programming language method of the service in accordance with the regenerated method call.
  - 13. The method as recited in claim 12, wherein the information representing the computer programming language method call further includes one or more parameter values of the method call, and wherein said executing a computer programming language method in accordance with the regenerated method call comprises providing the one or more parameter values from the information representing the method call as parameter values of the method call.
  - 14. The method as recited in claim 12, wherein the service further comprises a service method gate configured to provide an interface to the one or more computer programming language methods of the service by receiving data representation language messages and invoking computer programming language methods specified by the messages, and wherein said regenerating the method call is performed by the service method gate.
  - 15. The method as recited in claim 1, wherein said performing a function generates results data, the method further comprising the service providing the generated results data to the client.
  - 16. The method as recited in claim 1, wherein said performing a function generates results data, and wherein the service comprises a service message endpoint configured to send messages in the data representation language to the client for the service, the method further comprising:
    - the service message endpoint sending a results message to the client, wherein the results message includes the generated results data.
  - 17. The method as recited in claim 1, wherein said performing a function generates results data, the method further comprising:
    - storing the generated results data to a space service in the distributed computing environment;
      
      providing an advertisement for the stored results data to the client, wherein the advertisement comprises information to enable access by the client to the stored results data; and
      
      the client accessing the stored results data from the space service in accordance with the information in the provided advertisement.
  - 18. The method as recited in claim 17, wherein the client accessing the stored results data comprises:
    - generating a client results message endpoint in accordance with the information in the provided advertisement, wherein the client results message endpoint is configured to send messages in the data representation language to the space service for the client;
      
      generating a results request message in the data representation language, wherein the results request message requests the results data be provided to the client;
      
      the client results message endpoint sending the results request message to the space service; and
      
      the space service sending the requested results data to the client results message endpoint in response to the results request message.
  - 19. The method as recited in claim 17, wherein the information to enable access by the client to the stored results data comprises one or more Uniform Resource Identifiers (URIs) for accessing the stored results data.
  - 20. The method as recited in claim 1, wherein said data representation language is eXtensible Markup Language (XML).
  - 21. The method as recited in claim 1, wherein said computer programming language is the Java programming language, and wherein the information representing the method call in the message represents a Java method call to a Java method implemented on the service, and wherein the service performing a function comprises invoking the Java method on the service in accordance with the information representing the Java method call included in the message.
  - 22. The method as recited in claim 1, wherein the client is executing within a virtual machine, wherein the virtual machine is executing within a client device in the distributed computing environment.
  - 23. The method as recited in claim 22, wherein the virtual machine is a Java Virtual Machine (JVM).

24. A distributed computing system, comprising:
- a service device comprising one or more functions executable on the service device on behalf of client devices in the distributed computing system;
  
  a client device configured to;
  
  generate a message in a data representation language, wherein the message includes information representing a computer programming language method call, and wherein the message further includes a credential for allowing the client device access to the service device; and
  
  send the message to the service device;
  
  wherein the service device is configured to;
  
  provide to the client device a service advertisement comprising a data representation language message schema comprising descriptions of data representation language messages a client device is authorized to send to the service device, wherein said generate a message is performed in accordance with a description of the message comprised in the message schema;
  
  examine the credential included in the message;
  
  if said examining verifies the credential, perform a function on behalf of the client in accordance with the information representing the computer programming language method call included in the message; and
  
  if said examining does not verify the credential, not perform the function on behalf of the client.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 25. The system as recited in claim 24, wherein the client device comprises a client method gate configured to provide an interface to the service by generating data representation language messages including information representing method calls, and wherein said generating a message is performed by the client method gate.
  - 26. The system as recited in claim 25, wherein the client device further comprises a client process,wherein the client process is configured to generate the computer programming language method call;
    - wherein the client method gate is further configured to receive the method call generated by the client process; and
      
      wherein said generating a message is performed by the client method gate in response to said receiving the method call.
  - 27. The system as recited in claim 25, wherein the client device further comprises a client message endpoint,wherein the client method gate is further configured to send the message to the client message endpoint;
    - andwherein the client message endpoint is configured to;
      
