Dynamic service composition and orchestration

US 7,774,485 B2
Filed: 05/20/2005
Issued: 08/10/2010
Est. Priority Date: 05/21/2004
Status: Active Grant

First Claim

Patent Images

1. A method for interconnecting a plurality of processes in a switching fabric, comprising:

receiving requests for communication between a plurality of processes, wherein the processes can be one or more of a client, business process, service, web service, or service proxy, and wherein the requests for communication can include requests to access resources;

associating each request for communication with a context that includes a plurality of message processing variables which are dynamically configurable as the request is processed;

resolving transport protocol variances dynamically for a particular request, using the context and the plurality of message processing variables associated with that request, among the plurality of processes;

resolving message format variances dynamically for a particular request, using the context and the plurality of message processing variables associated with that request, among the plurality of processes;

conveying, subject to authorization, the requests for communication, as resolved for transport protocol and message format variances, between the plurality of processes; and

receiving at least one of the requests for communication, and its associated context, at a security service module (SSM) that is integrated with and provides security services for a server, including controlling access to the resources at the server;

using an adjudicator and a plurality of authorization providers that are integrated with the SSM, to determine whether to convey the requests for communication or to grant the requests to access resources for a particular resource;

wherein each of the plurality of authorization providers individually renders a decision based on the request and its associated context, whether to grant access to the particular resource; and

wherein the adjudicator uses the decisions to render an overall decision with respect to access to the particular resource, and only conveys the requests for communication or grants the requests to access if each of the plurality of authorization providers would individually grant access to that resource.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and media for service infrastructure that enables dynamic service composition and orchestration. This description is not intended to be a complete description of, or limit the scope of, the invention. Other features, aspects and objects of the invention can be obtained from a review of the specification, the figures and the claims.

111 Citations

View as Search Results

21 Claims

1. A method for interconnecting a plurality of processes in a switching fabric, comprising:
- receiving requests for communication between a plurality of processes, wherein the processes can be one or more of a client, business process, service, web service, or service proxy, and wherein the requests for communication can include requests to access resources;
  
  associating each request for communication with a context that includes a plurality of message processing variables which are dynamically configurable as the request is processed;
  
  resolving transport protocol variances dynamically for a particular request, using the context and the plurality of message processing variables associated with that request, among the plurality of processes;
  
  resolving message format variances dynamically for a particular request, using the context and the plurality of message processing variables associated with that request, among the plurality of processes;
  
  conveying, subject to authorization, the requests for communication, as resolved for transport protocol and message format variances, between the plurality of processes; and
  
  receiving at least one of the requests for communication, and its associated context, at a security service module (SSM) that is integrated with and provides security services for a server, including controlling access to the resources at the server;
  
  using an adjudicator and a plurality of authorization providers that are integrated with the SSM, to determine whether to convey the requests for communication or to grant the requests to access resources for a particular resource;
  
  wherein each of the plurality of authorization providers individually renders a decision based on the request and its associated context, whether to grant access to the particular resource; and
  
  wherein the adjudicator uses the decisions to render an overall decision with respect to access to the particular resource, and only conveys the requests for communication or grants the requests to access if each of the plurality of authorization providers would individually grant access to that resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 15, 21)
- - 2. The method of claim 1, further comprising:
    - satisfying authentication and/or authorization requirements among the plurality of processes.
  - 3. The method of claim 1 wherein the conveying includes:
    - routing a message to a process in the plurality of processes based on information in the message.
  - 4. The method of claim 1 wherein the resolving message format incompatibilities includes:
    - converting a message to a format that is compatible with a destination process in the plurality of processes.
  - 5. The method of claim 1 wherein the resolving transport protocol incompatibilities includes:
    - sending a message to a destination process in the plurality of processes via a transport protocol that is compatible with the destination process.
  - 6. The method of claim 1 wherein:
    - a transport protocol is one of;
      
      File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP), HTTP/Secure (HTTPS), Java Message Service (JMS), file and electronic mail.
  - 7. The method of claim 1 wherein:
    - the switching fabric is a message processing graph that includes a plurality of interconnected message processing nodes through which the message traffic is conveyed.
  - 15. A network accessible device configured to perform the steps of claim 1.
  - 21. The method of claim 1, wherein at least one of the multiple authorization providers uses roles and policies to determine whether access to the resource should be granted.

8. A non-transitory computer readable storage medium having instructions stored thereon that when used cause a system to:
- receive requests for communication between a plurality of processes, wherein the processes can be one or more of a client, business process, service, web service, or service proxy, and wherein the requests for communication can include requests to access resources;
  
  associate each request for communication with a context that includes a plurality of message processing variables which are dynamically configurable as the request is processed;
  
  resolve transport protocol variances dynamically for a particular request, using the context and the plurality of message processing variables associated with that request, among the plurality of processes;
  
  resolve message format variances dynamically for a particular request, using the context and the plurality of message processing variables associated with that request, among the plurality of processes;
  
  convey, subject to authorization, the requests for communication, as resolved for transport protocol and message format variances, between the plurality of processes; and
  
  receive at least one of the requests for communication, and its associated context, at a security service module (SSM) that is integrated with and provides security services for a server, including controlling access to the resources at the server;
  
  use an adjudicator and a plurality of authorization providers that are integrated with the SSM, to determine whether to convey the requests for communication or to grant the requests to access resources for a particular resource;
  
  wherein each of the plurality of authorization providers individually renders a decision based on the request and its associated context, whether to grant access to the particular resource; and
  
  wherein the adjudicator uses the decisions to render an overall decision with respect to access to the particular resource, and only conveys the requests for communication or grants the requests to access if each of the plurality of authorization providers would individually grant access to that resource.

