JP2003533767A - Transform objects between computer programming languages and data representation languages - Google Patents

Abstract

(57) [Summary] A mechanism for compiling an object into an object representation and a mechanism for decompiling the object representation into a copy of the object will be described. A virtual machine (eg, a Java virtual machine (JVM)) is an extension that compiles an object (eg, a Java object) into a representation of a data representation language (eg, XML) of the object and an extension that decompiles the representation of the object into an object. Features can be included. The virtual machine can include an application programming interface (API) for a compile / decompile extension. Clients and services may be running within a virtual machine. The virtual machines can be on the same device or different devices. The compiler / decompiler API can accept an object as input and output a data representation language representation of the object and all referenced objects (object graphs) in a data stream. In addition, the compiler / decompiler API can accept a data stream, which includes a representation of an object and all its referenced objects (object graphs), and objects (and the objects in that object graph). Output all objects). In one embodiment, an intermediate format may be used to represent a data representation language document, and the intermediate format may be dynamically processed to generate class instances from the data representation language document.

Description

Detailed Description of the Invention

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to virtual machines, and more particularly to conversion between computer programming language objects and data representation language representations of objects.

(2. Description of Related Art) Intelligent devices are becoming widespread. Such devices include smart appliances, personal digital assistants (PDAs)
), Mobile phones, laptop computers, desktop computers,
There are workstations, mainframes, and even supercomputers. Networks are also becoming a common way of interconnecting intelligent devices that can communicate with each other. However, there are significant differences in the computational and memory capacities of various intelligent devices. Devices with limited capabilities are sometimes referred to as space-saving devices or "thin" devices. Thin devices may not be able to join the network interconnecting the more powerful devices. However, it may be desirable to interconnect a variety of different types of intelligent devices.

There is an ever-increasing desire for improved networking capabilities. Business networks continue to expand to capture the direct interaction between suppliers and customers. Mobile phones, personal digital assistants, and Internet-enabled computers have become commonplace in the enterprise and at home. Home networks are audio / video devices such as TVs and stereo devices.
Visual equipment can be used to interconnect home computers and other devices that control intelligent systems such as security systems and temperature controlled thermostats. High bandwidth media such as cable and ASDL can be used to enhance services such as internet access video on demand, e-commerce. Network systems are in widespread use. It is desirable for intelligent devices to be able to communicate with each other and share resources without a formal network.

Currently, setting up, scaling and managing a traditional network is a complex task. For example, adding hardware or software to a network often requires a network administrator to load drivers and configure the system. Even minor changes to the network configuration may require the entire network to be down for a period of time. In addition, some intelligent devices do not support the interfaces required to communicate on a given network.

What is needed is a simple way to connect a variety of intelligent devices, enable communication and resource sharing, while avoiding the interoperability and complex configuration problems that exist in traditional networks. There are various technologies that improve the ability to add devices to a network. For example, many modern I / O buses such as Universal Serial Bus, 1394, and PCI support plug-and-play and dynamic discovery protocols, making it easy to add new devices to the bus. You can do it. However, these solutions are limited to specific peripheral buses and are not suitable for general networks.

A recent technology, Sun Microsystems, Inc. Jini
Seeks to make devices such as printers and disk drives easy to connect and share over the network. A device incorporating Jini announces to the network, informs about the details of its own capability, and immediately enters a state where it can be accessed by other devices on the network.
Jini enables distributed computing in which the functions of various devices are shared on a network. Jini technology aims to allow users to share services and resources over a network. Jin
Another goal of i-technology is to allow users to easily access resources anywhere on the network, even if their network location changes. Jini is also seeking to simplify the task of building, maintaining, and modifying networks of devices, software, and users.

In Jini, each Jini-compatible device requires a specific capacity of memory and processing capacity. Usually, a Jini-compatible device includes a Java virtual machine (JVM). Therefore, the Jini system has Java technology at its core. Java is available from Sun Microsystems, Inc. Is a high-level object-oriented programming language developed by. You can compile Java source code into a format called bytecode and run it in a Java virtual machine.

Bytecode is computer source code that is processed by a virtual machine rather than the hardware processor that is the “real” computer machine. The virtual machine translates generalized machine language instructions (bytecodes) into specific machine language instructions (instructions understood by a computer processor). Using the language that ships with the virtual machine for each platform, the source language statements can be compiled only once and run on the platform that supports the virtual machine. The Java programming language is an example of such a language, and the Java Virtual Machine (JVM) is an example of a virtual machine platform that supports programs written in the Java programming language. Java
Virtual machines are available on most computing platforms, so Java and hence Jini achieves some platform independence. In the Jini architecture, the Java programming language is Jin.
It makes use of the assumption that it is the implementation language of the components of the i system. Ja
The ability to dynamically download and execute va code is central to many features of the Jini architecture.

The purpose of the Jini architecture is to unify multiple groups of devices and software components into a single dynamic distributed system. An important concept in the Jini architecture is the concept of service. A service is an entity that can be used by people, programs, or other services. Two examples of services are a service for printing a document and a service for converting from one word processor format to the other. Jini allows members of the Jini system to share access to services.
Services within the Jini system communicate with each other by using a service protocol, which is a set of interfaces written in the Java programming language. Service discovery and solutions are done using lookup services within the Jini system. The lookup service maps the interfaces that represent the functionality provided by the service to the objects that implement the service.

Description entries can also be associated with services. Devices and applications register with the Jini network using a process called discovery. Once registered, the device or application enters the lookup service. Lookup services not only store pointers to these services on the network, but also the code to access these services. For example, when a printer is registered with a lookup service, it loads the printer driver and / or its interface with the driver into the lookup service. When a client requests the use of a printer, its driver and driver interface are downloaded to the client from a lookup service. This move of code means that clients can use services from the network without pre-installing or loading drivers or other software.

Communication between services in the Jini system is performed by Java Remote Met.
This is done using hod Invocation (RMI). RMI is a Java programming language extension to the conventional remote procedure call mechanism. In RMI, not only can data be passed from object to object within the Jini network, but also complete objects, including code, can be passed. The Jini system relies on the code being able to move around the network in a form encapsulated as Java objects.

Access to services within the Jini system is based on leases. What is a lease?
It is to allow guaranteed access for a certain period of time. Each lease is negotiated between the service consumer and the service provider as part of a service protocol. If service is requested for a period of time, access can be granted for a period of time, perhaps the requested period. Leases need to be renewed in order for the service to remain part of the Jini system.

FIG. 1 shows a stack of Jini's basic techniques. The Jini technology defines a distributed programming model 12 (supported by JavaSpaces, leases, and object templates). Jini
Object communication is performed by R on the TCP / IP compatible networking layer 16.
It is based on the MI layer 14.

Jini is a promising technology for simplifying distributed computing.
However, Jini may not be suitable depending on the type of device. The flow of computing technology is toward distributed Web-centric services and content models, and the content of client services and content is changing rapidly. Future clients will be companion-type devices that users can take with them wherever they go. As such a device, for example, a combination of a mobile phone and a PDA can be considered. It would be desirable for such devices to be able to communicate and share resources not only with more powerful devices, but also with lighter thin or powerless devices.

In addition, the advent of the Internet, resulting in an explosive increase in devices connected to the net, necessitated a distributed programming model designed to take advantage of these phenomena. Enabling technologies are required for clients to connect to services in a reliable, secure and secure manner. Various clients and services, from thick clients to thin clients, need to be connected within the Internet, corporate intranet, or even a single computer. It is desirable to abstract distance, latency, and implementation from both clients and services.

A key challenge in distributed computing technology is to scale from powerful thick clients to very lightweight thin clients such as embedded mobile devices. Current distributed computing technologies such as Jini are not scalable enough to meet the needs of clients of all kinds. Some devices, such as space-saving devices and embedded devices, do not fully participate in current distributed computing technology due to insufficient memory resources or lack of sufficient networking bandwidth. The low end of client products such as embedded mobile devices often have a limited or fixed code execution environment. These devices may also have minimal storage capacity or no persistence at all. Most small embedded mobile devices do not support Java virtual machines. Most code-executable small clients execute only native code. In addition, most small devices use at most flash memory or battery storage as their sole persistent storage medium.
It only has a backup RAM. The storage capacity is very small and often read-only in nature. Moreover, the access time of this type of storage medium is often more than an order of magnitude slower than the access time of the hard disk of the more powerful client.

Existing connection technologies such as Jini may not be as scalable as desired due to their large size. For example, in Jini, all participants have Ja
Although it needs to support va, many small clients cannot reserve resources for the Java virtual machine. Furthermore, since Jini uses RMI, it is necessary that the code and contents can be downloaded on the client side. As Jini augments existing client platforms by downloading new classes, small devices such as embedded devices may have security and size issues. Jini operates in such a way that a resource communicates with a client by passing code and data. When a client activates a Jini service, the service returns a result to the client, which may contain a large amount of code or content. In Jini, the client may call a method, which may return a large object and download it. The client may not have the resources to accept the returned object. Furthermore, RMI and Java itself require a large amount of memory. A lot of space saving
A device may not have the resources to effectively or even add to current distributed computing technology.

Another problem with existing distributed computing technologies is that they often require multiple levels of connectivity and protocols. For example, Jini assumes that there is a reasonably fast network for connecting computers and devices. In Jini, TCP / IP
You also need a device that supports the network transport protocol. However, many small devices have limited connectivity. Small devices
Long or slow network connection latency, TCP /
It may not support IP.

As mentioned above, Jini requires a device with a Java virtual machine that supports Java, and thus requires processing power and storage capabilities that many smaller devices do not have. This also limits Jini's flexibility in that non-Java enabled devices cannot directly participate in the Jini system. Since Jini requires Java, it can be regarded as a homogeneous environment. However, it is desirable to have distributed computing capabilities for heterogeneous distributed computing, from very small embedded devices to PDAs, cell phones to laptops and even the most powerful computers. Common Object Request Broker Architecture (COR
There are other heterogeneous solutions such as BA). CORBA is a program
An architecture that allows objects to communicate with each other regardless of the programming language used to create them or the operating system on which they are executed. However, CORBA cannot handle all the connection problems handled by Jini. In addition, CORBA has the same scalability problem as Jini.

Technologies such as Jini and CORBA use a code-centric programming model to define the interface between remote computers. The code-centric programming model defines a program interface or API for communication between remote clients or components. AP
I can be defined in a particular programming language. The API must be consistent with all software components to ensure proper interoperability. All access to components is through these standard APIs, so the code that implements these APIs must reside in the client platform. The code is
It can be statically linked to the platform or dynamically downloaded as needed. Many embedded or mobile devices simply
Not only is the quality control problem involved, but it also depends on a single language and program execution environment, so that the code cannot be dynamically accepted from the network. Data-centric models, such as networking protocols, avoid relying on code movement, but such protocols are not feature rich enough to easily accommodate distributed computing, and code and other types such as type safety. Programming by programming function cannot be done easily.

A conventional distributed computing system relies on a program executing on a first device being able to remotely call a program on a second device, the results being returned to the first device. . Remote Procedure Call (RPC) is the basic mechanism for making remote calls to programs or procedures. Both CORBA and Jini
Based on the ability to call methods remotely. However, Jini and CO
Communicating by passing code or objects such as RBA can be somewhat complicated. For example, as mentioned above, in Jini Java Remote
Communication between services is performed using e Method Invocation (RMI). Some means of serialization / deserialization is required for the client to move Java objects to and from remote locations. Such current functionality in the Java Development Kit (JDK) relies on the reflection API to determine the contents of Java objects, which ultimately requires that code to query the virtual machine. This code is quite large and inefficient.

Current methods for doing serialization / deserialization have basic problems with size, speed, and object traversal models. Code outside the JVM is unaware of the Java object's structure or graph, so it must traverse the object graph, disassociate, and eventually call the JVM. Traditional serialization and reflection mechanisms for storing and moving Java objects are not practical for all types of devices, especially the lighter weight thin devices. Ja
A problem with va reflection and serialization is that graph (transitive closure of objects) reflection of objects is difficult to perform outside of the JVM. Serialization requires a lot of code and is too big. Furthermore, serialization is a Java-specific object exchange format, and cannot be used on a device that does not support Java.

In the Jini distributed computing model, Java devices are
You need to move the a object. As a result, the serialization mechanism itself is not platform independent as it cannot be used to send and receive objects on a non-Java compliant platform. Serialization is a homogeneous object format and works only on the Java platform. Because serialization uses the reflection API, it may be subject to security-related restrictions, often with native J
You have to deal with this using VM dependent methods. The reflection API can provide a graph of objects, but it is inefficient because it is called many times between the JVM and the code that calls the reflection method.

To serialize an object using Java reflection, the application side needs a JVM when dynamically parsing the transitive closure of the object.
You need to interact with ping-pong and retrieve objects one field at a time. To deserialize an object using Java deserialization, the application side needs to work closely with the JVM to reconstruct the object one field at a time when dynamically parsing the transitive closure of the object. There is. As a result, Java serialization / deserialization is time consuming, cumbersome, and requires not only a large amount of application and JVM code to be written, but also a persistent storage area.

Even for thin clients that support Java, Jini RMI
It seems impractical for thin clients with minimal memory footprint and minimal bandwidth. Serialization associated with Jini RMI is long-running, large in code size, requires the JVM reflection API, and is a representation of Java-specific objects. Java deserialization is also time consuming to execute, has a large code size and requires a serialized object parser. Even Java-based thin clients may not be able to accept large Java objects (along with the required classes) that are (always) returned to the client over the network when requested in Jini. There is a need for more scalable distributed computing mechanisms. Addressing security issues with a more scalable distributed computing mechanism, and allowing the passing of objects such as Java objects, and from one network mode to another.
It is desirable to be extensible so that the process can be put into a mode.

Persistent storage is required in object-based distributed computing systems. However, as mentioned above, attempts at object storage are often language and operating system specific. Moreover, these object storage systems are too complex to be used in many small embedded systems. For example, in Jini technology, Java Spac
Use es as persistent object container. However, Java Spa
ce only stores Java objects and cannot be mounted on a small device. Each object in JavaSpace is: Serialized and Java
Pay the above penalties associated with serialization. It would be desirable to have a heterogeneous object repository for distributed computing, from small devices to large devices.

Sun Microsystems, Inc. JavaSpaces uses the results of parallel processing by Professor David Gelernter of the Department of Computer Science at Yale University. In a feature set named "Linda" by Prof. Gerernter, a shared memory space called TupleSpace is created to store the results of computer processes or those processes themselves,
Allow access by multiple CPUs. Linda thus comprises global shared memory for multiple processors.

Another technology for extending Linda is T from IBM Corporation.
Space. TSpace is the basic Linda TupleSpace
It extends the e-framework to provide real data management and download of new data types and new semantic features. TSpace comprises a set of network communication buffers and a set of APIs for accessing these buffers. Therefore, as with many solutions above, TS
Pace uses a code-centric programming model and shares the drawbacks of such a model. Moreover, since TSpace is implemented in the Java programming language, it requires other means, such as a Java executable microprocessor, to execute Java virtual machines and Java bytecodes. Therefore, TSpace appears to be unsuitable for space-saving devices that cannot dedicate sufficient resources to executing Java bytecode.

In object-oriented distributed systems, it is desirable to be able to identify object repositories and find particular objects within those repositories. As mentioned, the Jini lookup server seems impractical for small devices with small memory footprints. It would be desirable to have a more efficient mechanism for identifying object stores.

In the distributed network computing model, it is desirable for the client to have the ability to specify services. Current network protocols either provide only a single standard service access interface with no security when accessing network services, or all services, including administrators or privileged functions. Provides "all or nothing" access to features. Also, current network protocols that specify services do not provide a flexible mechanism for finding services. Current protocols do not have any selective search capabilities (eg UPnP) or only primitive keyword and attribute grammar mechanisms (eg SLP). Therefore, the current service discovery mechanism
(service discovery mechanism) is a security and search criteria mechanism (se
It seems that the arch criteria mechanism) is too inflexible.

Furthermore, current service discovery models use a symmetric model to identify services. However, it is considered a waste of resources for some service devices, such as devices that can use proximity-based features, to support discovery models. This is because such devices have already been identified due to their proximity (eg, one device physically pointing to the other device). Therefore, an alternative lightweight discovery mechanism would also be desirable for such devices.

Distributed object access also requires an unbiased and efficient sharing mechanism. As mentioned above, Jini currently uses the leasing mechanism to share objects. However, because Jini's lease is time-based, various problems can occur. For example, current object holders may not have an idea of how long to lease an object and the retention period may be too long. In addition, time-based leases require time synchronization between multiple machines. In addition, time-based leasing may also require operating system support. Furthermore, J
The ini lease is established and released via RMI. As a result, Jini's leasing mechanism suffers from the above-mentioned problems of using RMI. Furthermore, J
The ini lease mechanism does not provide a security mechanism for lease establishment, renewal, and cancellation. Other lease mechanisms may also be desirable.

In general, it is desirable for a mobile client device with a small memory footprint to be able to perform various services in a distributed environment, both legacy services and new services. Small clients include cell phones and PDAs, which typically include various low bandwidth networking interfaces.
These devices often have very small displays with limited graphics capabilities, but some laptops and notebook computers have large screen displays and advanced graphics capabilities. Services include not only various applications, but also control programs for devices such as printers. Mobile clients should be able to use these services wherever they are available.

Mobile clients are often assigned temporary dynamic network addresses, and the networking messages they send cannot be delivered across their networking interface (otherwise it is different). Conflicts can occur when two different clients on the network have the same dynamic address). Mobile clients often do not have the functionality for a full-featured browser or other advanced software awareness. In some cases, the display may be restricted and the client may not be able to run some applications. The traditional application model is for a given user
Based on interface or data characteristics. Changes to the application require recompilation.

It may be desirable for such clients to have a mechanism for finding and invoking distributed applications or services. The client may also need to run larger legacy applications that may not fit into the client's memory footprint. As mentioned above, current technologies such as Jini may not be practical for space saving devices. Further, the spread of mobile thin clients may further increase the needs. For example, it may be desirable to identify services based on the physical location of the user and his mobile client. Information about local services such as local restaurants, weather, road traffic maps, and movie information, for example, can be very helpful. Similarly, information about computing resources such as printers at a particular location is useful. Current technology does not provide an automatic mechanism for identifying services based on the physical location of the client. Another need generated by thin mobile clients is to deal with human factors. Thin mobile clients typically do not include an ergonomic keyboard and monitor. It would be desirable to have the ability to provide such human-factor services and / or identify such services in a distributed computing environment. The distributed computing model requires clients to have a means of finding temporary documents and services. It may be desirable to have a mechanism to find generic documents (including services and / or service notifications) that are represented in platform-independent and language-independent types, such as those provided by Extensible Markup Language (XML). Jini, Universal Plug and Play (UPnP),
Current approaches, including the Service Location Protocol (SLP) lookup mechanism and the Service Location Protocol (SLP) lookup mechanism, do not support such a generic document lookup mechanism. For example, the Jini lookup mechanism is limited to Java language typing and is therefore not language independent. UPnP and SLP support the discovery protocol for services only and not for generic documents.

SUMMARY OF THE INVENTION A mechanism for compiling an object into an object representation and a mechanism for decompiling an object representation into a copy of the object will be described. A virtual machine (eg, Java Virtual Machine (JVM)) translates an object (eg, Java object) into an object data representation language (
For example, it can include extensions that compile into XML representations and decompile representations of objects into objects. The virtual machine may include an application programming interface (API) for compile / decompile extensions. Clients and services may be running inside virtual machines. Virtual machines can be on the same device or different devices.

The compiler / decompiler API accepts an object as an input and represents the data representation language representation of the object and all its referenced objects (
Object graph) can be output in the data stream. In addition, the compiler / decompiler API can accept a data stream, which contains a representation of an object and all its referenced objects (object graphs), including Java objects (and within its object graph). Output all objects).

In one implementation, the compiler and decompiler may be implemented as integrated functions of a virtual machine. In other implementations, the compiler and decompiler can be implemented with API method calls in standard extensions of the virtual machine, so that the core virtual machine does not need to be modified. The virtual machine is
Having a compiler / decompiler API for processes (clients and / or services) executing within the virtual machine allows the process to access the object compiling / decompiling functions provided by the virtual machine. In one embodiment, the process is object compile /
In order to take advantage of decompilation, the virtual machine running in that process must have compiler / decompiler functionality and APIs.

Implementing the object compile / decompile functionality within a virtual machine is convenient because the virtual machine already understands the concept and content of an object graph. Therefore, by using the compile / decompile function, the knowledge of the virtual machine is utilized (and the code is reused) for the analysis of the object graph for outputting the expression and the analysis of the expression for outputting the object graph. You can Therefore, the compile / decompile function should not duplicate the functionality provided by the virtual machine, as is the case with object dispatching methods that use reflection and serialization. This allows the code occupancy area of the compile / decompile function to be smaller than the object dispatching method that uses reflection and serialization. Also, objects can be compiled or decompiled with a single call to the compiler / decompiler API.

Furthermore, by integrating the compilation / decompilation of objects into the virtual machine, it may be possible to compile and decompile objects faster than methods using reflection and serialization. In the object traversal model implemented with reflection and serialization, code outside the virtual machine is unaware of the structure or graph of that object, traversing the object graph, pulling away, and finally the virtual machine. Because it must be called repeatedly to perform compilation (and the inversion process for decompilation). This process can be slow because it requires repeated calls to the virtual machine outside of the code. By integrating the compile and decompile functions into the virtual machine, code outside the virtual machine avoids repeated calls to the virtual machine. In one implementation, an object can be compiled or decompiled with a single call to the compiler / decompiler API.

An object can include code (methods of the object) and data. The code of the object is not non-transitory and this code does not change after the object is created. However, the object data may be temporary. Two objects created from the same class may have different data in the two objects even though they contain the same code. In one embodiment, the compile function compiles Java object data into a representation of the object, but the representation need not include the actual code for the object. In one embodiment, information about the object is inserted into the compiled representation and the recipient is informed how to recreate the code for the object. Store this representation in a data stream and receive it as a process (client or service)
Can be sent to (for example, in a message). The receiving process can pass the data stream to the decompile function. The decompile function can decompile a data stream and output an object containing that data. In one implementation, the code of an object can be recreated by a decompile function using information about the object contained in the representation, which means that the code of the object is statically defined and the virtual machine receiving the object is Use information about object (if needed)
This is because the code can be reproduced.

In one implementation, the data representation language representation of the object output by the compiling function may include the data of the object and information about the object. The information can include class information for the object.
The object signature can be included in the information, and the class of the object can be identified using the signature. The decompile feature can use information about the object to recode the object's code and decompile data from the data representation language data stream into the object.
Thus, the decompiled data and the information describing the object can be used to recreate the complete object containing the code and data on the receiving client or virtual machine running the service. In one implementation, information describing an object can be stored in one or more data representation language tags. In one embodiment, a client or service that receives a data representation language data stream may include a data representation language schema that describes an object, and uses the data representation language schema to relate decompiled data and its objects. Objects can be reconstructed from the information. The decompilation process recursively traverses the object graph and reconstructs the objects referenced by the object, which decompiles the data for the objects referenced from the data representation language data stream, By recreating the code of the referenced object from information about the referenced object in the data representation language data stream.

In one embodiment, the data representation language representation of the object output by the compile function may store information identifying the data of the object and the code of the object. In one implementation, information describing the code of the object can be included in one or more data representation language tags in the data representation language data stream. Upon receipt, the decompile function can use information about the code from the data representation language data stream to recreate the code for the object and decompile the object's data from the data representation language data stream. Thus, the information describing the decompiled data and the code of the object can reproduce the complete object containing the code and data on the receiving client or virtual machine running the service.

In one implementation, an intermediate form can be used to represent a data representation language document, and the intermediate form can be dynamically processed to generate class instances from the data representation language document. A class defines a set of instance variables and a "set and get" method for accessing the instance variables. The corresponding data representation language document can be defined as a set of tags, one tag for each instance variable. An intermediate representation (for example, a table such as a hash table) when parsing a document
Can be stored, and the instance variable name can be stored as the value and the instance variable value can be stored as the value in the entry in the table. If more than one compound instance variable occurs, enumerated values can be included in its intermediate representation. In one implementation, the process can be restricted to only one level of the complex type for instance variables, and the elements of the complex type can be homogeneous.

In one implementation, protected instance variables can be added to a class definition that can include the name of the corresponding class. Data representation language Class names can be used as document types in document representations. Embedding the class name in the document allows you to dynamically instantiate the correct class instance when reconstructing the object.

In one implementation, after receiving the document, the class instance generator method can be used to extract the class type and parse the document to generate an intermediate hash table representation. The generator method can instantiate a new class instance and use the set method to initialize the instance object from the hash table values. In one embodiment, an inversion process may also be performed, processing the class instances into an intermediate hash table representation and using a generator method to output the data representation language document from the hash table representation. it can.

While the invention is susceptible to various modifications and other forms,
Specific embodiments are illustrated using the examples in the drawings, which are described in detail below. It should be noted, however, that the drawings and detailed description are not intended to limit the invention to the particular forms disclosed, but to the contrary, the invention is intended to include all modifications, equivalents, and alternatives falling within the spirit and scope of the invention. It will be understood that this is intended for.

Detailed Description of Embodiments of the Invention Overview of Distributed Computing Embodiments FIG. 2 illustrates a programming model for a distributed computing environment. The model includes an API layer 102 that facilitates distributed computing. The API layer 102 has an interface that facilitates connection between a client and a service. The API layer 102 is concerned with the discovery and connection of clients and services. The API layer 102 has a message sending function and a message receiving function. This messaging API provides an interface for simple messages in a representational data or metadata format, such as Extensible Markup Language (XML). It should be noted that although the embodiments are described herein as employing XML, other embodiments may use other metadata type languages or formats. In some embodiments, the API layer further comprises a Java object, etc.
It is also possible to provide a message interface for communication between objects and passing of objects. Object repository or "space"
There may be an API that discovers a specific object, requests and releases the object, writes the object to the object repository, and retrieves the object from the object repository. A
Objects accessible through the PI layer 102 can be represented in a representation data format such as XML. Therefore, contrary to the object itself, the XML representation of the object can be manipulated.

The API layer 102 is above the messaging layer 104. The messaging layer 104 is based on a representational data format such as XML. In one embodiment, the XML message is generated by the messaging layer 104 according to a call to the API layer 102. Messaging layer 104
Provides predefined static messages that can be sent between clients and services. The messaging layer 104 also supports dynamically generated messages. In one embodiment, an object such as a Java object can be dynamically converted into an XML representation. The messaging layer 104 allows the XML object representation to be sent as a message. Conversely, the messaging layer 104 can receive an XML representation of the object. The object can then be reconstructed from the message. In one embodiment, the message sent by the messaging layer 104 is
Address, authentication certificate, security token, and message body, etc.
It can include multiple primitives. The messaging system's shipping and receiving mechanism can be completely stateless. The concept of state can be embedded in the message stream between sender and receiver. for that reason,
Message delivery is asynchronous. In the preferred embodiment, no connection model is imposed. Therefore, transport such as TCP is unnecessary. Also, error conditions are limited to non-delivery or security exceptions.

The messaging layer 104 is on top of the message-enabled networking layer 106. In the preferred embodiment, the messaging layer 104 is
No need to use a specific networking protocol. TCP / IP and UDP / IP are examples of message-enabled protocols that can be used for message-enabled networking layer 106. However, other proprietary protocols such as Wireless Application Protocol (WAP) can also be used. Other conceivable message protocols are IrDA and Bluetooth network driver below the transport layer. Networking layer 106
Is not limited to a single reliable connection protocol such as TCP / IP. Therefore, connection with various devices is possible.

In one embodiment, the message-enabled network layer 106 is a Java 2
It can be implemented from the networking classes provided by the Micro Edition (J2ME) platform. Java2 Micro Ed
The Iition platform is suitable for space-saving devices that do not have the resources for a full Java platform or are inefficient to run a full Java platform. The space-saving cost of adding the messaging layer 104, as the J2ME already has a message-enabled family of networking protocols (supporting sockets), a small device that already includes J2ME with distributed computing capabilities. Can be provided for.

The message-enabled networking layer 106 further includes Java Development Kit (JDK) Java. Also available in the net networking class. Alternatively, message-aware networking functionality may be used for message-aware networking layer 106. In the preferred embodiment, no reliable transport is required, so embedded devices that support unreliable datagram transports such as UDP / IP can also support the messaging layer. Therefore, a thin client may simply use the thin messaging layer 104 as a base networking protocol.
You can join a distributed computing environment simply by adding it on top of the stack. As shown in FIG. 3, the basic system is a networking layer 1
A messaging layer 104 is provided on top of 06. The networking layer is responsible for reliable messages, eg TCP, or untrusted messages,
For example, it can support UDP. Internet Protocol (IP) is shown in FIG. 3 as an example of a protocol that can be used at the networking layer 106. However, no IP is required in the distributed computing environment. In addition to IP, other protocols can be used in a distributed computing environment. Eth
Network drivers such as ernet®, Token Ring, Bluetooth, etc. can also be part of the networking layer. Many small clients are already equipped with network drivers and transport protocols such as UDP / IP. Thus, when adding a thin XML-based messaging layer, devices can participate in the distributed computing environment.

Thus, the basis of a distributed computing environment is a simple messaging layer implemented over trusted connections and / or untrusted datagrams. This messaging technology uses Java remote method invocation (RMI
), Which is quite different from the communication technology employed in other distributed computing systems such as Jini. The message communication layer 104 supports distributed programming in a stateless asynchronous style rather than stateless synchronous style described in RMI. Furthermore, message communication layer 1
04 is based on a data expression language such as XML and therefore, unlike RMI, data is copied from the copy source to the copy destination, but the code is not copied. J
The ava code is not expected by the sender or receiver of the message, so XM
By using a representational data language such as L, the messaging layer 104
Can seamlessly interoperate with non-Java and non-Jini platforms. Moreover, unlike RMI, the messaging layer 104
Does not require a reliable transport mechanism such as CP / IP.

The messaging layer may provide simple send () and receive () methods to send a message, specified as an array of bytes or a sequence of bytes, for example. The send () method returns immediately and the data transfer can be performed asynchronously. For flow control, you can provide a callback method that is called when the send () method throws an exception indicating that it cannot process the send () request. The receive () method is a synchronous method and returns the next available message.

The messaging layer may also include methods for storing XML representations of objects, services, and content in “space”. The space is a URI (Uniform Resource Identity)
er) is used to name and access over the network. The URI is
It may be a URL (Uniform Resource Locator) or a simplified version of the URL. In some embodiments, the URL class may be too large. In such an embodiment, a simpler resource locator is used to specify the protocol, protocol dependent host ID, protocol dependent port ID, space name used to move messages between the client and server.

An XML representation of an object can be added to the space using the write () method provided by the messaging layer. In one embodiment,
Client specified name and object can be given as parameters. In one embodiment, the write method transforms the object into its XML representation. You can provide a take () method to return the object and remove it from the space. A find () method can be provided to return the specified object from the XML representation in space. The find () method can also be used to return an array of matching objects in space given the class. Each of these space methods is implemented using the messaging layer. A leasing mechanism can also be provided as described below.

The discovery service can be provided to clients as a general search function that clients can use to find a particular space. Rather than trying to define a complex search protocol that a thin client may not be able to implement, the discovery service offloads the actual search to an XML-based search function and the discovery service does the interface function to the client. Easy to provide. This approach is shown in FIG. In one embodiment, the discovery service receives a string that specifies what to identify and retrieves XML messages from a known discovery front end (perhaps found in the default space).
, Then parses the string and executes the corresponding XML query for the search function (which may be the Internet search function). The discovery front end can parse what it receives from the search function, repackage it as an array of strings (each string is a URI for each space found) and send it to the client in an XML message. Note that the discovery service does not require messaging to be on a connection-oriented transport.
Therefore, even a very lightweight thin client without TCP can use such discovery services. The discovery front end allows the client to discover spaces on the client without a browser or search function. The client need only have a simple function to send a string specifying a keyword to the front end that interfaces with the search function.

The client can be any platform capable of sending messages using at least a subset of APIs and messaging layers.
In one embodiment, the API layer can support both static (or raw) and formatted (or cooked) messages. The server can be any platform capable of receiving and fulfilling message requests. Explicit raw messages can be sent that move bytes from the client to the server or to other clients. The message type can be specified as reliable message (eg TCP) or untrusted message (eg UDP). The smallest of the devices use raw untrusted messaging as a sole means of participating in a distributed computing environment. The device uses these messages to announce its presence and status. Such small devices can also receive raw messages to perform some functions such as turning features on and off.

Message-based services, such as spaces, can send and receive reliable, formatted messages. Space messages are formatted with well-defined headers and use XML. In one embodiment, the formatted message is
Clients use the space methods to request, write objects to, and retrieve objects from the space. The message content can be dynamically XML-formatted, with well-defined headers. FIG. 5 shows a client profile that supports formatted static messages. By using static messages, small devices can use smaller profiles of code to participate in a distributed computing environment. For example, a small device can only send basic predetermined messages.
Depending on the client, static predefined messages may occupy less memory (eg less than 200 bytes). Static messages may also be optional on larger devices. On the other hand, dynamic XM
The L message is useful when the object value is not known at compile time.