      attach the credential to the message; and
      
      send the message to the service device.
  - 28. The system as recited in claim 24, wherein the client device is further configured to:
    - generate a client method gate in accordance with the service advertisement, wherein the client method gate is configured to provide to the client device an interface to the service device by generating the data representation language messages described in the message schema; and
      
      wherein said generating a message is performed by the client method gate.
  - 29. The system as recited in claim 24, wherein the service advertisement further comprises an address for receiving the data representation language messages on the service device.
  - 30. The system as recited in claim 29, wherein the address is a Uniform Resource Identifier (URI).
  - 31. The system as recited in claim 29, wherein the client device is further configured to:
    - generate a client message endpoint in accordance with the service advertisement, wherein the client message endpoint is configured to send the data representation language messages to the address; and
      
      wherein said sending the message to the service device is performed by the client message endpoint.
  - 32. The system as recited in claim 24, wherein the service device comprises one or more computer programming language methods executable within the service device, wherein the information representing the computer programming language method call includes an identifier of the method call, and wherein, in said performing a function, the service device is further configured to:
    - regenerate the method call in accordance with the identifier of the method call included in the information representing the method call; and
      
      execute a computer programming language method of the service device in accordance with the regenerated method call.
  - 33. The system as recited in claim 32, wherein the information representing the computer programming language method call further includes one or more parameter values of the method call, and wherein, in said executing a computer programming language method in accordance with the regenerated method call, the service device is further configured to:
    - provide the one or more parameter values from the information representing the method call as parameter values of the method call.
  - 34. The system as recited in claim 32, wherein the service device further comprises a service method gate configured to provide an interface to the one or more computer programming language methods of the service by receiving data representation language messages and invoking methods specified by the messages, and wherein said regenerating the method call is performed by the service method gate.
  - 35. The system as recited in claim 24, wherein said performing a function generates results data, wherein the service device comprises a service message endpoint configured to send a results message in the data representation language to the client device, wherein the results message includes the generated results data.
  - 36. The system as recited in claim 24, further comprising:
    - a space service;
      
      wherein the service device is further configured to;
      
      store results data generated by said performing a function to the space service;
      
      provide an advertisement for the stored results data to the client device, wherein the advertisement comprises information to enable access by the client device to the stored results data; and
      
      wherein the client device is further configured to access the stored results data from the space service in accordance with the information in the provided advertisement.
  - 37. The system as recited in claim 36,wherein, in accessing the stored results data, the client device is further configured to generate a client results message endpoint in accordance with the information in the provided advertisement;
    - wherein the client results message endpoint is configured to;
      
      generate a results request message in the data representation language, wherein the results request message requests the results data be provided to the client device; and
      
      send the results request message to the space service; and
      
      wherein the space service is configured to send the requested results data to the client results message endpoint in response to the results request message.
  - 38. The system as recited in claim 36, wherein the information to enable access by the client device to the stored results data comprises one or more Uniform Resource Identifiers (URIs) for accessing the stored results data.
  - 39. The system as recited in claim 24, wherein said data representation language is eXtensible Markup Language (XML).
  - 40. The system as recited in claim 24, wherein said computer programming language is the Java programming language, and wherein the information representing the method call in the message represents a Java method call to a Java method implemented on the service, and wherein, in said performing a function, the service device is further configured to invoke the Java method on the service device in accordance with the information representing the Java method call included in the message.
  - 41. The system as recited in claim 24, further comprising:
    - a virtual machine executable within the client device; and
      
      a client process executable within the virtual machine, wherein said generating a message and said sending the message are performed by the client process.
  - 42. The system as recited in claim 41, wherein the virtual machine is a Java Virtual Machine (JVM).

