Techniques for virtual representational state transfer (REST) interfaces

US 9,049,182 B2
Filed: 10/29/2009
Issued: 06/02/2015
Est. Priority Date: 08/11/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A method implemented and residing within a computer-readable storage medium that is executed by one or more processors of a network to perform the method, comprising:

configuring a proxy device to act as an intermediary between a client and a Representational State Transfer (REST) service executing on a server of the network, wherein the REST service is multiple REST services merged to act as one service;

intercepting, at the proxy device, a REST formatted request sent from the client to the REST service;

enforcing, at the proxy device, an enterprise policy against the REST formatted request, the enterprise policy is a set of conditions defined by an enterprise, the set of conditions are automatically evaluated and specific actions taken in response thereto, the actions including implementing enterprise-specific security, integrating different REST services, and auditing REST service interactions, wherein enforcement of the enterprise policy enables;

implementation of enterprise security independent of the REST service or other REST services, integration of the REST services, and auditing of REST service interactions, defining and validating REST requests without changes to or knowledge to the multiple REST services; and

providing, by the proxy device, the REST formatted request when the enterprise policy is satisfied to the REST service for processing on behalf of the client.

View all claims

16 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for virtual Representational State Transfer (REST) interfaces are provided. A proxy is interposed between a client and a REST service over a network. The proxy performs independent authentication of the client and provides credentials to the client and for the client to authenticate to the REST service using a REST service authentication mechanism. The proxy inspects requests and responses and translates the requests and responses into formats expected by the client and the REST service. Moreover, the proxy enforces policy and audits the requests and responses occurring between the client and the REST service over the network.

22 Citations

View as Search Results

20 Claims

1. A method implemented and residing within a computer-readable storage medium that is executed by one or more processors of a network to perform the method, comprising:
- configuring a proxy device to act as an intermediary between a client and a Representational State Transfer (REST) service executing on a server of the network, wherein the REST service is multiple REST services merged to act as one service;
  
  intercepting, at the proxy device, a REST formatted request sent from the client to the REST service;
  
  enforcing, at the proxy device, an enterprise policy against the REST formatted request, the enterprise policy is a set of conditions defined by an enterprise, the set of conditions are automatically evaluated and specific actions taken in response thereto, the actions including implementing enterprise-specific security, integrating different REST services, and auditing REST service interactions, wherein enforcement of the enterprise policy enables;
  
  implementation of enterprise security independent of the REST service or other REST services, integration of the REST services, and auditing of REST service interactions, defining and validating REST requests without changes to or knowledge to the multiple REST services; and
  
  providing, by the proxy device, the REST formatted request when the enterprise policy is satisfied to the REST service for processing on behalf of the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein configuring further includes configuring the proxy device as a reverse proxy that the client and the REST service are unaware of and that the client and the REST service are not directly configured to interact with.
  - 3. The method of claim 1, wherein enforcing further includes authenticating, by the proxy device, a user of the client for access to the REST service in response to a first set of user-supplied credentials provided with the REST formatted request.
  - 4. The method of claim 3, wherein authenticating further includes using, by the proxy device, a third-party authentication service to authenticate the user via the first set of user-supplied credentials.
  - 5. The method of claim 4, wherein using further includes acquiring, by the proxy device, a second set of user credentials that the proxy device inserts into the REST formatted request on behalf of the user to authenticate the user and the client directly to the REST service, the second set of user credentials expected by the REST service and unknown to the user that supplied the first set of user-supplied credentials.
  - 6. The method of claim 5, wherein acquiring further includes maintaining, by the proxy, the first set of user-supplied credentials and subsequently inserting a third set of user credentials that the proxy device inserts into a second REST formatted request on behalf of the user to authenticate the user and the client directly to a second REST service that processes the second REST formatted request, the third set of user credentials expected by the second REST service and unknown to the user that supplied the first set of user-supplied credentials, the REST service using a different authentication mechanism than that which is used by the second REST service and the authentication mechanisms managed by the proxy device to provide single sign-on services to the user.
  - 7. The method of claim 1, wherein enforcing further includes enforcing the enterprise policy against one or more second REST formatted requests directed to one or more second REST services associated with one or more second servers.
  - 8. The method of claim 1, wherein enforcing further includes translating one or more components of the REST formatted request into an expected format that the REST service processes in response to enforcing the enterprise policy.