FIG. 6 illustrates a distributed computing model that combines a messaging system with XML messages and XML object representations.
Utilizing the fact that the platform is independent of XML enables the system to support a heterogeneous distributed computing environment. Thus, the client 110 can be implemented on almost any platform rather than a particular platform such as Java. The messaging system is an internet protocol (eg TCP / IP or UDP / IP)
Can be implemented in a network-enabled messaging layer such as. Therefore, the computing environment can be distributed over the Internet. In one embodiment, the messaging system may also use shared memory as a fast interprocess message passing mechanism when the clients and / or space servers and / or services are on the same computer system. .. The distributed computing model of FIG. 6 is also highly scalable as it can be configured to allow almost any size client to send and / or receive XML messages.

As shown in FIG. 6, in the distributed computing model, service 1
Two types of software programs, 12 and client 110, can be executed. The service 112 can notify the client to the client who wants to use the service. The service 112 announces the function in space 114. As shown in FIG. 7, client 110 and service 112 may or may not reside within the same network device. For example, devices 120 and 124 each support one client, while service 112a and client 110b are the same device 122.
Will be implemented in. Also, as shown in FIG. 7, the device does not require a particular platform to support clients and services. For example, device 120 is Java based and device 124 comprises a native code runtime environment.

A device is a unit that can be addressed by a networking transport. Examples of devices include, but are not limited to, PDAs, cell phones, laptops, laptops, desktop computers, more powerful computer systems, and even supercomputers. Both the client and the service can be URI addressable instances of software (or firmware) running on the device. The client executes the service using the distributed computing environment architecture. A space is a service that manages a repository of XML documents. Even though this is redundant, for readability we will use the term space service. Software components may be clients and services at different times. For example, when a service uses a space (eg, to notify itself), the service becomes a client of the space.

FIG. 8 illustrates a basic model of a distributed computing environment in one embodiment. This distributed computing environment connects clients 110 to services 112 throughout a network. The network may be a wide area network such as the Internet. Also, the network is a local area network (LAN) connected to a wireless network by the Internet.
) And other network combinations. As shown in FIG. 8, the service 112 publishes a notification 132 to itself within the space 114 (represented in XML). The notification 132 specifies the XML schema and URI address of the service. The client 110 then looks up the notification 132. The client 110 uses the notification 132 to use the gate 130.
Instantiate. The gate 130 allows the client 110 to provide the service 1
12 is executed, at which time an XML message is sent to (and received from) service 112.

A part of the result of executing the service can be returned to the client by an XML message. However, since smaller results cannot be received and consumed at one time by other clients that are too large, service 112 places the XML representation of those results or results 134 in space 114, as shown in FIG. , But not by value, but by reference (via an XML message) to the client 110.
Examples of ways to return a reference to a result include, but are not limited to, returning a URI that references a result in a space in a message, or returning an XML document containing the resulting URI in a message. Later, the client 110 can access the results or pass the results by reference to other services.
The space for storing the result may be different from the space for which the service is notified.

In one embodiment, the distributed computing environment uses XML for content definition, notification, and description. New content (eg, messages and notifications) in a distributed computing environment is defined in XML. Existing content types (eg, those developed for other environments) can also be described as some level of indirection (metadata) using XML. XML is Ja
Providing universal data in a manner similar to that of va providing universal code makes it a powerful means of representing data throughout a distributed system. XML is a language agnostic tool and is self-describing. XML
The content is strongly typed and can be validated using a schema. The system can ensure that only valid XML content is passed in the message when using the prepared XML schema. XML content is also HT
It can also be converted to other content types such as ML and WML. Therefore, even a client that does not recognize XML can use the service of the distributed computing environment as it is.

In one embodiment, messages in a distributed computing environment may define the protocols used to connect clients with services and to handle content in spaces and stores. Defining the protocol using messages allows different types of devices to participate in the protocol. Each device is free to implement the protocol in a way that best suits its capabilities and roles. For example, not all devices can support the Java Runtime Environment. The distributed computing environment's protocol definition does not imply or require the use of Java on the device.
There is no exclusion.

The capabilities of a service can be expressed in terms of the messages it accepts. A service's message set can be defined using an XML schema. The XML message schema defines each message format using XML typed tags. The usage rules for tags can also be defined in the schema. The message schema may be a component of the XML notification along with the message endpoint of the service used to receive the message. In a distributed computing environment, clients may use all or some subset of the functionality of a service. Adopt a security policy to enforce a given feature set on the client. For example, after giving a set of features to a client, the client cannot change that set without proper authorization. This model of function definition allows for service levels from the basic feature set to the extended feature set. Extensions can be added to the service by adding to the number of recognized messages.

In one embodiment, all operations within the distributed computing environment are implemented as XML messages sent between clients and services. A storage (both temporary and continuous storage) provider is an example of a service that allows clients and services to store, notify, and address content. Clients and services can use temporary storage space to find each other and to find broker content. The service places content or service notifications in the space. Notifications can be used to describe the content type or capabilities of a service. The client then browses the space for notifications that match the desired feature set. When the client finds a matching notification, it establishes a communication channel,
Allow two-way message communication with the service supporting the notification. In one embodiment, the communication channel is authenticated. The result of the operation of the service, which is just another content type, is returned directly to the client in the response message and is either posted and stored in the space, or is posted in the space but is stored persistently. It The stored results are handled using the URI (eg returned in the response message) and assigned the associated authentication certificate.

Message Gate As mentioned above, the distributed computing environment uses a data description language such as XML. XML can be used to describe a target entity (eg, document, service, or client) and generate code to access that entity. The code generated to access the target entity is called the MessageGate. Thus, in one embodiment, the distributed computing environment may access an object or target XML description in the distributed computing environment instead of passing the required code between the objects needed to access other objects. It differs from other distributed computing environments in that it generates code based on an XML description to access the target in this manner. Distributed computing environments use XML schemas to support language-specific APIs.
The XML schema alone can ensure the programming model (e.g., supported messages) with type safety without depending on. Code generated from the XML Schema may also incorporate local platform language, security, type safety, and execution environment characteristics. Therefore, on the local platform, the generated code is controlled so that bugs are not introduced and only valid data is generated according to the schema. The generated code is not only the client's code execution environment (eg, Java, C ++, Smalltalk), but also its management and security framework (Web server and / or operating system).
System).

Note that the distributed computing environment does not require that code generated from XML schemas be generated "on the fly" at run time. Instead, some or all of the code is pre-generated for the category (or class) of service and then linked in the platform build process. Pre-generation of code is useful for certain clients, such as embedded devices where some XML schemas are already known. In one embodiment, some or all of the code may actually not be generated at all. In one embodiment, a private code loading scheme (in the client) may be used to augment the generation process. Further, some embodiments may specify an interface for downloading code for additional functionality when accessing a service in a distributed computing environment (see, eg, Message Conductor below). Usually such downloaded code is small, and the client has the option of downloading or not downloading the code.

The phrase “generated code” refers to code that is invoked within the client under the control of the client code execution environment or elsewhere (service
Code that is generated (on a system or space services system) and that can be downloaded to a client system after it is generated. However, the binding time is the runtime. At run time, the generated code is bound to a service address (URI) and the message is sent to an instance of that service.

As mentioned above, an interface with a service in a distributed computing environment can be specified in an XML schema and a collection of messages that a client can send to (and receive from) that service can be defined. As shown in FIG. 10, the client 110 and the service 112 each construct a message gate 130 and communicate according to the specified XML schema. From the XML schema advertised for the service 112 (and possibly other information in the service advertisement), the client 110a or 110b can construct a message gate 130a or 130b, respectively. A corresponding message gate 130c generated from the same XML schema also exists on the service 112a. The gate 130 is a message endpoint that can send and / or receive type-safe XML messages and can verify the correctness of the XML message type when sending and / or receiving messages. MessageGate also supports authentication and / or other security mechanisms to ensure that message endpoints are secure. In one embodiment, the Message Gate is always secure.

The messaging layer of the distributed computing environment described above can be coupled to or part of a gate. The messaging layer is
It uses a networking transport asynchronously to send a sequence of bytes from the sender to the receiver, with both the sender and the receiver having a single atomic sequence of these bytes.
Maintain the concept of a unit, or message. In a distributed computing environment, no assumption is made that networking transports are IP-based. Instead, the messaging layer is put on top of whatever networking transport layer is supported by the device.

The Message Gate may provide a mechanism for sending and receiving XML messages between clients and services. XML messages can be "typed". For example, the message can include a tag that indicates whether the message data field is, for example, integer, floating point, text data, and so on. The Message Gate can be constructed to verify the correctness of the type of message sent or received. Message Gate can also authenticate (e.g., use security features to identify) the sender of the received message. An XML schema may be provided for a service that describes the set of messages accepted by and / or sent by the service. The message gate verifies the correctness of the message sent or received according to the XML schema in which it was built.

A gate is a single atomic code and data atomic element that performs type validation and / or message correctness validation and / or sender identification for a message between a client and a service in a distributed computing environment. Can be built as a unit. In one embodiment, once the atomic unit of code and data for a Message Gate is created, it cannot be modified with respect to its typing, message descriptor, and sender identification. In other embodiments, a gate may be modified after its creation with respect to the contents of the message schema, including the deletion, addition, or modification of messages in the message schema.

Message Gates are message endpoints for clients or services in a distributed computing environment. Message Gate is a secure message gateway that sends and receives type-safe XML messages.
With endpoints. Message Gates allow clients and services to exchange XML messages over a suitable message transport (eg, HTTP) in a secure and reliable manner. At the client, the MessageGate represents the authority to use some or all of the service's functionality. Each function can be represented by a message that can be sent to the service. Each such message can be sent through a client message gate that verifies the message for correctness. To receive the message, use the Service Message Gate to authenticate the message and verify its correctness.

The Message Gate may comprise a secure communication endpoint that does type checking of XML messages. As will be described below, the Message Gate may further comprise a mechanism to limit the flow of messages between clients and services. In one embodiment, when a client attempts to access a service, a client-service MessageGate pair is created, if it does not already exist. In one embodiment, the Service Message Gate is created when the service receives the first message from the Client Message Gate. In one embodiment, one or more Service Message Gates may be created during service initialization and used to pair with a Client Message Gate during creation. Creating a MessageGate may require an authentication service that negotiates a desired level of security and a set of messages that can be passed between the client and the service. In one embodiment, the authentication service is a client ID token (also called client token), service ID
A token (also referred to as a service token) and a data representation language message schema that describes a data representation language message set that can be shipped to or received from the service can be accepted. For example, a message can be written that is sent from a client to a service to call the service or to call some part of the service. Also, a message sent from the service such as a response message or an event notification message can be described. For more information on how to use authentication services to build and use MessageGate,
See the "Authentication and Security" section below.

A client message gate and service message gate pair allows messages to be sent between a client and a service. In one embodiment, a MessageGate may be created that only ships and / or receives a subset of the total message set as described in the service's message schema. By leveraging such restricted access in a distributed computing environment, it is possible to enforce a least privileged policy that only allows clients to access specific individual message types based on their security policies. it can. See the Authentication and Security section below for more information on using gates and creating gates.

The client gate and the service gate perform the actual sending (and receiving) of the message from the client to the service using the protocol specified in the service notification (URI of the service in the service notification). . The client executes the service with this message passing. Message Gate
It provides a level of abstraction between the client and the service. The client can access the service object through the MessageGate instead of directly accessing the service object. The gate abstracts the service from the client, so it is not necessary to load and start the service's code until the client first uses the service.

The client gate also performs validation of the message against the XML schema, or, for example, if the client indicates that the message has not yet been validated against the XML schema. It can be performed by the service gate. In some embodiments, validation is not practical for simple clients and may not be needed on the client side. In some embodiments, verification can be performed on the service side. The gate may also carry out authentication validation and / or security schemes. In one embodiment, the correct gate may not be constructed if the client does not support the protocol specified in the service notification. To avoid this problem, service notifications (used for gate construction) allow various clients to be supported, including a list of URIs available for the service.

The Basic Message Gate can implement APIs for sending and receiving messages. This API puts data (eg, XML messages) in and out of gates to validate messages before sending and / or after receiving. In one embodiment, the MessageGate can support a defined minimum API for sending and receiving messages. As described below, this API
Can be extended to other functions. Gate 1 as shown in FIG.
30 can be generated according to the XML schema 132. The generated gate code validates the message based on the XML schema. This gate verifies that the message type and / or content is correct through the message API. As shown in Figure 10b, the validated message is sent to the service via the message API. This message is received by the corresponding gate on the service side. In response to this message, the service can generate a result 180. The service returns result data 182 through its gate. The result data may be the result itself or a reference to the result, such as a URI to the result stored in the space. In various embodiments, the message API may be, for example, a synchronization message (request response),
Asynchronous message (response is disconnected from request), unicast message (
It can support point-to-point), multicast messages (broadcast), and publish and subscribe (event message). It can also support other types of messages such as remote method invocation messages.

Each message sent by the gate may include an authentication certificate for the receiving gate to authenticate the message. Each message also includes a token that contains information for the receiving gate to verify that the message is intact or tampered with. For example, the sender can calculate a hash or checksum of the message that the recipient verifies. The sender further uses the sender's private key to encrypt this token and / or the entire message,
Allows the recipient to verify that the token has not been modified, including the public key that corresponds to the encrypted message. See the Authentication and Security section below for more information.

Message Gate pairs provide a mechanism to convey client-to-service requests and service-to-client responses. Two related Message Gate endpoints can be used to create a secure bidirectional atomic message channel for request response message communication. Therefore, in a distributed computing environment, MessageGate employs a message transport that resides on both the client and service sides. The two gates work together to provide a secure and reliable message channel.

FIG. 11 a shows a diagram of one embodiment showing building a gate 130 a in the client 110 from a service notification or other service description 132. The client comprises a gate factory 140, which is trusted code on the client that creates a gate based on an XML service description. The gate factory 140 can be used to ensure that the generated gate is also trusted code, and that the code is correct for service notifications. Gate 130c may also be built into service 112, as shown in FIG. 11b. Client gate 130a and service gate 130c provide message endpoints for communication between clients and services. In one embodiment, the pieces that the gate factory needs to build the gate 130 are the XML schema of the service (from the service notification) and the URI of the service (from the service notification). In another embodiment, an authentication certificate can be obtained by using the authentication service specified in the notification service, and can be used in the gate construction.

The Gate Factory provides a reliable mechanism for creating Message Gates. In some embodiments, the code used to create the gate needs to be trusted code to ensure that the message gate is a trusted message endpoint. The gate factory 140 can be a trusted package of code used to create gates. In one embodiment, each client and service device platform that wishes to send and receive messages in a distributed computing environment comprises a gate factory. In some embodiments, the gate is pre-built by another gate factory so that devices with pre-built gates do not require a complete gate factory, or the gate is A partial gate factory may be provided that binds to a pre-built gate when executing a service URI and / or authentication certificate (eg, when messaging is required).

A gate factory for a device can generate gate code that incorporates the language, security, type safety, and / or execution environment characteristics of the local device platform. By building the gate itself, the device is bug-free in the generated gate code, only produces valid data,
You can confirm that it is type-safe. The advantage of generating your own gate code on the device rather than downloading the code to access the service is that you have control over the client code management environment. The generated code depends on the client code execution environment (for example, Java, C ++, Sm
alltalk) as well as its management and security framework (
Web server and / or operating system). The generated code is also reliable because the client runtime environment was involved in the code generation. Therefore, trusted security information can also be added by the trusted generated code. Therefore, the device has X for the service.
After receiving the ML message schema, a gate can be built based on that schema for subsequent access to the device. The XML schema can be viewed as defining a contract with the service, and the generated gate code can be viewed as providing a secure means of implementing that contract. Note that an open device that runs untrusted (eg, downloaded) code can be configured to only generate gates with trusted code. The open device adopts a process model that is contained in a protected and isolated code container where the gate is inaccessible to tools, such as a debugger that can discover the gate's implementation, especially the gate authentication certificate. be able to.

The gate factory 140 negotiates with the service on behalf of the client and creates a gate for sending messages to the service. Similarly, a gate can be built with a service to receive messages from client gates and send messages to client gates. Along with that, clients and services
The gate can form a secure two-way communication channel.

Gate factories provide some level of abstraction in creating gates. For example, if a client wants to use a service, instead of creating a gate where the client directly accesses the service, the gate can be created by the gate factory as part of instantiating the service.

The Gate Factory creates or comprises its own trusted message gate used to communicate with the Authentication Service (eg, specified by the service notification) to receive the authentication credentials of the Gate to build. You can For services with restricted access, gates can be built without authentication credentials. Since services do not limit access, gates of such services may not need to send an authentication certificate with each message. The authentication service, in one embodiment, is an example of a service that does not limit access. Therefore, the gate factory can be configured to optimize gate construction by checking if the service restricts access. If the service does not restrict access, the gate factory can avoid running the authentication service as part of building the gate, and can bypass the implied provision for authentication certificates as part of the built gate. The gate factory can also receive or download an XML message schema (eg, specified by a service notification) and create a gate that matches that schema. The gate factory also provides a U for the service and / or service message gate used to create the client message gate that communicates with the URI.
The RI can also be received or downloaded.

Further, another gate building optimization can be employed for some clients that do not want to perform message checking against the XML schema of the service. The client may be too lightweight to perform the check, rely on a service gate to perform the check, or simply choose not to perform the check (for example, to reduce gate memory footprint). . The gate factory can be configured to receive an indication of whether to build the gate to validate the message against the XML schema provided. In some embodiments, some clients may have a gate factory that does not have the ability to perform message validation against the schema of the constructed gate. In some embodiments, the gate is pre-built to not validate the message. In some embodiments, only outgoing messages are validated or only received messages are validated,
Gates can be built. Thus, in some embodiments, the client may choose to avoid or avoid building some or all of the gate code that checks the message against the XML schema.

In some embodiments, a device may maintain a cache of gates to avoid building each time the same service is executed. For example, a gate may be maintained in the gate cache when a new gate is built by the gate factory. If the gate is no longer used, keep it in the gate cache instead of deleting it. Once the gate cache is full, one or more gates can be removed from the gate cache according to a cache replacement algorithm, such as an algorithm to flush the least recently used data. When a gate factory is called to build a gate, the gate factory first checks the gate cache to avoid building a new gate to see if a matching gate already exists.

The gate construction can be made lighter by appropriately reusing the fragments used to construct the other gates. Since some parts of each gate may be the same, they can be reused from gate to gate, such as part of the message verification code. Further, for some devices, a common gate code can be embedded in the device's system software and shared with all the gates for that device. Therefore, the gate factory can avoid rebuilding this common code for each gate. Instead, the gate factory can simply bind the gate to this system software part. For example, the system software portion can be provided to handle the message layer regardless of the transport provided to the device.

In particular, the space service is a service of the gate construction optimization described above because a service gate built for the space service can perform many of the same functions as other service gates of the space service. A good candidate for many. For more information on Space Services, see the Space section below.

In some cases, there may be more efficient method invocation formats. For example, if the target service runs in the same Java virtual machine as the client application, a more efficient method invocation format is to create a Java Dynamic Proxy Class for the service. In such a case, Java. Lang. reflect. Me
A call to thod may be faster than sending a message. The gate bind time procedure checks for such optimization and uses it instead of executing the gate factory to create a gate or bind an existing gate.

In one embodiment, such as with a dedicated client or small embedded device,
Generating gate code at run time is in terms of memory consumption and code generation time.
It may not be desirable. Therefore, instead of having a gate factory that creates the gate at runtime, in some embodiments the gate is pre-created,
Build it into the device. For example, when building embedded software, a MessageGate can be created as a means of including a built-in secure message endpoint that does not have to be built at run time. Therefore, a client with a built-in gate does not need a full gate factory, or a partial gate All you need is a factory.

A generation tool can be prepared for pre-building the gate. The gate generation tool comprises an XML parser, a code generator, and a code compiler. In one embodiment, the code generator is a Java source code generator and the code compiler is a Java code compiler. When the software is built where a built-in message gate is desired, the generation tool is run with inputs from all relevant XML schemas for which the gate is desired.

For example, if it is desirable for a device to have a built-in message gate that can send and receive messages to and from a digital camera, then the device software build can use a gate generation tool with the camera's XML message schema as input. Includes work to be performed. The XML schema can be parsed by an XML parser that transforms the XML schema into an internal format suitable for fast access in the message validation process. The tool's code generator can provide the gate source code corresponding to the camera's schema. In some embodiments, the generation tool may further compile the source code and the gate code may be linked into the device's software package. At runtime, camera services can be discovered in a distributed computing environment. The camera service message URI can be bound to the camera's built-in gate within the device. Binding the URI to the pre-built gate is done by the gate constructor in the device. This gate constructor is a fairly small and simple gate factory. When the camera service is instantiated, the camera service URI is passed to the gate constructor as an XML message. After that, the gate constructor is UR
Bind I to a prebuilt gate.

Thus, a gate may be partially or fully generated at runtime, or a gate may be pre-generated at runtime with a binding process (eg, URI or certificate) that is performed at runtime. To be done. In one embodiment, a gate generation tool such as a gate factory or a prebuilt gate generation tool may be a Java-based tool that provides some level of platform independence. Alternatively, the gate generation tool can be provided in any language, such as native code for a particular device in a distributed computing environment. Note that in a distributed computing environment, a device may not be able to download some or all of Gate's code. For example, in some embodiments, a service provides gating code that can be downloaded by a client wishing to access the service. However, the downloaded code may present a size, security, and / or safety risk.

A detailed view of a possible gate component of one embodiment is shown in FIG.
The gate is its address (or name) 150, the destination gate,
It may comprise an address 152, a valid XML Schema (or internal format) 154, and a transport URI 153. In other embodiments, the gate may include an authentication certificate 156. Some gates are also lease 158
A message conductor 160 may be included and / or message ordering may be verified. The gate's name 150 may be a unique ID that only refers to that gate (during its lifetime). Gates can be addressed using the gate name 150. In one embodiment, the gate name may be generated as a combination of an XML Schema string (eg, a string from the service notification) and a random number such as a 128-bit random number. When using the name 150, clients and services can migrate and co-operate with respect to the network. In the preferred embodiment, the gate address is independent of the physical message transport address and / or socket layer. Thus, the gate name can provide a virtual message endpoint address that can be bound and unbound to the message transport address. In one embodiment, the name of the gate is the Universal Unique Iden that only refers to the gate for the life of the gate.
Tiffier (UUID) may be used.

The gate name lasts as long as the gate lives, so different applications and clients running within the same device can repeatedly find and use a particular gate. For example, a gate can be created for a first client process running in a device to access a service. The gate is released after the first client process completes its activity for the service. The task of releasing the gate involves the message transport address of the first client process of the gate (eg IP and / or
Or unbind to port address). Gates can be stored in a gate cache or repository. A second client process running in the same device that needs to run the same service identifies the gate by name and uses the gate to access the service.
To use the gate, the second client process binds the gate to its message transport address, and the message endpoint for the second client process is the gate name and the transport of the second client process. It should be combined with the port address. In other embodiments, the client may receive a dynamic IP address (eg, mobile client). When the client's transport address changes, the gate name (s) is rebound to the client's new transport address, leaving the client as is, without relocating the service and recreating the gate. You can access the services you are already accessing. The gate name can also be used for process migration. The process and associated gates can be checkpointed or stored in one node of the distributed computing environment and moved to another node. Restarting the process on the new node and binding the associated gate to the new node's transport address allows the process to continue to access the external service it was accessing before the migration. Gates can track the current location of other gates with whom they are paired. Therefore, even if the service or the client is migrated, it can be accessed as it is. For example, a duplicate or load balanced service implementation can be abstracted from the clients of the service by a gate. Therefore,
Gatename 150 provides a flexible mechanism for addressing message endpoints in a distributed computing environment. Gate names can be used to identify and / or address gates on various networks, from the local network to the Internet. The gate name is
It is independent of the message transport and has a different underlying transport address (eg IP / port.
You can move from transport to transport by unbinding and rebinding to (address pair).

In one embodiment, the gates may be further separated from the services and the same gate may be used to send requests to different services over time. This task involves unbinding the gate's destination gate address 152 and binding the new destination gate address to the gate.

The gate can be implemented as a layer above the transport layer of the device (eg, networking socket). Each gate includes a transport reference 153. Gate name 150 is bound to transport reference 153 as described above. Multiple gates can share the same message transport. For example, multiple gates can have a transport reference 153 to the same TGP / IP socket. By sharing the same message transport, the size and complexity of each gate can be reduced. Devices in a distributed computing environment may require more gates to send and receive messages. The message processing complexity for multiple gates is reduced by sharing a common message transport. Transport reference 153 is a transport URI (eg, URL) or socket reference that can provide a mechanism for naming the underlying transport and sharing it with other gates. Multiple local gates include a reference 153 to the same transport, but each local gate
It operates independently of other local gates that send and receive messages to and from the remote gates of the pair.

The schema 154 can be downloaded into the gate from space by the gate factory. The schema can be compiled into an internal format suitable for quick access during the message validation process. In one embodiment, the schema can specify two groups of messages: client service messages and provider service messages. The client service message group contains a description (supported by the provider) of all messages that the client can send, and the provider service message group contains all that the provider can send (received by the client). Including message description of. In one embodiment, either the client or the provider sends a specific request to the space service,
A reply message with a message that is either an entire client service message, an entire provider service message, an entire client and provider service message, or a specific message, either a client service message or a provider service message To get. Furthermore, after the gate is constructed, the client can query for the service's capabilities without actually sending the message, but instead by examining the gate's messages. .

As mentioned above, the MessageGate can validate the message content for message sender, type safety, using the authentication certificate according to the XML schema. However, it is desirable to verify that the messages are sent in the correct order between the client and the service. An application for a client that runs without any existing specific functionality related to the application on the client (for example, if the application on the client does not have a GUI) (
Service) is desirable. For example, the Web browser can be used as the GUI of the service on the client, and the application-specific GUI can be prevented from being used. Of the possible messages in the XML schema, the client needs to know the next message to send to the service. Clients should be able to determine the next message to send without specific information about the service. In one embodiment, the service may continuously send a response message indicating the next input required. The service then accepts only the corresponding message from the client for which the request input is specified. Other ad hoc schemes for message ordering can also be employed.

In another embodiment, as opposed to validating the syntax of each message (which may have already been done in the gate according to the schema)
The conductor 160 can be employed in or associated with the gate to verify the correct order of the messages. Message conductor 160 can take a more general approach to application preparation. The message conductor 160 can be specified in the notification of the service. The message conductor directives in the schema can provide the choreograph that can be generated on the client or downloaded to the client during gate construction and then needed to determine the message to send to the service. Message conductors can be implemented as Java applications, Java Script, and WML scripts, or in other programming or scripting languages.

In one embodiment, the message conductor can accept input as an XML document (eg, from a service notification) displaying a valid sequence or choreograph of messages that can be sent between the client and the service. ..
The XML document may also specify user interface information and other rules. Conductor parses this XML document into an internal format,
Enforce message ordering (and / or other rules) according to the enclosed ordering information. The conductor can prevent out-of-order delivery of messages. Alternatively, an exception can be raised in the shipping device if the messages are shipped out of order. If the messages are received out of order, the conductor sends an auto-reply message declaring an ordering error. The sender can then resend the messages in the correct order. Note that in some embodiments some or all of the conductors may be shared by multiple gates. Therefore, the conductor can be linked to multiple gates.

In one embodiment of a distributed computing environment, the front end of a service (service interface) may be embedded in the client. In one embodiment, the service interface may be a prebuilt user interface provided by the service to the client. In one embodiment, the service interface may be provided to the client with a service notification. The service interface can interact with the user of the service on the client, obtain input for executing the service, and display the result of executing the service on the client. A "user" may be a human, an embedded system, another client or service, etc. In one embodiment, the client device may not be able to provide any services, as it can only perform services that incorporate the front end. In one embodiment, the service interface of the service is the W on the client.
It can be implemented in the eb browser.

In one embodiment, the message conductor and / or service interface may be external to the gate and thus abstract from the gate and the client. The abstracted message conductor can provide any service to any client device. In one embodiment, the message conductor can be written in code that can be executed on virtually any platform. In one embodiment, the message conductor is written in the Java language. In one embodiment, the message conductor does not require any download of objects, eg Java objects, returned to the client device. For example, if returning a very large object, the message conductor may choose not to download such a very large object. In one embodiment, the message conductor can send XML messages from the client device to the service on behalf of the client. The message conductor can interact with the user of the service to receive input and display the results.

In one embodiment, a service interface is provided that interacts with the client (eg, via a user interface) and obtains all information for performing the service, thereby resulting in the execution of the service. Alternatively, any of the information about the location of the result can be displayed as appropriate. The service interface may be part of the message conductor 160, or the message interface
In addition to the conductor 160, it can be associated therewith. The service interface is one of the following: 1. It is embedded in the client device and runs on the client. 2. Downloaded from space server to client device. 3. It runs on the space server. 4. It runs on a service provider.

In one embodiment, to the client, the space server in the distributed computing environment always supports # 1 and indicates # 2 if supported (in the notification in space), If at least one of 3 and # 4 is supported, it needs to be indicated. Note that supporting # 4 depends on whether the service provider supports # 4. In one embodiment, the space server in a distributed computing environment should always indicate to the service provider that # 4 is supported and, if so, so.

Wherever the service interface is executed, after the service is activated, the service interface interacts with the client, displaying the request for input (remotely) on the client's display device, and the result of the execution of the service. Can be displayed (remotely). Such interactions with the client are implemented as XML messages. Such service interfaces and / or message conductors serve the needs of client users who have discovered a service but do not want to read a largely dry computer manual to know how to use the service. When the service interface and / or message conductor interacts with the user to request all the input required by the service, they can even provide a short description of the requested input when the user requests it. . After the service interface has obtained the required information from the client, it sends an XML message to the service provider executing the service. The order of the messages is verified by the message conductor 160 in the gate.

In the preferred embodiment, all messages flow in the gate. The gate is
It can be configured to provide a flow control mechanism. For example, a service needs to handle a large number of incoming and outgoing messages. Flow control allows services to keep up with high traffic volumes. The gate can be configured to monitor messages for flow control tags. When the gate receives a message, it looks at the flow control tag for that message. The flow control tag can be an XML tag. For example, either an OFF tag or an ON tag can be described in the message. If the received message contains an OFF tag, the receiving gate stops sending messages to the destination gate of the pair. When the gate receives the message including the ON tag, the gate resumes sending the message.

Therefore, the service side gate monitors the use of the resource and activates the flow control when the use of the resource exceeds a threshold value. For example, if the service is O
The load can be reduced by sending a message containing an FF tag to one or more client gates. Upon receiving the message containing the OFF tag, the client gate stops sending the message to the service. Pending messages in the client can be buffered or processed by an internal flow control mechanism. When the service is able to further process the request, it sends a message to one or more clients that include an ON tag, and the client resumes message delivery. In other embodiments, ON and OFF
In addition to or instead of ON and OFF, other flow control tags can be supported. Other flow control tags indicate a reduction in message flow, or
Or the message flow can be high.

The Message Gate can be configured to perform resource monitoring.
For example, all messages flow through the gate, and the gate may be configured to manage and / or track how clients use services (and in some cases, related resources such as memory and threads). it can. The gate can be configured to track the activity of a software program, such as a client, by monitoring how many resources, such as services, are being used and which service resources are being used. In one embodiment, the gate creates a client activity log or facilitates the creation of a client activity log. Each message and its destination or sender can be logged.

The gate may also be configured to perform resource monitoring for flow control from the local (shipping) side of the gate pair. If the client exceeds the bandwidth of the allocated service (or resource) usage, for example, the gate will automatically throttle the message flow. Thus, the client-side Message Gate can automatically activate different flow control modes by monitoring the flow of outgoing messages. If the shipping message flow exceeds the threshold, the gate reduces or blocks the shipping message flow. The threshold can be specified in the service's XML schema or notification. In some embodiments, thresholds may be specified for only messages or all messages that use a particular service resource.

The gate may also be configured to determine if message flow increases or resumes. In one embodiment, the gate may maintain a count of dispatch messages sent without receiving a matching reply. When a matching response arrives at the client-side gate, it decrements the outstanding request message count. When this count falls below the specified threshold of outstanding request messages, the gate can either increment a new request message or resume its delivery.

The gate can be configured to support message-based billing functionality. The billing system may be implemented based on the number and / or type of messages sent and / or received at Message Gate. All messages to and from the client pass through the gate, so you can configure the gate to easily charge clients for service usage on a message-by-message or "pay now" basis, for example. it can. Thus, for example, a billing system may be implemented in a distributed computing environment that allows software running on behalf of a user to charge the user each time a message is sent and / or received.

In one embodiment, the MessageGate may, for example, service XML
Receive billing information from the schema. The billing information can represent a billing policy and a charge back URI. Chargeback URIs are used when the Message Gate charges on an hourly or usage basis on behalf of the user. The Message Gate performs chargeback by sending a billing message to the Chargeback URI specified in the XML Schema. The gate thus constructed is called a billing gate. The billing policy indicates a billing amount per message or a billing amount for a cumulative total of messages. The billing policy indicates how and / or how often (eg, after sending and / or receiving x messages) a user is charged. This policy indicates that only certain messages incur charges and that the service resources specified by such messages are required. Billing policies may also indicate different billing models for different clients or classes of clients. For example, a billing policy (eg, in the service's XML schema) can be configured to pay a one-time charge for some clients when creating a gate to access the service. Policies can be paid immediately (for example,
It may refer to clients paying (per message), or to clients that are not charged at all.