43. A device, comprising:
- a client component; and
  
  a method gate;
  
  wherein the client component is configured to generate a computer programming language method call;
  
  wherein the method gate is configured to;
  
  access the computer programming language method call generated by the client component;
  
  generate a message in a data representation language, wherein the message includes information representing a computer programming language method call, and wherein the message further includes an encrypted credential for allowing the client device access to a service in a distributed computing environment;
  
  wherein the method gate comprises a data representation language message schema comprising descriptions of data representation language messages the device is authorized to send to the service, wherein said generating a message is performed in accordance with a description of the message comprised in the message schema; and
  
  send the message to the service;
  
  wherein the service is operable to verify the message as authentic by examining the credential included in the message, and to perform a function on behalf of the client component in accordance with the information representing the computer programming language method call included in the message if the message is verified as authentic.
- View Dependent Claims (44, 45)
- - 44. The device as recited in claim 43, wherein the service is further operable to store results data generated by the function to a space service in the distributed computing environment, and wherein the client component is further configured to:
    - access a data representation language advertisement for the results data, wherein the advertisement comprises information to enable access by the client component to the results data; and
      
      access the results data from the space service in accordance with the information in the provided advertisement for the stored results data.
  - 45. The device as recited in claim 43, wherein said computer programming language is the Java programming language, and wherein the information representing a method call in the message represents a Java method call to a Java method implemented on the service.

46. A device, comprising:
- a client component configured to generate a message in a data representation language, wherein the message includes information representing a computer programming language method call; and
  
  a message endpoint configured to;
  
  attach an encrypted credential to the message for allowing the client component access to a service in a distributed computing environment; and
  
  send the message to a service in a distributed computing environment;
  
  wherein the service is operable to verify the message as authentic by examining the credential included in the message, and to perform a function on behalf of the client component in accordance with the information representing the computer programming language method call included in the message if the message is authentic;
  
  wherein the service is further operable to store results data generated by the function to a space service in the distributed computing environment; and
  
  wherein the client component is further configured to;
  
  access a data representation language advertisement for the results data, wherein the advertisement comprises information to enable access by the client component to the results data; and
  
  access the results data from the space service in accordance with the information in the provided advertisement for the stored results data.
- View Dependent Claims (47, 48, 49, 50)
- - 47. The device as recited in claim 46, wherein the client component is further configured to generate the computer programming language method call, and wherein said generating a message is performed in response to said generating the computer programming language method call.
  - 48. The device as recited in claim 46, wherein the device further comprises a virtual machine executable within the device, wherein the client component and the message endpoint are executable within the virtual machine.
  - 49. The device as recited in claim 48, wherein the virtual machine is a Java Virtual Machine (JVM).
  - 50. The device as recited in claim 46, wherein said computer programming language is the Java programming language, and wherein the information representing a method call in the message represents a Java method call to a Java method implemented on the service.

51. A device comprising:
- a message endpoint configured to;
  
  receive a message in a data representation language sent by a client of the device in a distributed computing environment, wherein the message includes information representing a computer programming language method call, and wherein the message further includes a credential for allowing the client access to the device; and
  
  verify the message as authentic by examining the credential included in the message;
  
  a service component configured to;
  
  perform a function on behalf of the client in accordance with the information representing the computer programming language method call included in the message if the message is verified as authentic by the message endpoint;
  
  store results data generated by said performing a function to a space service in the distributed computing environment; and
  
  provide an advertisement for the stored results data to the client, wherein the advertisement comprises information to enable access by the client to the stored results data.
- View Dependent Claims (52, 53, 54)
- - 52. The device as recited in claim 51, wherein the service component comprises a computer programming language method,wherein the message endpoint is further configured to:
    - regenerate the computer programming language method call in accordance with an identifier of the method call included in the message; and
      
      invoke the computer programming language method of the service component with the regenerated method call;
      
      wherein, in said performing a function, the service component is further configured to execute the computer programming language method in accordance with the regenerated method call in response to said invocation.
  - 53. The device as recited in claim 52, wherein, in said invoking the computer programming language method, the message endpoint is further configured to provide one or more parameter values included in the message as parameter values of the method call.
  - 54. The device as recited in claim 51, wherein said computer programming language is the Java programming language.

