CN100596067C - Information processing apparatus and information processing method - Google Patents

Information processing apparatus and information processing method Download PDF

Info

Publication number
CN100596067C
CN100596067C CN200510099474.7A CN200510099474A CN100596067C CN 100596067 C CN100596067 C CN 100596067C CN 200510099474 A CN200510099474 A CN 200510099474A CN 100596067 C CN100596067 C CN 100596067C
Authority
CN
China
Prior art keywords
web service
mentioned
information
authentication processing
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN200510099474.7A
Other languages
Chinese (zh)
Other versions
CN1747387A (en
Inventor
西尾雅裕
重枝伸之
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Canon Inc
Original Assignee
Canon Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from JP2004355882A external-priority patent/JP4748766B2/en
Application filed by Canon Inc filed Critical Canon Inc
Publication of CN1747387A publication Critical patent/CN1747387A/en
Application granted granted Critical
Publication of CN100596067C publication Critical patent/CN100596067C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention provides an information processing device and an information processing method for realizing a network solution with high safety, convenience and simplicity at low cost when a Web service is provided. To solve the problem, the information processing device (1400) of the invention is provided with a plurality of Web services (110 etc) and a plurality of authentication and permission services (107etc) and also comprises that: an XML script part (104) of an XML script (106) with a corresponding relation between the information relevant to each Web service and the information relevant to the authentication and permission services implemented by authentication processing when each Web service is provided is kept and described; a reconcilement service (103) of the information relevant to the described authentication and permission services corresponding to the Web service request by a user is judged; when the judged authentication and permission service carries out user authorization and confirmation, the Web service requested by the user is provided.