In some embodiments, the client may be too lightweight to support full gates, or the client may not be equipped with software to participate directly in the distributed computing environment. In such an embodiment, a server (such as a space server or other server advertised for services) may be a full or partial proxy gate for its clients. The server instantiates a service agent (which may include a gate) for each service used by the client. The Service Agent confirms the permission to send the message, sends the message to the provider, possibly queuing until the provider accepts the next message, then sends the message to the client, In some cases, the client may queue the next message until it accepts the next message and manage the work of storing the result in the results or active space. See the "Bridge" section. For example, as shown in FIG. 13, the client can be a conventional browser 400 that does not support the gate directly participating in the messaging scheme described above. The browser 400 is assisted by a proxy servlet (agent) 402. A browser user uses a search engine to bring (display) its contents to the front of the space notification service in a distributed computing environment.
You can find the page. The user can access the service with the help of a servlet by pointing and clicking on the web page of the space. Web pages can include scripts, such as Java or WML scripts, which are used to connect the browser to the proxy servlet. You can also use a script to send a message to a proxy servlet. The servlet agent translates web page actions into messages on behalf of the browser client. These actions include navigating spaces, invoking services, and returning results. The resulting page URI (which refers to the page containing XML) is returned directly to the browser (or converted to HTML or WAP if necessary) and displayed to the user. Thus, browser-based clients do not need to know how to invoke a service, nor do they need to know the messages to send in a service-using session. For example, a user of a WAP browser (eg on a mobile phone) may
You can connect to a page, browse its contents (service), and start the service, but you can do it by pointing and clicking. Agent 402
It provides a client interface between a conventional client and a distributed computing environment.

A distributed computing environment can include several types of message gates for communicating between clients and services that support different functions. For example, as mentioned above, some gates support flow control or billing functions. Other types of Message Gates support certain forms of remote method invocation. This type of gate is called a method gate.

A Gate is a secure message endpoint that sends and receives type-safe messages, for example XML messages. Remote method invocation (RMI) style gates are called method gates. Direct data centric gates are called message gates. Method gates can be implemented as a "layer" on top of message gates. The exact implementation can be defined in the platform bindings.

FIG. 14 shows how a method gate is used to provide a remote method invocation interface to a service. Method gates provide the method interface between the client and the service. Method gates can be bidirectional and can call remote methods from the client to the service and from the service to the client. Method gate 1 from XML schema information 170 (eg, from service notification in space)
72 can be generated. XML schema information 170 includes XML that defines a method interface. From this information, code for interfacing with one or more methods can be generated as part of the gate. Invoking each method in the generated code (eg, from client application 176) can send a message containing the marshaled method parameters to the service. Specify the syntax and parameters of the included message in the XML schema. Therefore, the method gate 172 will use the XML message
It has an interface. Method gates can be spawned on the client or proxied to a server such as a space server or a special gateway server to which the service method has been advertised.

A service is a method message defined in the service XML schema.
The set of object methods corresponding to the set can be implemented or have corresponding method gates linked to it. There is a one-to-one correspondence between object methods implemented by or linked to the method gates of a service and method messages defined by the service's XML schema. When the corresponding method of the service receives the message from the client and calls one of the methods of the service, the method gate of the service unmarshalls or unpacks the parameters of the message call and calls the method indicated by the received message to Pass the marshaled parameters.

The method gate provides a synchronous request response message interface that the client uses to call the method remotely and the service to return the result. The underlying message passing mechanism is completely hidden from the client. With this form of remote method invocation, the result of the method can be processed as follows: In one embodiment, instead of downloading the result object (and associated class) to the client, only the result reference is returned in the XML message. Object reference 178 is a generated code proxy (eg, result gate) that represents the actual object result 180 (eg, stored on the net as is). In other embodiments, the client may choose to receive the actual result object. Further, after the client receives the result object reference, the client can use this reference to receive and manipulate the actual result object. In one embodiment,
Include one or more URIs to the actual result in the result reference.

The actual result object is stored in the service result space (which is
For example, it can be created dynamically by a servlet). This temporary result space can act as a query result cache. Server software (garbage collector) that cleans up the old result area crawls in the result cache (space). The result returned by each invocation of the method is posted in the result space. The client remotely instantiates the result itself,
It may be a method that can generate its own method gate, or it may include such a method. Thus, a distributed computing environment can support invoking recursive remote methods.

As mentioned above, when a client remotely invokes a service method using a method gate, the service method gate returns a reference to the method result rather than the actual result. From this reference, we generate a result gate to access the actual result. Thus, the client or client method gate receives the result URI, and possibly the result XML schema and / or authentication certificate, which is used to build the gate and access the remote method result.

In one embodiment, the service gate creates a “child gate” for the result.
This child result gate can share the same authentication certificate as the parent gate. In some embodiments, the result comprises a different set of permissions and thus does not share the same authentication certificate as its parent. For example, in a payroll service, different groups of users can activate it to read the results (salary) of the payroll service.

The service method gate returns the child result gate to the client gate as the result of the method. The client uses the result gate to access the actual result. In one embodiment, the software program that receives the result gate (the client) cannot distinguish between the result gate and the result itself, in which case the result gate is an object proxy for the actual result object.
The result gate can also be a method gate that supports remote method invocation on the result object. In this way, you can create a chain of parent and child method / result gates.

In one embodiment, MessageGate and remote methods are Java
It is written in. In this embodiment, the method result is correctly entered according to the Java input system. When a Java method is called remotely as described above, the result gate can be cast to a Java type that matches the result type. In this embodiment, method gates may be used in a distributed computing environment to allow a remote Java object to act as a local Java object. The method calls and results are displayed just like a Java software program, regardless of whether the actual object is local or remote. See the "Spaces" section below for more information on using spaces for results.

Method gates provide a method interface to the client, rather than just a raw message interface. In one embodiment, the method gate may be implemented on top of the message gate. Message Gate can be used for transport access, message content validation,
And provide method gates that use message content access (get & set content methods). In one embodiment, each method invocation in the generated code (ie, the method gate) sends a single synchronization message to the service containing the marshaled method parameters. Then the method gate blocks the current thread and waits for a reply message from the service.

In one embodiment, some results output by the service are posted in space and finally accessed using a results gate. The result gate may or may not include the same security certificate as the input gate used to generate the result. Since the inputs to the service are asynchronous with the outputs (results), the results may be associated with different permission sets. Using the B2B scenario, for a payroll service, different groups of users can invoke the payroll service to read the payroll service results (salary).

In one embodiment, result gate generation for Message Gate results can be manually initiated. Inline results (eg XM sent in response from service)
To access the L document), use the message content access (eg, get and set) methods provided by MessageGate. Gate generation of method results starts automatically. The programming method gate model hides result gate generation, creating a seamless remote method invocation programming model with no class loading overhead or the need for the application programmer to manually generate result gates. To do.

45a-45d are flow diagrams illustrating various embodiments of a mechanism for communication between a client and a service in a distributed computing environment that uses method gates. In FIG. 45a, the client process executing in the client device makes a method call (ie, invokes a method) at step 2100. In one embodiment, the method call is a call to a Java method. In one embodiment, the invoked method cannot be implemented locally on the client device, but is implemented on a service device external to the client device. In step 2102, the client
The device client method gate receives the method call. The client method gate marshals the method call into a data representation language message. In one embodiment, the data representation language is XML. The message includes a method identifier and one or more parameter values for the method. The identifier may be a name, number, or other value used to identify the method to the recipient of the message. A method call contains one or more parameters, and when called, the caller specifies the values for those parameters. In one embodiment, multiple method calls share the same identifier,
It can be distinguished by the parameters of the method.

At step 2104, the client method gate sends a message to the service device. In one embodiment, the client method gate is
You can send the message directly to the service method gate. In another embodiment, shown in Figure 45b, at step 2120, the client method gate sends a message to the client message gate. Step two
At 122, the client message gate services the message.
Send to Message Gate In step 2124, the Service Message Gate sends the message to the Service Message Gate. Using the embodiment shown in FIG. 45b, the method gate does not need to handle sending and receiving messages, and delimiting RMI and message handling functions simplifies the programming model of the distributed computing environment. Be converted.

Returning to FIG. 45a, in step 2106, the service method gate unmarshalls or unpacks the method call from the received message into a parameter of the message call, then indicated by the received message. Call the method and pass the unmarshalled parameter value to the called method. The service method gate uses the identifier contained in the message to locate the method call template. The service method gate may implement or link to a method set corresponding to the method message set defined in the service's XML schema. Implemented by the service method gate,
Or there is a one-to-one correspondence between the object method linked to it and the method message defined by the XML schema of the service.

In step 2108, the called method is implemented or executed on the service. In step 2110, the invoked method produces a result output from the invocation according to the parameter values received in the invocation of the method. Step 21
At 12, the result of the method call is passed to the client process that originally called the method. In one embodiment, the service may directly pass the results to the client in one or more result messages. In other embodiments,
The service places the result in the space and sends a result notification to the client so that the result can be accessed. 45c and 45d illustrate another embodiment of providing a result gate to a client to access the results.

In FIG. 45c, the service method gate can send a result reference to the service method gate. In one embodiment, the result reference can be a notification to the result. In other embodiments, the result reference can be an address to the result, for example a URI. In step 2132, the Service Message Gate sends the result reference in a message to the Client Message Gate. In step 2134, the client creates a result gate from the result reference message after receiving the message. For example, a result notification can be messaged and the client can create a result gate according to the result notification in a manner similar to creating a message gate from a notification as described elsewhere.
At step 2136, the client uses the result gate to access the results. For example, the result is on the service device and the service generates a service result gate. A client result gate can be created to communicate with the service result gate, eg, the URI of the service result gate can be included in the result notification. Alternatively, the service stores the results elsewhere in the distributed computing environment and the client result gate can be configured to communicate with the result gate set up for the results. For example, the result is in space and the client result gate can communicate with the result gate in space.

In FIG. 45d, the service creates a result gate at step 2140. In step 2142, the service sends the result gate (in a message) to the client.
The client uses the received result gate to access the results. In this embodiment, the client does not have to set up a result gate.

The RMI process described here is transparent to the client process that originally invoked the method. From the perspective of the client process, the method appears to be called locally, and the results appear to be sent locally. Therefore, the combination of method gates with the message communication mechanism allows a "thin" client to perform processes that otherwise would be too large or too complex to run on the client.

An example implementation of a possible Java platform method gate is shown below.
The actual Java method gate implementation for the Java platform is
Defined in the platform bindings of a distributed computing environment. Each Java method gate that allows access to the result is actually a Java class instance (object) that implements the resulting interface. For example, if the result is a table type object, the result method gate
The class can be defined as follows. public class TableMethodGate implements Table {public Cell getNextCell ();}

The TableMethodGate object is cast as a table type and then returned as a method call result. This process is recursive.
In other words, if you call the getNextCell method, CellMethod
The Gate class and object instance are created and getNext
A Cell result is shown. public class CellMethodGate implements Cell {}

The choice of which gate type (message or method) to use for a particular service is handled in combination with platform bindings and each service notification. Some platforms may not support method gates. If your platform supports method gates, the binding can define the exact implementation. Second, the service notification interface may or may not be useful for RMI style programming. Service interfaces that support the RMI style programming model are flagged with the following XML attributes.
<MethodGateInterface = true>

MessageGate also supports event publishing and subscribing messaging. A message gate with event support is called an event gate. A service's XML schema indicates a collection of one or more events published by the service. Event
Gates can be constructed from XML schema. The event gate can be configured to recognize some or all of the collection of events published by the service, subscribe to those events, and deliver each event along with the events generated by the service.

A collection of events for a service can be described in the service's XML message schema. For each event message in the XML Schema, the event gate subscribes as the consumer of that event. In one embodiment, the event gate subscribes to all the events shown in the XML schema. Name each event message using XML tags. The event gate can subscribe by sending a subscribe message containing the XML tag of the subscribed event.

When a corresponding event occurs in a service, the service sends an event message to the subscriber to notify it of the event. The event message contains an XML event document, which is sent to each subscribed gate. When the subscribed gate receives the event message, the XML event document is removed from the message and the distribution process begins. Event distribution is the process of distributing event documents within the client platform. Each event consumer within the client platform can subscribe to the event gate for each type of event. On the Java platform, the input system is Java (translated from XML event type). Event consumers supply event handler callback methods to event gates. The Event Gate keeps a list of these subscribes. When each event message arrives at the gate (from the service that raised the event),
The gate traverses the list of client consumers, calls each handler method, and passes the XML event document as a parameter. In one embodiment, the XML event document is the only parameter passed to the handler callback method.

In one embodiment, the Event Gate automatically subscribes to events for local consumer clients. When the client registers an interest with the gate, the gate registers the interest with the event producer service. The client also unsubscribes from the interest, which causes the gate to unsubscribe from the service that generated the event.

The Event Gate uses the XML Schema to type-check event documents in exactly the same way that a normal Message Gate does in the standard request-response messaging style described above. The event gate may further include the authentication certificate in the sent message and verify the authentication certificate of the received event message.

Note that the combination of gating functions described above is supported by a single gate. Each type is described separately for clarity. For example, gates are message gates, method gates, and event gates that support flow control and resource monitoring.

Service Discovery Mechanism In one embodiment, the distributed computing environment comprises a service discovery mechanism that provides a means for clients to discover services and negotiate the authority to use some or all of the service's capabilities. Note that spaces are an example of services. The service discovery mechanism is secure and can track outgoing client requests and match incoming service responses.

The service discovery mechanism can provide various functions such as, but not limited to: The ability to find services using flexible search criteria, authorization mechanisms that can convey to a client the right to use the service's entire feature set or a subset thereof, such as the ability to request an authentication certificate, the client's ability to These include the ability to request a certificate, document, or other object to convey an interface. In one embodiment, the interface of the service may include the interface with the requested set of features of the service.

Discovery tracking responds to the initial request. In one embodiment, each client request may include a set of data returned in a matching response to correlate the request with the response.

In one embodiment of the distributed computing environment, the service discovery mechanism can provide flexible search criteria based on an extensible grammar. In one embodiment, the service name, service type, and other elements, if any, to be searched can be matched with elements in the XML document. In one embodiment, the XML document is a service notification for the service. XML is
Provides a flexible and extensible grammar for searching. XML also has the feature of being type safe for matching elements. In one embodiment, the service name and service type may be type checked against the element type of the XML service notification.

In one embodiment, the distributed computing environment may comprise a mechanism for clients to negotiate service access rights. In one embodiment,
This mechanism can be used to negotiate a subset of the full capabilities of the service. The result of the negotiation is an authorization, such as an authentication certificate, that conveys to the client the right to use the requested subset of service features.

In one embodiment, when using the service discovery mechanism, a client may request a security capability certificate for a service. In one embodiment, the client may indicate to the service the desired functionality in the form of secure notifications. In response, the service can respond to the client with a capability certificate that can convey the authority to use the requested function described in the protected notification.

In one embodiment, the distributed computing environment comprises a client
A mechanism can be provided for negotiating access rights and then obtaining a security certificate or document that can be used to present the access interface of the service to the set or subset of the service's capabilities requested by the client.

In one embodiment, a client that receives a capability certificate from a service can generate a custom service access interface document called a "full notification." In one embodiment, the full notification is an XML document. The generated notification can be used to access the service functions permitted to the client by the received capability certificate. In one embodiment, the notification provides an interface of only those service functions that the client is allowed to access with the capability certificate. In one embodiment, a client may be granted access for which the client has access privileges only for the functions that it requires.

In one embodiment, the distributed computing environment may include a mechanism for clients to negotiate services and capabilities. In one embodiment, clients can negotiate capabilities for services. The service then customizes the results based on the parameters negotiated with the client. For example, a client capable of 1-bit display at a resolution of 160x200 negotiates those parameters to the service, which allows the service to customize the results to the client.

An example of an XML function message is shown below, but is not intended to be limited in any way. <type name = "Capabilities"><element name = "display" type = "string"/><element name = "memory" type = "string"/><element name = "mime" type = "string"/> .... </ type>

The distributed computing environment provides a mechanism that allows clients to negotiate how a service returns the result of a service call. In one embodiment, the service may be provided with a means for selecting one of the result return methods when requesting a proof of capability. The service will then tell the client which outcome mechanism to use,
It also generates custom service notifications that can carry the service interface.

In one embodiment, the distributed computing environment comprises a mechanism for tracking service discovery search requests and responses to requests. In one embodiment, the search request and response messages comprise a field, which can be used to include a string or XML document. In one embodiment, the strings or XML documents contained in the fields of the request message are also returned in the response message. In one embodiment, the string or XML document should be returned in the response message. In one embodiment, the string or XML document may include additional information inserted or added within the string or document when returned in a response message. In one embodiment, this mechanism can be used to debug complex systems. In one embodiment, the mechanism further provides the client with a string or XML document,
Methods can be provided to select a service to access by passing custom search information between the client and service that only the client and service understand.

Component (Service) Interface Matching A distributed computing environment may include a mechanism for matching a component (eg, service) specification interface with a requested interface. For example, a client (which may be a service) may need a service that meets a set of interface requirements. Each component contains a description of the interface to which it conforms. The specification interface matching mechanism allows you to place the components that best match the requester's interface requirements. The specification interface matching mechanism can also perform "fuzzy" matching of interface requirements. In other words, this mechanism allows you to perform matching without having to specify exactly all aspects of the interface, and implement a recent matching (fuzzy) mechanism. In one embodiment, the specification interface matching mechanism can be implemented as a multi-level subclassing model that does not require specifications at a single interlace level.

In one embodiment, a component can describe its interface using XML Schema Definition Language (XSDL). XSDL provides a human-readable language for describing interfaces and can simplify activities that require human intervention, such as debugging. In one embodiment, the interface description may be provided as part of the notification (eg, service notification) as described elsewhere in this document.

The specification interface matching mechanism can be used to compare a basic desired interface with a set of interface descriptions for a component. One or more components are identified that match the underlying desired interface. The interface description includes subclass descriptions that more specifically describe the interfaces provided by the component. The search process can examine the class type hierarchy to determine if a given class is a subclass of the search type. In one embodiment, the subclass inherits the properties of the base class. Subclass-specific information cannot be examined during this phase. Therefore, it can be said that the search is generally executed. The identified component can be searched at the next (subclass) level. The search will be specific to the subclass and can be performed by interpreting the subclass information contained in the interface description. The search continues for one or more subclasses until one or more components that most recently match the requester's desired interface are determined.

In one embodiment, the interface matching mechanism provides the ability to distinguish between two or more components that implement similar interfaces. In one embodiment, the interface matching mechanism provides the ability to distinguish different revisions of the same component.

In one embodiment, a component description may be presented that includes a specification of the interface to which the component applies. The component description can also include information about the component itself. The interface description and / or component information can be used to distinguish between different implementations of a given interface. The component description can include standard identifiers and version information. Version information can be used to distinguish between component revisions. In one embodiment, the component description may be provided as part of a notification (eg, service notification) as described elsewhere in this document.

In one embodiment, a component is searched for a particular standard identifier. Two or more components with matching standard identifiers can be identified. One or more components may be selected from those with matching standard identifiers. The selection procedure uses interface specification version, component implementation specification, component implementation specification version, other information or combination of information from the component description,
A collection of one or more components that best match the requester's requirements can be output.

Space As mentioned above, the distributed computing environment is space dependent and provides a rendezvous mechanism that mediates services or content to clients. FIG. 15 shows the basic usage of the space 114. The service provider can advertise the service in space 114. Client 110 finds the notification in space 114 and uses the information from the notification to access the service utilizing the XML messaging mechanism of the distributed computing environment. There are many spaces, each containing an XML notification that describes a service or content. Thus, a space can be considered a repository of XML notifications of services and / or XML data, which can be raw data or notifications of data such as results.

The space itself is a service. Like services, spaces have notifications, and the space's clients must first get them to perform their space services. The space's self-notification can include an XML schema, one or more certificates, and a URI that indicates how to access the space. The client can build a gate from the space service's notification to access the space. The space's clients are themselves service providers seeking notifications within the space or modifying existing notifications. Alternatively, the space's clients are applications that seek to access the services or content listed by the space. Thus, space acts as a catalyst for interactions between clients and services in a distributed computing environment.

A space can be said to be a collection of named notifications. In one embodiment, the task of naming a notification is the process of associating a name string with the notification. This association occurs after storing the notification in the space. Removing the notification from the space disassociates the name from the notification. Spaces can be created with a single route announcement that describes the space itself. Additional notifications can be added to the space. The name of the notification can identify the notification in the space, including operations that specify the necessary graphing information, such as the name hierarchy. In the preferred embodiment, the distributed computing environment does not define the structure of space. That is, for example, a space is structured as a flat collection of unrelated notifications or a graph of related notifications (eg, a commercial database). In the preferred embodiment, the distributed computing environment does not specify how to actually store its contents in a space, so that space can be supported from small devices to large devices. For example, a simple space can be tailored to fit in a small device such as a PDA. Higher space can be implemented on large servers that employ large commercial databases.

As mentioned above, spaces may include notifications of services in a distributed computing environment. Notifications provide a mechanism for addressing and accessing services and / or content within a distributed computing environment. The notification can specify the URI of the service. In some embodiments, a URI can be used to access services over the internet. The notification may also include the XML schema of the service. The XML schema allows a client of a service to specify a set of messages to send to the service to invoke the service's functionality. In the XML schema,
Define the client service interface. With that, URI
And the XML specified in the notification specifies the address of the service and indicates how to access the service. Both the URI and the schema are XML and are prepared as notifications in the space. As such, it is possible to address a service in a distributed computing environment and expose the mechanism to access the service as a notification in space. The client discovers the space and looks up individual notifications for services or content.

FIG. 16 illustrates a notification structure according to one embodiment. The notification 500 can include a series of elements 502 arranged in a hierarchy, like any other XML document.
Each element 502 contains data or additional elements. The element further has an attribute 504. Attributes are name-value string pairs. Attributes store metadata, which makes it easy to describe the data within an element.

In some embodiments, notifications may exist in different states. One of such states is the draft state. In one embodiment, the notification is first constructed in a draft state that lies outside of the space. Notification authors can be constructed in various ways, such as using an XML editor. Access to drafted elements and attributes is done at the raw data and metadata level using appropriate means. Normally, you don't fire events for changes made to notifications in draft state. Thus, notification authors are free to add, modify, or delete elements, as well as publish the notifications to the rest of the distributed computing environment that have the desired set of attributes to validate.

In one embodiment, another possible state for notification is a publish state. Notifications transition to the published state when inserted into a space. Once the notification is in space, the associated clients and services can identify it using, for example, the name and / or its elements as search criteria. For example, the search criteria can be specified as an XML template document that can be compared (eg, by the space service) to notifications in the space. Published notifications are "online" ready for clients to use
Represents a service. The message address (URI) of the service can be stored as an element in the notification. Notifications that are deleted from the space transition back to the draft state where they are either discarded or retained. The deletion raises an event and the associated listener notices the change. Message Gates are typically created from published notifications.

In one embodiment, another possible state for notifications is persistent archive state. The archive procedure converts the live publish notification into a stream of bytes that can be stored persistently for later reconstruction. Archive notifications are sent from the space to the archive service (eg raw XM
In L format). The notification archive service URI can be stored as an element within the notification. XML can provide formats for storing and retrieving notifications and for representing the state of notification elements sufficient to reconstruct a notification object. Notifications can also be stored in other formats, depending on the implementation of the archive service. The process of making published notifications persistent prepares for persistent archive state notifications. Persistent notifications (for example, by an archive service) can be stored in a persistent storage location such as a file or database for future use. Space is archive
Although notifications can be stored via procedures, space does not necessarily play a significant role in actually storing persistent notification entries. The method of storing persistent notifications is determined by the notification archiving service. Normally, there are no events generated in place of archive notifications. Also, there may be cases where changes to notifications in the persistent archive state are not allowed. Notifications may be archived and deleted, or archived only. If a notification is archived without deleting it from the space, the space stores the shadow version of the notification. Notifications "fault in" from a persistent backing store on demand when accessing an archived service. With this feature, for example, on demand,
Notifications can be populated from LDAP (Lightweight Directory Access Protocol) entries.

FIG. 17 is a diagram showing an example of a notification state transition in which a notification is placed during its lifetime. First, a notification can be constructed, as shown in 1. At build time, the notification is in draft state. The notification is then inserted into the space, as shown at 2. Notifications can be inserted as published parents. The notification is in published state after being inserted into the space. Event (for example,
AdvInsertEvent) is generated when a notification is inserted into the space. The events are detailed below. The notification is archived and made persistent, as shown at 3, which transitions the notification to the persistent archive state. Notifications can also be published from the persistent archive state, as shown at 4. The notification is removed from the space and transitioned back to the draft state as shown in 5. Event (eg AdvRe
moveEvent) is generated when the notification is deleted.

In one embodiment, archived persistent state is not used. State changes 3 and 4 are also not used in this embodiment. In this embodiment, the notification is either in draft or published state.

The notifications stored in the space are version (may be an element), creation date (
A standardized element such as an attribute (which may be an attribute), a modification date (which may be an attribute), an implementation service URI (which may be an element), and / or a persistent archive service URI (which may be an element). And / or attributes.

The space itself is usually a service. Space services provide the ability to search for notifications within a space, which includes searching for spaces by type of notification. Space services can also provide the ability to read notifications, write (publish) notifications, and take (delete) notifications. Spaces also have the ability to subscribe to space event notification messages. Spaces have the ability to navigate the space relationship graph by location, the ability to read, write, or retrieve notification elements, the ability to read, write, or retrieve notification attributes, and the ability to subscribe to notification messages for notification events. For example, some have extended functions. For space features,
The details will be described below. Space functions are embodied in the space notification message schema. From the message schema, space address, and authentication certificate, you can create a client message gate to access the space and its features.

Spaces and all notifications within spaces can be addressed using URIs. In one embodiment, spaces and notification names follow URL naming conventions. In some embodiments, using a URI, such as a URL, to address the space makes the space accessible to the entire Internet. space·
To specify the message recipient (space service), use the URI received in the service notification for that space. The URI can include the protocol, host, port number, and name. A protocol names a protocol that can be used to move messages between clients and spaces (for example, trusted or untrusted sockets). The host and port numbers are protocol-dependent IDs. The name is the space name followed by the notification, element, and / or attribute name. In one embodiment, the path name may be used to identify the notification within the space. Pathnames are either absolute or relative. Absolute pathnames can specify notifications as well as spaces. Relative pathnames are relative to the specified notification within the expected space. In one embodiment, the syntax applied to create the pathname is the URI (Uniform Resource Identifier) syntax. Therefore, in that embodiment, notifications and space names cannot include URI reserved word characters or sequences of characters. Pathnames to elements and attributes can also be specified using URIs. In general, element and attribute names are found at http://java.sun.com/spacename/advertisement/element/attribut
It can be added to the notification path name such as e.

In one embodiment, the distributed computing environment provides a mechanism that allows a client to discover the URI of a space, but limits access to service notifications for that space. In one embodiment, instead of returning the full notification to the space, it returns the URI of the space and the URI of the authentication service for the space. To access the advertised document or service in the space, the client first performs self-authentication to the authentication service with the URI given in the return message. The authentication service returns an authentication certificate that the client can use to provide partial or full access to the space. When the client receives the authentication certificate, it connects to the space and tries to access the document or service notification in the space.

The distributed computing environment comprises mechanisms that allow clients to connect to a space. Embodiments of the connection mechanism support client-space addressing, client authorization, security, leasing, client capability determination, and client-space connection management. A client-space connection is called a session. In one embodiment, a session may be assigned a unique session identification number (session ID). Session I
D allows the client-space connection to be uniquely identified. In one embodiment, the session lease mechanism is used to perform transparent garbage collection of sessions when the client does not renew the lease.

An example of the use of such a connection mechanism according to one embodiment is given below. The client acquires an authentication certificate. In one embodiment, the space provides an authentication service in response to a client requesting access to the space. The client can obtain the authentication certificate through the authentication service.
Upon receiving the authentication certificate, the client can initiate a connection with the space by sending a connection request message. In one embodiment, the connection request message may include information about the space service URI address, the client's authentication certificate, and the connection lease the client is requesting. After receiving the connection request message, the space validates the message.
One embodiment can use XML schema to validate messages. The client can be authenticated using the authentication certificate. In one embodiment,
The information received in the connect request message can be used to determine the client's ability to use the space. In one embodiment, each client of the space may be assigned a respective set of abilities to use the space. In one embodiment, an access control list (ACL) containing capability information about one or more clients in the space can be used in the client capability determination. In one embodiment, the information received in the connect request message can be used to look up the capabilities of the client in the ACL.

After authenticating the client and determining the capabilities of the client, the connection lease allowing the client can be determined. After the lease is determined, a structure can be created that maintains the client-space connection. Generate a session ID for the connection. In one embodiment, each client-space connection is assigned a unique session ID. In one embodiment, the activation space is created and the client-
The space-to-space session can be assigned or, alternatively, an existing activation space can be assigned to the client-space session.
In one embodiment, the activated space can be used to store the results of the client's service when the space is used. In one embodiment, the client's capabilities are used to determine if an activation space is created for the client. For example, the client may not have the ability to access the activation space to store and retrieve results. One or more messages can be sent to the client to notify the client that the connection has been established. Information about the session ID and lease may be included in the one or more messages. The client can then use space such as, but not limited to, notification lookup, notification registration, and notification retrieval. In one embodiment, the connection remains open until the assigned lease expires or the client sends a message to the space requesting that the lease be revoked. In one embodiment, the client needs to renew the lease before it expires. If the lease expires before the client renews the lease, the connection is broken and the client loses its connection to the space. In one embodiment, reconnecting requires the client to repeat the connection procedure.

In one embodiment, a space's client may obtain the space's notification in several different ways. Some of the ways in which the client can get notifications for spaces are shown in FIG. For example, the space discovery protocol can be provided as part of a distributed computing environment. Space discovery is a protocol that clients or services use to find a space. The listener agent 202 can be configured in association with one or more spaces to monitor for discovery requests. Discovery listener agent 20
2 listens on various network interfaces and receives (in the agent's URI) a broadcast or unicast request from the client 200a looking for space. After that, the listener agent 20
2 responds with a service notification or URI regarding the service notification of the requested space. In one embodiment, the listener agent is generally separated from the space because its functionality is orthogonal to that of the space service. However, the listener agent can be implemented on the same device as the space service or on a different device.

In one embodiment, the discovery protocol may be a advertised service in the default space. The client instantiates a discovery protocol from the client's default space to discover additional space. The discovery protocol can be pre-registered in the client's default space. Apart from that,
The discovery protocol can also self-register with the default space, for example, when a client connects to the local network served by the discovery service, by placing a notification within that space.

In one embodiment, the space discovery protocol can be mapped to the basic device discovery protocol for other platforms such as SLP, Jini, UPnP. There, the client uses the distributed computing environment's discovery protocol to find services in other environments. It provides a bridge to these other environments and sends notifications to services in those other environments to make them accessible to clients of the distributed computing environment described herein. See the "Bridge" section.

For each advertised discovery protocol, a distributed computing environment may create a subsequent results space to hold the results of the discovery protocol. In one embodiment, the space service in the distributed computing environment is Multi
cast Announcement Protocol (multicast UD
P) can be used to announce on the LAN. The listener agent records this information. Device (client or service) is Mul
Initiate space manager discovery using the Ticast Request Protocol (Multicast UDP). In one embodiment, the space manager responds with information indicating the URI of each space. Alternatively, the listener agent can respond for multiple spaces.
The discovery response may also be used to set up a TCP connection with a short string that labels each space (eg, obtained from the space keyword) and, for example, each space manager performing an operation on each space. It can contain information that can be used. This information is useful when the client chooses which space to connect to, because the requesting device receives responses from multiple space managers (or multiple space listings from the listener agent).

In addition to the multicast discovery described above, the discovery service also provides unicast messaging (which can be used to discover space managers at known addresses on networks (eg, Internet, other WANs, LANs, etc.). Discovery can also be performed using TCP (for example). The unicast discovery message may include a request for space service with a known URI to send a service notification. The multicast discovery protocol and the unicast discovery protocol are defined at the message level, so that they will be used regardless of whether the device participating in the discovery supports Java or another particular language. be able to.

The discovery protocol facilitates the spreading of clients independently of the spreading of server content that supports clients in a distributed computing environment. For example, a mobile client can embed its initial default space on its local platform. In addition to local services advertised in the default space, mobile clients may be equipped with services to search for additional spaces, such as services to access discovery protocols and services to search space search engines. it can.

In one embodiment, the space discovery protocol in a distributed computing environment is
Defines a set of XML messages and their responses, allowing clients to: Broadcast a protocol definition space discovery message on the network interface. • Receive XML messages from listeners that describe the candidate spaces they represent. -Select one of the discovered spaces as default even if the client does not know the address of the selected space. Get information about the selected space, such as its address, so that the client can later find the same space by means outside of the discovery protocol (which later the client is no longer local but is still the client Useful when accessing the space involved.

In some embodiments, multicast and unicast discovery protocols require IP networks. While these discovery protocols meet the requirements of IP network-enabled devices, many devices are not directly supported by these discovery protocols. To meet the requirements of such devices for space discovery in a distributed computing environment, pre-discovery protocols are used to find IP network-enabled agents. The pre-discovery protocol can include devices that send messages on non-IP network interfaces that require network agents. The network agent sets up the connection between itself and the device. Once the connection between the device and the agent is set up, the agent participates in the discovery protocol on the IP network for the device it is used as an agent. network·
Agents also typically provide an interface for connecting devices to a distributed computing environment. For example, a gate can be built in the agent for the device to execute the advertised service in the discovered space. See the "Bridge" section.

