IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0653229
(2000-08-31)
|
발명자
/ 주소 |
- Saulpaugh, Thomas E.
- Slaughter, Gregory L.
- Traversat, Bernard A.
- Abdelaziz, Mohamed M.
|
출원인 / 주소 |
|
대리인 / 주소 |
Meyertons, Hood, Kivlin, Kowert &
|
인용정보 |
피인용 횟수 :
155 인용 특허 :
130 |
초록
▼
Embodiments of message gates are described. A message gate is the message endpoint for a client or service in a distributed computing environment. A message gate may provide a secure endpoint that sends and receives type-safe messages. Gates may perform the sending and receiving of messages between
Embodiments of message gates are described. A message gate is the message endpoint for a client or service in a distributed computing environment. A message gate may provide a secure endpoint that sends and receives type-safe messages. Gates may perform the sending and receiving of messages between clients and services using a protocol specified in a service advertisement. In one embodiment, the messages are eXtensible Markup Language (XML) messages. For a client, a message gate represents the authority to use some or all of a service's capabilities. Each capability may be expressed in terms of a message that may be sent to the service. Creation of a message gate may involve an authentication service that generates an authentication credential, and that may negotiate the desired level of security and the set of messages that may be passed between client and service. A message gate may perform verification of messages against a message schema to ensure that the messages are allowed. Message gates may embed the authentication credential in outgoing messages so that the receiving message gate may authenticate the message. Messages may also include information to allow the receiving gate to verify that the message has not been compromised prior to receipt.
대표청구항
▼
1. A method for communicating in a distributed computing environment, comprising:receiving a message in a data representation language from a source to be sent to a destination, wherein said source is a client in the distributed computing environment and said destination is a service in the distribu
1. A method for communicating in a distributed computing environment, comprising:receiving a message in a data representation language from a source to be sent to a destination, wherein said source is a client in the distributed computing environment and said destination is a service in the distributed computing environment; receiving a data representation language schema, wherein said data representation language schema defines a message interface for accessing the service; generating a message endpoint for the client according to said data representation language schema, wherein said message endpoint performs: verifying type correctness of said message according to a said data representation language schema; and attaching an authentication credential to said message, wherein said authentication credential identifies said client; and sending said message to said service. 2. The method as recited in claim 1, wherein said data representation language schema defines a set of messages in the data representation language that said client may send to said service to access said service.3. The method as recited in claim 2, further comprising said message endpoint for the client verifying that said message to be sent to said service complies with a data representation language message definition from said data representation language schema.4. The method as recited in claim 2, further comprising said client obtaining from said message endpoint the set of data representation language messages that said client may send to said service.5. The method as recited in claim 2, wherein said set of messages in the data representation language that said client may send to said service is a subset of all messages that can be handled by said service so that said client's access to said service is restricted.6. The method as recited in claim 1, further comprising:said message endpoint for the client receiving a data representation language message from said service, wherein said data representation language message from said service includes an authentication credential for said service; said message endpoint for the client using said authentication credential for said service to authenticate said data representation language message from said service as being from said service; and said client obtaining, from said message endpoint for said client, the authenticated message from said service. 7. The method as recited in claim 6, wherein said data representation language schema defines a set of messages that said service may send to said client, the method further comprising said message endpoint for the client verifying the correctness of said data representation language message from said service according to said data representation language schema.8. The method as recited in claim 1, further comprising binding said message endpoint for the client to a single destination address so that said message endpoint only sends messages to said destination address.9. The method as recited in claim 8, wherein said destination address is a Uniform Resource Identifier (URI) for said service, wherein said sending said message to a destination comprises sending said message to an address specified by said URI using a protocol specified by said URI.10. The method as recited in claim 1, wherein said message endpoint for the client is a single atomic unit of program code that provides an abstraction for said service to said client.11. The method as recited in claim 10, wherein said single atomic unit of program code is generated under control of said client's execution environment.12. The method as recited in claim 1, wherein once generated said message endpoint for the client cannot be altered as to said verifying type correctness and said attaching an authentication credential.13. The method as recited in claim 1, wherein said client comprises a client process and wherein said service comprises a service process, and wherein said client process is executable under a different type of execution environment than said service process.14. The method as recited in claim 1, wherein said data representation language is eXtensible Markup Language (XML).15. The method as recited in claim 1, wherein said source is a service in the distributed computing environment and said destination is a client in the distributed computing environment, the method further comprising generating a message endpoint for the service according to a data representation language schema, wherein said verifying type correctness and said attaching an authentication credential are performed by said message endpoint for the service, and wherein said data representation language schema defines a message interface between said service and said client.16. A device, comprising:a processor; a memory coupled to said processor comprising program instructions, wherein the program instructions are configured to implement: a message gate unit configured to: receive a message in a data representation language from a source to be sent to a destination, wherein said source is a process executed by said processor from said memory, wherein said source is a client process in a distributed computing environment and said destination is a service in the distributed computing environment; receive a data representation language schema, wherein said data representation language schema defines a message interface for accessing the service; generate said message gate unit according to said data representation language schema, wherein said message gate unit is configured to: verify type correctness of said message according to said data representation language schema; and attach an authentication credential to said message, wherein said authentication credential identifies said source; and send said message to said destination. 