Description

Information processor and information processing method
Technical field
The present invention relates to the authentication processing of in the information processor that a plurality of Web services are provided through network, the user who asks this Web service being carried out.
Background technology
In recent years, be applied to the purposes such as management, information receiving and transmitting, database of business document as the XML (eXtensible Markup Language) of structured language, its range of application is more and more wider.
Its exemplary is to the application of Web service as the distribute objects model that utilizes XML-SOAP (Simple Object AccessProtocol).In addition, along with the appearance of this Web service, develop into the conversion of from existing object oriented programming model to service-oriented architecture (SOA:Service Oriented Architecture) gradually.
Service-oriented architecture is to be the technology of unit cutting procedure with the Web service, owing to can utilize again, work out existing Web service again, is keeping high reliability and the advantage of business industry ﹠ solution can be constructed, be provided to the while rapidly cheaply so have.
At this, when business industry ﹠ solution was provided, it was indispensable constructing firm fail safe.When particularly constructing business industry ﹠ solution on network, the protection of user profile and user data and my identification, authentication become important problem.Service-oriented architecture based on Web service is no exception, even wish to have, different authentication also can be provided respectively according to each condition such as the environment that uses this Web service, level of security, system configuration, give the correspondence flexibly that authority is handled for same Web service.For example, though 1 authentification of user, easy cipher authentication is also arranged, utilize the PIN code authentication, utilize IC-card authentication, utilize a lot of authentication methods such as authentication of organism, so consider that it is important suitably carrying out correspondence after each condition.
On the other hand, for convenience, the simplification that improves Networking Solutions ﹠ provisioned, the requirement of registration separately, joint qualification etc. is also more and more higher.For example, when associating is constructed the Web service that provides new after a plurality of Web services, require to set up the method that authentication, the authority that combined needle carries out respectively each Web service given processing, environment such as independent registration are provided.Therefore, Yi Bian Yi Bian more and more need to satisfy influence surface not to the realizing firm fail safe expeditiously, construct convenience of service system structure, Networking Solutions ﹠ provisioned, the so-called solution countermeasure that does not coexist and require that simplification is high.
Give processing in existing authentication, the authority when Web service is provided of this explanation.Figure 12 A, Figure 12 B are that expression existing authentication, authority are given the figure of an example of the functional block in the processing, and Figure 12 A represents to constitute and gives handling part with each Web service (service A, service B) each authentication processing portion of packing into, authority and in order to the situation (dependency structure for example please refer to, and the spy opens the 2003-229978 communique) in the database that keeps user authentication information.In addition, Figure 12 B represent to constitute each Web service externally be provided with authenticate, module that authority is given processing, and share in order to be kept for authenticating, the situation of the database of user authentication information that authority is given processing.
But, give in the processing in authentication, authority shown in the above-mentioned background technology, there is following problem in structure shown in Figure 12 A, promptly authentication, the authority of being asked are handled under the different situations at use-case according to the Web service that is suitable for, need ask to transform Web service according to this, it is big that the burden of development cost and management cost becomes.
On the other hand, according to the structure shown in Figure 12 B, since share in order to be kept for authenticating, the database of user authentication information that authority is given processing, so do not need to transform Web service according to request, but owing to be the structure that each Web service has database respectively, so exist in the Web service that combination developed and when new Web service was provided, very difficult realization provided functions such as independent registration, joint qualification, thereby becomes the problem of the system of convenience difference for the user of Web service.
In addition, the interface and the agreement (agreement A, B) of the service that each Web service must install and implement to authenticate, authority is given processing (authentication service A, authority are given service B), at use-case authentication, the authority of being asked are handled not simultaneously according to the Web service that is suitable for, need carry out the transformation of interface, agreement according to this request, also need a plurality of interfaces, agreement be installed in each Web service, so not only development cost, management cost height, and the Web service that is difficult to provide the user rapidly and is asked.
And these problems also hinder in the optimal moment and import best safety system, and then become the reason that illegal use brings loss.
Summary of the invention
The present invention proposes in view of the above problems, its purpose is providing through network in the information processor of a plurality of Web services, when Web service is provided, when keeping firm fail safe, realize convenience, the Networking Solutions ﹠ provisioned that simplification is high with low cost.
To achieve these goals, the information processor of a first aspect of the present invention has following structure.
Promptly, a kind of information processor, comprise: a plurality of unit and a plurality of authentication processing unit of the user that this Web service is provided through network requests being implemented authentication processing of providing that a plurality of Web services are provided, it is characterized in that, described information processor also comprises: holding unit, in order to maintenance information, described information has been recorded and narrated and the corresponding relation that relevant information in unit and the information relevant with the authentication processing unit of implementing authentication processing when this each Web service is provided are provided that above-mentioned each Web service is provided; And judgement unit, retrieval and the Web service that provides above-mentioned user to ask provides the unit relevant information from above-mentioned information, and differentiate in this information corresponding that record and narrate, with the relevant information in above-mentioned authentication processing unit, wherein, utilizing the information relevant that determines according to above-mentioned judgement unit with the authentication processing unit authentication processing unit of appointment, carried out under above-mentioned user's the situation of authenticate-acknowledge, utilize the unit that provides that this Web service is provided in order to the Web service that above-mentioned user asks to be provided.
A second aspect of the present invention is a kind of information processing method of information processor, comprise: a plurality of a plurality of authentication processing steps that step are provided and the user that this Web service is provided through network requests implemented authentication processing that a plurality of Web services are provided, it is characterized in that, described information processing method also comprises: keep step, keep having recorded and narrated the information with the corresponding relation that relevant information of step and the information relevant with the authentication processing step of implementing authentication processing when this each Web service is provided are provided that above-mentioned each Web service is provided; Discriminating step, retrieval and the Web service that provides above-mentioned user to ask provides step relevant information from above-mentioned information, and differentiate in this information corresponding that record and narrate, with the relevant information of above-mentioned authentication processing step, wherein, in the authentication processing step of utilizing appointment according to the information relevant that in above-mentioned discriminating step, determines with the authentication processing step, carried out under above-mentioned user's the situation of authenticate-acknowledge, by providing this Web service in order to the step that provides that the Web service that above-mentioned user asks is provided.
A third aspect of the present invention is a kind of information processor that provides by the Web service of user's request, it is characterized in that, comprising: a plurality of authentication processing unit, and to being provided through network requests, the user of Web service implements authentication processing; Record cell, in order to recorded information, described information has been recorded and narrated the corresponding relation of information relevant with Web service and the information relevant with the above-mentioned authentication processing unit of implementing authentication processing when this Web service is provided; Judgement unit, the relevant information of Web service that retrieval is asked with above-mentioned user from above-mentioned information, and differentiate in this information corresponding record, with the relevant information in above-mentioned authentication processing unit; And indicating member, send the indication relevant with Web service, wherein, above-mentioned record cell sends at above-mentioned indicating member under the situation of the indication relevant with Web service, writes down the corresponding relation of information relevant with this Web service and the information relevant with the authentication processing unit of implementing authentication processing when this Web service is provided.
A fourth aspect of the present invention is a kind of information processing system, comprise: the 1st information processor and the 2nd information processor that can be connected communicatedly with the 1st information processor, it is characterized in that: above-mentioned the 1st information processor comprises: a plurality of unit that provide provide a plurality of Web services; Authentication processing is implemented to the user of this Web service is provided through network requests in a plurality of authentication processing unit; Record cell, in order to recorded information, described information has been recorded and narrated and the corresponding relation that relevant information in unit and the information relevant with the above-mentioned authentication processing unit of implementing authentication processing when this Web service is provided are provided that above-mentioned each Web service is provided; And judgement unit, from above-mentioned information the retrieval with the Web service that provides above-mentioned user to ask provide the unit relevant information, and differentiate corresponding record and narrate in this information, with the relevant information in above-mentioned authentication processing unit, wherein, utilizing the authentication processing unit of appointment according to the information relevant that determines by above-mentioned judgement unit with the authentication processing unit, carried out under above-mentioned user's the situation of authenticate-acknowledge, the Web service that provides above-mentioned user to ask, above-mentioned the 2nd information processor comprises: indicating member, carry out providing the unit relevant indication with above-mentioned, wherein, above-mentioned record cell is sent by above-mentioned indicating member in existence, when unit relevant indication is provided, write down above-mentioned information with above-mentioned simultaneously.
A fifth aspect of the present invention is a kind of information processing method of information processor, comprising: a plurality of steps that provide that a plurality of Web services are provided; The user that this Web service is provided through network requests is implemented a plurality of authentication processing steps of authentication processing; In record cell, recorded and narrated recording of information step with the corresponding relation that relevant information of step and the information relevant with the above-mentioned authentication processing step of implementing authentication processing when this each Web service is provided are provided that above-mentioned each Web service is provided; From above-mentioned information retrieval with provide the relevant information of step, and the discriminating step of differentiation information relevant of corresponding record in this information in order to what Web service that above-mentioned user asks was provided with above-mentioned authentication processing step; Wherein said information processor is utilizing according to the information relevant with the authentication processing step that determines in the above-mentioned discriminating step authentication processing step of appointment to carry out under above-mentioned user's the situation of authenticate-acknowledge, the Web service that provides above-mentioned user to ask, it is characterized in that, also comprise: send and the above-mentioned indication step that the relevant indication of step is provided, wherein, above-mentioned recording step exist send by above-mentioned indication step, with the above-mentioned situation that the relevant indication of step is provided under write down above-mentioned information simultaneously.