9. A service infrastructure comprising:
- a processora message services layer is implemented on the processor and configured to interconnect a plurality of processes through at least one service proxy, and to receive requests for communication between a plurality of processes and associate each request with a context that includes a plurality of message processing variables which are dynamically configurable as the request is processed, wherein the processes can be one or more of a client, business process, service, web service, or service proxy, and wherein the requests for communication can incorporate requests to access resources;
  
  a information services layer is implemented on the processor and configured to provide a unified view of information obtained from a plurality of information sources including resolving transport protocol variances dynamically for a particular request, using the context and the plurality of message processing variables associated with that request, among the plurality of processes;
  
  resolving message format variances dynamically for a particular request, using the context and the plurality of message processing variables associated with that request, among the plurality of processes;
  
  a security services layer is implemented on the processor and configured to provide distributed security to the message services layer through a security service module (SSM) that is integrated with and provides security services for a server, including controlling access to the resources at the server; and
  
  wherein each of a plurality of authorization providers individually renders a decision based on the request and its associated context, whether to grant access to a particular resource;
  
  wherein an adjudicator uses the decisions from the plurality of authorization providers that are integrated with the SSM, to render an overall decision with respect to access to the resource, and only conveys the requests for communication or grants the requests to access if each of the plurality of authorization providers would individually grant access to that resource.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The service infrastructure of claim 9 wherein:
    - the information services layer is further configured to redact a portion of the information obtained based on a security policy.
  - 11. The service infrastructure of claim 9 wherein:
    - the security services layer is further configured to provision security information.
  - 12. The service infrastructure of claim 9 wherein:
    - the security services layer is further configured to guard a resource.
  - 13. The service infrastructure of claim 9, wherein the message services layer further comprises:
    - a plurality of message processing nodes that are each configured to perform at least one action based message traffic flowing between the plurality of processes.
  - 14. The service infrastructure of claim 13 wherein:
    - an action is one of;
      
      resolving transport protocol variances dynamically among the plurality of processes;
      
      resolving message format variances dynamically among the plurality of processes;
      
      conveying message traffic between the plurality of processes; and
      
      satisfying authentication and/or authorization requirements among the plurality of processes.

16. A system comprising one or more components capable of performing the following steps:
- receiving requests for communication between a plurality of processes, wherein the processes can be one or more of a client, business process, service, web service, or service proxy, and wherein the requests for communication can include requests to access resources;
  
  associating each request for communication with a context that includes a plurality of message processing variables which are dynamically configurable as the request is processed;
  
  resolving transport protocol variances dynamically for a particular request, using the context and the plurality of message processing variables associated with that request, among the plurality of processes;
  
  resolving message format variances dynamically for a particular request, using the context and the plurality of message processing variables associated with that request, among the plurality of processes;
  
  conveying, subject to authorization, the requests for communication, as resolved for transport protocol and message format variances, between the plurality of processes; and
  
  receiving at least one of the requests for communication, and its associated context, at a security service module (SSM) that is integrated with and provides security services for a server, including controlling access to the resources at the server;
  
  using an adjudicator and a plurality of authorization providers that are integrated with the SSM, to determine whether to convey the requests for communication or to grant the requests to access resources for a particular resource;
  
  wherein each of the plurality of authorization providers individually renders a decision based on the request and its associated context, whether to grant access to the particular resource; and
  
  wherein the adjudicator uses the decisions to render an overall decision with respect to access to the particular resource, and only conveys the requests for communication or grants the requests to access if each of the plurality of authorization providers would individually grant access to that resource;
  
  wherein the system includes at least one processor.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, further capable of performing the following step:
    - satisfying authentication and/or authorization requirements among the plurality of processes.
  - 18. The system of claim 16, further capable of performing the following step:
    - routing the message to a process in the plurality of processes based on information in the message.
  - 19. The system of claim 16, further capable of performing the following step:
    - converting the message to a format that is compatible with a destination process in the plurality of processes.
  - 20. The system of claim 16, further capable of performing the following step:
    - sending the message to a destination process in the plurality of processes via a transport protocol that is compatible with the destination process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
BEA Systems Incorporated (Oracle Corporation)
Inventors
Kasi, Jayaram, Mihic, Matthew, Urhan, Tolga, Kapoor, Chet, Aletty, Ashok, Patrick, Paul B.
Primary Examiner(s)
Flynn; Nathan
Assistant Examiner(s)
Patel; Chirag R

Application Number

US11/133,917
Publication Number

US 20060212593A1
Time in Patent Office

1,908 Days
Field of Search

709/229, 726/8
US Class Current

709/229
CPC Class Codes

G06Q 10/06 Resources, workflows, human...

G06Q 30/00 Commerce

Dynamic service composition and orchestration

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

111 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Dynamic service composition and orchestration

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

111 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others