Another method for a client to specify a space in a distributed computing environment is to notify the space within another space. Spaces are services, so you can be notified in other spaces just like any other service. As shown in FIG. 18, the client 200b has a second space 2
Find notification 206 in first space 204a for 04b. Space 2
04b then includes a notification to the additional space. Since the service (which implements the space) also acts as a client, the spaces exchange or chain notifications together to achieve base federation, as shown in FIG. A distributed computing environment can include any number of spaces. The number of spaces and the topology depend on the implementation. For example, the space implemented on the IP network may correspond to different subnets.

As a third method for identifying the space at the client, there is a method for executing the service 208 as shown in FIG. The service 208 is executed,
As a result, the service notification of the space service is returned. Service notification is XM
Since it is an L document and the distributed computing environment includes the Internet, the service 208 can be a web-based search tool. An example of such a service is the space lookup service described in FIG. In one embodiment, the space within the distributed computing environment can be implemented as a web page. Each web page base can include searchable keywords to identify the web page as a space in a distributed computing environment. Spaces not only contain other searchable keywords, but more spaces can be defined. The client connects to the search service 208 and supplies the keywords to the search service in the form of XML messages. The search service receives keywords from clients and sends them to Internet search engines, which may be conventional search engines or third-party search engines. The search service returns the results from the Internet search engine to the client either directly as an XML message or by reference to the results space. The result is the URI of the space that matches the search request. Alternatively, the search service contacts the spaces identified by the search and obtains service notifications for each such space, either directly as an XML message or by reference in the result space. Can be returned to the client. The client can then select a space from the search results, build a gate (either by itself or through a proxy) and access the selected space. After accessing the selected space,
The client looks up the service notification in that space, which adds the space.

As mentioned above, the space can be an XML-based website, and thus can be searched by the search mechanism on the Internet Web. The space can include Internet searchable keywords.
Some devices, such as small client devices, do not support Internet browsers. However, even such devices can perform Internet searches for spaces within a distributed computing environment. The device comprises a program that accepts a sequence of keywords, which are sent to a proxy program on the server (eg, search service). The proxy can send these keyword strings to a browser-based search function (eg, Internet search function) to perform the search. The proxy receives the output of the search, parses it into a character string (for example, an XML character string) representing each URI of the search result, and sends a response character string back to the client. Therefore, the client can identify the space via the Internet even if the client does not support a program such as a Web browser.
For more sophisticated devices, the use of proxies can be avoided and Internet-based lookup services can be started directly.

The fourth method for the client to specify the space is a method of acquiring or receiving information regarding the newly created empty space or the created space when the existing space is created. An existing space can have an interface that creates an empty space with the same functionality (eg, the same XML schema) as the space from which it was created. Space generation is described in detail below.

When a client of the space finds the notification of the space service, that client of the space can perform the space service as it would any other service. Note that the client of the space service may be another service (eg, a service that requires notification within the space). In one embodiment, as shown in FIG. 20, to perform a space service, a client of the space first performs an authentication service for the space and provides an authentication certificate, as shown at 300. get. The authentication service can specify the service of the space service in the notification. The space's client, as shown at 302, the authentication certificate, the space's XML schema (from the space's service notification), and the space's URI (from the space service notification).
Use to build a gate of space. Then the space client
Perform a space service by sending a message to the space service using the gate. The first such message is shown at 304.

In an embodiment that employs authentication, when the space service receives a first message from a client with an embedded authentication certificate, the space service uses the same authentication service (service notification of space service). Authenticates the client and establishes its identity, as shown at 306. The space service determines the client's capabilities and binds the client to an authentication certificate, as shown at 308.

As shown at 310, the space's client can perform various space functions by sending messages to the space service. In one embodiment, when a client of the space sends a request to the space service, the client passes an authentication certificate in the request so that the space service can check the request for the client's particular capabilities.

Each space is typically a service and may include an XML schema that defines the core functionality of the space service. The XML schema specifies a client interface with the space service. In one embodiment, all space services can issue basic level space-related messages. The basic level space function is a basic space function that can be used by most clients including small devices such as PDAs. For example, for more sophisticated clients, it may be desirable to add more features. The extension of the base level space can be realized by adding a message to the XML schema for notifying the space. For example, in one embodiment, a base level message does not enforce a relationship graph for notifications. For example, a message that traverses the hierarchy of notifications is a space extension. Such additional functionality may provide one or more extensions of space through the XML space schema or schema extensions. Since the extended schema contains the base schema, clients of the extension space can also access the space as the base space.

In one embodiment, the base space service comprises a temporary repository of XML documents (eg, service notifications, results of running services). However, the basic space service of one embodiment is
It may not support navigation or creation of space structures (eg, hierarchies) and advanced features that support a transaction model. Mechanisms that support persistence, hierarchies, and / or transactions are XM
It is realized by extending the L schema. The extended space still contains the base XML schema so that the client can treat the extension space as a base space if all that is needed or supported is the base space's functionality.

In one embodiment, the base space can be temporary. Base spaces can be accommodated for a variety of purposes. Service providers can register services in various spaces. In one embodiment, the service needs to continually renew the lease after publishing the information in the space. Due to this nature, service notifications are often temporary in that they are reconstructed and / or reconfirmed. However, it is desirable to achieve some persistence in the space. For example, the space that has a result is
You can provide some persistence for users who want to avoid losing results for a period of time. In one embodiment, persistence may be achieved by specifying a space interface that allows a client to control objects in the space backed by the persistent store and manage maintenance of that persistent store. it can. Persistence interfaces can be specified in the extended XML schema of the space that defines the interface for persistence.

In one embodiment, the base space comprises an interface in which XML documents are added to the space and can be identified by a string. A base space cannot implement a hierarchy of various named XML documents within the space. In embodiments where hierarchy support is desired, additional interfaces may be defined that allow the user to specify the hierarchy (extending the XML schema). You can also navigate the hierarchy or specify other interfaces to navigate the relationship graph by location. However, other users can still use the base space interface to access the same document without using the hierarchy. Extended space schemas can also provide interfaces to structures in other spaces.

An extended XML space interface can also be implemented for the space transaction model. For example, the Extended Space XML Schema specifies the interface for ACID transactions. ACID is an acronym used to describe four characteristics of enterprise level transactions. ACID is Atomicity, Consis
tency, Isolation, and Durabil
It is an abbreviation for each of the ties (durability). Atomicity means that the transaction is either completely completed or undone. In the event of failure, all operations and procedures should be undone and all data should be rolled back to their previous state. Consistency means that a transaction transforms the system from one consistent state to the other consistent state. Independence means that each transaction occurs independently of other transactions that occur at the same time. Durability means that a completed transaction is durable without loss of content, for example when the system fails. Other transaction models can also be specified in the extended space schema.

The extended space schema can be an XML document that specifies the extended space features, functionality, or message interfaces (eg, XML messages) for using the functionality. A space can have a base schema and multiple extended schemas. This allows different levels of service to be easily provided to different clients depending on the authentication of the client.

In addition to space persistence, structure, and transaction extensions, other space extension features can be specified, if desired. For example, the ability to read, write, or retrieve notification elements, the ability to read, write, or retrieve notification attributes, and the ability to subscribe to notification messages for notification events.
Extensions may also be provided for manipulating notifications at the element or attribute level. Spaces can serve virtually any number of functions and can be arranged in base and extended schemas as needed. In one embodiment, all base spaces should have the ability to read, write, capture, and look up notifications, as well as the ability to subscribe to space events. Various space functions can be prepared. In some embodiments, functionality may be provided for establishing a session with the space. In such an embodiment, the remaining space functions are not available by the time they are completed. In other embodiments, the concept of session is absent or optional and / or implementation dependent.

As another space function, there is also a function of adding a service notification to the space or deleting a service notification from the space. In addition, space functionality can be provided to add or remove XML documents (probably results in spaces, not notifications). Space Services checks the uniqueness of an item before allowing it to be added. For example, each item added to the space can be associated with a user-specified string that can be used to identify the item and check its uniqueness.

In one embodiment, the client may request a listing, tree, or other representation of all services advertised within the space. The user then scrolls or steers the notification to select the desired service. The space also provides a lookup function that allows clients to search for services by providing a keyword or string name. In one embodiment, the space function comprises a mechanism for looking up space entries that have been added to the space. The lookup function is a string that matches the name,
Or it can be looked up with a wildcard or a database query. The lookup function returns a number of entries that the client can select one or perform a further refined search. In one embodiment, the lookup function comprises a mechanism for identifying service notifications that match a particular XML schema. Clients can search for specific XMs in the space
The L schema, or part of a particular XML, can be specified. Therefore,
Services can be searched in the space according to the interface function.

Another space feature that can be provided in a distributed computing environment is a mechanism by which services and clients can find temporary documents based on a typing model such as XML. This mechanism is a generic typed document lookup mechanism. In one embodiment, this lookup mechanism is based on XML. This lookup mechanism allows clients and services to find documents in general, including services via service notifications.

In one embodiment, a space lookup and response message pair can be used to enable clients and services to find XML documents stored in the network temporary document store (space). Space is a document space used to store various documents. In one embodiment, the document is an XML document or a non-XML document encapsulated in XML. Spaces will be discussed in more detail elsewhere. Lookup messages work on any kind of XML document stored in the space, including service notifications and device driver notifications. In one embodiment, the client (
Other services) may use the discovery mechanism as described elsewhere to find one or more document spaces. The client can then use the space lookup message to identify the documents stored in the space.

The distributed computing environment includes mechanisms for services and clients to subscribe to and receive events regarding the publication of XML documents. Events are temporary XML documents such as spaces.
It may include the ability to publish and remove XML documents from the repository. In one embodiment, the event is an XML document that references another XML document.

In one embodiment, a space event subscribe and response message pair can be used to allow clients and services to subscribe to events for documents that are added to or removed from the space. In one embodiment, the event subscribe may be leased using the leasing mechanism described elsewhere. In one embodiment,
You can cancel the subscription when the lease is canceled or when it expires. In one embodiment, subscribing can be renewed when renewing the lease on the subscribe.

In one embodiment, the event subscribe message includes a document
An XML schema that can be used as a matching mechanism can be included. Documents that match the schema are handled by subscribe.
In one embodiment, documents added to the space and matching the XML schema generate a space event message.

Further, it is possible to provide a space function that allows a client to register (or deregister) to obtain a notification when something is added to or deleted from a space. Spaces can store temporary content, which reflects services added to or deleted from the space. For example, a mechanism could be provided to notify the client when a service is available or unavailable. Clients can subscribe to the event service to get such notifications. In one embodiment, the client does so when adding or removing services with a name that matches the specified string or a schema that matches the specified schema (or schema part). You can register to be notified. Therefore, the query to register with the space event notification function is the same or similar to that of the service lookup function described above.

Events are typed. In some embodiments, the event feature supported by spaces allows event listeners to, for example,
A class (or XML type) hierarchy can be utilized. For example, AdvE
By waiting for the elementEvent to occur, the listener will be of type AdvEle.
Receives all events of mentEvent and its subclasses (XML type). Thus, in this example, all events related to element changes (although there are no insertions and deletions of notifications) are received.

In another example, a top-level event class or type, eg Spac
All space events are received when subscribing or waiting for an eEvent. The event class type is, for example, Java instan
It can be distinguished via the ce of operator or the XML typing system.

Events include URIs to notifications or elements that are affected. For example, AdvertisementEvent and all its subclasses contain a reference (eg, URI or URL) to the affected notification. AdvEle
mentEvent and its subclasses can inspect for the name of the affected element. For example, the previous element value (URI or URL) is Ad
vElementRemoveEvent and AdvElementValue
It can be used from eChangeEvent.

The type hierarchy of space events of one embodiment is shown in FIG. Types are defined in XML and can be used in any other suitable object oriented language such as Java or C ++.

The space has a function for the client to instantiate the advertised service in the space. Instantiation of a service is an initialization done so that a client can execute the service. One embodiment of service instantiation is shown in FIG. To instantiate the service, the client first
Select one of the service announcements published in the space, as indicated at 320. The client can look up different notifications in the space using different features, such as the lookup function provided in the space. Next, the client requests the space to instantiate the service, as shown at 322.

In one embodiment, service instantiation includes the following operations. After the client requests the space service to instantiate the selected service, the space service, as shown at 322, the client instantiates the requested service, as shown at 324. Confirm that it can be converted. Space Services performs this verification by looking at the authentication certificate contained in the client's message. The authentication certificate is the certificate that the client receives when establishing a session with the space service. The space service verifies if the client can instantiate the requested service depending on the client's authentication credentials and capabilities indicated to the client. See the "Authentication and Security" section below.

Assuming the client is authorized, the space service also
As shown at 326, a lease of service notification for the client can be obtained at the lease request time specified by the client. Leasing is detailed below. The space service sends a message to the client containing the assigned lease and service notification of the service, as shown at 328. In one embodiment, the client performs the authentication service specified in the service notification and obtains the authentication certificate, as shown at 330.
See the Authentication and Security section for more information on authentication services. Next, the client builds a gate for the service, as shown at 332 (eg, XML schema and service UR from authentication certificate and notification).
I)). See the "Gate" section. The above-described communication between the client and the space service is performed using XML messaging in a distributed computing environment. The client then executes the service using the constructed gate and XML messaging. The service likewise builds a service gate for communication with the client via XML messages.

As a summary, a usage example of a space will be described below. Clients can access (eg, connect to) space services. (The service is
Act as a client to access or otherwise use the space. 3.) Space services are stored within one or more service notifications and / or other content spaces, each of which includes information that can be used to access and execute the corresponding service. A space service can comprise a schema that specifies one or more messages that can be used to invoke the space service's functions. For example, the schema can specify a method that reads notifications from the space and publishes the notifications in the space. Schemas and service notifications can represent objects, such as Extensible Markup Language (XML), in a representation language. When accessing the space service, the client sends information such as an XML message (specified in the schema) to the space service at the internet address. When accessing the space service, the client searches for service notifications for one or more stored in the space. The client can select one of the service notifications from the space. In one embodiment, the client sends an instantiation request to the space after selecting the desired service notification from the space. Obtain a lease for the desired service and send the selected service notification to the client via the lease and space service. The client then builds a gate for access to the desired service. The desired service can be executed on behalf of the client.

Another feature provided by the space service is the ability to create or create empty spaces. When using this space feature, clients (which may be services to other clients) can dynamically create new spaces. In one embodiment, this space function may comprise an interface that creates an empty space with the same function (same XML schema or extension schema) as the space from which it was created. This feature can be used to generate space (eg, dynamically) for the result. For example, the client can place a result in the generated space with the service or generate a space that requests the result to be posted in the generated space. The client passes the generated space URI and / or authentication certificate to the service. Or the service creates a space for the result and the URI of the created space
And / or pass the authentication certificate to the client. In some embodiments, once a space has been created, the space described herein can be discovered, as well as other spaces, using one or more of the discovery mechanisms.

A mechanism for creating a space via an interface in another space (
For example, the space generation function) can be used to efficiently create a new space. For example, in one embodiment, the same functionality used in the original space for storage may be used to allocate storage for the generated space. Also, the created space can share common service functions with the original (or parent) space. For example, a new URI can be assigned to the new space. In one embodiment, the new URI can be a redirection to a common space function shared with the original space. Therefore,
The newly created space can use the same service code or part of it as the original space.

The space function further comprises security management functions, for example for updating various security policies and other management functions of the space.
For example, the number and age of notifications can be controlled and monitored by the Route Space Service. Old notices can be collected and disposed of. For example, see the Leases section when notices can be considered obsolete. The service that implements the space is under the control of the administrator. The administrator can set policies in a service-dependent manner. In the space the features are even more
It has a function to delete empty spaces. Some spaces may be equipped with features or services that further support the diffusion of certain clients, such as mobile clients. For example, a service in a space that can be discovered by a mobile client by a discovery protocol or the like supports the mobile client in the following manner: Assigns and manages a temporary network address to the client. -Pass the message communication to the proxy for the client.・ Provide a search function for additional space. For example, the service allows clients to specify keywords via a simple interface. The service then uses the keywords in a web search engine to search for spaces on the web, as detailed herein. In other embodiments, the search service constrains the client to searching a very small number of supported spaces within the distributed computing environment.

As mentioned previously (see FIG. 9 and accompanying text), spaces provide a convenient mechanism for storing results from services performed by clients. When using space for results, small clients can receive the results of executing services in pieces. Some services can generate a large amount of results. By using spaces to store results from a service, clients can also use the service if they do not have the resources to receive all the results at once. In addition, by using space to store results, services running on a fast busy server can be relieved of direct interaction with slow clients when large numbers of results are returned. it can. Therefore, the service can be released immediately and can be used by other clients.

Spaces provide a convenient mechanism for accessing results by different clients and / or at different times. For example, the client may not be able to use the entire result, but the user wants to use another client that can access the result later to access the rest of the result.
For example, the results may include a stock quote, a display of the current stock price (accessible from the PDA), and a stock price chart display (accessible later from a laptop). Also, using space in a distributed computing environment for results allows clients to feed the results of one service to another, without having to download the results first. For example, in the stock market situation above, the PDA can send the chart to another service where it can be printed and the PDA does not need to download the chart itself. Thus, the result space provides a mechanism for clients to pass results to other clients or services without processing or receiving them.

In different embodiments, the decision to use space for the result is ordered by the service, ordered by the client, and / or requested by the client. The service may, for example, in its notification offer to use space for the result. In one embodiment, either the client or service can create new space for the results or use existing space for the results. See the description of space generation.

In one embodiment, using space for results does not necessarily require the service to put all results in that space. There may be alternatives to the results generated by the service. For example, some or all of the results can be sent inline to the client by message. Alternatively, you can put the results in a space and then send a notification message to the client to refer to the results (eg, include a URI to the results or a URI to notify the results).
Another option is to put the results in a space and send a notification with an event from the space. For example, clients and services call the result under some specific name, and the client receives an event when adding such a named result to the space (using space features such as the one above). You can register in the space. See above for event notification.

[0229] Thus, several different mechanisms by which a service returns a result to a client can be used within a distributed computing environment. The actual result is XM
The value in the L message is returned to the client, or the result is returned to the client by reference by the actual value (or notification of the actual result) placed in the space, and the client references the result in the space. You will receive a message. In addition, results or result notifications can be placed in the space and events can be notified to clients.

Other results processing mechanisms specify other services for client-supplied results. For example, if a client executes a service that outputs a result, the client may instruct the service (eg, via XML messaging) to send the result to another service for further processing. This requires that the client direct the other service to the URI of the notification to execute the other service and pass the result, and the result output service creates a gate to the other service. In this example, the result output service may be a client of other services. In some embodiments, the client sends a schema or pre-built gate to the result output service to access the service for further processing. An example of a service to be further processed is a display service that can display the results of the original client. This display service is on or associated with the same device as the client.

The result space and method gates can provide simple remote method invocations that are practical for thin clients with minimal memory and very low bandwidth in a distributed computing environment. However, it does not have the annoying side-effect of huge program objects (along with the required classes) being returned to the client (always) over the network (as is the case with traditional remote method invocation techniques). Instead, the results can be returned in the result space and only when needed (and resident on the client),
It is the actual object downloaded to the client.

The mechanism provided by the distributed computing environment to invoke remote methods is as follows (see also the description of method gates in the "Gate" section): You can post an object within a space (for example,
As a service or as part of a service). Notification is the UR of the object
Contains a reference that contains the I (eg, URL) along with other access parameters such as security credentials and XML schema. The client has set or constructed a client method gate for the object, which takes method parameters and creates a request XML message for every method of the object (or service) itself to create the object. It has a wrapper method to call the method. The XML message is sent to the service gate which calls the actual method on the service object. When that method returns a result object, the service gate posts the result object in the result space and returns the message to the client with a reference to the result object.

Therefore, for a client to call a remote method, the client first sends a message that instantiates an object (eg, service), as described above. In one embodiment, instancing an object involves creating or creating a result space. In other embodiments, creating the result space is separate from instantiating the object. Instantiation returns an object URI to the client and the client and service gate are dynamically created when the client requests instantiation. In some embodiments, the result space already exists and is advertised by the object (service). Some or all of these gates have also been pre-built or reused.

After the client instantiates the object, the appropriate client
Invoking the method gate locally affects the remote call to the actual remote object, as described above. The method of remote method invocation in a distributed computing environment is recursive, and when a client gate is invoked, the object reference is returned to the client rather than the object itself. Note that such returned objects have already been instantiated. In some embodiments, the client side makes the decision to download the entire object itself, as well as calling it remotely.

The method or service invoked as described above creates a child gate associated with the result document. The method returns the reference's child gates (or the schema, URI, and certificate for the client to build the child gates) rather than the reference itself. The client can then access the reference through the child gate. The child gate may be a method gate.

As mentioned above, this remote method invocation provided in the distributed computing environment allows the actual result object to be stored in the service result space (which can be dynamically created by, for example, a servlet). . The result space is temporary. The result space can act as a query result cache. Server software (garbage collector) that cleans up the old result area crawls the result cache. It uses distributed garbage collection because it indicates that the client no longer needs the space or the server administrator sets an appropriate limit to fill the resulting space until it is destroyed. Is.

Returning to FIG. 23, a diagram of the default space 350 is shown. The distributed computing environment provides at least one default space to allow clients to find an initial set of notifications. The device may have a locally existing default space that incorporates a prebuilt gate. The advertised service in its default space resides locally on the device and comprises system software that enables or facilitates the device's participation in a distributed computing environment.

The default space 350 comprises one or more mechanisms 352 for identifying external spaces, as shown in FIG. One service in the default space can execute the space discovery protocol described above to find the external space. Also, the external space can be notified in the default space. In addition, it advertises services (eg, search engines or proxy servers to search engines) within default spaces that determine or find external spaces. Each space is similar to a file system mount point. Thus, the distributed computing environment can provide searchable dynamic mount points for services. The default space is the client's initial mount point into the distributed computing environment.

A default space or a function for accessing the default space can be built into the device. A client execution environment can be provided in a distributed computing environment through the default space and local services that reside on the device. Device local services and default space
The service incorporates a prebuilt gate. One of the built-in services listed in the default space is the service that runs the discovery protocol, which allows clients to identify additional (eg, external) spaces.
The default space comprises built-in services that provide an execution environment for clients that client users can use to browse the space, select services, and instantiate them. Such services allow clients to manipulate entire strings (eg, keywords for space search), result lookup (
For example, it provides a simple user interface for viewing or browsing a space listing, or a service listing within a space, selecting an item (eg, to select and instantiate a service), and so on.

Devices that primarily provide services also include a default space,
The default space can have built-in services that allow the service to manage self-notification in different spaces. For example, devices such as printers have built-in default services that find a space (perhaps utilizing a discovery protocol) on a local area network and add printer service notifications to that space. The service can also use L to update the lease, update the printer XML schema, and so on.
It is also possible to maintain printer service notifications in the AN space.

For some devices that provide a service, the overhead of notifying the service and finding space to maintain that notification is undesirable. In one embodiment, rather than searching and maintaining one or more spaces to publish service notifications, the services of some devices send those notifications in response to a connection request. For example, a printer device that has proximity-based printer services available will not keep notifications in the space.
Or outside the device). Instead, when another device establishes a connection with the printer device (for example, a user who owns a laptop running a client tries to print a document), the printer service sends a service notification to the printer.・ Connect to the service that provides the printing function on the device,
An XML service schema can be provided that implements that service. Moreover, some devices only maintain notification for services in some neighborhood or local network. In such devices, it may not be desirable or accessible to support access to the transport for accessibility in a broad range.

One example of a service device where it is desirable for the device to avoid or limit service notifications in space is a device whose functionality is available on a proximity basis. Proximity-based services can provide feature notifications when requested. These notices may not be widely accessible. For example, proximity-based services can be provided in wireless communication systems. The term "wireless" means a communication, monitoring, or control system in which electromagnetic waves or waves transmit signals through the atmosphere, rather than electrical wires. Most wireless systems use radio frequency (RF) or infrared (IR) wavelengths. Usually in proximity-based wireless systems,
The device with the transceiver must be within range (proximity) from other devices to establish and maintain the communication channel. The device may also be a hub for connecting other devices to a wireless local area network (LAN).

As mentioned above, embodiments of the distributed computing environment provide a mechanism for a client to use a lookup space to rendezvous with a service. In a proximity computing environment, one embodiment of the distributed computing environment provides a service discovery mechanism that clients use to discover services without using lookup space as a rendezvous point. An IrDA point-to-point communication environment is an example of a proximity computing environment. In a proximity computing environment, proximity mechanisms can find the "physical" location of a service to a client. For example, in an IrDA environment, a client device physically refers to the device that contains the service that the client wants to use.

The proximity service discovery mechanism allows a client to request a service notification directly rather than sending a search request to the lookup space to request a service notification. Since the client device has established a proximity connection to the service device, the client can directly request the desired service. For example, a PDA client device may have established a proximity connection with a printer device and the client "knows" the printer of the printer device to request a service connection.

In one embodiment, the client sends the proximity service discovery message to the service
Can be sent to the device. The message includes information that specifies the intended service of the service device with which the client device makes a proximity connection. In one embodiment, the service of the service device responds to the proximity service discovery message and sends the client a service notification that the client will use to connect to the desired service. The proximity service discovery message further includes information used to authenticate the client and establish the client's capabilities with the service. When using the received service notification, the client can establish a gate to establish communication with the desired service. However, it is desirable to publish notifications for services that do not want or cannot maintain them in a widely accessible space. In one embodiment of a distributed computing environment, devices establishing a connection with devices that do not publish service notifications, such as proximity-based devices, can publish service notifications received from non-publishing devices. For example, a device that establishes a connection with a proximity-based device and sets up an alternate transport connection publishes (or republishes) service notifications received from the proximity-based device in the alternate transport environment and Make the service available (via a (re) published service notification) by other devices that are outside the device's normal proximity.

The publish device specifies notifications of locally published services of proximity-based devices through discovery and / or lookup services, or alternatively, service notifications are published by the local service device. But instead, instead of sending the service notification, as described above,
After establishing the connection, the local device sends to the publish device. In one embodiment, republished service notifications may be enabled as long as the device that maintains the notification is connected to or capable of connecting to the local device. For example, if the publish device disconnects from the local device (eg, moves out of the device's proximity), the service notification will be stalled or deleted. A lease that allows the space in which the notification is stored to send a lease renewal message to the publish device.
The mechanism can be realized. The publish device verifies the connection with the local device so that space can detect when the local device becomes unavailable. Local devices or administrative policies define rules for republishing service announcements to local neighbors (eg, proximity areas) or local networks. FIG. 24 illustrates a device for bridging a proximity-based device to another transport mechanism that allows services provided by the proximity-based device to be accessed by devices outside the device's proximity, according to one embodiment. It is a figure which shows an example. The publish device 1404 is connected to a network 1412, such as an Ethernet LAN or the Internet, and the proximity devices 1400 and 14
Establishes and maintains a proximity connection 1414 with 04. The proximity connection can be, for example, a wireless connection or a wired LAN connection. Proximity devices 1400 and 14
02 each send a post-connection service notification to the publishing device 1404, or alternatively, the publishing device identifies the service notification using a discovery and / or lookup service on the proximity connection. Publish device 1404 republishes service notifications 1416 and 1418 in space 1406 to make services provided by neighboring devices available to other devices 1408 and 1410 on network 1412. Space 1406 is the publish device or LA
It can be stored on other devices (including devices 1408 and 1410) connected to N.

Other devices on the LAN, including devices 1408 and 1410, have discovered space 1406 and have republished service notifications 1416 and 1418.
For proximity-based devices and communicates with these services (device 1404 acts as a proxy or bridge) on proximity-based devices 1400 and 1402 using the XML message passing scheme described above. Establishes and routes requests to and receives results from neighboring devices. The publish device 1404 is a proximity based network 1412.
It acts as a bridge to the proximity connection 1414 to the device.

Lease Lease is a distributed computing environment where partial failures, resource synchronization (
Scheduling) and perform an orderly resource cleanup process. Leasing allows you to manage independent clients and services that travel back and forth throughout your distributed system. The various resources that clients get from services (including space services) are:
You can lease from these services. In general, not all resources can or need to be leased. In one embodiment, the decision of which resources need to be leased is left to the implementation of each particular service. In particular, the resources used by a large number of clients may not require a lease at the same time, or may instead require a custom lease protocol. The class of such lease is left to the service provider. For example, custom protocols such as those that implement transactions can be built on the basic leasing scheme.
In one embodiment, the basic lease model is a relative time-based model.

The service issues a lease to the client and performs operations on the lease.
In one embodiment, all such leasing functions for a service are XMs for that service.
It is part of the L schema. Thus, the client can use that gate (which corresponds to the service and is built against the XML schema of the service) to perform the lease operation. In one embodiment, all services that issue leases
(I) lease renewal (lease specified parameters (eg, lease ID,
Lease certificate), requested new lease time), and (ii) lease revocation (lease specified parameters (eg lease ID, lease certificate))
Two leasing operations can be performed (only usable by the owner of the lease). In one embodiment, all leases are granted for a particular negotiable relative time (duration of lease). The requester specifies a certain time (for example, in seconds)
, The grantor can grant the lease until the time expires. In one embodiment, a value of -1 may specify a permanent lease.

In one embodiment, the service advertisement may include one or more leased addresses. In one embodiment, the lease address can be a URI. A standard lease message to renew or cancel a service resource lease can be sent to the lease URI. Example of lease URI: <leaser> service1: // resource1 </ leaser>

Notifications also include various lease messages, as described above. The lease message may include a message to renew a lease for a resource of service and a message to cancel a lease. In one embodiment, the notification may also include the message in an XML schema.

The leasing mechanism provides a mechanism for detecting service and client failures. Leases also provide a mechanism to provide shared and exclusive resource access. In one embodiment, all service resources have no leases (resources are not leased and therefore unavailable), shared resources (resources are accessed by multiple clients), or exclusive leases. Either (the resource is accessed by only one client at a time). In one embodiment, all resources begin with no leases. The no-lease state means that the underlying resource is currently not accessed, indicating that there is an interest in the resource and it is available for lease. The lease level can be increased from "none" to "shared", "none" to "exclusive", or "shared" to "exclusive". The lease independence level can also be from "exclusive" to "shared", "exclusive" to "none", or "
You can go from "shared" to "none". In one embodiment, the client may voluntarily raise or lower the lease independence level or request that the service do so. The response message from the service indicates whether the isolation level change was accepted.

Request-response message pairs can be used to solicit, release, and renew leases. Each message is tagged using the reserved XML tag to indicate that the message is a lease message. In a distributed computing environment, the full composition of messages is not necessarily defined. In such an embodiment, the service developer can add custom message content as long as the message is tagged as a lease message.

In one embodiment, a client that uses a leased resource (i) charges the resource as shared or exclusive, (ii) releases the resource request (
It is expected to either do so (when requested or done with the resource), and (iii) respond to the update message (by another claim at the same or different independence level). Update messages are sent by the service (eg, at regular intervals) to detect client failures. This interval (the update message is sent) is service specific. If no response to the update message is issued after a certain amount of time (for example, based on the time notified in the service notification)
, The resource reclamation process starts in service and completely destroys the lease. In such an embodiment, update messages sent to the client should be handled in a timely manner. Figure 25 illustrates the use of update messages between clients and instantiated services and between service providers and space services. Both can be thought of as the use of update messages between the client and the service, note that the service provider is the client to the space's notification service.

The update message is “out of band” which is inconvenient for the client to handle.
Arrives in a fashion. That is, the client cannot predict when an update message will be sent from the service. Out-of-band message processing adds complexity to the client's logic and complicates it. To solve this problem, an automatic lease renewal mechanism is implemented to reduce the effort of the client that needs to handle out-of-band messages and reduce the complexity of the client. With an automatic lease renewal mechanism, each gate (
A message, method, and / or event gate) receives an update message and can respond to it automatically without the help of the client. The default response to a renewal request is to solicit a lease at the current level. Each message gate may include a single reservation update response message that is automatically sent to the notification space service when the gate receives the update message. This "out-of-band" message is processed on behalf of the client, producing a clean client programming model. In one embodiment, the gate allows the client to register a lease event handler and specify different levels of isolation in the response message.

Standard lease messages can be defined in a distributed computing environment. In one embodiment, a custom lease model may define additional lease messages. In one embodiment, all services that issue leases can specify a URI when sending renewal and cancellation lease messages. The lease message can include an embedded certificate to authenticate the sender of the message. In one embodiment, the client may receive a certificate (eg, an authentication certificate) from the authentication service when instantiating the service and embed the certificate in the message sent to the service. In one embodiment, the authentication service is specified in the service announcement for that service. The service then authenticates the certificate when received in the message from the client. In one embodiment, the service sends the certificate when first received to the same authentication service that the client used to generate the certificate. Therefore, by issuing the certificate and embedding the certificate in the lease message, a secure lease environment can be realized. For example, embedding the certificate in the revocation lease message can effectively prevent anyone other than the authorized and certified client (and the service that issued the lease) from revoking the lease. See the Authentication and Security section for more details.