A sixth aspect of the present invention is a kind of information processor, it is characterized in that, comprising: Web service request receiving element receives the Web service request from the Web service request source; Holding unit, in order to maintenance information, described information has been recorded and narrated a plurality of Web services that Web service is provided and the unit is provided and provides the Web service request source of Web service to carry out the corresponding relation of a plurality of authentication ' unit of authentication processing to request; Judgement unit, differentiating the corresponding Web service of Web service of being asked with the Web service request source provides unit and authentication processing unit; With the Web service request unit, to the authentication ' unit request that determines by above-mentioned judgement unit above-mentioned Web service request source is authenticated, and when the authenticate-acknowledge that has carried out above-mentioned Web service request source, provide the Web service of unit requests by the request of above-mentioned Web service request source to the Web service that determines by above-mentioned judgement unit.
A seventh aspect of the present invention is a kind of information processing method, it is characterized in that, comprising: Web service request receiving step receives the Web service request from the Web service request source; Keep step, in order to maintenance information, described information has been recorded and narrated in order to a plurality of Web services that Web service is provided and the unit is provided and carries out the corresponding relation of a plurality of authentication ' unit of authentication processing in order to the Web service request source that request is provided Web service; Discriminating step, differentiating the corresponding Web service of Web service of being asked with the Web service request source provides unit and authentication processing unit; The Web service request step, to the authentication ' unit request that in above-mentioned discriminating step, determines above-mentioned Web service request source is authenticated, and under the situation of having carried out, provide the Web service of unit requests by the request of above-mentioned Web service request source to the Web service that in above-mentioned discriminating step, determines to the authenticate-acknowledge of above-mentioned Web service request source.
According to the present invention,, when Web service is provided, can when keeping firm fail safe, realize convenience, the Networking Solutions ﹠ provisioned that simplification is high with low cost providing through network in the information processor of a plurality of Web services.
Can further know other features and advantages of the present invention according to following accompanying drawing and explanation, identical Reference numeral is represented same or analogous part in the accompanying drawing.
Description of drawings
Following accompanying drawing as the part of this explanation shows embodiments of the invention, specifies the present invention with reference to the accompanying drawings.
Fig. 1 is the block diagram of functional structure of the MFP of expression one embodiment of the invention.
Fig. 2 is the flow chart of the flow process handled of the login, deletion, validation of XML script of the MFP of expression one embodiment of the invention.
Fig. 3 A is the figure of the control flow of expression SOAP handling part.
Fig. 3 B is the figure that the control flow of service is mediated in expression.
Fig. 3 C is the figure that expression authentication authority is given the control flow of service.
Fig. 3 D is the figure of the control flow of expression Web service.
Fig. 4 is the figure of an example of record content of the stem of expression SOAP script.
Fig. 5 is the figure of the record example of expression XML script.
Fig. 6 is the figure of the record example of expression XML script.
Fig. 7 is the figure of the record example of expression XML script.
Fig. 8 is the figure of the record example of expression XML script.
Fig. 9 is the figure of the record example of expression XML script.
Figure 10 is the figure of the record example of expression XML script.
To be expression distributes the block diagram of mediating the functional structure when serving in mode independently to Figure 11 on network.
Figure 12 A, B are that the Web service and the authentication authority of expression prior art given the figure of the structure of processing.
Figure 13 is the handling process schematic diagram that is illustrated in the MFP when receiving the SOAP of Web service request.
Figure 14 is that expression comprises the integrally-built figure according to the image processing system of the MFP of the embodiment of the invention.
Figure 15 is the block diagram of expression according to the functional structure of the MFP of the embodiment of the invention.
Figure 16 is expression according to the flow chart of the login of the XML script of the MFP of the embodiment of the invention, deletion, validation handling process.
Figure 17 is the Service Management flow chart that the illustrative system manager carries out.
Embodiment
Specify embodiments of the present invention below with reference to the accompanying drawings.
Below, specify various embodiments of the present invention as required with reference to the accompanying drawings.In addition, the present invention can implement in the various devices that Web service is provided through network, goes for various systems, but the occasion of image processing system is implemented and is applicable in following explanation in the corresponding type MFP of network (Multi Function Peripheral).
[the 1st execution mode]
The overall structure of<image processing system 〉
Figure 14 is that expression comprises the integrally-built figure according to the image processing system of the corresponding type MFP of the network of the embodiment of the invention (below, only claim " MFP ").Among Figure 14, the 1400th, MFP is to the MFP that various Web services such as print service, scan service, stores service, FAX service can be provided through the terminal 1421 that network 1410 connects.The 1421st, terminal can utilize MFP1400 through network 1410.In addition, the 1422nd, be used to manage the terminal of MFP1400.
MFP1400 is made of hardware such as communicator 1401, CPU (central processing unit) 1402, memory 1403, HDD (hard disk drive) 1404, image processing apparatus 1407, printer 1405 and scanners 1406, it is characterized in that having employing as the XML (eXtensible Markup Language) of structured language authenticate, the function of safe handling such as authority is given.
Communicator 1401 communicates through network 1410.CPU1402 is a computer of carrying out the various functional programs be used to realize image processing apparatus 1407.Particularly, CPU1402 reads from HDD1404 and is used to realize various functional programs (application program etc.), and memory 1403 as the working region, is carried out the program of reading.
The functional structure of<MFP1400 〉
Below, use Fig. 1 that the functional structure of the MFP1400 of present embodiment is described.Fig. 1 is the block diagram of functional structure of the MFP1400 of expression present embodiment.
MFP1400 has the TCP/IP/UDP agreement is carried out storehouse with the TCPIP/UDP protocol stack handling part 101 as communication function, layer has SOAP handling part 102 thereon, the upper strata has the service of mediation 103, XML script handling part 104, authentication rights service A (107), authentication service B (108), rights service B (109), authentication rights service C (114), print service 110, scan service 111, stores service 112, FAX service 113 again, and, provide these Web services (110~113) to terminal 1421 through network 1410.
To MFP1400, system operator is the reinstalling of deletion, Web service, the installation of new Web service of function stop, the Web service of machine terminal 1422 Web service of being correlated with as calculated.In addition, also comprise the situation that for example makes up mounted a plurality of Web service and new function is provided in the new Web service described herein.
SOAP handling part 102 has: analyze the SOAP request receive, with the record content of SOAP stem send to the service of mediation 103, based on generating the SOAP response and it is returned to the function of the terminal 1421 that sends the SOAP request from mediating service 103 results of returning; With based on from mediating service 103 results of returning, to this Web service send the SOAP main body the record content, generate the SOAP response and it returned to the function of the terminal 1421 that sends the SOAP request based on result from this Web service notice.
The service of mediating 103 has the record content of analyzing the SOAP stem that SOAP handling part 102 sends, the function that obtains the information relevant with the Web service that is requested to carry out; With through XML script handling part 104 from the memory (HDD1404) of storage device control part 105 management on obtain the XML script 106 logined with and the corresponding authentication authority of the Web service that is requested to carry out give the function of serving relevant information.
In addition, the service of mediating 103 is based on obtained and the relevant information of the authentication authority service of giving, and will record and narrate the function that authentication information in the SOAP stem sends to the authentication authority service of giving that obtains from XML script 106 one of (107~109); With respond based on generating SOAP from the result of authentication authority giving service one of (107~109) notice, and it is notified to the function of SOAP handling part 102.
In the MFP1400 of foundation present embodiment, as the service that realizes authentication authority service function, the authentication rights service of having packed into A (107), authentication service B (108), rights service B (109), but the invention is not restricted to this, also can be as shown in the figure, will authenticate the structure that rights service C (114) is distributed in the outside of MFP1400 and can utilizes through network 1410.In addition, the service of mediating 103 also is not limited only to be loaded into MFP1400, mediates service 103 and itself also can be on the network 1410 independently node.For example, be equivalent to the service of mediating itself and be installed in situation in the information processors such as computer on the network 1410.In addition, each Web service such as print service 110, scan service 111, stores service 112, FAX service 113 structure of MFP1400 that also is not limited to pack into.That is, these Web services also can be the Web services among other MFP that are assembled on the network 1410, and Web service itself also can be the isolated node on the network.For example, in the information processors such as computer that various services can be installed to network is connected, also can provide stores service by the memory device such as NAS (Network AttachedStorage).In addition, type service also is not limited to these.
Each authenticates the authority service of giving (107~109) and has processing from mediation service 103 authentication informations of sending, and this result is returned to the function of the service of mediation 103.
In addition, the MFP1400 according to present embodiment is equipped with print service 110, scan service 111, stores service 112, FAX service 113.These are the Web services corresponding to XML-SOAP, for these Web services, can carry out stopping, restarting, delete, reinstalling of Web service from the outer computer terminal 1422 of system operator management, in addition, can carry out appending, begin, stop, deleting of new Web service equally.
The XML script handling part 104 that becomes the lower floor of the service of mediating 103 has the function through storage device control part 105 references to storage (HDD1404).Storage device control part 105 control writes data and from memory (HDD1404) sense data, described XML script is recorded and narrated Web service, serve relevant information and processing procedure with the authentication authority of this Web service is given to the memory (HDD1404) of having stored XML script 106.
This XML script 106 can be from deleting, reinstall, upgrade processing by the terminal 1422 of the outside of system operator management, according to the record content of this XML script 106, can implement to give the corresponding of service at same Web service with other authentication authorities.In addition, for by making up the new Web service that a plurality of Web services form, can corresponding again authentication authority give service etc., thereby can tackle fail safe neatly.
When the providing of Web service is provided, need be to logining XML script 106 on the MFP1400 in advance, described XML script 106 records and gives corresponding to the authentication authority of the Web service that is in running status on MFP1400 service relevant information.
In addition, when on the memory of not carrying out this login process, MFP1400 (HDD1404), not having this XML script 106, can not carry out and on MFP1400, be in operating any Web service.
This XML script 106 is implemented registration process by system operator through 1410 couples of MFP1400 of network, and is stored on the memory of being controlled by storage device control part 105 (HDD1404).
System operator from by the terminal 1422 of system operator management to MFP1400 send record and narrate have with and the corresponding authentication authority of Web service that is installed on the MFP1400 give the XML script 106 of serving relevant information.