9. A method implemented and residing within a computer-readable storage medium that is executed by one or more processors of a network to perform the method, comprising:
- interposing a proxy between a Representational State Transfer (REST) service and a client of the network, wherein the REST service is multiple REST services merged to act as one service;
  
  enforcing security, at the proxy, between interactions of the REST service and the client and wherein enforcement of the security enables;
  
  implementation of enterprise security independent of the REST service or other REST services, integration of the REST service, and auditing of REST service interactions;
  
  selectively modifying, at the proxy, the interactions between the REST service and the client and defining and validating REST requests without changes to or knowledge of the multiple REST services; and
  
  custom auditing, at the proxy, the interactions between the REST service and the client in an automated fashion.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 10. The method of claim 9, wherein interposing further includes configuring the proxy as a forward proxy and a reverse proxy to the REST service and to one or more second REST services of the network.
  - 11. The method of claim 9, wherein enforcing further includes authenticating, by the proxy, the client to the REST service by first authenticating the client to an enterprise using a first authentication mechanism and then providing the client with credentials to authenticate to the REST service via a second and different authentication mechanism.
  - 12. The method of claim 9, wherein enforcing further includes authenticating, by the proxy, the client for a specific access request to the REST service in response to a specific action labeled function appearing with a particular interaction that the client is attempting with the REST service.
  - 13. The method of claim 9, wherein selectively modifying further includes using, by the proxy, a policy to change a request in a first format to a REST service recognized format.
  - 14. The method of claim 13, wherein using further includes changing, by the proxy, portions of the request in response to content included with the request in the first format and as directed by the policy.
  - 15. The method of claim 9, wherein auditing further includes logging selective details of the interactions in response to content provided by the client with some of the interactions being directed to the REST service.
  - 16. The system of claim 15, wherein the proxy service authenticates the client requests and the REST server responses using an enterprise authentication mechanism that is independent of separate authentication mechanisms used by the REST servers.
  - 17. The system of claim 16, wherein the proxy service utilizes the separate authentication mechanisms expected by the REST servers once the enterprise authentication mechanism is satisfied, and the clients are unaware of the separate authentication mechanisms expected by the REST servers.
  - 18. The system of claim 15, wherein the clients and the REST servers are unaware of the proxy service and are not configured for direct interaction with the proxy service.
  - 19. The method of claim 9, wherein auditing further includes logging selective details of the interactions in response to content provided by the REST service with some of the interactions being directed back to the client.

20. A multiprocessor-implemented system, comprising:
- one or more processors configured with a proxy service implemented in a non-transitory computer-readable storage medium and to execute on the one or more processors of a proxy of a network;
  
  the proxy service configured to act as an intermediary between clients of a network and Representational State Transfer (REST) servers to;
  
  authenticate client requests, translate the requests, enforce enterprise policy against the requests, and custom audit interactions, and the proxy service configured to authenticate REST server responses, translate the responses and enforce the enterprise policy against the responses, wherein the enterprise policy is a set of conditions defined by an enterprise, the set of conditions are automatically evaluated and specific actions taken in response thereto, the actions including implementing enterprise-specific security independent of the REST service or other REST services, integrating different REST services, and auditing REST service interactions, wherein at least one REST service is multiple REST services merged to act as one service and the proxy service configured to define and validate REST requests without changes on or knowledge by the REST services.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Burch, Lloyd Leon, Earl, Douglas Garry, Bultmeyer, Jonathan Paul, McClain, Carolyn B.
Primary Examiner(s)
MOORTHY, ARAVIND K

Application Number

US12/608,389
Publication Number

US 20110041171A1
Time in Patent Office

2,042 Days
Field of Search

726/7, 726/1, 726/12, 726/22, 713/153, 713/168
US Class Current

1/1
CPC Class Codes

G06Q 10/10   Office automation; Time man...

H04L 63/0281   Proxies

H04L 63/08   for authentication of entit...

H04L 63/0884   by delegation of authentica...

H04L 63/20   for managing network securi...

Techniques for virtual representational state transfer (REST) interfaces

First Claim

16 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for virtual representational state transfer (REST) interfaces

First Claim

16 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links