FIG. 44 is a flow chart showing a mechanism for leasing a resource. Step two
At 000, the client requests a lease on the resources provided by the service. In one embodiment, leases are time-based, that is, granted to clients for a period of time. In other embodiments, the lease may be a non-time based lease that is maintained until canceled by the client or service. In one embodiment, the service is a space service and the resource is a service advertisement to other services that is leased to the client by the space service. In one embodiment, the service is a space service, the client is itself a service, and the resource is to publish a service notification by the space service on behalf of the client / service. In one embodiment, the client specifies a resource and sends a request message to the service requesting a lease on the resource. In one embodiment, the message specifies the requested lease period. In one embodiment, the client message gate may send a lease request message to the service on behalf of the client. In one embodiment, the lease request message is an XML message.

In step 2002, the service grants the client a lease on the resource. In one embodiment, the service receives a lease request message from the client. The service can then grant the lease on the resource. In one embodiment, the lease request message includes the requested lease period. In one embodiment, the service may authorize the lease for an authorized lease term that is within the requested lease term. In one embodiment, the requested lease period corresponds to an indefinite lease (ie, an unexpired period). In this embodiment, the lease itself does not expire, so the client or service needs to cancel the lease.

The service notification provided to the client can be used to establish an initial lease of the resource provided by the service and requested by the client during access of the service. In one embodiment, the lease on the resource is granted upon instantiation of the service. In this embodiment, the client cannot send a lease request message to the service requesting the lease. In this embodiment, the service may grant the client an initial lease for one or more resources when instantiated from the service advertisement. For example, the space service may instantiate the service from a service notification on the space service in response to a request message from the client. A service, when instantiated, may grant a client a lease on one or more resources provided by the service without the client explicitly sending a message requesting a lease.

In step 2004, the client requests a lease renewal. In one embodiment, the service sends a lease renewal request message to the client. In one embodiment, a lease renewal request message is sent to the client prior to the expiration of the already granted lease period. The client responds to the message with a lease renewal response message for the service requesting the renewal of the lease. In one embodiment using a time-based lease, the lease renewal response message includes the requested lease period. In another embodiment using a non-time based lease, the lease renewal response message requires the lease to continue. In one embodiment, the client returns a lease renewal response message indicating to the service that the lease is no longer needed. In one embodiment, if the client does not send a lease renewal response message, the service side assumes that the client no longer needs a lease because the response message does not reach the service. For example, the client may be disconnected from the network. This allows the service to utilize a mechanism to detect unused leases and to perform a garbage collection of resources, including leased resources.

In one embodiment, the service does not send a lease renewal request message to the client. In this embodiment, the client instead monitors the granted lease period and sends a lease renewal message to the service before the granted lease period expires. The lease renewal message specifies the leased resource and the requested new lease period for the lease of the resource. In one embodiment,
The requested lease period corresponds to an indefinite lease (that is, an unexpired period). When the client no longer needs the lease, it sends no renewal message and discards the lease.

In one embodiment, the Client Message Gate handles lease renewal on behalf of the client process. Thus, the client process is relieved of the lease maintenance handling role. In one embodiment, the client message gate automatically responds to the lease renewal request message sent by the service. In one embodiment, a default lease renewal response message is compiled into the gate and automatically sent to the service by the gate that received the lease renewal request message. In other embodiments, the service does not send a lease renewal request message. In this embodiment, the client gate automatically sends a lease renewal message. In one embodiment, automatic shipping is performed on a regular basis. In one embodiment, the Client Message Gate monitors the currently granted lease period and sends a lease renewal message before the currently granted lease period expires.

In one embodiment, the lease is one of multiple access levels including exclusive access and shared access. Exclusive access gives the client exclusive rights to the resource and prohibits other clients from accessing the resource for the duration of the lease. With shared access, other clients are given the right to lease the same resources as the client at the moment, that is, to get a lease on a resource that overlaps with the lease held by the client. In one embodiment, the client holds a lease at one access level,
Send a lease renewal message requesting a lease at another access level.

In step 2006, the service authorizes the client to renew the lease of the resource after receiving the lease renewal message from the client. The lease renewal message has been dispatched in response to the lease renewal request message sent by the service to the client, or has been automatically dispatched by the client before the expiration of the already granted lease period. In one embodiment, the lease can be authorized for the authorized lease term. In one embodiment, the lease renewal message has already requested a lease renewal period. In one embodiment, the authorized lease term is within the requested lease term. In one embodiment, the service is
Reject client lease renewal requests. For example, a client may have exceeded the maximum cumulative lease period, or another client may need exclusive lease access to a resource. In one embodiment, the service may authorize the lease for a shorter period than the requested lease period. In one embodiment, the service sends a message to the client to inform the client when the lease is renewed. In one embodiment,
The message contains the authorized lease period.

In step 2008, the client sends a message to the service requesting the cancellation of the lease. This message specifies the resource from which the client will cancel the lease. In step 2010, the service cancels the lease. The service cancels the lease in response to receipt of the lease cancellation request message, as described in step 2008. In one embodiment, the service may also cancel the lease if the licensed lease period expires without receiving a lease renewal message from the client. The service may also cancel the lease for various other reasons. For example, other clients request exclusive access to the resource or the resource becomes unavailable. In one embodiment, the service sends a message to the client and informs the client if the lease has been revoked.

In one embodiment, security certificates, such as authentication certificates described below, may be included in the lease message sent between the client and service, as described in FIG. For example, the client can embed the security certificate in the lease renewal and lease revocation request messages sent to the service. When the service receives the message, it looks at the certificate to make sure it is from the lease holder, and also verifies the authenticity of the message. Thus, security is ensured within the lease mechanism by preventing entities that do not have the proper certificate from modifying the current lease by the service as well as the client.

In one embodiment, all lease messages sent between clients and services are in a data representation language. In one embodiment, the data representation language is Extensible Markup Language (XML). In one embodiment, all messages are sent and received by the Service Message Gate and the Client Message Gate. In one embodiment, the lease message can be described in the XML message schema provided to the client, which is used to
You can build a client message gate. In one embodiment, the XML message schema is obtained by the client, for example, in a service notification retrieved from the space service.

The leasing mechanism further comprises a mechanism for detecting stale (invalid) notifications. When a service publishes a notification in a space, the service gets a lease based on which it published the notification. Each notification describes the time the service has promised to update the notification. In one embodiment, all timeout values are specified in seconds. If the service continues to renew the lease, ensure that the space does some confirmation that the advertised service is still available. The update time counts down to zero by Space Services. If the service does not renew the lease, then the service may have failed, or may no longer provide, or no longer can provide. If the lease is not renewed, the space service will steal the service announcement and it will not be available to clients. The service updates the notification by sending an update message to the space. The space service receives these messages and resets the notification update time to the initial value.

In one embodiment, stale status notifications are not automatically deleted. Depending on your space policy, you can choose to remove stalled service notifications that have expired for a sufficiently long period of time. You can set the deletion policy in Space Services. The space service searches for notifications of the stalled state and either deletes it or informs the administrator, for example.

Space Services can use leases to manage the resources provided by its capabilities to Space's clients (including other services). For example, if a client wants to use a service, the space service requests the client to lease as part of instantiating the service. When performing the instantiation of a service, the client can execute the service. To instantiate a service, the client first selects one of the service announcements published in the space. Clients can look up notifications in a space using various features provided in the space. The client then requests the space to instantiate the service. The lease obtained when the service was instantiated was when the service notification was used (not the same as when the service notification was published). It should be noted that the space service allows multiple clients to lease for use of service notifications in the case of notifications indicating sharing. Otherwise, with space services, only one client leases for service announcements at a time (exclusive).

As another example of how Space Services uses leases to manage the resources provided to its clients by its capabilities, an XML document (eg,
When a service notification is added to or removed from a space, the space's clients may register to be notified when that happens.
The space's registered clients can get a lease on this subscription to the notification. This lease allows Space Services to know whether to continue sending notifications. Such a lease would not be necessary if the client has an active session with the space. Also note that when a client of a space (which may be a service) establishes a session with the space, the client can obtain a lease on that session. This allows the space to manage the resources associated with the session.

In another embodiment, the distributed computing environment employs a non-time based leasing mechanism. This lease is created when the object is charged for use. Instead of a time-based mechanism, the billing method accepts a callback that informs the current lease holder that some other party wants to access the same object (eg, service). Therefore, as an alternative to time-based leasing, the client may instead bill for space objects (eg, services). If another client wants a lease that is incompatible with the lease of the current lease holder, the service sends a "callback message" to the client. Upon receiving the callback message, the client (that is, the client gate) invokes the callback method to determine whether to respond to the callback message (persist lease, cancel lease,
Change the access level to shared, etc.) Once the response is determined, the client gate sends a response message to the service. Such a distribution mechanism for managing leases can be implemented using the XML messaging layer.

In a non-time-based leasing embodiment, the distributed computing environment provides leases that support multiple levels (or types) of access, whereby
Lease compatibility can be determined with a distributed algorithm. Level has (i)
Keep objects in space (keepInSpace), (ii) read objects in space (readShared), and (iii)
) Exclusively read the object in the space (readExclusive)
) There is a level.

Authentication and Security The distributed computing environment supports naturally occurring distributed systems and heterogeneous distributed systems based on the asynchronous message communication model, and data and / or objects can be expressed in an expression language such as XML. In a distributed computing environment, for example, clients may connect to the service over the Internet. In a distributed computing environment, large numbers of network devices work together in a secure, reliable, and dynamic manner. A distributed computing environment defines protocols that substantially enable interoperability between compliant software components (clients and services).

In the context of a distributed computing environment, a device is a network transport addressable unit. Clients and services are Universal versions of software or firmware running on the device.
It can be implemented as a rsaR Resource Identifier (URI) addressable instance.

A large number of content points are arranged in the Internet space. The URI is a method used to identify content points, that is, pages of text, video or sound clips, images, software,
Firmware or other Internet content. The most common form of URI is a web page address, which is the Uniform
A specific form or subset of a URI called a Resource Locator (URL). The URI is typically the resource, the particular computer on which the resource resides, and the particular name of the resource on the computer (typically,
Describes the mechanism used to access (filename).

Clients and services (both can be implemented as software and / or firmware on the device) can connect over the Internet, corporate intranets, dynamic proximity networks, within a single computer, or by other network connectivity models. . For example, the size and complexity of devices that support clients and services can range from simple lighting switches to complex, highly available servers. Examples of devices include, but are not limited to, PDAs, cell phones, notebooks, laptops, more powerful PCs, even more powerful computer systems, and even supercomputers. There is. In some embodiments, abstracting client and service distances, latencies, and implementations,
It uses common discovery and communication methods to create a "black box" effect. By this definition method, the software implementation problem can be dealt with on the core platform, and a coarsely coupled system that can be scaled up or down according to the scale of the Internet can be realized.

The distributed computing environment provides Internet-centric programming models such as WEB and XML content representations, dynamic device discovery, and secure device communication accessible from a variety of network devices. The distributed computing environment includes a network programming model that is abstracted above the CPU level. This programming model has the following properties: Strongly typed data (addressed by URI) called URI address content Virtually unlimited persistent content storage (eg store) (including XML and non-XML content such as those identified by MIME type) Space Virtually unlimited temporary content memory (including XML content) called Descriptive XML that can be stored in space to notify interested clients
Metadata (data about data) content notification. Virtually unlimited number of instructions (embedded as messages) URI-addressed secure message endpoints (gates) Data flow support for coordinating work flows between distributed software programs ( Event message)

Services and clients can execute as programs within a distributed computing environment. The service can notify the client to the client who wants to use the service. The client may or may not reside within the same network device, and the device's code execution environment may or may not support the Java platform. The distributed computing environment becomes a powerful addressing scheme when using URIs to address content and message endpoints. The address can specify the location of the content or endpoint and also specify the route (or transport protocol) to use. Items addressed using a URI also have an associated security certificate. Security credentials can be used to control what clients are allowed to access the item and what operations are allowed on the item by authorized clients.

The advanced access provided by the distributed computing environment can be controlled by appropriate authentication and security systems and methods. Authentication and security in a distributed computing environment includes verifying the correctness of typing XML content in a message, securely identifying the sender to the recipient, and sending from client to service and vice versa. There is a mechanism to check the integrity of the received message and a mechanism to describe the message group of the service accepted by the client and enforce the message request condition on the message received by the service. The security and authentication features described above can be leveraged in a single atomic unit of code and data. Atomic units of code and data can be created dynamically. In one embodiment, atomic units of code and data, once created, represent a message endpoint (gate) and cannot be modified with respect to the security and authentication policies implemented at the time of creation.

The gate represents the authority to use some or all of the functions of the service. Each function can be represented in terms of a message that can be sent to the service. The gate can also be used to detect when a client fails to lease a resource.

Authentication and security are further approved that the client attempting to use the service is authorized to use the service and that the space to which the client receives the service notification provides the service notification. And / or a mechanism for verifying that the service notification itself has been approved.

Messaging can be implemented at the messaging layer as a means of communicating requests from clients to services and as a means of services responding to clients with results. The messaging layer of a distributed computing environment may include mechanisms that substantially ensure that valid XML messages are sent and that enable a language independent security model. At the messaging layer, sending message endpoints can be linked to receiving message endpoints. Two associated message endpoints can provide a secure, bidirectional atomic message channel suitable for request-response message communication between clients and services.

Embodiments of the distributed computing environment may publish notifications in space regarding services. The notification can be an XML document containing the service's XML schema and URI. The service may also include a service ID token or certificate in the notification, which may specify the authentication service used by both the client and the service. The client then identifies the service notification for the space and uses that notification to instantiate a MessageGate on the client. The client uses the authentication service specified in the notification to obtain an authentication certificate to send to the client in a message. In one embodiment, the client passes a service ID token or certificate from the service notification to the authentication service, which in turn uses the service token or the certificate to generate an authentication certificate for that client. You can In one embodiment, the client
It has a gate factory that receives the information needed to create a gate, which builds a message gate, communicates with the authentication service,
Get the client authentication certificate. The corresponding service message gate is instantiated on the service side.

The client, at some point, sends a first message to the service. In one embodiment, the client message gate embeds the client's authentication credentials built by the authentication service in the message. When the service receives the message, it uses the same authentication service to validate the authentication certificate received in the message. By sharing the same authentication service, different authentication protocols can be adopted, yet the details of authentication certificate generation can be separated from the client and the service. Therefore, the client can use different authentication certificate protocols with different services.

In one embodiment, the authentication service may determine the client's capabilities after first receiving a client authentication certificate from the service (eg, what the client is allowed to do with the service). ). The client's capabilities are bound by the client's identity. So the message from the client
The gate embeds the authentication certificate in all messages sent from the client to the service. The message arrives at the service message gate where it is checked by the authentication service to ensure that the message is from the client and that the message request is within the capabilities of the client. In another embodiment, the Service Message Gate handles capability determination and message checking for capabilities without using authentication services.

The client and Service Message Gate work together to provide a secure and reliable message channel. The gate is used as a secure message endpoint, and clients can perform services by sending and receiving secure and approved XML messages to and from the service.

Operations in the distributed computing environment are implemented as XML messages sent between clients and services. The protocol used to connect the client with the service and address the content in spaces and stores is defined by the messages that can be sent between the client and the service. Defining the protocol using messages allows different types of devices to participate in the protocol. Each device is free to implement the protocol in a way that best suits its capabilities and roles.

The capabilities of a service can be expressed in a message that the service accepts. A service's message set can be defined using an XML schema. The XML message schema defines each message format using XML typed tags. The usage rules for tags can also be defined in the schema. The message schema may be a component of an XML notification along with the message endpoint (gate) of the service used to receive the message. Extensions (more capabilities) can be added to a service by adding messages to the XML message schema.

In a distributed computing environment, authorized clients can use all of the capabilities of the service, or be limited to using a subset of the capabilities of the service. In one embodiment, after giving a set of capabilities to a client, the client cannot change that set without proper authorization. This model of function definition allows for service levels from the basic feature set to the extended feature set.

When performing the instantiation of a service, the client can execute the service. To instantiate a service, the client first selects one of the service announcements published in the space. The client is
You can look up notifications in a space using various features that are available in the space. The client then requests the space to instantiate the service. Instantiation of services includes, but is not limited to: 1. The client requests the space service to instantiate the service. 2. The space service verifies that the client is authorized to instantiate the service. 3. The Space Service gets a lease in the client's service announcement at the lease request time specified by the client. Alternatively, service notifications can be sent to the client, but without the lease mechanism. 4. The Space Service sends a message to the client containing the service notification for the lease and service assigned in step 3. 5. The client executes the authentication service specified by the service notification and acquires the authentication certificate. 6. The client builds a client message gate to communicate with the service. Use a series of dynamically generated numbers (keys, or tokens) as security or authentication credentials for a client to build trust between the client and service in a distributed computing environment. The one or more certificates can be used to verify the client's authority to use the service and to verify the messages exchanged between the client and the service. Each client and service has a unique certificate.

The type of authentication certificate required to use the service is returned to the client performing the service search. In one embodiment, the authentication certificate is a hidden object that the client needs to present each time it uses the service. In one embodiment, the authentication credentials are presented by the MessageGate for the client in all messages sent to the service. No matter what kind of authentication certificate the service requires, by using an authentication service external to the client and service, the client and service need not be aware of the authentication certificate structure or process.

The authentication certificate may further comprise a transport-specific ticket in addition to the service ticket. When executing a service, the transport can provide a secure connection, depending on the networking transport specified in the service notification. In some cases, if the data link layer is already secure, then it may not be necessary to use the secure transport on the already secure data link layer.

The concept of authentication certificates is sufficiently abstract to allow various levels of security based on certificate implementation. Security levels include, but are not limited to: 1. None (empty message has no security certificate or no certificate) When the physical connection characteristics of the transport enforce security, the message is either empty certificate or no certificate. It is enough. For example, a smart light switch connected to only one light switch controller is safe because that switch is wired in a safe manner. 2. Signed Message (Electronic Signature) A signed message contains an electronic signature that allows a service to verify the origin of the message (the client). 3. Encrypted messages (which the transport handles) Encrypted messages add another level of security by scrambling the contents of the message so that other certificates need to unscramble it. To do. 4. Capability Message (Service Capabilities and User Awareness) This level of security provides per-user security capabilities (eg, what the user is allowed to do) and fine-grained access control to services and individual service capabilities. be able to.

We use multiple levels of security zones because the implementation required to achieve a high level of security (capacity and encryption) is heavy. Supporting such security levels (or assisting boats) with message transport
In this case, we will utilize this support to provide a security level bridge service that bridges from one level of security to the other.

As described above, a service without a security model can accept an empty authentication certificate. For services with unrestricted access, gates can be built without authentication credentials or with "empty" authentication credentials. The gate of such a service does not send an authentication certificate with each message, or sends an empty certificate. The authentication service is an example of a service that does not restrict access. Other services require a user ID / password pair.

Authentication of Service Access Using Certificates In some embodiments, the client attempting to perform the service verifies that it is an authorized client, and the service notification received by the client is authorized. The mechanism for verifying that the service notification is valid and / or that the space from which the client received the service notification is authorized is based on a public / private key asymmetric cryptographic mechanism. In this mechanism, the authorized sending entity embeds the public key in the message and encrypts the message containing the public key with the private key. The entity that receives the encrypted message uses the public key to decrypt the message, finds the same public key embedded in the decrypted message, and verifies that the message is from an authorized entity. However, only that entity has the private key needed to encrypt the message. There, the entity issues a certificate that is virtually unforgettable, which other entities can decrypt (with the appropriate public key) and verify the message sent by the entity.

In one embodiment, messages in a distributed computing environment include several layers of public keys that are encrypted to authorize entities in a client-service communication model. In one embodiment, the service is a certificate C containing a public key X1.
Build 1. The service then uses the private key Y1 to encrypt the certificate.
The service stores the encrypted certificate C1 in the space as part of the service notification. Space then builds a new certificate C2 containing the certificate C1 and the space's public key X2. After that, the space uses the private key Y2 to generate the certificate C2.
Encrypt. When the client requests a service from the space, the space sends the service notification and the certificate C2 to the client. When the client builds the gate, it causes the gate to send a message to the service containing the encrypted certificate C2 and another certificate C3 containing the client's public key X3. C3 is encrypted using the client's private key Y3 before sending. The client public key X3 and the space public key X2 are also sent with the message. In one embodiment, the space's public key X2 is contained in C3 and is therefore encrypted at C3. In this embodiment, the client public key X3 is sent unencrypted in the message. In another embodiment, the client public key X3 and the space public key X2 are sent unencrypted in the message.

After creating the gate, the client, in one embodiment, receives the encrypted certificate C.
3. Send a message to the service containing 3 and the public key X3. In one embodiment, the space public key X2 is contained in C3. In another embodiment, the public key X2 is included (unencrypted) in a message external to C3. When the service receives the message, it decrypts the certificate C3 using the received client's public key X3 and the decrypted proof against the received public key X3 used to decrypt the message. Check the public key X3 embedded in document C3,
Validate that the message is from an authorized client. After that, the service decrypts the certificate C2 (extracted from the decrypted certificate C3) with the space public key X2 and embeds it in the decrypted certificate C2 against the space public key X2. Check the public key X2 and verify that the space certificate C2 is from the approved space. In one embodiment, the public key X2 of the space is included in certificate C3. In another embodiment, the space public key X2 is included in a message external to C3. In other embodiments, for example, the service obtains the space's public key X2 elsewhere from the space itself. Finally, the service decrypts the certificate C1 (extracted from the decrypted certificate C2) with the service's public key X1, checks the decrypted certificate, and the certificate was created by the service. Verify that it is a certificate (the certificate must include the service's public key).

A variety of key generation algorithms can be used in the distributed computing environment.
The key composition is hidden from both the client and the service, regardless of what key generation algorithm the client and service are using.

A Kerberos ticket is an example of a security certificate used in a distributed computing environment. Kerberos is a secure method of authenticating requests for services within a computer network. Ker
Beros allows a user to request an encrypted "ticket" for an authentication process that can be used to request a particular service. The user's password does not have to pass through the network.

In a distributed computing environment, a mechanism is provided that substantially guarantees that the quality of messages sent between clients and services is not compromised.
In one embodiment, the sender embeds a token containing information that the recipient can use to verify that the message has not been tampered with. There are several ways to generate information to embed in a message. In one embodiment, a hash of the message is calculated and sent with the message. Hashing involves the conversion of a string into a key ordinarily short fixed length value or key that represents the original string. Upon receiving the message, the recipient recalculates the hash and checks it against the hash sent. If the message has been modified, it is unlikely that the same hash will be generated. The sender encrypts the hash and sends the corresponding public key in the encrypted message, effectively guaranteeing that the hash is intact.

In another embodiment, an error detection scheme such as a cyclic redundancy check is used. Cyclic redundancy checking is a method of looking for errors in the data sent over a communication link. In embodiments that use a cyclic redundancy check, the sender applies an n-bit polynomial to the message and adds the resulting cyclic redundancy check (CRC) to the message. The recipient is
Apply the same polynomial (also passed in the message) to the message and compare the result with the result added by the sender. If there is a match, the message was successfully received. If there is no match, the sender is notified to resend the message.

Since the Gate Factory is "trusted" code, the Gate Factory also plays a role in security. By using a trusted gate factory to generate a gate, you can ensure that the gate is trusted code and that the code is correct for service notifications. The client is
As a means of authentication, it is necessary to present the client ID token or certificate to the gate factory. The service presents the service ID token or certificate to the client when the client creates the gate (eg,
Through notification). As described herein, the client and service token pair is used to create a third certificate that is used to enable the client to send messages to the service. This third certificate is called an authentication certificate. The authentication certificate is created by the authentication service during the authentication process. In one embodiment, services are free to use authentication policies.
In one embodiment, the authentication service manages the authentication policy on behalf of the service, so the service does not need to be aware of the particular authentication policy being used.

The client constructs a gate by using the authentication certificate received by executing the authentication service specified by the service notification. This allows the constructed gate to send the authentication certificate with the respective message to the service.
When the service receives the first authentication certificate from the client in the first message, the service authenticates the client using the authentication service specified in the service notification and binds the authentication certificate to the client's ID. Establish.

As already mentioned, some results output by the service are signaled in space and finally accessed using the results gate. The result gate is
It may or may not contain the same security certificate as the input gate used to generate the result. Since the inputs to the service are asynchronous with the outputs (results), the results are associated with different permission sets. For example, in a payroll service, different groups of clients can activate the payroll service to read the results (salary) of the payroll service. So the client needs to apply another authentication process to get access to the result, including the work of receiving the authentication certificate for the result from the authentication service specified in the result notification. .

The Message Gate relieves most of the security check burden from the service. The service allows you to focus on your ability and client authentication. The principle of least privilege is followed when ensuring that clients have access only to requested (or assigned) capabilities.

Security checks are performed during gate creation and / or gate usage (
(When sending and / or receiving messages). The process of gate creation begins when the client requests access to the notified item (service). In this process, the Client Gate Factory works with the service to mutually authenticate each other. The checks performed during gate creation are extensive and the number of checks performed during gate use is minimized. After authenticating the client with the service, the service determines the client's specific capabilities (for example, what the service is allowed to do with the client) and associates that capability with the client's authentication credentials. be able to. These specific capabilities allow you to specify what operations clients are allowed to perform on the service. Since the gate verifies that every message contains an authentication certificate, the service can check each request as it is received against the capabilities of the authenticated client.

A gate creation check ensures that the client has permission to use some or all of the service capabilities specified by the XML message schema. In one embodiment, these checks are performed using an access control list (ACL) with an authentication service such as Kerberos. Challenge-response sequences (such as passwords) can also be used to authenticate the client. In some embodiments, a hardware-based physical identification method may be used to authenticate the client. For example, a user may provide a physical identification feature such as a smart card for identification and authorization. Other mechanisms for authentication can also be used in other embodiments.

In one embodiment, no matter what means are used to authenticate the client, the authentication is transparent to both the client and the service, and
It is aware of the authentication service used by the factory, which handles the authentication mechanism and policies. Gate factories are product and environment dependent or can even be controlled by a configuration management system. In one embodiment,
The degree and method of client independence is platform dependent, but is visible to the gate factory. In some embodiments, a hardware-based physical identification method may be used to authenticate the client. For example, a user may provide a physical identification feature such as a smart card for identification and authorization. Other mechanisms for authentication can also be used in other embodiments.

Message gates in a distributed computing environment are typically associated with a single client. The gate factory determines the means of association.
Checks performed when sending a message confirm that the proper client is using the gate. In one embodiment, the gate is passed in the message and cloned if a new client wants to use the gate. The cloning process performs a new set of creation checks.

When the Space's client finds a notification of the Space service (the client may be another service), the Space's client performs the Space service as it would any other service. To run the space service,
Must use an authentication mechanism. The execution of space services includes, but is not limited to, the following: 1. The space client first executes the authentication service specified in the service notification of the space service to obtain the authentication certificate. 2. The space's client uses the authentication certificate, the space's XML schema (from the space's service notification), and the space's URI (from the space's service notification) to build the space's gate. In one embodiment, the client passes information to the gate factory to build the gate. 3. Space clients perform their space service by sending messages to the service using their gates. 4. When the space service receives the first message with the authentication certificate embedded from the client, it obtains the authentication certificate to authenticate the client using the same authentication service that the client used, and the client Determine the identity of. 5. The space service then determines the client's capabilities (eg, what the client is allowed to do on the space service) and binds that capability to the authentication certificate.

As described in the “Space” section, the space function can include an interface for generating an empty space having substantially the same function (same XML schema) as the generating space. The generation function can be used especially when dynamically generating space for the result. When a requester creates a space, only requesters are allowed access to the created space. For example,
The space created is used to store results from services that need to keep the client secure. This security is guaranteed as follows.

When creating the initial root authentication certificate and initializing the authentication service of the generated space, the authentication service authenticates only the root authentication certificate and prevents other authentication certificates from being returned ( There is no other client of generated space that is initially allowed).

The security policy of the created space is initialized so that the root ID associated with the root authentication certificate enables access to all the functions of the space including the security management function. Returns the root authentication certificate and service notification of the generated space to the requester of the generated space.

The Requester builds a gate to access the created space, since it returns the authentication certificate and service notification of the created space.
In one embodiment, only the client or service that the requester and the requester pass the authentication certificate and service notification of the created space has access to the created space. Limiting access to the generated space in this way is
This is useful, for example, when clients and services use their generated space to store results when they keep the results private.

After executing the service, the client changes the authentication policy of the created space using the security management space function, and then other clients or services can access the created space. In addition, discovery protocols or other means are used to make service notifications of the created space available to other clients of the created space (other clients may be services).

The message transport layer in a distributed computing environment comprises mechanisms to protect the security and safety of communications between clients and services at transport time. This kind of security is called "wire security" or "transport security".
This distinguishes it from the authentication security implemented by the messaging system including the gate. Message encryption is performed at the message transport layer of the distributed computing environment. Services that require encrypted transports do such work by tagging XML notifications. The gate factory then creates the gate (or gates) that uses a secure message transport such as those provided by Bluetooth or HTTPS.

HTTPS (Secure Hypertext Transfer Protocol) is a Web page that encrypts and decrypts user page requests and pages returned by Web servers.
It is a protocol. In HTTPS, a multi-bit key size (40 to 128 bits or more) is used for a stream encryption algorithm (for example, RC4) to perform sufficient encryption for commercial data exchange. HTTPS can be used as a transport in a distributed computing environment.

Bluetooth is a newly emerging peer-to-peer wireless communication standard.
The Bluetooth key generation algorithm can be used in a distributed computing environment. Bluetooth supports encryption keys. Cryptographic keys are transport-dependent, but client, service, and combination keys can be transport-independent.

26a- Authentication Service Providing Authentication Certificate to Client FIG. 26a is a flow diagram illustrating an authentication service providing authentication certificate to a client, according to one embodiment. A client in a distributed computing environment may require a service to perform one or more functions on behalf of the client. In one embodiment, an authentication service is provided for use by clients and services when setting up a secure messaging channel.
The authentication service performs functions for the client and / or service such as authenticating the client and / or service and the desired level of security and negotiating the message set passed between the client and the service.
The authentication service may be a process running within the distributed computing environment. The authentication service runs on the same device as the service and / or the client, or alternatively, the authentication service runs on another device, such as an authentication server. In one embodiment, the authentication service is an internet based service. The authentication service has its own address, for example, Universal.
It has a sal Resource Identifier (URI), which allows clients and / or services to communicate with authentication services. In one embodiment, the address of the authentication service is provided to the client in the service notification of the service. Clients and services that share an authentication service enable secure messaging between clients and services.
Channels can be established and any of several security and authentication protocols can be used with the messaging channel.

In one embodiment, the client presents the client ID token or certificate to the authentication service. Client tokens or certificates are sufficiently memorable and can be used to prove the identity of a client. The authentication service then checks the client ID token or certificate and issues to the client an authentication certificate that only the authentication service can create. The authentication certificate returned to the client is then sent by the client in all messages to the service. In one embodiment, the Client Message Gate is created by the Gate Factory and stores the authentication certificate in the Message Gate, and the Message Gate sends the authentication certificate to the service on behalf of the client in all messages. . Upon receiving the message, the service checks the authentication certificate. Only the authentication service can create the authentication certificate, so the service recognizes that the client has not tampered with the authentication certificate. In one embodiment, the service passes the authentication certificate to the same authentication service used by the client, verifies that the authentication certificate is valid, verifies that the client is an authorized client, and identifies the client identity. Find out.

All services, including space services and authentication services, can authenticate their clients. Once the service authenticates the client, the client can access the service. For example, for the space service, the client gets an XML notification from the space.

In one embodiment, a service provides a pre-arranged certificate for use by all clients of that service. In this embodiment, the authentication allows
The prearranged certificate is provided to the requesting client. The client presents the pre-arranged certificate to the service and is approved by the service.

In step 1000, the client requests an authentication certificate from the authentication service.
In one embodiment, the client searches for and identifies service notifications for the desired service. In one embodiment, the service notification includes a notification of the authentication service used to obtain the authentication credentials used in accessing the service. In one embodiment, the service notification includes an address such as the URI of the authentication service. In one embodiment, the client sends the information to an authentication service that requires an authentication certificate. In one embodiment, the client sends the information to a gate creation process, eg, a gate factory, which accesses the authentication service to obtain an authentication certificate.

At step 1002, the authentication service generates an authentication certificate for the client. The authentication certificate can be embedded in the message of the messaging system so that the recipient of the message can authenticate the sender of the message, verify that the message is from an authorized sender, and A data element or data structure that allows a party to verify that it is a message that it is authorized to send to the recipient. In one embodiment of a distributed computing environment, authentication credentials are specific to a messaging channel established between a particular client and a particular service. Step 1002 is shown in FIG.
Are shown and described in detail in. In step 1004 of Figure 26a, the authentication service returns the authentication certificate to the client. In one embodiment, the authentication certificate can be returned directly to the client. In one embodiment, the authentication certificate is returned to a gate creation process, eg, a gate factory, which then uses the authentication certificate to generate a gate.