In the MFP1400 of foundation present embodiment, for the registration of carrying out XML script 106, deletion and have XML-SOAP RPC shown below (Remote ProcedureCall).Like this, XML script handling part 104 can carry out the validation of login, deletion and the XML script 106 of XML script 106.Particularly, sending to MFP1400, when logining XML script 106, adopting UploadScript (scriptName, account, password) as the SOAP function.
At this, because photocopier MFP1400 has the structure that can repeatedly login XML script 106, so scriptName is used as its identifying information.In addition, in the present embodiment, can use the ascii string that reaches 32 characters.Wherein, account and password can use the ascii string that reaches 32 characters.Suppose that identifying information is logined in MFP1400 in advance, this information is recorded on the memory (HDD1404) by storage device control part 105 management, and only is known to the system operator.In addition, the XML script 106 as the XML data is sent to MFP1400 with the appended document form that the SOAP that records and narrates this SOAP function asks.
In addition, when deleting the XML script of having logined on MFP1400 106, adopt Delete (scriptName, account, password) as the SOAP function.In addition, the system operator of only knowing account, password information can be deleted the XML script 106 of login in the memory (HDD1404) of MFP1400.Owing to can login a plurality of XML scripts 106, utilize scriptName to specify as the XML script 106 of deleting object at MFP1400.
In addition, to a plurality of XML scripts 106 of login on MFP1400, effectively the time, adopt EnableScript (scriptName, account, password) as the SOAP function at the XML script 106 that uses the scriptName appointment.In addition, this also be that the system operator of only knowing account, password information can be specified, XML script 106 in the memory (HDD1404) of validation login at MFP1400.
The login of<XML script, deletion, validation are handled 〉
Below, adopt Fig. 2 that the flow process that login, deletion, the validation of XML script 106 are handled is described.Fig. 2 is the flow chart that the login, deletion, validation of XML script 106 of the MFP1400 of expression present embodiment handled.
In addition, the prerequisite as Fig. 2 handles sends XML script 106 from the terminal 1422 as external equipment to MFP1400.
As shown in Figure 2, at first, the XML script handling part 104 that constitutes the service of mediation 103 judges whether to receive the UploadScript (step S201) that asks as SOAP through SOAP handling part 102.At this, when being judged as the UploadScript that receives as SOAP request, XML script handling part 104 is in order to confirm the content as the account and the password of independent variable, judge whether and be recorded in information in the memory (HDD1404) (below, be called account information) consistent (step S202) through storage device control part 105.
Be judged as account information when inconsistent (when step S202 is "No"), XML script handling part 104 returns to terminal 1422 (step S203) through SOAP handling part 102 with error response message.On the other hand, when being judged as the account information unanimity (when step S202 is "Yes"), XML script handling part 104 judges whether the XML script 106 with same scriptName has logined (step S204).
Be judged as (when step S204 is "Yes") when having logined, XML script handling part 104 returns to terminal 1422 (step S203) through SOAP handling part 102 with error response message, and turns back to the step S201 of Fig. 2.In addition, in this case, system operator just can not be logined the XML script with same scriptName as long as also do not utilize DeleteScript to delete listed XML script.
Be judged as (when step S204 is "No") when not having listed XML script, XML script handling part 104 will be gone up (step S205) through 105 logins of storage device control part at memory (HDD1404) with the XML script that the form of the annex of this SOAP request is sent.
In addition, when step S201 is judged as the UploadScript that does not receive as SOAP request (when step S201 is "No"), XML script handling part 104 judges whether to receive DeleteScript (step S206) as the SOAP request through SOAP handling part 102.At this, when being judged as the DeleteScript that receives as SOAP request (when step S206 is "Yes"), XML script handling part 104 judges whether to go up with memory (HDD1404) account information consistent (step S207) of record in order to confirm the content as the account and the password of independent variable through storage device control part 105.
Be judged as with account information when inconsistent at step S207, XML script handling part 104 returns to terminal 1422 (step S208) through the SOAP handling part with error response message.In addition, be judged as (when step S207 is "Yes") when consistent with account information, XML script handling part 104 judges whether the XML script with same scriptName has logined (step S209).
At step S209, when the XML of the scriptName with appointment script is not recorded on the memory 1403 (when not logined) (when step S209 is "No"), XML script handling part 104 returns to terminal 1422 (step S208) through SOAP handling part 102 with error response message.In addition, (when having logined) (when step S209 is "Yes") when the XML of the scriptName with appointment script has been recorded on the memory (HDD1404), XML script handling part 104 is deleted the XML script (step S210) that is recorded on the memory (HDD1404) through storage device control part 105.
In addition, when step S206 was judged as the DeleteScript that does not receive as SOAP request, XML script handling part 104 judged whether to receive EnableScript (step S211) as the SOAP request through SOAP handling part 102.At this, when being judged as the EnableScript that receives as SOAP request (is "Yes" at step S211), XML script handling part 104 is in order to confirm the content as the account and the password of independent variable, through storage device control part 105 judge whether be recorded in memory (HDD1404) on information (account information) consistent (step S212).
Be judged as in step S212 with account information when inconsistent, XML script handling part 104 returns to terminal 1422 (step S213) through SOAP handling part 102 with error response message.In addition, be judged as (when step S212 is "Yes") when consistent with account information, XML script handling part 104 judges whether the XML script of the scriptName with appointment has logined (step S214).
At step S214, in the not login (when not logined) (is "No" at step S214) when memory (HDD1404) is gone up of the XML of the scriptName with appointment script, XML script handling part 104 returns to terminal 1422 (step S213) through SOAP handling part 102 with error response message.In addition, (when having logined) (when step S214 is "Yes") when the XML of the csriptName with appointment script has been logined on memory 1403, XML script handling part 104 makes the XML script of the scriptName with appointment become effectively (step S215), after, mediate service 103 with reference to this XML script.
By above processing, finish and handle from login process, the deletion of the corresponding XML script of application of terminal 1422 to MFP1400 and validation is handled.System operator can repeat login, deletion, the validation of the XML script of this application as required and handle.After the login process of XML script is finished, can move the mediation service 103 of MFP1400.
<the processing of each parts when receiving〉to the SOAP of Web service request
Below explanation is according to the processing of the MFP1400 of present embodiment each parts when terminal 1421 receives SOAP request to Web service.At first summary is handled in explanation.Figure 13 is the schematic diagram of the handling process of the MFP1400 of expression when receiving the SOAP of Web service request.
As shown in the figure, inlet 1301 receives after the SOAP of the Web service request from terminal 1421, and institute's requested service title, authentication information are notified to moderator 1302.In addition, inlet 1301 is equivalent to the SOAP handling part 102 of Fig. 1, and Fig. 3 A is the flow chart of its control flow of expression.In addition, moderator 1302 is equivalent to the mediation service 103 of Fig. 1, and Fig. 3 B is the flow chart of its control flow of expression.
Moderator 1302 is obtained and authentication, authority the give service relevant information corresponding with the Web service of being asked with reference to mapping table 1305.In addition, mapping table 1305 is equivalent to the XML script 106 of Fig. 1.
Moderator 1302 is given the relevant information of serving based on obtained with authentication, authority, notifies from 1301 authentication informations that receive that enter the mouth to the authentication rights service 1303 of correspondence.In addition, authentication rights service 1303 is equivalent to authentication, the authority service of giving 107,108,109,114 of Fig. 1, and Fig. 3 C is the flow chart of its control flow of expression.
The authentication, the result that authority is given processing of authentication rights service 1303 are returned to moderator 1302, moderator 1302 based on this result with Web service could carry out or restrict access information sends to inlet 1301.
The content that inlet 1301 is sent based on moderator 1302 is called requested service 1304, or carries out Web service to the terminal 1421 notice refusals as request source.In addition, service 1304 is equivalent to print service 110, scan service 111, stores service 112, the FAX service 113 as each Web service of Fig. 1, and Fig. 3 D is the flow chart of its control flow of expression.Below, specify the control flow of each parts according to these flow charts.
As shown in Figure 3A, in service at MFP1400, SOAP handling part 102 monitors reception (step S301A) to the SOAP request of the Web service of sending from outer computer terminal 1421 through TCP/IP/UDP protocol stack 101 always, after affirmation is to the reception of the SOAP of Web service (when step S301A is "Yes"), the stem that the SOAP that receives is asked sends to mediation service 103 (step S302).
Shown in Fig. 3 B, mediate and serve 103 receptions (step S301B) that always monitor the stem of SOAP request, when SOAP handling part 102 receives the stem of SOAP request (when step S301B is "Yes"), mediate the record content (step S302B) that the stem of SOAP request is analyzed in service 103.
At this, Fig. 4 represents an example of the record content of the stem that SOAP asks.As shown in the drawing, in the stem of this SOAP request (for example based on the common WSAddressing standard that advances planning such as Microsoft, BEA, IBM, http://schemas.xmlsoap.org/ws/2003/03/addressing/ with reference to), be<ACTION as the service name of the Web service of request object by recording and narrating〉content of mark.In addition, based on recording and narrating authentication information conduct<UsernameToken by WS-Security UsernameTokenProfile 1.0 standards of standardisation bodies OASIS planning〉content of mark.
In the service of mediating 103, analyze the stem of this SOAP request, at first, examine have or not<ACTION with and content (step S303B).At records<ACTION not〉during mark, or<ACTION〉exist but do not have its content, during promptly empty mark (when step S303 is "No"), be judged as illegal request, mediate and serve 103 to SOAP handling part 102 notification errors (step S304B).
On the other hand, at existence<ACTION〉during the content of mark (when step S303B is "Yes"), the service of mediating 103 is at first read the XML script 106 of validation in advance by EnableScript through storage device control part 105, and whether retrieval has been recorded and narrated in this XML script 106 by recording and narrating is<ACTION〉Web service (step S305B) of the content of mark.At result for retrieval for not have to find to being recorded and narrated at<ACTION during the corresponding login of Web service in the mark (is " when denying " at step S306B), SOAP handling part 102 is judged as illegal request, notification error (step S307B).
On the other hand, at result for retrieval for having found to being recorded and narrated at<ACTION during the corresponding login of Web service in the mark (being " when being "), continue retrieval and have or not and give the relevant information (step S308B) of serving corresponding to authentication, the authority of specified Web service at step S306B.In the result of retrieval for not have to find and giving (when step S308B is "No") when serving relevant information corresponding to authentication, the authority of Web service specified in the XML script, be judged as authentication processing, the authority that to carry out this Web service and give processing, mediate service 103 notice permissions and carry out (step S309B).
On the other hand, at result for retrieval is (when step S308B is "Yes") when having found the information relevant with the service of giving corresponding to authentication, the authority of Web service specified in the XML script, to the URL notice trust information of in XML script 106, recording and narrating, in this case, notice UsernameToken information (step S310B).In addition, as with the communication protocol of authentication, the authority service of giving (107~109), adopt SAML (Security Assertion Markup Language) 1.1 in the present embodiment by standardisation bodies OASIS planning.
Shown in Fig. 3 C, at step S301C, the record content (step S302C) that SOAP asks is analyzed in the giving service of authentication, authority one of (107~109) that receives trust information from the service of mediating 103, obtain UsernameToken information, give processing (step S303C) according to this information and executing authentication, authority, based on its result, the SOAP request of SAML (Security Assertion Markup Language) 1.1 is followed in generation, and it is returned to mediation service 103 (step S304C).Return finish dealing with after, authentication, giving service of authority (107~109) are transferred to wait from the service of mediating 103 reception trust information (step S301C).