55. A computer-readable, storage medium comprising program instructions, wherein the program instructions are computer-executable to implement:
- a service providing to a client a service advertisement comprising a data representation language message schema comprising descriptions of data representation language messages the client is authorized to send to the service;
  
  the client generating a message in a data representation language, wherein the message includes information representing a computer programming language method call, wherein said generating a message is performed in accordance with a description of the message comprised in the message schema, and wherein the message further includes a credential for allowing the client access to a service configured to perform functions on behalf of clients in the distributed computing environment;
  
  the client sending the message to the service;
  
  the service examining the credential included in the message;
  
  if said examining determines the credential is authentic, the service performing a function on behalf of the client in accordance with the information representing the computer programming language method call included in the message; and
  
  if said examining determines the credential is not authentic, the service not performing the function on behalf of the client.
- View Dependent Claims (56, 57, 58, 59, 60, 61, 62, 63)
- - 56. The computer-readable, storage medium as recited in claim 55, wherein the program instructions are further computer-executable to implement:
    - the client generating a client method gate in accordance with the service advertisement, wherein the client method gate is configured to provide to the client an interface to the service by generating the data representation language messages described in the message schema;
      
      wherein said generating a message is performed by the client method gate.
  - 57. The computer-readable, storage medium as recited in claim 56, wherein the program instructions are further computer-executable to implement:
    - the client generating a client message endpoint in accordance with the service advertisement, wherein the client message endpoint is configured to send the data representation language messages to an address on the service included in the service advertisement;
      
      the client message endpoint receiving the generated message from the client method gate;
      
      the client message endpoint attaching the credential to the message; and
      
      wherein said sending the message to the service is performed by the client message endpoint.
  - 58. The computer-readable, storage medium as recited in claim 55, wherein the service comprises one or more computer programming language methods executable within the service, wherein the information representing the computer programming language method call includes an identifier of the method call, and wherein, in said performing a function, the program instructions are further computer-executable to implement:
    - regenerating the method call in accordance with the identifier of the method call included in the information representing the method call; and
      
      executing a computer programming language method of the service in accordance with the regenerated method call.
  - 59. The computer-readable, storage medium as recited in claim 58, wherein the information representing the computer programming language method call further includes one or more parameter values of the method call, and wherein, in said executing a computer programming language method in accordance with the regenerated method call, the program instructions are further computer-executable to implement providing the one or more parameter values from the information representing the method call as parameter values of the method call.
  - 60. The computer-readable, storage medium as recited in claim 58, wherein the service further comprises a service method gate configured to provide an interface to the one or more computer programming language methods of the service by receiving data representation language messages and invoking computer programming language methods specified by the messages, and wherein said regenerating the method call is performed by the service method gate.
  - 61. The computer-readable, storage medium as recited in claim 55, wherein said performing a function generates results data, and wherein the program instructions are further computer-executable to implement:
    - storing the generated results data to a space service in the distributed computing environment;
      
      providing an advertisement for the stored results data to the client, wherein the advertisement comprises information to enable access by the client to the stored results data; and
      
      the client accessing the stored results data from the space service in accordance with the information in the provided advertisement.
  - 62. The computer-readable, storage medium as recited in claim 55, wherein said data representation language is eXtensible Markup Language (XML).
  - 63. The computer-readable, storage medium as recited in claim 55, wherein said computer programming language is the Java programming language, and wherein the information representing the method call in the message represents a Java method call to a Java method implemented on the service, and wherein, in said performing a function, the program instructions are further computer-executable to implement invoking the Java method on the service in accordance with the information representing the Java method call included in the message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Slaughter, Gregory L., Saulpaugh, Thomas E., Traversat, Bernard A., Duigou, Michael J.
Primary Examiner(s)
Lim; Krisna
Assistant Examiner(s)
STRANGE, AARON N

Application Number

US09/672,145
Time in Patent Office

2,477 Days
Field of Search

709200-203, 709310-320, 709328-332, 709/216, 709/226
US Class Current

719/330
CPC Class Codes

G06F 9/465   Distributed object oriented...

H04L 63/0823   using certificates cryptogr...

H04L 63/126   the source of the received ...

H04L 67/02   based on web technology, e....

H04L 67/51   Discovery or management the...

H04L 67/53   using third party service p...

Remote method invocation with secure messaging in a distributed computing environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

191 Citations

63 Claims

Specification

Solutions

Use Cases

Quick Links

Remote method invocation with secure messaging in a distributed computing environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

191 Citations

63 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links