FIG. 26b- Authentication Service for Generating Authentication Certificates FIG. 26b is a flow diagram illustrating an authentication service for expanding an authentication certificate at step 1002 of FIG. 26a, according to one embodiment. Step 100 of one embodiment
At 2a, the authentication service obtains a client token and a service token. In other embodiments, the authentication service only obtains the client token. In one embodiment, the client token is a unique identifier for a client in a distributed computing environment. In one embodiment, the service token is a unique identifier for the service in the distributed computing environment. For example, the public key of a public / private key encryption mechanism can be used as a unique identifier for clients and services. In one embodiment, the client receives the service token in the service notification and the client sends the client token and the service token to the authentication service. In other embodiments,
The client sends the client token and the service notification URI to the authentication service, which can retrieve the service token from the service notification.

At step 1002b, the authentication service verifies the client and / or service. In one embodiment, the authentication service uses the client token and service token obtained in step 1002a to validate the client and / or service. In another embodiment, only the client token is obtained at step 1002a and the client token is used at 1002b to validate the client. In one embodiment, the client has already registered its client token with the authentication service and the authentication service compares the received client token with the registered client token to determine if the client is a valid client. Can be verified. In one embodiment, the client is a logon
A challenge / response mechanism such as an account can be used to access the authentication service and validate the client as a valid client. In one embodiment, the service is already registered with the authentication service and has provided its service token to the authentication service. The authentication service then verifies that the client is trying to access a valid service by comparing the received service token with the service token already registered. Other types of client and service authentication can also be used. For example, the client provides an electronic signature or certificate that the authentication service can use to authenticate the client and / or to authenticate the service the client is trying to access.

In step 1002c, the authentication service generates an authentication certificate. In one embodiment, the authentication certificate includes an authentication token that only the authentication service can create. In one embodiment, the authentication service uses the client token and the service token to generate an authentication certificate. In another embodiment, the authentication service is a client
Generate an authentication certificate using only the token. In yet another embodiment, the authentication service does not use the obtained talk to generate an authentication certificate, but instead uses an authentication certificate generation algorithm to generate an authentication certificate that is virtually unforgettable. Can be generated. In one embodiment, the authentication service combines the service token and the client token to generate a unique authentication certificate. For example, the service token and the client token can be 64-bit values and the two tokens can be combined to generate a 128-bit authentication certificate. Other methods may be used in other embodiments to generate the authentication certificate.

Figure 41-Gate Creation Figure 41 is a flow diagram illustrating a method for creating a gate for a client according to one embodiment. In one embodiment, the gate factory is trusted code on the client that creates gates based on the XML service description. In other embodiments, the gate factory resides on another device and can be used by clients to generate gates. For example, the gate factory service can be accessed by clients to create gates. The gate factory can be used to ensure that the generated gate is trusted code and that the code is correct for service notifications.

The security checks that are performed at gate creation time are extensive, minimizing the number of security checks that need to be performed when using a gate. Security checks during gate creation can ensure that the client has permission to use the set of service capabilities specified in the message schema retrieved from the service notification. In one embodiment, these security checks are performed using an access control list (ACL) with an authentication service. In one embodiment, challenge / response sequences (such as logon and password accounts) can also be used to authenticate the client. In one embodiment, client authentication and gate creation security checks are hidden from clients and services, the gate factory only knows which authentication service to use, and the authentication service can be aware of authentication mechanisms and policies.

At step 1010, the gate factory obtains the authentication certificate that the client uses to communicate with the service. In one embodiment, the client has already obtained an authentication certificate from the authentication service and provides the authentication certificate to the gate factory. In another embodiment, the gate factory obtains the authentication certificate from the authentication service.

In one embodiment, the gate factory also gets the message schema of the service. In one embodiment, the gate factory sends messages from clients.
Get the schema. In another embodiment, the gate factory receives the message schema from the service notification. For example, the client sends the service notification URI to the gate factory, which uses the URI to obtain the message schema and connect to the service notification. The message schema describes a group of messages that are sent to or received from the service. For example, a message can be written that is sent from a client to a service to call the service or to call some part of the service. Also, a message sent from the service to the client such as a response message or an event notification message can be described. In one embodiment, the message is an XML message,
The message schema can be an XML message schema.

At step 1012, the Gate Factory creates a Client Message Gate. In one embodiment, the Gate Factory embeds the authentication certificate as data in the generated MessageGate so that the MessageGate code can access the authentication certificate. In other embodiments, the authentication credentials may be stored outside the client's MessageGate. In one embodiment, the URI of the service may also be embedded or provided to the gate by the gate factory.

At step 1012, the Gate Factory uses the message schema to generate a Client Message Gate. The message schema is
Can be used by a client to define a set of messages to send to a service through a MessageGate. The gate factory compiles its message schema into a gate. The gate factory allows the message schema to be compiled into a gate in an internal format suitable for quick access during the message validation process. Access to the service can be restricted to specific clients using the schema, which can limit the client to some access to the service. In one embodiment, when a client obtains a service notification from, for example, a space based on the client's capabilities and / or access rights, a limited message schema for that service is provided to the client. Thus, the gate factory can compile the restricted message schema into client message gates, thereby restricting client access to services. In one embodiment, the authentication service can determine a subset of the total message set that the client can send to the service. In a distributed computing environment, one or more levels of access can be set on a service. At a certain level of access, a client of a service has access to all of the request messages in the message schema for that service, and thus is able to access virtually all the functionality that the service provides to the client in a distributed computing environment. Can access. At other levels, clients of the service may have access to different subsets of request messages according to the message schema, and thus different subsets of service functionality. In one embodiment, the level of access also depends on the capabilities of the client. For example, thin clients cannot download large data files, thus limiting the use of messages requesting large data file downloads. In one embodiment, the client provides information about the client to the authentication service so that the client's access level can be determined. In one embodiment, the information may include a request for a particular level of access to the service. In one embodiment, the gate factory provides information to the authentication service so that it can determine the access level of its clients. The gate factory then creates a client message gate that can send a subset of the entire message set described in the message schema to the service based on the capabilities and / or access levels of the client.

At step 1014, the gate factory has created a client message gate, which the gate can notify the client to do. In one embodiment, the client message gate is a separate code module accessible by the client. In one embodiment, the client message gate resides on the client. The client is
It can generate a message and pass it to the client message gate, which can validate the message and send it to the service. Gates for exchanging messages with clients and services
Embodiments of the pairing mechanism are detailed in Figures 42a-42c. The gate factory embodiment is described in detail elsewhere. A gate consists of code and data, which itself can be passed in a message. This is an alternative way to create a gate on the client and / or service. In one embodiment, the gate passed in the message is cloned if a new client wants to use that gate. This cloning process performs some new gating security checks, including authentication of new clients. A new unique authentication certificate is generated for the new client and embedded in the gate of the clone.

FIG. 42a-- Client Sending Message to Service FIG. 42a is a flow diagram illustrating a method for a client to send a first message to a service, according to one embodiment. At step 1020, the client sends a message to the client message gate. In one embodiment, the message is X
This is an ML message. In step 1022, MessageGate embeds the authentication certificate in the message before sending it. In one embodiment, the authentication certificate is provided by the authentication service as part of the gate construction, as described above.

In one embodiment, the Message Gate can verify the type correctness, syntax, etc. of the data representation language of the message. In one embodiment, the MessageGate compares the message with the message template of the data representation language message schema to determine the correctness of the data representation language type of the message. In one embodiment, the message is an XML message and the message gate can check the message against the XML message schema. In one embodiment, the message schema is provided by the authentication service as part of the gate construction, as described above. In one embodiment, the MessageGate places the message template of the message in the schema and compares various items or fields in the message with the message template to determine the correctness of the item's type.

In one embodiment, the first message is a request message sent to the service received from the client, and the message gate is the message and / or the request service function specified in the message sent to the service by the client. It is possible to determine if it is within an allowed subset of possible messages and / or service functions. In one embodiment, the MessageGate compares the message with a subset of the allowed messages according to the message schema to determine if the message is allowed. In one embodiment, the service provided by the authentication service to the client can use the access level to determine the subset of messages allowed by the client to the service. In one embodiment, the first request message requests the service to establish a communication channel with the client. In one embodiment, the communication channel comprises a gate pair. A gate pair consists of a client message gate and a service message gate. In one embodiment, the service message gate is not present on the service when the first message is sent to the service.

At step 1024, the client message gate sends a first message to the service over the communication channel connecting the client to the service. In one embodiment, the Client Message Gate sends the message to the URI of the service. In one embodiment, the service URI is provided to the client in the service notification. In one embodiment, a client message gate is created for a particular service URI and all messages are
Routed to the RI, which creates a message channel from the client to the service. In one embodiment, the request message is a client message
Since it contains the address of the gate, the service can establish a communication link with the client through the client message gate. Non-limiting examples of addresses that can be used for Message Gates are Universal Uniq.
ue Identifiers (UUID) and URI. The process by which the service receives the first message from the client is shown and described in Figure 42b.

Figure 42b- Message Receiving Service from Client Figure 42b is a flow diagram illustrating a service for receiving a message from a client and authenticating the message using an authentication service according to one embodiment. At step 1030, the service receives a first message from the client. In one embodiment, the service message gate is not present on the service when the first message is received by the service. In one embodiment, the client message gate sends a first message to the service's URI, the service receives the first message from the client, and then creates a service message gate. In one embodiment, the U associated with the service notification is typically sent to the client by configuring a mechanism for the service.
The RI receives the message including the message from the client.
Upon receiving the first message from the client, the service creates a service gate and establishes a communication channel with the client through a gate pair consisting of the service message gate and the client message gate. In one embodiment, the address of the client message gate (eg, UUI
D or URI) from the client to the service in the first message, which is used to generate the service message gate. In one embodiment, the Service Message Gate communicates only with the Client Message Gate and thus with the client associated with the Message Gate. Thus, in some embodiments, at least one unique service message gate exists for each client currently in communication with the service.

As mentioned above, the Client Message Gate embeds the authentication certificate in the first message sent to the service. In step 1032, the service sends the authentication certificate to the authentication service. In one embodiment, the authentication service is the same authentication service that the client uses to generate the authentication certificate. In one embodiment, the Service Message Gate sends the authentication certificate to the authentication certificate. In one embodiment, the entire message is sent to the authentication service.

At step 1034, the authentication service performs verification of the authentication certificate. In one embodiment, the authentication service includes a copy of the authentication certificate when it was created. In one embodiment, the authentication service compares the authentication certificate received from the service with a copy of the authentication certificate. If the authentication certificates match in step 1036,
The authentication service notifies the service that the authentication certificate has been verified and appears to be valid. If the verification process fails, the authentication service notifies the service that the authentication certificate appears to be invalid.

In one embodiment, the authentication service can set the access level of the client accessing the functionality of the service. In one embodiment, the client has already set the access level of the service with the authentication service. In one embodiment, the authentication service informs the service of the client's access level. The service side uses the client's access level to determine the subset of request messages as described in the service message schema that the client sends to the service.

In step 1038, if the authentication service notifies the service in step 1036 that the authentication certificate is valid, the service generates a service message gate paired with the client gate, and the gate pair To form. The service message gate contains an authentication certificate for embedding in the message sent from the service to the client and for comparison with the authentication certificate in the message received from the client. Service Message Gate is a client
Contains the address of the Message Gate (such as UUID or URI). The service message gate may further include access level information for the client to verify that the message received from the client is contained within the subset of allowed messages sent by the client to the service. The Service Message Gate also includes a message schema that is used to type-check and syntax-validate messages received from clients and to verify whether the message is in an acceptable subset of messages. . In one embodiment, the service is a new service message
Gates can be created. In other embodiments, there is already a Service Message Gate that can be used to generate a Service Message Gate to communicate with the client prior to step 1038. In this embodiment, the service does not create a new gate, instead an existing gate can be updated with information about the message channel established between the client and the service.

In one embodiment, the service sends the message to the client after creating the service message gate. This message identifies the Service Message Gate to the Client Message Gate, and the Message Gate
Contains information for establishing a communication channel between a client and a service using a pair. In one embodiment, the message includes an address (such as UUID or URI) of the Service Message Gate.

42c- Message Exchange with Embedded Authentication Certificate FIG. 42c is a flow diagram illustrating the general process by which clients and services exchange messages with embedded authentication certificates according to one embodiment. In one embodiment, after the client message gate and service message gate are established, the client and service no longer require the services of the authentication service. Client Message Gate and Service Message
When sending a message, the gate embeds the authentication certificate in the message. When the Client and Service Message Gates receive a message, they can validate the message by comparing the embedded authentication certificate with a copy of the authentication certificate contained in the gate. .

At step 1040, the sending (client or service) Message Gate embeds the authentication certificate in the message before sending it. In one embodiment, the authentication service provides the authentication certificate. In one embodiment, the message is an XML message. In one embodiment, the sending message gate may also verify the message's data representation language type correctness, syntax, etc. before sending the message. In one embodiment, the sending message gate compares the message with the message template in the message schema to determine the correctness of the message type. For example, the message is an XML message and the message gate contains an XML message schema. The sending message gate places the message template of the message in the schema and compares various XML items or fields in the message with the message template to determine the correctness of the item's type.

In one embodiment, the sending message gate checks if the message is acceptable. In one embodiment, the message is a request message sent to the service received from the client, and the message gate is the client according to the access level established by the request service function specified in the message on the client side through the authentication service. Determine if it is within a subset of the functionality provided by. In one embodiment, the MessageGate compares the message to a subset of the allowed request messages according to the message schema to determine if the message is acceptable. In one embodiment, the acceptability of the message is not checked if the message is a response message from the service to the client. In another embodiment, the response message from the service to the client is checked by the client message gate to ensure that the client is authorized to receive the response message.

At step 1042, the sending (client or service) Message Gate directs the message to a destination (client or service) message via a communication channel connecting the sender (client or service) to the destination (client or service).・ Send to the gate. In one embodiment, the recipient message
When the gate receives a message, the gate can verify the sender of the message by comparing the embedded authentication certificate with a copy of the authentication certificate contained in the gate.

In one embodiment, the message is encrypted before shipping. In one embodiment, the MessageGate can perform encryption. In other embodiments, a process external to Message Gate can perform the encryption. For example, the Message Gate passes the completed message on the communication channel to the driver process, which performs the encryption of the message. In one embodiment, message encryption and decryption is performed by a transport mechanism (eg, HTTPS).

At step 1044, the recipient (client or service) Message Gate receives the message sent at step 1042. In one embodiment,
If the message is encrypted, the message is decrypted by the process before it is received by the message gate. In another embodiment, if the message is encrypted, the Message Gate decrypts the message. Step 1
At 046, the recipient Message Gate can verify the sender of the message by comparing the embedded authentication certificate with a copy of the authentication certificate contained in the recipient gate.

In some embodiments, some services do not require authentication credentials for at least some clients. In one embodiment, a client accessing a service that does not require an authentication certificate for the client may generate a MessageGate without using the authentication service. In other embodiments, the authentication service returns a null, empty, or some other universal authentication certificate to clients that do not require authentication to use the service. In one embodiment, which does not require authentication, the Message Gate sends the message without embedding the authentication certificate. In other embodiments, NULL, empty, or some other universal authentication certificate may be embedded in the message by the message gate.

In one embodiment, the Recipient Message Gate, after receiving the message,
You can verify the correctness of the data expression language type of the message, the syntax, etc. In one embodiment, the recipient message gate compares the message with the message template in the message schema to determine the correctness of the message type. For example, the message is an XML message and the message gate contains an XML message schema. The Recipient Message Gate places the message template for the message in the schema and compares the various XML items or fields in the message to the message template,
Determine the correctness of the item type.

In one embodiment, the Recipient Message Gate checks if the message is acceptable. In one embodiment, the message is a request message received from a client, and the message gate provides the client with the requested service function specified in the message through an authentication service with the access level established with the service on the client side. Determine if it is within a subset of features. In one embodiment, the recipient message gate compares the message with a subset of the allowed request messages according to the message schema to determine if the message is acceptable.

In one embodiment, the sender and recipient can verify the correctness and / or acceptability of the message type. In another embodiment, the sender performs message validation. In yet another embodiment, the sender does not perform message verification, but the recipient does message verification. In yet another embodiment, no verification is performed.

Some clients are too “thin” to support the full functionality of the Client Message Gate. These clients do not perform some or all of the request message validation before sending the request message and the response message validation after receiving the response message as described above. For example, some simple client devices include a small set of request messages that can be sent to the service and a small set of responses that can be accepted from the service.
In one embodiment, as described above, a minimal client message gate can be built for client devices that send request messages and receive response messages without performing message validation. In other embodiments, the proxy client message gate may be set up on another device that provides some or all of the message validation, shipping, and receiving capabilities to the client as described above.

FIG . 43-Message Integrity Check FIG. 43 is a flow diagram illustrating a mechanism for verifying message integrity according to one embodiment. At step 1050, the sending gate acts on behalf of the client or service and embeds the token in the message it sends. This token is separated and distinguished from the authentication certificate, as described above. This token is
Contains information that allows the receiving gate to verify that the message has not been corrupted or tampered with. For example, the sender can calculate a hash or checksum of the message that the recipient verifies. The sender can also use the sender's private key to encrypt this token and / or the entire message and the recipient can verify that the token has not been modified, including the public key corresponding to the encrypted message. To do so. At step 1052, the sending gate sends a message. At step 1054, the recipient gate acts on behalf of the service or client to receive the message. In step 1056,
The receiving gate examines the message and the embedded token to verify that the message is intact.

There are several ways to generate a token to embed in a message. In one embodiment, a hash of the message is calculated and sent with the message. Hashing involves the conversion of a string into a key ordinarily short fixed length value or key that represents the original string. Upon receiving the message, the recipient recalculates the hash and checks it against the hash sent. If the message has been modified, it is unlikely that the same hash will be generated. The sender encrypts the hash and sends the corresponding public key in the encrypted message, effectively guaranteeing that the hash is intact. Other embodiments use error detection schemes such as a cyclic redundancy check. Cyclic redundancy checking is a method of looking for errors in the data sent over a communication link. In embodiments that use a cyclic redundancy check, the sender applies an n-bit polynomial to the message and adds the resulting cyclic redundancy check (CRC) to the message. The receiver applies the same polynomial (also passed in the message) to the message and compares the result with the result added by the sender. If there is a match, the message was successfully received. If there is no match, the sender is notified to resend the message. Other embodiments include other methods for generating, embedding, and checking tokens for errors or malicious tampering in messages.

Method of Bridging Devices into a Distributed Network Environment Devices that do not support the messaging model implemented in the distributed computing environment are external to the distributed computing environment. These devices may have services that may be useful to clients in a distributed computing environment. The distributed computing environment is equipped with a mechanism to bridge such external devices to the distributed computing environment. Clients within a distributed computing environment can access services provided by such devices. The distributed computing environment can further leverage existing device discovery protocols to discover such external devices for use in the distributed computing environment.

Many technologies have defined discovery protocols for publishing and monitoring network device configurations. These technologies include, but are not limited to, Jini, SLP, Bluetooth, UPnP. Furthermore, LonW
Many I / O buses such as orks, USB, and 1394 also support dynamic discovery protocols. Distributed computing environments take advantage of device discovery technology by wrapping the implementation in an API. By leveraging and bridging to other device discovery protocols, devices or services on various networks and I / O buses can be discovered in a distributed computing environment. Device discovery in a distributed computing environment can therefore be applied to a variety of devices, including small devices such as PDAs, without having a direct participation in the distributed computing environment. The discovery protocol can be defined at the message level.

The bridge mechanism is a messaging A for distributed computing environments.
One or more such as Bluetooth is provided in the PI as a way to "wrap" a particular device discovery protocol. Wrap creates a framework for device discovery protocols in code and / or data (API), allowing the protocols to be executed by clients and / or services within a distributed computing environment, which otherwise would not be possible. Executing the bridging mechanism allows a discovery agent that discovers the device with a particular device discovery protocol to publish services to the device within the space of the distributed computing environment. Service is XM in distributed network environment
The L message schema interface can be presented to the client to operate various devices discovered by a particular device discovery protocol. Therefore, service announcements are published for services that operate various devices discovered by the underlying wrapped device discovery protocol. Therefore, the notified service bridges the device (or service) outside the distributed network environment to the client on the distributed network environment.

FIG. 27 illustrates one embodiment of a distributed computing environment with space 1200. One or more discovery agents 1204 participate in the external discovery protocol and bridge through the bridge mechanism 1202 to the distributed computing environment. When executing the wrapped device discovery protocol, discovery agent 1204 via bridge mechanism 1202 will
Publish service notifications 1206a-1206c in 0, where notification 1
Each of 206a-1206c corresponds to a device or service discovered by one of discovery protocols 1204 external to the distributed computing environment. The client then sends the service notification 120 in the space 1200.
6a-1206c are used to access the external device and instantiate the service with one of the agents 1204 operating the corresponding external device or service.

The client of the distributed computing environment then finds the device using a discovery agent that wraps the device discovery protocol. It publishes and advertises services in the space that act as bridges to these devices, allowing clients in a distributed computing environment to access services provided by external devices. The advertised service is a service within the distributed computing environment that can invoke devices external to the distributed computing environment through other protocols or environments, bridging the external devices / services to the distributed computing environment. A client in a distributed computing environment "sees" only the advertised services in the distributed computing environment and does not even notice external devices / services.

In one embodiment, the distributed computing environment is mapped to a specific external version of the discovery protocol, such as the discovery protocol described in the “Space” section, which is mapped to the underlying external device discovery protocol including the wrapped device discovery protocol described above. Provides a space discovery message protocol. The mapped discovery protocol either self-registers or is registered with the space, the default space, but with a notification in that space. For each advertised discovery protocol, a subsequent results space holding the results of the discovery protocol is provided.

FIG. 28 is a diagram of an example space discovery protocol that is mapped to the Bluetooth discovery service 1220 according to one embodiment. The Bluetooth discovery service 1220 first registers 1230 with the distributed computing environment. B
The Bluetooth discovery service 1220 is wrapped 1232 with the bridge API and the discovery service 1220's notification 1225 is added 1232 to the space 1224. The client or service has a discovery service notification 1225 on space 1224.
Specify. When the discovery service 1220 is executed (using the API wrapper as a bridge between the discovery protocol 1220 and the distributed computing environment 1222), a new space 1226 is created 1234 to store the results of the discovery process. The discovery service 1220 reports these results (again using the API wrapper) to the discovery results space 1226 as one or more notifications 1227.
To store. Alternatively, the results of executing the discovery service 1220 are stored in space 1224 of the distributed computing environment or other existing space.
Devices are discovered using methods such as those shown in FIG. 28, and other underlying discovery protocols are used to discover other services.

As mentioned above, devices that do not support the messaging model implemented in the distributed network environment are outside the distributed network environment. These devices may include clients that need to use the services provided in the distributed computing environment. The distributed computing environment includes a mechanism for bridging external clients or client devices to the distributed computing environment, where the client of the external device can access services within the distributed computing environment.

Provide an agent to be used as a client in a distributed computing environment, bridge external clients to the distributed computing environment, and allow external clients to access services published within the distributed computing environment. In one embodiment, the agent is a distributed computing environment that interfaces to external devices using a messaging model and proprietary protocols (eg, protocols supported by external devices) at the front end and to external clients. It has an XML-enabled backend that can communicate with the services within. Thus, a client external to the distributed computing environment can identify and access the service within the distributed computing environment through the bridge agent, send a request to the service and receive a response from the service that includes the resulting data. For example, an external client uses a bridge agent in a distributed computing environment to perform space discovery, look up advertised services, and invoke services in the distributed computing environment.

In one embodiment, the distributed computing environment comprises a bridge mechanism for accessing Jini services from distributed computing environment clients. The Jini service requires remote method invocation (RMI), and clients in the distributed computing environment communicate with the service using messages, such as XML messages, so that the distributed computing environment client can access the Jini service. It can provide a protocol bridge mechanism that enables it. In one embodiment, a connector mechanism is defined that enables dynamic notification of Jini services within the space of a distributed computing environment and also enables Jini service proxy access from clients within the distributed computing environment. To do. In one embodiment, some Jini services cannot bridge to a distributed computing environment.

In one embodiment, the Jini RMI protocol used by Jini services is XML used by clients in a distributed computing environment.
An agent bridging to messaging can be provided as a service within the distributed computing environment. When the agent is started, it performs a lookup of the Jini service with a set of attributes in the Jini space. For all registered Jini services, the agent
Generate an XML notification corresponding to the service and register the notification in the space within the distributed computing environment. In one embodiment, an agent can register for Jini lookup service event notifications and will be executed when a new Jini service is registered. When a new Jini service is advertised, the agent performs a lookup in the Jini space to identify the newly advertised Jini service and update the distributed computing environment space with a new XML notification for the new service. In one embodiment, when the Jini service is deleted, the agent receives an event notifying the deletion of the Jini service. The agent deletes the service XML notification from the space.

In one embodiment, to invoke a Jini service via an XML notification of a space in a distributed computing environment, the client looks up the service notification in the space and sends a valid message to the agent to access the service. To do. The agent calls the corresponding method via the RMI call to the service proxy to call the proxy service corresponding to the Jini service. If the proxy is not instantiated, the agent downloads the proxy code and instantiates a new instance of the proxy object. In one embodiment, all client connections have different proxy instances. The message coming from the client is transformed by the agent into a proxy method call. The result from the method call is returned to the client as a shipping message.

In one embodiment, only simple Java types can be used as arguments to RMI methods. If a Java composite type is required, then one or more data notifications are passed as arguments to the call, the data notification indicating the location and access method of the Java composite type data. In one embodiment, the agent dynamically performs the initial translation of XML messages into RMI method call invocations. Agent is a service
Since it knows the interface, it will generate a corresponding set of messages to be notified to the client.

FIG. 29 is a diagram illustrating a method of bridging a client 1250 external to a distributed computing environment to a space 1254 in the distributed computing environment. The bridge agent 1252 is used as an intermediary between the client 1250 and the space 1254. The bridge agent 1252 communicates with the client 1250 using a communication protocol understood by the client 1250. The bridge agent 1252 configures the client's communication protocol to use space 125 to perform the functions provided by space 1254.
4 to the XML messaging protocol required to communicate with The bridge agent 1252 identifies and executes the service on the space 1254 when requested by the client 1250. For example, the client 1250 may request a space 1254 for a list of all services of a particular type. The bridge agent 1252 uses the service notification 125.
6a-c are specified and the result is returned to the client 1250. Alternatively, post the result in the results space and return the location of the result to the client 1250. The client 1250 then chooses to execute the service notification 1256a and sends the message (in the client 1250's communication protocol) to the bridge agent 125.
Send to 2. Bridge agent 1252 then sends service notification 1256.
It sends the XML request message needed to perform the service represented by a and returns the result of the service to the client 1250. Result client 1250
Methods of handling service results other than returning them directly to can be used as described in the "Space" section above. The bridge agent 1252 functions as a service to the external client 1250 (via the external client's protocol).
, Also acting as a client in the distributed computing environment, bridging services in the distributed computing environment to external clients.

At times, even within a distributed computing environment, clients and services may not be able to communicate directly with each other and only with a common space. In this case, the space service automatically creates a service proxy that bridges the client service. The main role of the proxy is to pass messages between clients and services over the space. Service proxies are created dynamically. The creation mechanism depends on the space implementation. See FIG. 30 for a description of the proxy mechanism. Clients 554 and services 556 may not be able to communicate directly within a distributed computing environment, for example because they support different transports or network protocols. However, both can communicate with space 552, which supports both protocols. The space service creates a proxy 550 that bridges the client 554 with the service 556. A common form of proxy is a browser proxy. Plaza proxies (most commonly implemented as servlets) convert traditional web page requests into messages. See also the space lookup service (and proxy) description in the Space section.

The distributed computing environment comprises a mechanism for bridging clients within the distributed computing environment to enterprise services. In one embodiment of a distributed computing environment, a method of bridging a client to an enterprise service includes: a client in a distributed computing environment, a bridge service in a distributed computing environment, and an enterprise service in an enterprise environment. including. A bridge service in a distributed computing environment is used as a bridge service between clients and enterprise services. An enterprise is a business, small business, non-profit organization, government agency, or other type of organization. Enterprise utilizes the enterprise computing environment to carry out part of its business. The enterprise computing environment includes various enterprise services. A client in a distributed computing environment may want to use the services of the enterprise computing environment. Enterprise services are based on various architectures such as a three-tier client / server architecture. One example of an architecture that can be used to implement enterprise services is Enterprise JavaBeans. Enterprise JavaBeans (EJB) runs on the server part of the enterprise environment using a client / server model.
It is an architecture for setting program components written in the ava programming language. In object-oriented programming and distributed object technology, a component is a building block of a program that can be reused in combination with other components on the same computer or other computers in a distributed network to form an application. The EJB is built on the basis of JavaBeans technology that distributes program components (Beans) to clients in a network. In order to deploy an EJB Bean or component, it needs to be part of a particular application called a container. For Enterprise JavaBeans, se
There are two types of beans: session beans and entity beans. Unlike the session beans, the entity beans are persistent and can retain the initial operation or state. EJBs can be deployed on virtually any major operating system. The program component of EJB is generally called a servlet (small server program). An application or container that runs a servlet is sometimes called an application server.

The Bridge Service interacts with the client via XML messaging to collect the input parameters needed to make a request to an enterprise service outside the distributed network environment. For example, a client can look up and instantiate a bridge service just like any other service in a distributed computing environment. The bridge service interacts with the enterprise service to execute the enterprise service. This interaction uses an interprocess communication architecture that enterprise services can understand. For example, the enterprise service is Enterprise Java
When implemented in Beans (EJB), bridge services use EJB to communicate with enterprise services. The bridge service receives the results from the enterprise service and sends the results directly to the client (XML
Space) in a distributed network environment
For example, the result space). To the client, the bridge service appears to be the only service (the enterprise service is hidden to the client), so the client does not have to support the architecture of the enterprise service. Clients in multiple distributed network environments use the same bridge service, each with a unique gate pair, to interact with the enterprise service.

Bridge services or other agents publish bridge service (and enterprise service) notifications in a space within a distributed computing environment. For example, a bridge service or other bridge agent may use Java reflection to look up Beans for services in an enterprise system implemented in EJB, and use Bean.
Create service notifications for bridge services to s and publish those notifications to spaces in the distributed computing environment. Reflection discovers information about the fields, methods, and constructors of a class, and works with the reflected fields, methods, and constructors on the corresponding part of the foundation for objects within the security constraints.
va code method. The reflection API corresponds to an application that needs to access either the public members of the target object or the members declared in a given class. When a bridge service is advertised, the client does not need to know the architecture of the enterprise service offering it in detail, just like any other advertised service in a distributed network environment. Access to enterprise services).

Client Display There are several ways to display the results from the services performed by a client within a distributed computing environment. Devices that display results, such as computer CRTs, laptop LCDs, and notebook PC displays, can display printers, speakers, and service results in visual, audible, or other perceptible formats. There are other devices. Methods of displaying results include, but are not limited to: The service returns the results to the client either directly or by reference, and the client handles the display of those results. The service returns the results to the client directly or by reference, the client passes the results directly to the display service or by reference, and the display service displays the results. The service handles the display of results directly. The service passes the results to the display service, either directly or by reference, and the display device displays the results.

The last way to display the results is for the client to specify a display service. For example, there is a display service or associated display service for the device on which the client resides that the client wishes to use to display the results of the service. When the client executes the service, the client sends a message to the service, specifying a service notification for the client's display service. The service then builds a gate to allow the message to be sent to the client's display service. Thus, when displaying a result, the service invoked by the client becomes a client of the client's display service and sends the result (either directly or by reference) to that display service. See other sections of this document for more information on client-service relationships, gates, and messaging.

Conventional application models are typically based on certain generally static user interface and / or data characteristics. To make changes to a traditional application, the code would need to be modified and recompiled. An application (client, service, etc.) automatically describes a display object using a described mechanism for notifying a service and specifying an XML message schema for communicating with the service in a distributed computing environment. Provide a mechanism for doing so. Dynamic display objects allow you to change the behavior of your application without having to download new code, recompile your application, or relink your application. Provide a display schema that displays the same results in different formats, extracts some of the results for display, and displays the results on different display devices.

FIG. 31 is a diagram of an embodiment of a client 1300 with an associated display 1302 and display service 1304 according to one embodiment. The notification 1306 of the display service 1304 is registered in the space 1308. The notification 1312 of the service 1310 is registered in the space 1314 by the service 1310. Separately, the service notice 1312 and the display service notice 1306 are registered in the same space. The client 1300 uses the service notification 13 on the space 1314.
Search for 12 and discover 1320 and send request to service 1310 (service 1
Set gate for receiving result or response from 310). In one embodiment, the message is in the form of an XML message specified in the XML Schema received as part of notification 1312. Client 1300 sends one or more messages (1322) to service 1310. The one or more messages include a message to perform service 1310 and a message to instruct service 1310 to send the results to display service 1304 for display and specify the location of display service notification 1306. The location of the notification is Uniform Re
Specified as a source identifier (URI).

When a message is sent from the client 1300 to the service 1310 as an instruction, the service 1310 performs one or more operations that output a displayable result. The service 1310 extracts the display service notification 1306 from the space 1308 based on the position information received from the client 1300. The service notification contains an XML message schema and other information needed to interface with the display service 1304. Service 1310 then sets up a gate to send the request to display service 1304 (and receive the result from display service 1304). In other embodiments, the message from the client 1300 to the service 1310 includes the XML schema and other information needed by the service 1310 to build a gate to the display service 1304, or to the display service 1304 in advance. It has a gate built in.