Return Fig. 3 B once more.Receive authentication result in step S311B wait from the service of giving of authentication, authority, the mediation service 103 that receives authentication result then confirms whether record and narrate authentication in XML script 106, authority is given the invoked procedure (step S312B) of service, when record was arranged, repeating step S310B was to the step of step S312B.
On the other hand, when the record of XML script 106 is not finished (when step S312B is "No"), the service of mediating 103 sends to SOAP handling part 102 (step S313B) with this authentication result.Return finish dealing with after, the state (step S301B) that receives from the SOAP stem of SOAP handling part 102 of waiting for is transferred in the service of mediating 103.
Like this, owing to mediate service 103 records according to XML script 106, call authentication authority the give service corresponding one of (107~109) from terminal 1421 with specified Web service, so according to the record content of this XML script 106, can implement different authentications respectively, authority is given service.In addition, in the record content of this simple declaration XML script 106.
In XML script 106, at<xmlscript〉record and narrate the filename that identification XML script is arranged among the attribute name of mark.This document name is set by the scriptName of above-mentioned UploadScript function appointment.As<mapping〉the sub-mark of mark, definition have with the URL form record and narrate the information relevant with the Web service that becomes object<Service mark and with the URL form is recorded and narrated and this Web service is corresponding authentication, authority give serve relevant information<AuthService mark.
Fig. 5 represents the concrete example of XML script.Situation at the XML script shown in this figure is this document " Sample1 " by name, record and narrate the authentication authority for print service 110 and give service A (107), for scan service 111 is recorded and narrated authentication service B (108), for stores service 112 is recorded and narrated rights service B (109), record and narrate the authentication authority for FAX service 113 and give service, thus, different authentications is implemented in 103 pairs of each Web services of mediation service respectively, authority is given service.Consequently, can implement different authentications, authority is given processing, for example print service 110 be implemented cipher authentications, scan service 111 is implemented the authentication of PIN codes, the IC-cards authentication is implemented in FAX service 113.
In addition, according to XML script shown in Figure 6, to same print service 110 can implement different authentications, authority is given processing.Special print service (601) in this definition is the Web service that the terminal 1421 that is connected to network 1410 is provided simple and easy printing function, utilizes authentication rights service A (107) the enforcement authentication, the authority that are installed in MFP1400 to give processing.In addition, the Web service utilization that is defined as charging print service (602) the authentication rights service C (114) that is in running status through network 1410 in the outside of MFP1400 implements authentication, authority is given processing.
By such record, for example authenticating rights service A (107) is to use in the occasion of utilizing the easy authentication of division code, authority to give service, authentication rights service C (114) is the uses such as occasion of the service of giving in the high authentication authority of the level of security that utilizes credit number, code number and random cipher, can separately use both.
In addition, provide in the scan service 111 that works independently respectively of combination and stores service 112 under the occasion as the scanning-stores service of new Web service, as shown in Figure 7, can be scan service 111, stores service 112 corresponding respectively authentication rights service A (107), authentication service B (108), be the corresponding authentication of scanning-stores service rights service C (114) as new Web service.
In addition, XML script shown in Figure 8 is corresponding to print service 110, scan service 111, simultaneously also corresponding to authentication rights service A (107), because based on handling this two Web services by the database of authentication rights service C (114) management, so, can give processing (promptly print service 110 and scan service 111 being implemented independent registration) based on same trust information enforcement authentication, authority for the user who utilizes these two Web services.
In addition, although XML script shown in Figure 9 has been recorded and narrated authentication service B (108) and rights service (109) and carried out correspondence at print service 110, give service in each authentication of sequence call, authority that this service of mediating 103 is recorded and narrated on according to this XML script.Therefore, implement authentication processing, will be notified to rights service B (109), can accept giving authority information by assert (the ア サ one シ ヨ Application) that give this authentication service (108) as next processing by utilizing authentication service B (108).That is, when the multiple enforcement authentication processing of needs, or need distinguishing authentication to handle and authority is handled and when changing it and make up according to use-case etc., recorded and narrated and login this XML script shown in Figure 9.
In the present embodiment, can repeatedly login the XML script shown in the above-mentioned example.According to the record of the XML script of EnableScript appointment, implement the alignment processing that Web service and authentication authority are given service.Thereby,, just can change, upgrade the authentication authority of enforcement according to use-case and give processing by only changing the record of XML script.
Get back to Fig. 3 A once more.As shown in the figure, analyze its result (step S304A) from mediating the service 103 SOAP handling parts 102 (step S303) that receive result, when result is NG (when step S304A is "No"), SOAP Fault is returned to terminal 1421 (step S305A) as illegal request.
On the other hand, when authentication result is OK (when step S304 is "Yes"), analyze the Service Properties information of being recorded and narrated in the SOAP main part (step S306A), read attribute information to this Web service one of (110~130), this attribute information is notified to Web service, and Web service (step S307A) is carried out in request.
Shown in Fig. 3 D, receive Web service from SOAP handling part 102 and carry out the Web service of request one of (110~130) based on the attribute information of being notified, carry out Web service and handle (step S302D), this result is returned to SOAP handling part 102 (step S303D).Web service is transferred to wait and is received Web service execution request (step S301D) from SOAP handling part 102 after result is returned.
Return Fig. 3 A once more.The SOAP handling part 102 (step S308A) that receives result from Web service generates SOAP response (step S309A) based on this result.At this moment, receiving authentication, when the authority service of giving should return to the additional informations such as the information of asserting of terminal 1421, this information recorded and narrated in the SOAP stem through the service of mediating 103.In the moment that has generated the SOAP response, SOAP handling part 102 returns to terminal 1421 (step S310A) with the SOAP response.After returning the SOAP response, SOAP handling part 102 is transferred to the SOAP request (step S301A) that receives from terminal 1421 of waiting for.
By repeating a series of processes, authentication, the authority that can carry out requested Web service are given processing.
As seen from the above description, according to present embodiment, only change record content as the XML script of mapping table, just can corresponding other authentications, authority gives service, in addition, for can corresponding again authentication by making up new Web service that a plurality of Web services form, authority gives service, thereby can guarantee its fail safe neatly.Promptly, as existing, use-case according to the Web service that is suitable for is handled under the different occasions requested authentication, authority, do not need to transform Web service itself according to this request yet, only change the script of XML script and record and narrate content, just can be corresponding, so can be to realize than existing also low cost and existing equal firm fail safe.
In addition, owing to, can implement registration separately to a plurality of Web services by the record content of change as the XML script of mapping table, so according to present embodiment, can facilitating property, Networking Solutions ﹠ provisioned that simplification is high.
[the 2nd execution mode]
In the foregoing description 1, when login has been recorded and narrated Web service and authentication, authority and has been given the XML script of corresponding relation of service, from external equipment, be system operator management terminal 1421 through network 1410 to XML script handling part 104 send, login XML script, but the invention is not restricted to this.
For example, the URL that the server of XML script is arranged to the transmission of XML script handling part, login record through network from the terminal of system operator management, XML script handling part is downloaded the XML script from the server with this URL, and login is on the memory of self-management.
In addition, also can be to connect terminal and MFP with local interfaces such as USB, IEEE1394, sign in to XML script handling part through this interface.
In addition, also can be with the XML script logging in recording mediums such as CD-ROM, flash memory (registered trade mark), memory bank, MFP is through these recording medium, XML script handling part is read the XML script.
In addition, also can constitute the operating portion input XML script that has through MFP by the system operator that is given authority.
In addition, in the foregoing description 1, recorded and narrated the information relevant with the form of XML script with Web service, with to the relevant information of authentication, authority that should the Web service service of giving, but also can be to record and narrate language or simple text data is recorded and narrated with other scripts.
In addition, the foregoing description 1 has illustrated that XML script handling part manages a plurality of XML scripts, make the record of the XML script of appointment become effective occasion, but also can be that an XML script is recorded and narrated a plurality of patterns, realize same effect by specifying which pattern of employing.
In addition, as shown in figure 10,, also can be that the corresponding relation that will give service with this authentication, authority is added in each level of security and records and narrates for print service.Like this, the operating portion that has through MFP by the manager who gives authority switches this level of security, for example will not need the print service of authentication processing to change to the authentication service that needs IC-card, or change to the print service that has been endowed the use restriction different with the user.
In addition, the foregoing description 1 has illustrated the mode that service 103 is installed to the intranodal of MFP of mediating, but as shown in figure 11, also can be to make the logical block mode through network 1410 and independently of realize mediating service function, for example independently be installed in the structure on the server (1101) of PC.In addition; in this case; communication between the corresponding type equipment with network of logical block (1100) of realization mediation service function need be adopted SSL means such as (Secure Socket Layer), gives the result of service with protection authentication, authority and is not rewritten by the third party.
In addition, in the foregoing description 1, service and authentication, the authority service of giving of mediating uses the SAML agreement to communicate, but this agreement also can be each authentication, the intrinsic agreement of the authority service of giving, and the service of mediating communicates based on giving the service corresponding protocols with each authentication, authority.In addition, even under these circumstances, Web service can recognize not that also only authentication is implemented at each use-case in the existence ground of rights service, authority is given processing.
In addition, the foregoing description 1 shows based on the WSAddressing standard, has recorded and narrated the example as the service name of the Web service of request object, but also can be can not retrieve<Action in the service of mediating〉during mark, analyze the SOAP main part, obtain service name in this record.
In addition, the foregoing description 1 shows about authentication information, the example of recording and narrating based on the regulation of OASISWS-Security UsernameToken Profile, but be not defined in this especially, these standard specifications also can corresponding undefined trust information, in this case, can be equivalent to next corresponding enforcement of trust information by in the XML script, recording and narrating which mark.
[embodiment 3]
According to the information processor of the foregoing description 1 and embodiment 2, when Web service is provided, can realize both having kept firm fail safe, the Networking Solutions ﹠ provisioned that convenience, simplification are high again with low cost.
But, under the occasion of above-mentioned information processor since by moderator 1302 with reference to mapping table 1305, obtain and the authentication authority of Web service of request given the relevant information of serving, so have appending/deleting, the necessary problem of upgrading mapping table 1305 for Web service.