17. The device as recited in claim 16, wherein said data representation language schema defines a set of messages in the data representation language that said client process may send to said service to access said service.18. The device as recited in claim 17, wherein said message gate unit is further configured to verify that said message to be sent to said service complies with a data representation language message definition from said data representation language schema.19. The device as recited in claim 17, wherein said client process is configured to obtain from said message gate unit the set of data representation language messages that said client process may send to said service.20. The device as recited in claim 17, wherein said set of messages in the data representation language that said client process may send to said service is a subset of all messages that can be handled by said service so that said client process's access to said service is restricted.21. The device as recited in claim 16, wherein said message gate unit for the client is further configured to:receive a data representation language message from said service, wherein said data representation language message from said service includes an authentication credential for said service; use said authentication credential for said service to authenticate said data representation language message from said service as being from said service; and wherein said client process is configured to obtain, from said message gate unit for said client, the authenticated message from said service. 22. The device as recited in claim 21, wherein said data representation language schema defines a set of messages that said service may send to said client process, wherein said message gate unit for the client is further configured to verify the correctness of said data representation language message from said service according to said data representation language schema.23. The device as recited in claim 16, wherein said message gate unit for the client process is bound to a single destination address so that said message gate unit only sends messages to said destination address.24. The device as recited in claim 23, wherein said destination address is a Uniform Resource Identifier (URI) for said service, wherein said message gate unit is further configured to send said message to an address specified by said URI using a protocol specified by said URI.25. The device as recited in claim 16, wherein said message gate unit for the client is a single atomic unit of program code executed by said processor that provides an abstraction for said service to said client process.26. The device as recited in claim 25, wherein said device is configured so that said single atomic unit of program code is generated under control of device's execution environment.27. The device as recited in claim 16, wherein said message endpoint for the client is configured so that once generated said message endpoint for the client cannot be altered as to verifying type correctness and attaching the authentication credential.28. The device as recited in claim 16, wherein said client process is executable under a different type of execution environment than a service process for said service.29. The device as recited in claim 16, wherein said data representation language is extensible Markup Language (XML).30. The device as recited in claim 16, wherein said source is a service process in a distributed computing environment and said destination is a client in the distributed computing environment, the device further configured to generate said message gate unit for the service according to a data representation language schema, and wherein said data representation language schema defines a message interface between said service and said client.31. The device as recited in claim 16, wherein said device is a computer system, mobile telephone, or personal digital assistant.32. A carrier medium comprising program instructions, wherein the program instructions are computer-executable to implement:receiving a message in a data representation language from a source to be sent to a destination, wherein said source is a client in a distributed computing environment and said destination is a service in the distributed computing environment; receiving a data representation language schema, wherein said data representation language schema defines a message interface for accessing the service; generating a message endpoint for the client according to said data representation language schema, wherein said message endpoint performs: verifying type correctness of said message according to a said data representation language schema; attaching an authentication credential to said message, wherein said authentication credential identifies said source; and sending said message to said destination. 33. The carrier medium as recited in claim 32, wherein said data representation language schema defines a set of messages in the data representation language that said client may send to said service to access said service, and wherein the program instructions are further computer-executable to implement:said message endpoint for the client verifying that said message to be sent to said service complies with a data representation language message definition from said data representation language schema. 34. The carrier medium as recited in claim 32, wherein the program instructions are further computer-executable to implement:said message endpoint for the client receiving a data representation language message from said service, wherein said data representation language message from said service includes an authentication credential for said service; said message endpoint for the client using said authentication credential for said service to authenticate said data representation language message from said service as being from said service; and said client obtaining, from said message endpoint for said client, the authenticated message from said service. 35. The carrier medium as recited in claim 34, wherein said data representation language schema defines a set of messages that said service may send to said client, and wherein the program instructions are further computer-executable to implement:said message endpoint for the client verifying the correctness of said data representation language message from said service according to said data representation language schema. 36. The carrier medium as recited in claim 32, wherein the program instructions are further computer-executable to implement:binding said message endpoint for the client a single destination address so that said message endpoint only sends messages to said destination address. 37. The carrier medium as recited in claim 36, wherein said destination address is a Uniform Resource Identifier (URI) for said service, and wherein, in said sending said message to a destination, the program instructions are further computer-executable to implement:sending said message to an address specified by said URI using a protocol specified by said URI. 38. The carrier medium as recited in claim 32, wherein said message endpoint for the client is a single atomic unit of program code that provides an abstraction for said service to said client.39. The carrier medium as recited in claim 32, wherein said data representation language is eXtensible Markup Language (XML).40. The carrier medium as recited in claim 32, wherein said source is a service in the distributed computing environment and said destination is a client in the distributed computing environment, and wherein the program instructions are further computer-executable to implement:generating a message endpoint for the service according to a data representation language schema, wherein said verifying type correctness and said attaching an authentication credential are performed by said message endpoint for the service, and wherein said data representation language schema defines a message interface between said service and said client.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.