After performing or completing the operation requested by the client 1300, the service 1310 sends the result of the operation to the display service 1304 in the manner specified by the schema of the display service 1304 (eg, XML message. Encapsulated in an XML message specified in the schema or by reference as a parameter of the presentation service). In this respect,
The service 1310 is a client of the display service 1304. After that, the display service 1304 displays the service 13 on the display 1302 of the client.
Format and display the results received or indicated from 10.

In some embodiments, service 1310 posts the result of the operation to a space, such as result space (not shown). The service 1310 then sends a message to the display service 1304 that includes a reference to the result in which the operation is also stored. In one embodiment, the reference is in the form of a URI.
The display service 1304 then retrieves the result from the space and displays the result on the display 1302.

Conventional application models are typically based on certain generally static user interface and / or data characteristics. To make changes to a traditional application, the code would need to be modified and recompiled. An application (client, service, etc.) automatically describes a display object using a described mechanism for notifying a service and specifying an XML message schema for communicating with the service in a distributed computing environment. Provide a mechanism for doing so. Dynamic display objects allow you to change the behavior of your application without having to download new code, recompile your application, or relink your application.

The dynamic display object can be described in the XML schema. These schemas are
Be notified in the space. These schemas are called display schemas or representation schemas. The application (or other service acting on behalf of the application) then accesses the schema from the service notification and displays the data based on the format, data type, and other information stored in the schema.

[0387]   An example of a schema containing dynamic display objects is shown below. <element name = "delivery" type = "Space: shipto" minOccurs = "0" /> <type name = "TextField"> <element name = "Address" type = "String" /> <element name = "City" type = "string" /> <element name = "State" type = "string" /> ... ... ... </ type>

The above schema can be modified as follows without recompiling the application. <element name = "delivery" type = "Space: shipto" minOccurs = "0"/><type name = "TextField"><element name = "Name" type = "string"/><element name = "Address" type = "string"/><element name = "City" type = "string"/><element name = "State" type = "string"/> ... ... ... </ type>

32A and 32B are diagrams illustrating an example of using a schema of a dynamic display object according to an embodiment. In FIG. 32A, application 1320 (client, service, or other application) is implemented with representation schema notification 1324 stored in space 1326. The representation schema notification includes elements that describe the data type, formatting, font, position, color, and other information used to display the application's data on the display 1322. There are multiple representation schema notifications for application 1320.
For example, there is one schema for each display page within a series of display pages (eg, web pages for a website).

In one embodiment, application 1320 invokes a discovery and / or lookup service to identify a representation schema notification. The discovery and / or lookup service returns one or more notifications and an XML document containing a list of URIs to each of the schemas that describe the particular display format, etc. The application 1320 then selects one or more representation schemas from the XML document. Application 1320 then parses the schema and decomposes the schema elements into user interface components. These components identify and format the result data,
Used to display on the appropriate display. The result data is, for example,
Obtained from the service execution or result space. Thus, as opposed to providing a static or predefined display, the application 1320 is configured to display the results according to a representation schema that can be dynamically changed without rebuilding the application.

A representation schema is provided for displaying the same results in different formats, extracting a portion of the results for display, and displaying the results on different display devices.

In one embodiment, one or more representation schema notifications may be stored in one or more spaces within the distributed computing environment. Invoking a copy of the application on one or more devices causes each copy of the application to perform a search for services and discover notifications of the representation schema used by the application. There, a central persistent store of display information can be maintained for multiple instances of the application or for other applications. The display information can be modified in a central location without having to recompile or reinstall the application.

In FIG. 32B, the client 1328 identifies a service notification for the space service 1330. Upon invoking service 1330, client 1328 passes to service 1330 the location of representation schema notification 1324 of space 1326. If the service 1330 is ready to send the results to the client 1328, the display information from the representation schema provided by the representation schema notification 1324 is used to display 1322 (the client 1328 is bound to the device on which it is running). The result can be displayed in). To change the way the results are displayed, modify the XML message in the representation schema notification 1324 or select a different representation schema, and the client 1328 or service 13
No need to change at 30. The service 1330 may be a display service.

A client, application, or service comprises multiple display schemas for displaying the results of various operations provided by one or more services. Alternatively, the display schema contains information for displaying various results for one or more clients. Thus, the client 1328 can use one display schema or multiple display schemas. There are two or more display schemas that format and display the same results in different formats or on different displays. For example, for the result set, one display schema for displaying the result on the screen of the display is prepared, and another display schema for printing the result is prepared. Also, a copy of the same application, client, or service may be run on devices with different display capabilities to provide two or more display schemas that meet the display requirements of different devices.

Character String Management Character string processing in conventional systems is generally not very efficient, especially in the case of variable size strings, for example copying a string in memory. You will waste memory space when you move around. This inefficiency in string processing is especially problematic in memory-saving systems such as embedded systems. The size of the memory, especially the stack area, and the area for dynamic allocation is limited in space saving / system. Therefore, a method for efficiently performing character string processing in a program executed in a space-saving system such as an embedded system is desired.

FIG. 33A is a diagram of a representative string representation in the C programming language. In C, the character string is represented by a character type pointer 1450 (string1) that stores the memory position (address) of the first character of the character string 1452. Other characters are character string 1
Following the first character in 452 is typically stored in contiguous addressable byte positions in memory. Characters in the C string are typically 8 bits. C
The characters in the character string are ASCII characters. The C character string must have NULL as the termination character. NULL is one of the 256 possible 8-bit values defined by the platform, typically the binary value 0b00000000.
The character string 1452 occupies 13 bytes (13 characters including 12 characters and the termination character).

An example of string manipulation in C is the strlen () function, which
It is usually included in the standard C library implementation. The strlen () function takes a character string pointer as input and returns the length (bytes) of the character string not including the terminating character. For example, if you pass the character pointer 1450 to the strlen () function, the length 1
2 is returned. The strlen () function can be implemented by scanning the character string from end to end, counting the number of characters until the end character is found.

A character string copy of C is usually performed by strcpy () or st of the C library function.
It is processed by rncpy (), which is implemented as follows. char * strcpy (char * dest, const char * src); char * strncpy (char * dest, const char * src, size_t n); The strcpy () function returns the string pointed by the character pointer src Is included in the character string pointed to by the character pointer dest. The strings do not overlap and the destination string dest must be large enough to accommodate the copy. The strncpy () function is similar, except that n bytes or less of src are copied. Therefore, if the first n bytes of src have no termination character, the result does not include the termination character. Strncpy () if necessary
The code after the can include instructions to add a terminating character to the end of the dest string. If the length of src is less than n, the rest of dest is filled with NULL. The strcpy () and strncpy () functions return a pointer to the copy destination character string dest. FIG. 33B shows strnc for the character string 1452.
An example of the result of the py () function is shown, but with the following parameters, s
This is the case when trncpy () is called. strncpy (string2, string + 3,5); where string2 is the character pointer 1454 pointing to the first byte after the terminating character of the string 1452 and string1 + 3 is the character pointer 1450 incremented by 3 bytes. 5 is the copy source location string
It is the number of characters (the number of bytes) copied from 1 + 3 to string2. After copying, the next character after the 5 characters copied from string1 is set to the terminating character (the character may have been initialized to the terminating character before copying).
. Therefore, two character strings will occupy (13 + 6) = 19 bytes in memory. When the strcpy () function is applied with the character pointer 1450 as the copy source character string, the original character string 1452 and the resulting new character string are (13 * 2).
) = 26 bytes will be occupied.

FIG. 33C is a diagram showing an efficient method of expressing and managing a character string in a general system, specifically, a space-saving system such as an embedded system. Character string 1452 is stored as 12 bytes in memory (no terminating character is required). The character string structure 1460 includes pointers (address (A) and address (L)) to the first character and the last character of the character string 1452. By using this character string structure, the length of the character string can be efficiently calculated by subtracting the pointer to the first character from the pointer to the last character.

Operations such as the character string copy operation strcpy () and strncpy () can also be processed more efficiently. Create a new string structure 1462 using a string structure such as the one shown in FIG. Turn into. Therefore, it is not necessary to copy some or all of the string 1452 to new storage for that string. Strings can reach hundreds or even thousands of characters in length, so save memory by using string structures and the string methods implemented to take advantage of those string structures. Is notable. Such a method of processing a copy of a part or all of a character string is called "partial character string management", and a part of the character string (partial character string) can be efficiently processed.

Other string functions in the standard C string library can be replaced with string functions that utilize the string structure as shown in FIG. 33C. Examples of other C string functions include, but are not limited to, strstr (), strcat (), and printf (). The string processing structure and method as described in FIG. 33C efficiently processes XML text (such as XML messages) in a memory-saving system such as an embedded system when used with a hierarchical structure of XML documents. be able to. Below is a simple example of an XML schema that defines a purchase order. <! DOCTYPE purchase.order SYSTEM "po.dtd"><purchase.order><date> 22 May 2000 </ date><billing.address><name> John Smith </ name><street> 123 Main </ street ><city> Anywhere </ city><state> MA </ state><zip> 12345-6789 </ zip></billing.address><items><item><quantity> 3 </ quantity><product.number> 248 </product.number><description> Decorative Widget, Red, Large </ description><unitcost> 19.95 </ unitcost></item><item><quantity> 1 </ quantity><product.number> 1632 </product.number><description> Battery, AA, 4-pack </ description><unitcost> 4.95 </ unitcost></item></items></purchase.order>

The hierarchical structure of XML documents allows them to be processed recursively, with each level of recursion successively processing smaller portions of the document. References to various parts are recursively recorded and processed. Various parts can be recorded using a string structure as described with respect to FIG. 33C. In this way, the content of a particular XML tag (one line in the above example) can be efficiently determined in one embodiment where the smallest unit of an XML document is processed recursively. Since tags within a given scope can be efficiently enumerated and processed, documents with repeated tags within the same scope can also be processed efficiently.

A recursive method of processing an XML document using a string structure as described in FIG. 33C represents the entire XML document string, pointing to the first and last bytes in the document string. It can accept any string structure. This method identifies the next subsection of the document and passes a string structure that represents a substring of the entire document string containing that subsection to the processing function for that subsection's type. The subsection itself can be decomposed into other levels of the subsection represented by the string structure passed to the processing function corresponding to the subsection's type. This method can continue to recursively process subsections of an XML document until the entire document has been processed.

The use of string structures in recursive processing allows processing to be performed without making a copy of the subsection for processing. Copying subsections is especially expensive for recursive processing, as the deeper the recursion, the more copies of the same data. With the string structure, you only need to create a string structure that contains pointers to the first and last bytes in the subsection and pass it to the next level.
Other operations, such as determining the length of subsections, can be performed efficiently by using the address information stored in the string structure. Furthermore, using the string structure eliminates the need for terminating characters such as those used to terminate C strings,
You can save memory for space-saving devices such as embedded devices.

XML Representation of Objects As previously mentioned, Jini RMI seems impractical for some clients, such as thin clients with minimal memory footprint and minimal bandwidth. The serialization associated with Jini RMI has long run times, large code size, requires the JVM reflection API, and
This is a va-specific object expression. Java deserialization is also time consuming to execute, has a large code size and requires a serialized object parser. Even Java-based thin clients may not be able to accept large Java objects (along with the required classes) that are (always) returned over the network when requested in Jini.

Embodiments of the distributed computing environment may be used to provide more scalable distributed computing mechanisms. The distributed computing environment includes an API layer that facilitates distributed computing. The API layer provides message sending and receiving functions between clients and services. This messaging API provides an interface for simple messages in a representational data or metadata format, such as Extensible Markup Language (XML). It should be noted that although the embodiments are described herein as employing XML, other embodiments may use other metadata type languages or formats. In some embodiments, the API layer may also include a message interface for communication between and passing objects, such as Java objects. AP
Objects accessible through the I layer 102 are represented in a representation data format such as XML. Therefore, contrary to the object itself, the XML representation of the object can be manipulated.

The API layer sits on top of the messaging layer. Messaging ·
Layers are based on a representational data format such as XML. In one embodiment, XM
The L message is generated by the messaging layer according to the API layer call. The messaging layer can comprise predefined static messages that can be sent between clients and services. The messaging layer can also accommodate dynamically generated messages. In one embodiment, an object such as a Java object can be dynamically translated (compiled) into an XML representation. Objects include code and / or data portions. The code and / or data portion of an object can be compiled into code and data segments identified by XML tags in an XML representation. The messaging layer allows the XML object representation to be sent as a message. Conversely, the messaging layer can receive an XML representation of the object. The object can then be reconstructed (decompiled) from the message. Reconstruction examines the XML representation of tags that identify the code and / or data segments of the XML representation,
The information stored in the tag is used to identify and decompile the code and / or data portion of that object.

Creating and Shipping XML Representation of Objects FIG. 34 is a diagram illustrating a process of moving Java objects between a client 1500 and a service 1502, according to one embodiment. Service 1502
Can be any service supported in a distributed computing environment, including space services. The client 1500 uses the gate 1504 created using the XML schema received from the service notification of the service 1502 to communicate with the corresponding gate 1506 of the service 1502. At some point, the client 1500 needs to send a Java object 1510 to the service 1502. Java object 1510 references another object, which in turn references another object, and so on. Java object 1510 and its referenced object, then the referenced object, and so on.
Call it a graph.

The Java object 1510 is passed to the Java object compilation process 1512 for compilation and outputs an XML representation of the object graph. The XML representation of the object graph is XML data stream 1
It is passed to the gate 1504 as 514. XML data stream 1514 contains an XML representation of all objects in the object graph. In one embodiment, the objects in the object graph are stored recursively in XML data stream 1514.

Gate 1504 then packages the XML data stream 1514 into message 1516, and message 1516 is gate 1 of service 1502.
Send to 506. The gate 1506 extracts the XML data stream 1514 from the XML message 1516 and outputs the XML data stream 1514 as XML.
Send to data stream decompile process 1518 to perform decompile and output an object with an object graph containing Java objects 1510. In one embodiment, the objects in the object graph are stored recursively in XML data stream 1514, thus using a recursive decompilation process.

If the service 1502 needs to send a Java object to the client 1500, a substantially similar process can be used. Java object 1
520 is passed to the Java object compilation process 1512 for compilation and outputs an XML representation of the object graph. object·
The XML representation of the graph is the gate 150 as an XML data stream 1522.
Passed to 6. The gate 1506 then processes the XML data stream 1522.
Is packaged in a message 1524 and the message 1524 is
500 to gate 1504. The gate 1504 uses the XML message 1524.
Extract XML data stream 1522 from and send XML data stream 1522 to XML data stream decompile process 1518 to decompile and output an object with an object graph containing Java object 1520.

In another embodiment, the gate is responsible for compiling and decompiling Java objects. In this embodiment, the Java object 151
0 is passed to the gate 1504. The gate 1504 sets the object 1510 to J
Passes to the ava object compilation process 1512 for compilation and outputs the XML representation of the object graph to an XML data stream 1514. Gate 1504 then packages the XML data stream 1514 into message 1516 and sends message 1516 to gate 1506 of service 1502. The gate 1506 extracts the XML data stream 1514 from the XML message 1516 and outputs the XML data stream 1514 to the XML.
L data stream decompile process 1518 to decompile and output an object with an object graph containing Java objects 1510. The process of sending a Java object from service 1502 to client 1500 is substantially similar to the process of sending an object from client to service.

In one embodiment, the object compile process 1512 and the object decompile process 1518 both reside on the client 1500 and the service 1502 and, when programmed, effectively compile and decompile on two devices. The output of one object is substantially the same as the input of the other, since they can be performed in the same way. In one embodiment, an XML schema containing a description of Java objects can be used by both clients and / or services in the compilation and decompilation processes. In one embodiment, an XM used for compiling and decompiling Java objects
The L schema can be passed by the service to the client in a service notification.

XML has a language-independent and platform-independent object representation format. Thus, when compiling an object into an XML representation of the object and decompiling it to reproduce the object, the process as shown in FIG. 34 is not limited to moving Java objects, and in some embodiments, within a network. It also applies to moving other types of objects between entities.

FIG. 46 illustrates a mechanism for sending an object from a service to a client using an XML representation of the object. At step 2200, the client requests an object from the service. In one embodiment, the object is Ja
va object. In one embodiment, the client sends a message (eg, an XML message) to the service requesting the object. In step 2202, the service sends the object to the compilation process after receiving the request. In one embodiment, the compilation process is embedded within the virtual machine in which the service is running. In one embodiment, the virtual machine is Java.
It is a virtual machine (JVM). In one embodiment, the compilation process is a JV.
It can be provided as an extension function to M. At step 2204, the compilation process produces a data representation language representation of the object. In one embodiment, the data representation language is XML. The representation of an object includes the name or identifier of the object and one or more instance variables for that object. The instance variable used in object-oriented programming is one of the variables of the class template and has a different value for each object of the class. In step 2206, the service sends the data representation language representation of the object to the client. In one embodiment, the representation is packaged in the message. In one embodiment, the message is written in a data representation language. As described elsewhere, the MessageGate is used for messages passed between clients and services.

At step 2208, the client receives the data representation language representation of the object and sends the representation to the decompilation process. In one embodiment, the decompilation process is embedded within the virtual machine in which the client is running.
In one embodiment, the virtual machine is a Java Virtual Machine (JVM). In one embodiment, the decompilation process is provided as an extension to JVM. In step 2210, decompilation produces a copy of the object from the data representation language representation of the object. The object is then sent to the client.

JVM Compile / Decompile APIs FIGS. 35a and 35b show extensions for a virtual machine (eg, JVM) to compile an object (eg, Java object) into an XML representation of the object and an XML representation of the (Java) object. 6 is a data flow diagram illustrating an embodiment that includes an extension that decompiles into a (Java) object. The JVM can include an application programming interface (API) for compile / decompile extensions. Client 15
00 and service 1502 may be running within the JVM. The JVM can be on the same device or a different device.

In both FIGS. 35a and 35b, the JVM XML compiler / decompiler AP
The I1530 receives a Java object 1510 as an input, and outputs an XML representation of the object 1510 and its referenced object (object graph of the object 1510) to an XML data stream 1514. In addition, the JVM XML compiler / decompiler API 1530
It can accept an ML data stream 1522, which contains an XML representation of object 1520 and all its referenced objects (object graph of object 1520), including Java object 1520.
Output (and all objects in its object graph).

In FIG. 35 a, when the Java object 1510 is sent, the client sends a JV
FIG. 9 illustrates one embodiment for calling the M XML compiler / decompiler API 1530. The client 1510 sends the Java object 1510 to the A
Pass it to PI 1530, compile the object and output the XML representation,
The XML representation is stored in the XML data stream 1514, and the XML data
The stream 1514 is output. The client can then pass the XML data stream 1514 to the gate 1504. Gate 1504 then packages XML data stream 1514 into XML message 1516 and sends message 1516 to service 1502.

After receiving the XML message 1524 from the service 1502, the gate 15
22 extracts the XML data stream 1522 from the message 1524 and passes the data stream 1522 to the client 1500. Client 150
0 calls the JVM XML compiler / decompiler API 1530 and passes the XML data stream 1522 to the API 1530. Then AP
I 1530 decompiles the XML data stream 1522 into a Java
It outputs the a object 1520 and other objects to its object graph and returns the object to the client 1500.

FIG. 35b illustrates another embodiment where the JVM XML compiler / decompiler API 1530 is called by a gate when sending a Java object 1510. The client 1510 is a Java object 15
Pass 10 to gate 1504. The gate 1504 APs the object 1510
I 1530 to compile the object, output an XML representation, store the XML representation in an XML data stream 1514, and output an XML data stream 1514. The gate 1504 then packages the XML data stream 1514 into an XML message 1516 and sends message 151
6 to service 1502.

After receiving the XML message 1524 from the service 1502, the gate 15
22 extracts the XML data stream 1522 from the message 1524 and outputs the data stream 1522 to the JVM XML compiler / decompiler API.
Hand it over to 1530. After that, API 1530 returns XML data stream 152.
Decompile 2 to output Java object 1520 and other objects in its object graph. Then, the gate sends the Java object 1520 and other objects to the client 1500.

In one embodiment, the JVM XML compiler and decompiler may be implemented as integrated features of the JVM. In other embodiments, the XML compiler and decompiler can be implemented with API method calls in the JVM standard extensions, so there is no need to modify the core JVM. JVM
Is responsible for invoking processes (clients and / or services) running within the JVM.
To provide the VM XML Compiler / Decompiler API 1530, a process can access the Java object compile / decompile functionality provided by the JVM. In one embodiment, in order for a process to utilize object compilation / decompilation, the JVM running in that process needs to be equipped with the JVM XML compiler / decompiler functionality and API 1530. The method of translating and sending an object using reflection and serialization is typically implemented in another application separate from the JVM. When dynamically analyzing the transitive closure of an object, the application must repeatedly access the JVM and retrieve the object one field at a time. This task tends to be a slow and tedious process and requires a lot of applications and JVM code.

Implementing the Java object compile / decompile functionality within a JVM is convenient because the JVM already understands the concept and content of object graphs. So, with the compile / decompile function, XML
JVM knowledge can be leveraged (and code reused) for parsing an object graph to output an expression and parsing an XML expression to output an object graph. Therefore, the compile / decompile function should not duplicate the functionality provided by the JVM, as is the case with object dispatch methods that use reflection and serialization. This allows
The code footprint of the compile / decompile function can be small compared to object dispatching methods that use reflection and serialization. The object is a JVM XML compiler / decompiler A.
You can compile or decompile with just one call to PI.

Further, by integrating compilation and decompilation of objects into the JVM, it may be possible to perform compilation and decompilation of objects faster than methods using reflection and serialization. And the object traversal model implemented with serialization, code outside the JVM is Java
This is because it needs to be aware of the structure or graph of the object, traverse the object graph, pull apart, and eventually call the JVM repeatedly to perform the compilation (and inversion process for decompilation). This process can be slow because it requires repeated calls to the JVM outside of the code. By integrating the compile and decompile functions into the JVM as described herein, it is possible to avoid making repeated calls to the JVM from code outside the JVM. In one embodiment, the object is
You can compile or decompile with one call to the JVM XML compiler / decompiler API.

In one embodiment, the compiler / decompiler functionality may be implemented as a service in a distributed computing environment. The service publishes a service notification in the space. A process in a distributed computing environment can use search or discovery services to identify compile / decompile services. This process (the client of the service) can then use that service by passing it to a Java object that compiles to an XML representation and / or an XML representation service that decompiles to a Java object. Java objects can contain code (object methods) and data. The code of the object is not non-transitory and this code does not change after the object is created. However, the object data may be temporary. Two objects created from the same Java class may have different data in the two objects even if they contain the same code. In one embodiment, the compile function compiles Java object data into an XML representation of the object, but may not include the actual code for the object in the XML representation. In one embodiment, information about an object may be inserted into the compiled XML representation to inform the recipient how to recreate the code for that object. Store the XML representation in an XML data stream and make it available to the receiving process (client or service) (eg,
You can send it (in a message). The receiving process can pass the XML data stream to the decompile function. The decompile function can decompile an XML data stream and output a Java object containing that data. In one embodiment, the object's code can be recreated by the decompile function using information about the object contained in the XML representation, which means that the object's code is statically defined and the JVM receiving the object is The information about the object can be used to recreate the code (if needed).

In one embodiment, the XML representation of the object output by the compile function may store Java object data and information about the Java object. The information may include Java object class information. The object signature can be included in the information, and the class of the object can be identified using the signature. The decompile function can use information about Java objects to re-create Java object code and decompile data from an XML data stream into Java objects. Therefore, the complete object containing the code and data can be recreated from the decompiled data and the information describing the object on the receiving client or JVM running the service. In one embodiment, the information that describes the object may be stored in one or more XML tags. In one embodiment, XML data
The client or service that receives the stream is an X that describes an object.
ML schemas can be included and XML schemas can be used to reconstruct Java objects from the information about the decompiled data and its objects. The decompilation process recursively traverses the object graph and reconstructs the object referenced by the object, which involves decompiling the data of the referenced object from the XML data stream, This is done by recreating the code of the referenced object from information about the referenced object in the XML data stream.

In one embodiment, the XML representation of the object output by the compile function may store information identifying the object's data and the object's code. In one embodiment, the information that describes the code of the object is X
It can be stored in one or more XML tags in the ML data stream. Upon receipt, the decompile function can use the information about the code from the XML data stream to recreate the Java object's code and decompile the object's data from the XML data stream.
Thus, from the decompiled data and the information describing the code of the object, the receiving client or JVM running the service can recreate the complete object containing the code and data.

[0429] A scenario is described for the purpose of transferring objects between entities (typically clients and services) in a distributed computing environment using an XML representation of the objects. These scenarios are examples and are not intended to be limiting.

In the first scenario, the service uses an XML compiler / decompiler to compile a Java object into an XML representation of the object and send the XML representation to the client. The client decompiles the XML representation using an XML compiler / decompiler, performs operations on the data in the object, and later compiles the object into an XML representation of the object using the XML compiler / decompiler. Then, the XML representation of the object is returned to the service.

In the second scenario, the service uses an XML compiler / decompiler to compile a Java object into an XML representation of the object and send the XML representation to the client. The client then sends the XML representation to another service, which uses the XML compiler / decompiler to decompile the XML representation to regenerate the object and request from the client (possibly modifying the data). When there is, execute the operation on the object and
Recompile the modified object into its XML representation using a compiler / decompiler and send the XML representation of the object to the client.

In the third scenario, the service uses an XML compiler / decompiler to compile a Java object into an XML representation of the object and send the XML representation to the object repository or store space. The service then sends a message to the client telling it the location of the XML representation. The message is a Universal Resour in XML representation.
ce ce Identifier (URI) is included. The client then retrieves the XML representation of the object from the store space and decompiles that representation using the XML compiler / decompiler to recreate the object. Alternatively, the client sends the location of the XML representation of the object to other services, along with a request for an operation to perform on that object. The other service then retrieves the XML representation from the store space and decompiles the XML representation using an XML compiler / decompiler to recreate the object and perform the requested operations on the object.

In the fourth scenario, the process (which may be a client or service)
Can locate an object repository or store space in a distributed computing environment by searching for service notifications in the store space. The process creates and obtains multiple Java objects at run time. The process uses an XML compiler / decompiler to
Compiles one or more objects into an XML representation of the object and, as a client of the store space service, sends the XML representation of the object to the store space for later access and access by other processes. To store.

Security Issues in Decompiling the XML Representation of Objects The space can be used as a file system in a distributed computing environment, as described herein. Security is provided in the form of access rights for files in the system. The access authority is checked for each file access (open, read, write operation). Therefore, a method of achieving file access security in a distributed computing environment is desired. The method is further applicable to XML representations of Java objects stored in a space and sent between clients and services in a distributed computing environment.

In one embodiment, a user of a client of a device in a distributed computing environment is identified and authenticated when first accessing the client. In one embodiment, the user may provide a physical identification feature such as a smart card for identification and authorization. In another embodiment, the challenge response mechanism (
The user ID and password, etc.) can be used to identify and approve. In yet another embodiment, electronic identification, such as an electronic signature, is used for identification and authorization. Other methods can be used for identification and approval. Once identified and authorized, the user can perform various operations on the client, including accessing one or more services in the distributed computing environment. During these operations, one or more objects may be created (locally) or obtained from elsewhere (eg, service or space), as described above. The object can be modified and compiled into an XML representation of the object, stored locally by the client, or sent to the space service for store (transitive or persistent). Some of the objects are received from the service in the form of an XML representation of the object (stored in a service or other service), which can be decompiled by an XML compiler / decompiler to recreate the object on the client. .

In one embodiment, when decompiling the XML representation of an object, check each XML message to verify that the user has access to that object. If the user does not have the proper access privileges, the XML compiler / decompiler will not decompile the object for that user. In one embodiment, a security exception is thrown by the XML compiler / decompiler. In one embodiment, the user is notified of the access violation.

Access authority information such as the author and access level (author only access, read only, read / write, delete, copy, etc.) allowed for an object is embedded in an XML message containing the XML representation of the object. be able to. Access authorization is determined during user identification and authorization. For example, an object allows "read-only" access to most users and "read-write" access to the creator of the object. If a user tries to access an object with read / write access and the user did not create the object, the decompilation process detects this as an access violation, denies access, and the user is notified. receive.

In one embodiment, if the user completes using the client, the user logs off, or otherwise notifies that the user has exited the client (eg, deleted the smart card). To do. Objects created on the client by decompilation are automatically detected when the client detects that the user has terminated. This prevents a later user from intentionally or inadvertently trying to access that user's objects. In one embodiment, all objects created by decompilation are deleted when it is detected that the user is done. Other embodiments provide a way to store at least a portion of an object created persistently on the client (eg, using access privilege information), which allows the client to access the object later. , Provide the object to others for access. In one embodiment, the user uses a "smart card" or other physical device to gain access to the client. The user can insert the smart card into the client device and start a session. When the client is finished, it takes out the smart card. The client detects that the smart card has been removed, detects that the client has terminated, and then proceeds to delete the objects created by the decompiling the XML representation.

FIG. 47 illustrates a mechanism for secure object decompilation at the client device. At step 2240, the user accesses the client device. In one embodiment, the user sends identifying information to the client. In one embodiment, the user logs on to the client using, for example, a username and password. In one embodiment, the user provides a physical identification method, such as a smart card, to the client device and the device determines the user's identity.

After user authentication, the client may request one or more objects for one or more services during access by the user. In one embodiment, the object is a Java object. In one embodiment, the client sends a message (eg, an XML message) to the service requesting the object. After receiving the request, the service sends the data representation language representation of the object to the client. In one embodiment, this representation is packaged in the message. As described elsewhere, the MessageGate is used for messages passed between clients and services.

At step 2242, the client receives the data representation language representation of the object and sends the representation to the decompilation process. In one embodiment, the decompilation process is embedded within the virtual machine in which the client is running.
In one embodiment, the virtual machine is a Java Virtual Machine (JVM). Decompiling creates a copy of an object from a data representation language representation of the object. In one embodiment, the message is checked to ensure that the client has access privileges to the requested object. The object is then sent to the client and is available for access by the user.

At step 2244, the user ends access to the client device. For example, the user may log off or, if using an identification device such as a smart card, delete it to notify the client device that the user has finished accessing the client. After it is detected that the client has finished accessing, the client device automatically deletes the decompiled object for the user when the user is accessing. Deleting an object leaves no object on the client device that a user after the device may inadvertently or deliberately access.

Alternatively, the user may not have one or more of the objects deleted when they finish accessing. Instead, the object is stored (either locally or somewhere in the distributed computing environment) for later access by the user. In one embodiment, client access information is stored with the object to prevent unauthorized users from accessing the object.

XML-Based Object Repository In a distributed computing environment, processes (services and / or clients) can have XML schemas, service notifications, results generated by the services, XML representations of Java objects, and / or other It may be desirable to have temporary and / or persistent storage such as objects implemented in the language. Existing object storage technologies rely on language and / or operating
It tends to be system specific. These storage systems also tend to be too complex for use in space-saving systems such as embedded systems.

Jini's JavaSpaces is an existing object repository mechanism. JavaSpaces can only store Java objects, and are too large to be mounted on a small device having a limited memory capacity. Each JavaSpace object is serialized as described above, and thus has the same limitations as described above for reflection and serialization techniques.

Store for a heterogeneous (language or operating system independent), distributed computing environment capable of providing temporary or persistent storage of objects, scalable from small devices to large devices. Present the mechanism. In one embodiment, the store mechanism in a distributed computing environment may be implemented as an Internet web page or page set defined in the XML markup language. XML provides language-independent and platform-independent object representation formats for Java and non-J
Allows ava software to store and retrieve language independent objects. Since the store mechanism is on the web, devices of all types and sizes (small to large) can access it.
A web browser can be used to view the store mechanism implemented as a web page. A web search engine can be used to content the content within a store mechanism implemented as a web page. Internet management mechanism (existing and future) and XM
L-tools can be used to manage XML-based store mechanisms.

In one embodiment, the store mechanism may be used to store objects created, represented, or encapsulated in XML. Examples of objects that can be stored in the store mechanism include, but are not limited to, XM
There is an L schema, an XML representation of the object (eg, a Java object compiled into an XML representation as described above), a service notification, and a service result (data) encapsulated in XML. In one embodiment, to prevent unauthorized access to an XML object, an authorization certificate, such as a digital signature or certificate, is attached to the XML object so that a client wishing to access the XML object can access the XML object. Require that you have an appropriate certificate of approval to do so. In one embodiment, the store mechanism is
It may be a space as described in the section "Space".

In a distributed computing environment, the store mechanism is the service. A store mechanism implemented as a service is called a "store service". The store service publishes the notification in the space. The space itself is an example of a store service. Some store services are temporary. For example, the space service that stores service notifications is a temporary store. Other store services are persistent. For example, a store service that stores results from services is a persistent store.

FIG. 36 is a diagram of a client 1604 and service A 1606 accessing store mechanisms 1600 and 1602 in a distributed computing environment according to one embodiment. This figure is for illustrative purposes and is not meant to be limiting on the scope of the invention. In one embodiment, store mechanisms 1600 and 1602 are Internet web pages or collections of XML pages defined in XML that are accessible by web browsers and other Internet tools, respectively. Store mechanism 1600 is a temporary store that can store objects implemented using XML. Store mechanism 1602 is a persistent store that can store objects, which are also implemented using XML. Service A 1606 X at temporary store 1600
Publish ML Service Notification 1608. The persistent store may also publish XML service notifications to the temporary store 1600 (or to other temporary stores in the distributed computing environment). At some point, the client 1604 needs the functionality provided by Service A 1606. The client 1604 uses the discovery and / or lookup service to identify the service notification 1608. Client 1604 builds a Message Gate and initiates communication with Service A 1606, as described herein. Client 1604 sends one or more XML request messages to Service A 1606. Service A 1606 performs one or more functions in response to the one or more request messages. Service A 1
One or more of the functions performed by 606 allow client 1604 to
Output the result sent to.