To this, also can manually upgrade mapping table 1005 successively by the manager of moderator 1302 and solve, also upgrade operation but the manager must investigate the lastest imformation of Web service, and this operation is also loaded down with trivial details, so have the high problem of management cost at every turn.
In addition, because the renewal of the mapping table 1305 that the manager carries out according to the enforcement of manager's situation, so the reflection of newly appending/deleting information of Web service is slack-off, hinders in the time of the best and imports best safety system, and then become the reason that causes illegal utilization.
Therefore, following examples explanation utilizes the service-oriented architecture based on Web service, realization has in the information processor of firm fail safe of flexibility, and with rapidly and simplify the management operations that appends/delete that comprises Web service, the minimizing management cost is the information processor of purpose.
The overall structure of<image processing system 〉
Because the overall structure of the image processing system of present embodiment and the image processing system (Figure 14) described in the foregoing description 1 are same, so in this description will be omitted.
The functional structure of<MFP1400 〉
Below, use Figure 15 that the functional structure of the MFP1400 of present embodiment is described.Figure 15 is the block diagram of functional structure of the MFP1400 of expression present embodiment.In addition, functional structure and Fig. 1 of MFP1400 shown in Figure 15 are roughly the same, and the part identical with Fig. 1 enclosed same reference numbers, only the explanation part different with Fig. 1.
Service Management service 1514 is service-specific of management Web service, has the function that control is appended new Web service (installation), deleted existing Web service (unloading), stops, restarting etc.In addition, in the present embodiment, Figure 15 shows this Service Management service 1514 and is present in the MFP1400, but also may reside in outside at MFP1400 in the terminal 1421 that network 1410 connects.In addition, this Service Management service 1514 is same with other services, constitutes the Web service of corresponding XML-SOAP.
In addition, in the present embodiment, when XML script 106 utilizes Service Management service 1514 that Web service is installed the manager, login automatically with the installed module of Web service.In addition, record and narrate management information that Web service is arranged (in stopping, starting medium), examine when the user utilizes Web service at this XML script 106.When the manager utilized Service Management service 1514 deletion Web services, this XML script 106 was also deleted automatically.
In addition, by the record content that the manager rewrites this XML script 106, can also give service to corresponding other authentication authorities of same Web service.In addition, the combination that utilizes a plurality of Web services is come the new Web service of work, corresponding again authentication authority is given service etc., can guarantee fail safe flexibly.
In addition, system operator can also be installed Web service through network 1410.At this, system operator is carried out the installation of Web service and is handled on the terminal 1421 of above-mentioned Service Management service 1514 work.Service Management service 1514 is carried out the installation processing of Web service and the login process of XML script 106 according to service management process flow process described later.Like this, go up this XML script 106 of storage at the memory (HDD1404) of storage device control part 105 controls.
The login of<XML script, deletion, validation, ineffective treatment are handled 〉
Below, use Figure 16 that the flow process that login, deletion, validation, the ineffective treatment of XML script 106 are handled is described.Figure 16 is the flow chart of the flow process handled of the login, deletion, validation, ineffective treatment of XML script 106 of the MFP1400 of expression present embodiment.In addition, in each step shown in the flow chart of Figure 16, the part identical with the flow chart of Fig. 2 enclosed same reference number, omit explanation.
At step S211, when being judged as the EnableScript that does not receive as SOAP request, XML script handling part 104 judges whether to receive DisableScript (step S1616) as the SOAP request through SOAP handling part 102.
At this, be judged as when receiving the DisableScript that asks as SOAP, XML script handling part 104 judges whether to go up with memory (HDD1404) account information consistent (step S1617) of record in order to confirm the content as the account and the password of independent variable through storage device control part 105.
At step S1617, be judged as account information when inconsistent, XML script handling part 104 returns error response message (step S1620) through SOAP handling part 102.In addition, when being judged as the account information unanimity, XML script handling part 104 judges whether the XML script of the scriptName with appointment has logined (step S1618).
At step S1618, when the XML of the scriptName with appointment script is not recorded in memory (HDD1404) (when not logined), XML script handling part 104 returns false response messages (step S1620) through SOAP handling part 102.
In addition, the XML of the scriptName with appointment script logging (when having logined) when memory (HDD1404), XML script handling part 104 makes the XML script of the scriptName with appointment become invalid (step S1619), after, mediate service 103 with reference to this XML script.
More than handling is the processing of occasion of having issued the administration order of the XML script corresponding with the indication of Web service from Service Management service 1514 to MFP1400.
The handling process of<Service Management service 1514 〉
Below, use the gerentocratic service management process flow process of Figure 17 illustrative system.In the present embodiment, the Web service supervisory frame in the system management picture that Service Management service 1514 is mounted in the terminal 1421.System operator is carried out Service Management service 1514 from the Web service supervisory frame of MFP1400, a series of bookkeepings such as the login (installation) of enforcement Web service, deletion (unloading), validation, ineffective treatment.
But the bookkeeping of Web service constitutes with SOAP envelope form.In this SOAP order, the fail safe mark of the authentication authority of the kind of operational motion and information concerning order publisher is stored in the SOAP stem respectively.In addition, when appending Web service, will be attached to the SOAP main part to the XML script of recording and narrating in requisition for the place information of the authentication service of this Web service.
Figure 17 suitably carries out authentification of user from system operator at above-mentioned Web service supervisory frame, gives as gerentocratic authority, and begins when specifying bookkeeping to Web service.At step S1710, when the appointed Web service of bookkeeping, judge the result of the authentification of user that carries out earlier, whether the operator has correct administration authority.This judgement adopts the fail safe mark in the SOAP to carry out.
At step S1701, be judged as when not having the appropriate managerial authority, the return authentication wrong responses is transferred to the picture (step S1702) of request authentification of user once more.On the other hand, be judged as when having suitable operating right, accepting bookkeeping Web service.
Then, as the required information of form of SOAP order, judge whether correctly to comprise the kind and the XML script (step S1703) of bookkeeping.At this, SOAP order is being appending but not comprising the occasion etc. of XML script of Web service, and when the SOAP order can not form suitable form, response generated order errored response (step S1704) as SOAP.
When the correct formation of SOAP order, judge at step S1705 whether the action kind of SOAP order is appending of Web service.When being the appending of Web service, judge at step S1706 whether the XML script is attached to the SOAP envelope.To be the Web service of will append carry out related MAPPING TABLE with the place information of the required authentication rights service of this Web service with the XML script, if, can not utilize it even then append Web service appending processing stage this MAPPING TABLE not of Web service.Thereby, judge having or not of this XML script at step S1706.
When the XML script is arranged, extract the XML script of SOAP main part out through the SOAP envelope at step S1707.Then, order to XML script handling part 104 distribution UploadScript at step S1708.In addition, the process of SOAP envelope, form confirm that order carries out at the SOAP of Figure 15 handling part 102.On the other hand, when not having the XML script, carry out wrong responses (step S1709).
When the action field of SOAP order is not appending of Web service in step S1705, judge whether to restart Web service with the judgement order of step S1710.When restarting Web service, transfer to step S1711, to the 104 distribution EnableScript orders of XML script handling part.
At step S1710, when the action field of SOAP order is not restarting of Web service, judge with the order of judging of step S1712 whether Web service stops (ineffective treatment).Being Web service when stopping, transferring to step S1713, to the 104 distribution DisableScript orders of XML script handling part.
At step S1714, not Web service when stopping (ineffective treatment) in the action field of SOAP order, judge whether to delete (unloading) Web service with the judgement order of step S1712.When being the deletion of Web service, transfer to step S1715, send the DeleteScript order to XML script handling part 104.
In addition, at step S1714, when the action field of SOAP order is not the deletion of Web service, owing to be not the bookkeeping of being scheduled to, but do not have predetermined actions, so acknowledgement command mistake (step S1704).
Order in Figure 17 distribution, be that UploadScript, EnableScript, DisableScript, DeleteScript are by 102 distribution of SOAP handling part, handle at XML script handling part 104, implement login, deletion, the renewal of XML script according to the action kind.
From the above description as can be known, Web service according to present embodiment is the information processor on basis, because when Web service is installed, Service Management service 1514 installed modules with Web service are installed in information processor, simultaneously XML script handling part 1504 is notified the XML script (mapping table) of the place information of the correspondence of having recorded and narrated authentication service, XML script handling part 1504 receives this information and upgrades the XML script automatically, so system operator does not need manually to carry out related with the corresponding authentication service of the installation exercise of Web service, and then can suppress cost lower.
In addition, be not only the installation of Web service, the deletion of Web service, a series of bookkeepings of stopping, restarting also can by this Service Management service 1514 easily and monobasic ground in the remote environment realization, have the effect that can alleviate management cost like this.
In addition, append/delete the renewal of carrying out the mapping table of system operator automatically along with service, so the reflection of newly appending/delete information of service can be not slow, can import best safety system in time of the best, have like this and can prevent that infringement that illegal utilization causes is in the effect of possible trouble.
[other embodiment]
In addition, the present invention also goes for the system by a plurality of equipment (for example main frame, interface equipment, reader, printer etc.) formation, also goes for the device (for example photocopier, facsimile machine etc.) that is made of 1 equipment.
In addition, purpose of the present invention can certainly be by will having write down the function that realizes the foregoing description the medium of program code of software offer system or device, the computer of this system or device (or CPU and MPU) reads and carries out that program stored realizes in the medium.
At this, the program code of reading from medium itself is realized the function of the foregoing description, and the medium of having stored this program code constitutes the present invention.
Provide the medium of program code for example can adopt floppy disk (registered trade mark), hard disk, CD, photomagneto disk, CD-ROM, tape, Nonvolatile memory card, ROM etc. as being used to.
In addition, comprise that not only the program code of reading by object computer realizes the occasion of the function of the foregoing description, also comprise indication based on this program code, Yun Hang OS (operating system) etc. carries out part or all of actual treatment on computers, utilizes this to handle the occasion of the function that realizes the foregoing description.
In addition, certainly comprise also that the program code of reading from medium writes the expansion board of inserting computer or is connected to after the memory that the functional expansion unit of computer has, indication based on this program code, the CPU that this expansion board or functional expansion unit have etc. carries out part or all of actual treatment, handles the occasion of the function that realizes the foregoing description by this.
The invention is not restricted to the foregoing description, can make various changes and modification within the scope of the invention.Therefore, for clear and definite scope of the present invention, the right request below having applied for.

Claims (13)

1. information processor comprises: a plurality of a plurality of authentication processing unit that the unit are provided and the user that this Web service is provided through network requests is implemented authentication processing of a plurality of Web services are provided, it is characterized in that described information processor also comprises:
Holding unit, in order to keeping corresponding informance, described corresponding informance has been recorded and narrated and the corresponding relation that relevant information in unit and the information relevant with the authentication processing unit of implementing authentication processing when this each Web service is provided are provided that above-mentioned each Web service is provided; With
Judgement unit, from above-mentioned corresponding informance retrieval and the Web service that provides above-mentioned user to ask provide the unit relevant information, and differentiate in this corresponding informance corresponding record, with the relevant information in above-mentioned authentication processing unit,
Wherein, utilizing the information relevant that determines according to above-mentioned judgement unit with the authentication processing unit authentication processing unit of appointment, carried out under above-mentioned user's the situation of authenticate-acknowledge, by providing this Web service in order to the unit that provides that the Web service that above-mentioned user asks is provided.
2. information processor as claimed in claim 1 is characterized in that:
Above-mentioned corresponding informance is recorded and narrated with structured language.
3. information processor as claimed in claim 1 is characterized in that:
Above-mentioned holding unit keeps a plurality of corresponding informances, based on the indication from the user, implements the login of new corresponding informance and the deletion of existing corresponding informance.
4. the information processing method of an information processor, comprise: a plurality of a plurality of authentication processing steps that step are provided and the user that this Web service is provided through network requests implemented authentication processing that a plurality of Web services are provided, it is characterized in that described information processing method also comprises:
Keep step, keep having recorded and narrated corresponding informance with the corresponding relation that relevant information of step and the information relevant with the authentication processing step of implementing authentication processing when this each Web service is provided are provided that above-mentioned each Web service is provided; With
Discriminating step, from above-mentioned corresponding informance retrieval and the Web service that above-mentioned user request is provided provide step relevant information, and differentiate in this corresponding informance corresponding record, with the relevant information of above-mentioned authentication processing step,
Wherein, in the authentication processing step of utilizing appointment according to the information relevant that in above-mentioned discriminating step, determines with the authentication processing step, carried out under above-mentioned user's the situation of authenticate-acknowledge, by providing this Web service in order to the step that provides that the Web service that above-mentioned user asks is provided.
5. one kind provides the information processor by the Web service of user's request, it is characterized in that, comprising:
Authentication processing is implemented to the user of Web service is provided through network requests in a plurality of authentication processing unit;
Record cell, in order to the record corresponding informance, described corresponding informance has been recorded and narrated the corresponding relation of information relevant with Web service and the information relevant with the above-mentioned authentication processing unit of implementing authentication processing when this Web service is provided;
Judgement unit, the relevant information of Web service that retrieval is asked with above-mentioned user from above-mentioned corresponding informance, and differentiate in this corresponding informance corresponding record, with the relevant information in above-mentioned authentication processing unit; With
Indicating member sends the indication relevant with Web service,
Wherein, above-mentioned record cell sends at above-mentioned indicating member under the situation of the indication relevant with Web service, writes down the corresponding relation of information relevant with this Web service and the information relevant with the authentication processing unit of implementing authentication processing when this Web service is provided.
6. information processor as claimed in claim 5 is characterized in that:
Appending according to the indication of above-mentioned indicating member under the situation of new Web service, this indicating member appends the information relevant with this Web service that is added, this corresponding informance of above-mentioned recording unit records simultaneously hereof.
7. information processor as claimed in claim 5 is characterized in that:
Deleting according to the indication of above-mentioned indicating member under the situation of Web service, this indicating member is the deletion information relevant with this deleted Web service from file simultaneously, this corresponding informance of above-mentioned recording unit records.
8. information processor as claimed in claim 5 is characterized in that:
When the indication according to above-mentioned indicating member restarted Web service is provided, this indicating member was simultaneously at the information rewriting above-mentioned corresponding informance relevant with this Web service that restarts, this corresponding informance of above-mentioned recording unit records.
9. information processor as claimed in claim 5 is characterized in that:
When the indication according to above-mentioned indicating member stopped Web service being provided, this indicating member was simultaneously at the information rewriting above-mentioned corresponding informance relevant with this Web service that is stopped, this corresponding informance of above-mentioned recording unit records.
10. information processing system comprises: the 1st information processor and the 2nd information processor that can be connected communicatedly with the 1st information processor is characterized in that:
Above-mentioned the 1st information processor comprises:
A plurality of unit that provide provide a plurality of Web services;
Authentication processing is implemented to the user of this Web service is provided through network requests in a plurality of authentication processing unit;
Record cell, in order to the record corresponding informance, described corresponding informance has been recorded and narrated and the corresponding relation that relevant information in unit and the information relevant with the above-mentioned authentication processing unit of implementing authentication processing when this Web service is provided are provided that above-mentioned each Web service is provided; With
Judgement unit, from above-mentioned corresponding informance retrieval and the Web service that provides above-mentioned user to ask provide the unit relevant information, and differentiate in this corresponding informance corresponding record, with the relevant information in above-mentioned authentication processing unit,
Wherein, in the authentication processing unit that utilizes appointment, carried out under above-mentioned user's the situation of authenticate-acknowledge according to the information relevant that determines by above-mentioned judgement unit with the authentication processing unit, the Web service that provides above-mentioned user to ask,
Above-mentioned the 2nd information processor comprises:
Indicating member carries out providing the unit relevant indication with above-mentioned,
Wherein, above-mentioned record cell exist send by above-mentioned indicating member, when unit relevant indication is provided, write down above-mentioned corresponding informance with above-mentioned simultaneously.
11. the information processing method of an information processor comprises: a plurality of steps that provide that a plurality of Web services are provided; The user that this Web service is provided through network requests is implemented a plurality of authentication processing steps of authentication processing; In record cell, recorded and narrated recording step with the corresponding informance of the corresponding relation that relevant information of step and the information relevant with the above-mentioned authentication processing step of implementing authentication processing when this each Web service is provided are provided that above-mentioned each Web service is provided; From above-mentioned corresponding informance retrieval with provide the relevant information of step, and the discriminating step of differentiation information relevant of corresponding record in this corresponding informance in order to what Web service that above-mentioned user asks was provided with above-mentioned authentication processing step, wherein, described information processor is utilizing according to the information relevant with the authentication processing step that determines in the above-mentioned discriminating step authentication processing step of appointment to carry out under above-mentioned user's the situation of authenticate-acknowledge, the Web service that provides above-mentioned user to ask, it is characterized in that described information processing method also comprises:
Send and the above-mentioned indication step that the relevant indication of step is provided,
Wherein, above-mentioned recording step exist send by above-mentioned indication step, with the above-mentioned situation that the relevant indication of step is provided under write down above-mentioned corresponding informance simultaneously.
12. an information processor is characterized in that, comprising:
Web service request receiving element receives the Web service request from the Web service request source;
Holding unit, in order to maintenance information, described information has been recorded and narrated a plurality of Web services that Web service is provided and the unit is provided and provides the Web service request source of Web service to carry out the corresponding relation of a plurality of authentication processing unit of authentication processing to request;
Judgement unit, differentiating the corresponding Web service of Web service of being asked with the Web service request source provides unit and authentication processing unit; With
The Web service request unit, to the authentication processing unit requests that determines by above-mentioned judgement unit above-mentioned Web service request source is authenticated, and when the authenticate-acknowledge that has carried out above-mentioned Web service request source, provide the Web service of unit requests by the request of above-mentioned Web service request source to the Web service that determines by above-mentioned judgement unit.
13. an information processing method is characterized in that, comprising:
Web service request receiving step receives the Web service request from the Web service request source;
Keep step, in order to maintenance information, described information has been recorded and narrated in order to a plurality of Web services that Web service is provided and the unit is provided and carries out the corresponding relation of a plurality of authentication processing unit of authentication processing in order to the Web service request source that request is provided Web service;
Discriminating step, differentiating the corresponding Web service of Web service of being asked with the Web service request source provides unit and authentication processing unit;
The Web service request step, to the authentication processing unit requests that in above-mentioned discriminating step, determines above-mentioned Web service request source is authenticated, and under the situation of having carried out, provide the Web service of unit requests by the request of above-mentioned Web service request source to the Web service that in above-mentioned discriminating step, determines to the authenticate-acknowledge of above-mentioned Web service request source.
CN200510099474.7A 2004-09-06 2005-09-06 Information processing apparatus and information processing method Expired - Fee Related CN100596067C (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
JP2004258406A JP4748763B2 (en) 2004-09-06 2004-09-06 Information processing apparatus, control method for information processing apparatus, program, and storage medium
JP2004258406 2004-09-06
JP2004355882A JP4748766B2 (en) 2004-12-08 2004-12-08 Information processing apparatus, information processing system, information processing method, program, and storage medium
JP2004355882 2004-12-08

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN2010101140557A Division CN101789951B (en) 2004-09-06 2005-09-06 Information processing apparatus and information processing method

Publications (2)

Publication Number Publication Date
CN1747387A CN1747387A (en) 2006-03-15
CN100596067C true CN100596067C (en) 2010-03-24

Family

ID=36153435

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200510099474.7A Expired - Fee Related CN100596067C (en) 2004-09-06 2005-09-06 Information processing apparatus and information processing method

Country Status (2)

Country Link
JP (1) JP4748763B2 (en)
CN (1) CN100596067C (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4748766B2 (en) * 2004-12-08 2011-08-17 キヤノン株式会社 Information processing apparatus, information processing system, information processing method, program, and storage medium
US8019812B2 (en) * 2007-04-13 2011-09-13 Microsoft Corporation Extensible and programmable multi-tenant service architecture
US7979896B2 (en) * 2007-04-20 2011-07-12 Microsoft Corporation Authorization for access to web service resources
CN101079889A (en) * 2007-06-26 2007-11-28 中兴通讯股份有限公司 Data transmission system and its transmission method
CN101178757B (en) * 2007-11-23 2010-06-23 珠海博睿科技有限公司 Right managing method and apparatus
CN101572696B (en) * 2008-04-29 2012-07-18 华为技术有限公司 Method and device for validating data on webpage form
CN101296243B (en) * 2008-06-26 2013-02-20 阿里巴巴集团控股有限公司 Service integration platform system and method for providing internet service
CN101616136B (en) 2008-06-26 2013-05-01 阿里巴巴集团控股有限公司 Method for supplying internet service and service integrated platform system
JP2010170208A (en) * 2009-01-20 2010-08-05 Toshiba Corp Authority management system
CN102801694B (en) * 2011-05-27 2015-07-08 阿尔卡特朗讯公司 Method and system for implementing third-party authentication based on grey list
JP7210937B2 (en) * 2018-08-29 2023-01-24 コニカミノルタ株式会社 image forming device

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1437379A (en) * 2002-02-07 2003-08-20 夏普株式会社 Radio communication system, communication apparatus and portable terminal for realizing higher safety grade

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3436165B2 (en) * 1999-01-07 2003-08-11 日本電気株式会社 Communication relay system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1437379A (en) * 2002-02-07 2003-08-20 夏普株式会社 Radio communication system, communication apparatus and portable terminal for realizing higher safety grade

Also Published As

Publication number Publication date
JP4748763B2 (en) 2011-08-17
CN1747387A (en) 2006-03-15
JP2006072904A (en) 2006-03-16

Similar Documents

Publication Publication Date Title
CN101789951B (en) Information processing apparatus and information processing method
CN100596067C (en) Information processing apparatus and information processing method
US10187467B2 (en) Information processing system and method of processing information
US8769127B2 (en) Cross-domain solution (CDS) collaborate-access-browse (CAB) and assured file transfer (AFT)
RU2506632C2 (en) Information processing device, driving method therefor and computer-readable data medium
US5764887A (en) System and method for supporting distributed computing mechanisms in a local area network server environment
CN101185061B (en) System and method for managing documents with multiple network applications
US9053303B2 (en) Apparatus, authentication system, authentication control method, authentication control program, and computer-readable recording medium having authentication control program
EP1549021A1 (en) Access controlled by security token and mediated by sever
JP4868724B2 (en) Information processing apparatus, information processing method, and program thereof
US20060158676A1 (en) Information processing apparatus, information processing method, program, and storage medium
US20060294580A1 (en) Administration of access to computer resources on a network
CN105793814A (en) Cloud data loss prevention integration
JP5090835B2 (en) Information processing apparatus and authentication control program
EP2037385A1 (en) Information processing apparatus, authentication control method, and authentication control program
US20080263635A1 (en) Policy store
CN1601954B (en) Moving principals across security boundaries without service interruption
US20190268349A1 (en) System and method for unified secure remote configuration and management of multiple applications on embedded device platform
CN101593282B (en) Image forming apparatus performing user authentication using a card
JP2003345789A (en) System and device for managing document, authenticating method, computer readable program, and storage medium
KR101489049B1 (en) Information processing apparatus and method of executing an application in the apparatus
JP2005157571A (en) Information processor, apparatus, information processing system, authentication program, and recording medium
JP4748766B2 (en) Information processing apparatus, information processing system, information processing method, program, and storage medium
JP2013033486A (en) Information processor, authentication control method, program, and recording medium
JP2001344208A (en) Group ware and recording medium with the group ware recorded thereon

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100324

Termination date: 20200906