For the temporary result 1610, the service A 1606 sends the XML notification 161.
Encapsulate the result at 2 and publish the notification 1612 to the temporary store 1600 (or to other temporary stores in the distributed computing environment). afterwards,
Service A 1606 will notify result 1610 of temporary store 1600 1612.
Stored in the client 1604, or the client 1604 may be notified by other mechanisms as described herein. Client 1604 then retrieves temporary result 1610 from notification 1612. The notification 1612 includes an XML schema that describes the format, content, type, etc. of the temporary result 1610. The result is XML encapsulated. For example, XML tags can be used to describe some of the data as follows: <XML tag1><data1><XMLtag2><data2> ....

For persistent results 1618, service A 1606 uses the service or other mechanism as described herein to store persistent store 1602.
XML service notification 1616 and a persistent store 1602 for storing persistent results. Alternatively, client 1604 has already identified persistent store 1602 by identifying service notification 1616,
Universal Resource Id of persistent result 1618 memory location
Send the entifier (URI) to the service A as an XML message. In one embodiment, the persistent results 1618 are defined in XML and stored in an internet web page or set of web pages accessible by a web browser. Service A 1606 then stores persistent result 16 in persistent store 1602.
18 is stored. Service A 1606 then continues to the XML of the persistent result 1618.
Publish notification 1616 to ephemeral store 1600 (or to other ephemeral store in the distributed computing environment) and locate notification 1616 at client 1
Return to 604. The notification 1616 includes an XML schema that describes the format, content, type, etc. of the persistent result 1618. The result is XML encapsulated as described above. The notification further includes the URI of the persistent result 1618. The client 1604 then retrieves the notification 1616 and uses it to create a persistent result 1
618 is identified and retrieved. Alternatively, Service A 1606 does not publish the notification of persistent result 1618, and instead, the URI of persistent result 1618 is accessed by client 1604 so that client 1604 can access the result without looking up the notification. Return to. Note that in some embodiments, each of the various notifications shown in temporary store 1600 may be stored in a different temporary store or space.

Therefore, the store mechanism uses XML within a distributed computing environment.
It can be implemented as a base internet web page. These store mechanisms are implemented on various devices within a distributed computing environment to provide service notifications that allow clients (or other services) to identify and use the store mechanism. The web and XML tools that can be used to manage the store mechanism can be existing or upcoming. The store mechanism can store various types of objects implemented or encapsulated in XML. Clients of virtually any size device, from space-saving devices to supercomputers, can access the store mechanism to store and retrieve various objects over the Internet. The client is
A Java application or a non-Java application may be used as long as it is a language-independent storage format defined by XML. A transient or persistent object repository corresponds to a file system in a distributed computing environment and provides access checking and other security mechanism functionality, as described herein.

Dynamically Converting Java Objects into XML Documents In one embodiment, the distributed computing environment provides a mechanism to convert object class instances into XML documents and represent them. Objects are transformed and represented as XML documents in order to send representations of class instances to other services. In one embodiment, upon receiving an XML document, the program instantiates a class instance corresponding to the object represented by the document. In one embodiment, the object is a Java object and the program is a Java program.

In one embodiment, an intermediate form may be used to represent an XML document and the intermediate form may be dynamically processed to generate a class instance representing the XML document. A class defines a set of instance variables and a "set and get" method for accessing the instance variables. Define the corresponding XML document as a set of tags, one for each instance variable
You can assign one tag. When parsing a document, construct a hashable expression, include the instance variable name in the hash key, and put the instance variable value in the value. If more than one compound instance variable occurs, the enumerated value can be stored in its hash table. In one embodiment, the process can be restricted to only one level of the complex type for instance variables, making the elements homogeneous.

In one embodiment, protected instance variables can be added to a class definition that can include the name of the corresponding class. The class name can be used as the document type in the XML document representation. Embedding the class name in the document allows you to dynamically instantiate the correct class instance when reconstructing the object.

In one embodiment, after receiving the document, the class instance generator method can be used to extract the class type and parse the document to generate an intermediate hash table representation. The generator method can instantiate a new class instance and use the set method to initialize the instance object from the hash table values. In one embodiment, the class type is defined and the hash table is generic, so this process is performed for classes that match the above class definition. In one embodiment, a reversal process may also be performed, the class instances may be processed into an intermediate hash table representation and a generator method may be used to output an XML document from the hash table representation. The process can also be general enough to be performed on XML documents that match the above specifications.

This method is not intended to be limited to Java class objects, but also applies to other computer-based objects, including class object instances in other programming languages. Furthermore, this method is not intended to be limited to the XML representation of object instances, and other representation formats such as other data representation languages (such as HTML) may be used instead of XML.

XML-Based Process Migration A distributed computing environment allows for distribution and management of distributed applications. For example, a distributed computing environment includes stations and dockable mobile clients that include monitors, printers, keyboards, and various other input / output devices not typically found on mobile devices such as PDAs and cell phones. . These mobile clients run one or more applications and can migrate from one station to another in a distributed computing environment.
Thus, in one embodiment of a distributed computing environment, a mobile client of one node in the distributed computing environment is currently executing with the entire state maintained from the mobile client of the other node to the same mobile client or the other mobile client. Present a method to migrate an application (process).

In one embodiment, an XML representation of the state of the process running on the client or service is created. In one embodiment, the XML representation of the process state is
The calculation state of the device and / or the virtual machine in which the process is executed includes the calculation state of the device and / or the virtual machine, and includes the information about the execution state of the process on the device and / or the virtual machine. Process states include, but are not limited to, threads, all objects referenced by threads, temporary variables created during the execution of a process, objects, and their data. In one embodiment, the data obtained from the space by the process and describing one or more leases representing granting access to external services external to the device and / or virtual machine on which the process is running comprises: X
It is represented by ML and is stored with the process state. For leasing, refer to "
Leasing section.

Using the XML and messaging system as described herein, it is possible to move an XML representation of the state of a process from node to node in a distributed computing environment, such as node to node on the Internet. it can. The XML representation of the state of the process can also be stored as an XML object by an XML-based store mechanism as described above, and later retrieved from the store mechanism, either on the same node or in a distributed computing environment. Process execution can be resumed on a different node. In one embodiment, the process of compiling / decompiling XML objects is used to create (compile) an XML representation of the state of the process, as described herein.
Then, the process state can be regenerated by decompiling the XML representation of the process state.

By using this mechanism, an XML representation of the process state can be stored from the initial node into an XML-based store mechanism such as space. From then on, other nodes can identify the stored state of the process, download the state of the process, and restart the process from the downloaded stored state at the time it was running when the state was stored. Process status is XML
Since it is stored in the form, tools and search facilities for storing, locating, and retrieving XML objects can be used with the XML-based store mechanism described here to enable process migration. it can. Allows resuming clients of a process running on the same or another node to identify and access the stored state when publishing notifications of a stored XML representation of the state of the process .

An XML representation of the state of a process can be stored in an XML-based persistent store mechanism to create a persistent snapshot of the process. This can be used, for example, as a way to restart process execution on a node after a process on the node has been interrupted due to a deliberate shutdown of the node or an unintentional shutdown. Publishes the stored state notifications of a process and allows clients to identify the stored state in a distributed computing environment. In one embodiment, an authorization certificate, such as an electronic signature or certificate, is attached to the stored state to prevent unauthorized access to the XML representation of the stored state of the process. Require clients wishing to restart the process from having the appropriate authorization credentials to access the stored state.

FIG. 37 is a diagram illustrating a process transition using an XML representation of the state of a process, according to one embodiment. Process A 1636a is running on node 1630. Process A 1636a is a client or service. At some point during the execution of process A 1636a, the state of execution of process A 1636a is captured and stored in the XML-encapsulated state of process A 1638a. Execution of process A 1636a on node 1630 is stopped. later,
Node 1632 identifies the XML-encapsulated state of process A 1638 and uses it to restart process A 1636b on node 1632. To resume process A, use stored state 1638 to resume thread execution, recalculate temporary variables, reestablish leased resources, and store process 1638 stored XML state. Perform any other functions required to resume execution as recorded in.

An example of using XML-based process migration in a distributed computing environment is given below, but is not intended to be limiting. The mobile client device is connected to node 1630 and is executing process A 1636a.
The user of the mobile client device uses process A at node 1630.
I want to stop the execution of 1636a and later resume execution from another (or the same) node. In one embodiment, the user may be asked to store the state of Process A 1636a and determine if he wants to resume execution at a later time. If the user answers in the affirmative, then the XML-encapsulated state of the process is captured and stored in the persistent store 1634. Later, the user is node 1
At 632, connect to the mobile computing device. In one embodiment, the user executes the process 1636b, [Resume from Store].
ed State] option. Next, node 1632 searches for, identifies, and downloads the XML-encapsulated state of process A 1638 and uses it to restart process A 1636b. Apart from that, the process itself recognizes that it was "suspended" on the other node and resumes from the stored state without user input.

FIG. 48 is a diagram showing a process data expression language (XML) in a distributed computing environment.
Etc.) Depict a mechanism for migrating processes using expressions. Step 2260
And the process is running in the first device. At step 2262, the current computational state of the process is converted to a data representation language representation of the current computational state, the computational state of the process including information regarding a running state of the process in the first device. This information includes, but is not limited to, information about one or more threads of the process, information about one or more leases for services held by the process, and of the process (such as objects held by the thread). Contains information about one or more objects, which are instances of classes in a computer programming language (such as the Java programming language).

At step 2264, the data representation language representation of the current computational state of the process is stored. In one embodiment, this representation is stored locally. In one embodiment, the space service is used to store a data representation language representation of a process's current computational state in a space. In one embodiment, the data representation language representation of the current computational state of the process is sent to the space service in one or more messages.

At step 2266, the second device accesses the stored data representation language representation of the process's current computational state. In one embodiment, a notification is sent about the stored data representation language representation and the second device receives or accesses the notification and uses the information in the notification to store the stored data. Expressive language Identify and access expressiveness. At step 2268, the process
Reconstructed from the accessed data representation language representation of the current computational state of the process with the current computational state in the second device. The process then resumes execution in the second device from the current computational state.

Alternatively, execution of the process ends at the first device after step 2264. Thereafter, the first device subsequently accesses the stored data representation language representation of the current computational state of the process. The process is then reconfigured from the data representation language representation of the process's current computational state to the current computational state in the first device, and execution of the process is resumed from the current computational state in the first device. .

In another embodiment, the data representation language representation of the current computational state of the process generated in step 2262 is provided to the second device (eg, in one or more data representation language messages by MessageGate). Send it directly. The process is then reconfigured with the current computational state in the second device from the received data representation language representation of the process's current computational state. The process then resumes execution in the second device from the current computational state.

Application There is a technique in which a user accesses network data from a remote location and makes the remote data look like local data to the user when the user accesses a browser. However, with such technology, the client
There is no automatic infrastructure to query the network near the device location. It would be desirable to have a mechanism for discovering information about networks and services that are close to client devices. For example, when using such a mechanism, the client device's constant range (
Information about restaurants, weather, maps, traffic, movie information, etc. within a radius can be identified and the desired information displayed on the client device. An example of using this mechanism is to automatically identify a service in a local environment, for example to display the title and duration of a currently showing work in a movie theater, or to display menu selections and prices in a restaurant. Possible mobile phones.
In a distributed computing environment as described herein, such a mechanism may be used to discover a space containing local information and / or services in proximity to a client device. This mechanism is also used in other distributed computing environments, such as Sun Microsystems.
, Inc. Can be applied to the Jini system.

In one embodiment, the mobile client device comprises Global Positioning System (GPS) capabilities and wireless connectivity technology. Achieve local distributed computing network. For example, a city can have a distributed computing environment throughout the city. Another example is a shopping mall with a local distributed computing environment. The local distributed computing network comprises a discovery mechanism that allows client devices to connect to the distributed computing environment and discover services and data within the local environment. For example, one or more devices in the environment may be equipped with wireless connectivity technology that allows mobile client devices to connect to the network and access the discovery mechanism via the XML messaging system described above. The local distributed computing environment comprises one or more spaces that use notifications to make services and / or data available to mobile clients. For example, a city-wide distributed computing environment includes spaces that represent entities such as malls, cinemas, local news, local weather, and traffic. Spaces include individual service and / or data notifications to access the services of the entities they represent and information about them. The discovery mechanism may be one of a local distributed computing environment, an entity represented by a space service in the environment, and / or various services advertised by the space in the environment.
Includes one or more GPS location functions.

In one embodiment, a wired connection to a local distributed computing network is provided. In this environment, users of mobile client devices can "plug in" directly to the network using a wired "docking station". Examples of wired connections include, but are not limited to, Universal Serial Bus (USB), FireWire, and Twisted Pair Internet. In one embodiment, the talking station further comprises input / output capabilities such as a keyboard, mouse, and display for mobile client devices. In this embodiment, the location of the mobile client device is sent by the docking station to a lookup or discovery mechanism.

In one embodiment, mobile client devices connect to a distributed computing network. As the user of the mobile client device navigates within the wireless coverage of the distributed computing network, the mobile client device constantly or at varying intervals may use a local lookup mechanism or discovery mechanism. Supply the position vector as an input to. The mobile client device obtains the position vector from a GPS system built into or associated with the mobile client. In one embodiment, the client may provide location information (eg,
(Via XML messaging) to a local service discovery mechanism such as the space specific mechanism described here. For example, the client may run a space discovery protocol that specifies the discovery of the space to serve within a certain range of the client's location, or the client may specify a space that advertises the services offered to its neighbors. Space to search
Instantiate the search service.

When a mobile client device moves within a specified range of space within a distributed computing environment, services and / or data stored within that space are available to the mobile client device. To do so. In embodiments in which the client device periodically communicates its location to the discovery mechanism, local services and / or data are automatically made available to users of the client. In one embodiment, the user of the mobile client device looks at a specified range of spaces. For example, the user can select to display all restaurants within a mile of their current location. Alternatively, the range can be specified in the configuration of the local distributed computing network. For example, an entire city distributed computing network can be configured to provide its services to all users within 3 miles of a city boundary. In one embodiment, visual indicators, such as icons, that represent various services and / or data provided by the space may be displayed on the mobile client device. The client can then access one or more of the services and / or data being displayed. In one embodiment, information from two or more spaces can be displayed simultaneously on the mobile client device. In one embodiment, the user can select the services and / or data to detect. For example, shopping
In the mall, a user carrying a mobile client device can optionally view all shoe stores in the mall.

In one embodiment, executable code and / or data used in executing code may be downloaded to a mobile client device to allow a user to execute an application provided by a service in the space. For example, a movie goer can download an interactive movie review from a service in the cinema space and send back real-time feedback on the movie he or she is watching, if he has a mobile client device. it can. In one embodiment, an XML object compile / decompile mechanism is used to compile code and / or data to output an XML representation of the code and / or data, as described elsewhere. XML
The representation can be decompiled to reproduce the code and / or data on the mobile client device. In one embodiment, the executable version of the process already exists on the mobile client device, and by downloading the stored state of the process to the mobile client device,
The user can execute the process using the stored state. In one embodiment, the executable version of the process is already on the mobile client.
Exists on the device and can download process data to the mobile client device. For example, the data can be downloaded and displayed in a viewer program on the mobile client device. In one embodiment, an executable version of the process, including code and data for executing the process, can be downloaded and executed on a mobile client device. In one embodiment, the service remotely executes the application on behalf of the mobile client device, and the service and client:
XML messages that contain data and optionally an XML schema that describes the data can be exchanged with each other. In one embodiment, some code may run on the service and some code may run on the client. For example, the service can execute code that performs operations on a data set, such as numerical calculations. The mobile client device displays a portion of the data passed from the service to the client in an XML message so that the user of the mobile client device can enter or select data, or send the data to the service to send the data. Execute code that allows one or more operations to be performed on.

In one embodiment, mobile client devices can connect to two or more services simultaneously within a distributed computing network. These services can be used independently or in conjunction with performing a series of tasks. For example, one service is used by a remote client device to identify and / or perform an operation on a data set and a second service is used to print the data set.

FIG. 38 is a diagram of a mobile client device accessing space on a local distributed computing network according to one embodiment. G
A user of PS-enabled mobile computing device 1700 moves into the vicinity of a local distributed computing environment. Mobile client
The device 1700 may locate the location provided by the GPS 1702 with one or more discovery mechanisms 1706 within the local distributed computing network.
Send to. The discovery mechanism 1706 uses the provided GPS location of the mobile client device and the predetermined location of the space in the environment to determine when the user
Determine whether one or more spaces in the specified range of one or more spaces or the environment move within the corresponding neighborhood. For example, discovery mechanism 1
706 can determine that mobile client device 1700 has moved within space 1704. The discovery mechanism 1706 then sends one or more notifications 1710 from the space 1704 to the mobile client device 1700. Apart from that, the discovery mechanism 1706 uses space 17
04 or Universal of one or more notifications in space 1704
Send a Resource Identifier (URI) to mobile client device 1700. Icons representing the various services represented in the service notification 1708 and / or the data represented in the content notification 1710 may be displayed on the mobile client device 1700. The user can then select one or more of the advertised services and / or data for execution and / or display on the mobile client device. Mobile computing device 1700 establishes a wireless connection with a device providing the service, communicates with the device, and performs the service using an XML-based messaging system as described above. Alternatively, a user of mobile computing device 1700 connects to the device at the docking station. The location of the docking station is whether the user can locate and use the location of stocking stations within the user's specified range using the lookup or discovery mechanism 1706 and the space containing the docking station's notifications. By determining
To be discovered. The discovery mechanism 1706 can further detect when the mobile client device 1700 has moved within a selected range of space 1714. Various service notifications 1718 and content notifications 172
0 is made available to users of mobile client device 1700. When a mobile client device goes out of one specified range of space, the notification provided by that space is deleted from the display of mobile client device 1700. In one embodiment, the notification on the space includes location information for the service or data provided. Accordingly, the discovery mechanism 1706 determines when the mobile client device 1700 has moved within a specified range of the particular service advertised on the space 1718, and based on the location of the mobile client device 1700, service advertisement. Send (or delete).

Computing devices are simultaneously downsizing while gaining power and functionality at the same time. Storage device, CPU, RAM, I / O
Small mobile clients such as ASICS and power supplies
You can equip your device with many of the features of a full-size computer. However, some of the components of computer systems cannot be easily scaled down due to human and other factors. Such components include, but are not limited to, keyboards, monitors, scanners, and printers. Due to the limited size of some components, mobile client devices cannot truly take the role of a personal computer.

In one embodiment, a docking station is presented that allows a user to use a mobile client device and connect and use components that are not available on the mobile client device due to human or other factors. There is. For example, docking stations can be provided in public places such as airports and libraries. The docking station comprises a monitor, keyboard, printer, or other device for a user using a mobile client device. In one embodiment, the docking station is not fully functional without the assistance of the actual computing device to which the user is connecting, such as the mobile client device. The docking station provides services such as various I / O capabilities to clients that use the computing power of the mobile client device.

The docking station provides mobile client devices with one or more options for connection. Connection options include wireless and wired connections. Examples of wireless connections include, but are not limited to, infrared, such as IrDA, such as that provided by a network interface card (NIC) in a notebook computer, and wireless network connections. Examples of wired connections include, but are not limited to, USB, FireWire, and twisted pair Ethernet.

The mobile client device locates the docking station using a method substantially similar to that described above for mobile client devices. To discover the location of one or more docking stations within the local distributed computing network, a discovery mechanism is used to discover the space where the docking station's notifications are located. The mobile client device sends the location to the discovery mechanism. In one embodiment,
The discovery or lookup mechanism is a mobile client
Returns the location of the docking station or stations closest to the location of the device. Alternatively, the discovery or lookup mechanism returns the URI of the space containing the docking station's notification, and then the mobile
The client device connects to the space and is close to the device 1
Send the location of one or more docking stations. In one embodiment, the mobile client device provides information to a lookup or discovery mechanism to specify requirements such as monitor resolution, screen size, graphics capabilities, and available devices such as printers and scanners. can do.
In one embodiment, information about one or more docking stations, such as availability of various docking stations (from other users using the docking station), components, and capabilities, of the mobile client device. Provide to users.

The billing protocol begins when the user approaches the docking station.
When the docking station accepts the request, a secure I / O connection is established between the mobile client device and the docking station. Alternatively, the user selects a docking station from one or more docking stations found using the lookup or discovery mechanism displayed on the mobile client device. When the user selects the docking station, the billing protocol begins and the user is given a secure and exclusive connection to the docking station for the duration of the bill. It also defines how to release the docking station so that the user can end the session on the docking station and open the docking station for use by other users. In one embodiment, the billing protocol can be a lease on the docking station service as described above.

FIG. 39a illustrates a user of a mobile device docking according to one embodiment.
FIG. 6 is a diagram illustrating discovering the location of a station. Mobile client
The device 1750 connects with the discovery mechanism 1756. Mobile client device 1750 sends the location obtained using GPS 1752 to discovery mechanism 1756. Mobile client device 1750 also sends docking station requirements to discovery mechanism 1756. Discovery mechanism 1756 searches one or more spaces 1754 for notifications of docking station 1758 that meet the requirements of mobile client device 1750. In one embodiment, the lookup or discovery mechanism compares the location information stored in the notification 1758 with a given location of the mobile device 1750, one of which is within a specified range of the mobile device 1750 or Identify multiple docking stations. The discovery mechanism 1756 then provides the location of one or more docking stations within the specified range of the mobile client device 1750. Alternatively, the discovery mechanism 1756 may be used by the mobile client device 1750.
Identifies the docking station closest to and sends its location to the mobile client device 1750.

FIG. 39b is a diagram of a mobile client device 1750 connecting to a docking station 1760 according to one embodiment. In one embodiment, the user connects the mobile client device 1750 to the docking station 1
Wirelessly connect to 760. In other embodiments, a user connects docking station 1760 and mobile client device 1750 with one or more cables to establish a wired connection with cooking station 1760. In one embodiment, the user of mobile client device 1750 establishes a bill to docking station 1760. This solicitation establishes a secure and exclusive authority to the docking station for the duration of the connection. In one embodiment, the billing mechanism uses resource (docking,
Station) leasing mechanism. In one embodiment, the user is charged for the use of the docking station. For example, a user specifies a credit card number as part of the process of billing a docking station. See the description of the Invoice Gate in the "Message Gate" section. Once connected, the user can use a keyboard, monitor, printer, etc.
Various functions provided by docking station 1760 may be used. Docking station 1760 also includes a connection to a local distributed computing network to provide users of mobile client devices 1750 connected to docking station 1760 with service and content notifications of other devices in the network. By providing a discovery service that identifies, users can identify and use various services and content within the distributed computing environment, as described above.

When finished, the user disconnects the mobile client device 1750 from the docking station 1760. In one embodiment, the docking station release mechanism starts automatically when the mobile client device 1750 disconnects from the docking station 1750. This release mechanism clears the docking station 1760 billing established by the user of the mobile client device 1750. In one embodiment,
This release mechanism notifies the discovery mechanism 1756 and / or docking station notification 1758 that the docking station is available.

In one embodiment, the user can connect the mobile client device to the docking station without using the discovery mechanism. For example,
A user at the airport visually finds at the docking station and connects the mobile client device. Another example would be a library with a docking station room with multiple docking stations,
The user can access the docking stations available there.

Space Saving and / or Embedded Devices Simple embedded or space saving devices may have limited memory capacity to store and execute program instructions. Simple embedded devices need to be aware that they have limited control inputs to initiate device functionality and outputs to report device status. An example of a simple embedded device is a "smart" switch (such as a light switch) that incorporates a switch and circuitry to control the device controlled by the switch. The smart switch need only recognize two control requests (change device state, request device state) and send one status message (device state). The smart switch can manage connected devices by receiving control requests from one or more control systems and reporting status messages to the one or more control systems.

In one embodiment, the distributed computing environment provides a framework (protocol) for including small devices that lack the resources (such as memory) needed to implement the complete protocol of the distributed computing environment. To do. In one embodiment, the agent is provided as a bridge between the small device capable protocol and the full protocol. The agent does not need to perform full discovery protocol and service activation as it performs full protocol discovery for small devices. In one embodiment, the small device need only send a service-specific message. In one embodiment, these messages are pre-processed on the small device, which only sends the agent a message that is part of the service activation. The agent
Service activation can be performed on a service over a complete protocol to forward incoming messages from service to service, or servicing can forward replies to clients. Thus, the agent acts as a service connector for small clients. In one embodiment of a distributed computing environment, an embedded device may be configured to receive a particular set of control requests in the form of XML messages and send a particular set of XML messages to create requests, reporting status, etc. . In one embodiment, the control system can be configured to manage various devices by sending XML request messages specific to each device or category of devices being controlled and receiving XML messages from the devices. In one embodiment, one or more XML
The schema can be used to define a unique XML message set for an embedded device, which schema is used by the embedded device and / or control system in sending and receiving XML messages.

Embedded Devices include "thin" implementations of XML messaging systems as described above that support specific message sets to control and monitor simple embedded devices. The implementation of the XML messaging system has been adapted for use in space-saving simple embedded devices, and also fits in the limited memory of space-saving devices. In one embodiment, the XML messaging system may be implemented on a space saving device with a virtual machine (eg, KVM) that targets the space saving embedded device. A networking stack (supporting a transport protocol for communication with one or more control systems) is associated with the virtual machine, and the XML messaging layer is "on top" of the networking stack. Note that such implementations of the messaging system can be used with devices other than space-saving devices and embedded devices.

In one embodiment, static or pre-generated messages are used to request embedded devices from the control system. Static messages are precompiled and stored in embedded devices. Reduces the need for code to parse incoming messages by comparing incoming messages to stored static messages and checking for message matches to perform the function requested in the message, or There is no need for that. Since the shipping message is read directly from the stored static message, there is little or no need to dynamically compile the shipping message. So the static message is
Used to reduce the amount of code in the messaging layer of embedded systems. For example, static Java objects (Java opcodes) can be used for request and status messages.

FIG. 40a illustrates one embodiment of embedded devices 1804a and 1804b controlled by control system 1800, according to one embodiment. Control system 18
00 is networked in various ways with devices 1804a and 1804b controlled by the system. The network 1810 is wired (Et
hernet, coaxial, twisted pair, power grid, etc. and / or wireless (IrD
A, microwave, etc.) can be used. In one embodiment, embedded device 18
04a and 1804b comprise a thin implementation of the XML messaging system for communicating with control system 1800 over network 1810. The control system 1800 sends a request to the embedded devices 1804a and 1804b,
Prepare an XML messaging system implementation to receive the response from it. In one embodiment, the control system 1800 allows the user to embed the embedded device 1
It is equipped with software and hardware configured to display the status of 804a and 1804b and to provide an interface for remote control. In one embodiment, control system 1800 comprises software and / or hardware for automatic control of embedded devices 1804a and 1804b.

In one embodiment, embedded devices 1804a and 1804b are part of another environment. These devices do not support the messaging model implemented in distributed network environments. For example, these devices are Lo
A node in an automation and control system connected by a network, such as the nWorks network. Control system 1800 includes control system hardware and / or software for controlling devices in other environments. Control system 1800 is used as a bridge between a distributed computing environment and other environments. The distributed computing environment also includes one or more methods of wrapping existing device discovery protocols to discover devices to access from the distributed computing environment. The bridging and wrapping protocols are detailed in the "Bridge" section.

The control system 1800 connects remotely or locally to one or more other systems in a distributed computing environment. 40a shows a control system 18 connected to a client 1806 via the Internet 1802.
00 is shown. The client 1806, through the control system 1800,
It indirectly requests the status of embedded devices 1804a and 1804b and sends its control request. Accordingly, the control system 1800 is used as a proxy or bridge for embedded devices 1804a and 1804b.
See the "Bridge" section. Client 1806 and control system 180
To enable advanced communication with 0, the client and control system comprises an implementation of the XML messaging system that is different from the thin implementation on embedded devices 1804a and 1804b. In one embodiment, the client 1806
Includes software and hardware configured to provide an interface for a user to view and remotely control the status of embedded devices 1804a and 1804b. In one embodiment, the client 1806 needs to present the correct authorization certificate to the control system 1800 to allow the client 1806 access to the embedded devices 1804a and 1804b. In one embodiment, clients 1806 are given different levels of access. For example, client 1806 may be embedded device 1804.
Only the status of a and 1804b can be displayed, and the device cannot be remotely controlled. In one embodiment, the control system 1800 is a service and service notifications are published in a distributed computing environment so that the client 1806 can be accessed using the client-service approach as described above. In one embodiment, the client 1806 is the control system 180.
A status of 0 can be displayed and controlled remotely.

FIG. 40b illustrates a client control system 1808 connected to embedded devices 1804c and 1804d via the Internet 1802, according to one embodiment. In one embodiment, embedded devices 1804c and 1804d are connected to client control system 1808 over network 1802.
A thin implementation of the XML messaging system for communicating with. Client control system 1808 includes embedded devices 1804c and 1804d.
Prepare an XML messaging system implementation to send requests to and receive responses from. In one embodiment, client control system 1808 includes software and hardware configured to provide an interface for a user to view and remotely control the status of embedded devices 1804c and 1804d. In one embodiment, client control system 1800 comprises software and / or hardware for automatic control of embedded devices 1804c and 1804d.

The difference between FIG. 40a and FIG. 40b is that in the embodiment shown in FIG. It is accessed by multiple clients. Embedded devices 1804c and 1804
d comprises services for accessing device functionality, publishes service notifications within a distributed computing environment, and is accessed via a client-service approach as described above.

In a distributed computing environment, a client whose resources are limited is U
A mechanism for retrieving a universal resource identifier (URI) addressing resource is provided. For example, a client that can only send and receive messages over an IrDA connection cannot establish a URI connection and retrieve the results from the results space. In one embodiment, it serves as a bridge between the client and the URI resource. The bridge service interacts with the client via XML messages and collects input parameters. Below is an example of the XML input message syntax.
It is not intended to be limited in any way. <type name = "HttpGet"><element name = "urlstring" type = "string"/></type>

Next, outside the distributed computing environment, the bridge service establishes a URI connection and retrieves the resource. The resource is encapsulated as a payload in one or more XML messages and sent to the client by the bridge service.

[0498] An example of a possible use of an embedded device with a thin implementation of an XML messaging system is provided for illustrative purposes, but is not intended to be limiting. Buildings have multiple energy consuming electronic devices (eg, lighting, air conditioning, office equipment) and thus require a system to maintain optimal energy consumption levels. Each such plurality of devices comprises an embedded device for controlling an electronic device.
These embedded devices comprise a thin implementation of the XML messaging system. One or more control systems can be connected to a network, for example L in a building.
Coupling to devices in the AN or even the Internet. The control system stores and executes the building management software package and an implementation of the XML messaging system that is configured to be used by the software package to monitor and control the device. The control system receives input from the user, displays status information of the in-building energy consumption system, including status information of each of the plurality of devices, and outputs the status information by some other method. Energy consumption is monitored by receiving XML status messages from each of the multiple devices. If the energy consumption level needs to be adjusted, an XML control message is sent to one or more devices to change the energy consumption.

Service Implementation In one embodiment, the distributed computing environment comprises a mechanism for implementing a service as a servlet. This mechanism provides functionality for developing services for the distributed computing environment.

In one embodiment, an application programming interface (API) is provided that has the functionality to initialize and register services in the space. In one embodiment, this API is used to call the service's initialization function and define the status of the service, such as an initialization status page, eg, HT.
ML pages can be generated. The user can access the status of the service by accessing the status page from the browser. In one embodiment, APIs are used to process incoming messages and generate documents in response to the messages. Embodiments of the servlet mechanism provide multiple functions, including, but not limited to: Managing Client Connections to Services (Unique Session ID) Managing Activation Spaces Used to Store Result Notifications Managing Activation Space Connection Sessions and Leases for Results Session and Result Garbage Collection Clients Generating client function for each authentication session

In one embodiment, the distributed computing environment comprises a service cascading mechanism for building new complex services from other existing services. For example, the conversion and print services are combined from the JPEG-PostScript conversion service and the print service to create a third cascade-connected service. In one embodiment, two or more services are combined to form a complex service by defining the access methods of the two or more services as the access methods of the cascaded services. The following service notifications for Cascade Connection Service are
It is provided for illustrative purposes only and is not intended to be limiting in any way. <servrice><name> Complex Service </ name><ID> ... </ ID><description> ... </ description><AccessMethod><AccessMethod><name> com.transcode.jpg2ps </ name><implementation> http://www.transcode.com/software/jpg2ps.jar </ implementa
tion></AccessMethod><AccessMethod><name> com.printer.ftpPrint </ name><implementation>http://www.printer.com/software/ftpprint.jar</implementa
tion></AccessMethod></AccessMethod></Service>

Conclusion Various embodiments further include receiving, sending, or storing instructions and / or data implemented in accordance with the above description of carrier media.
Generally, the carrier medium is a storage medium or memory medium such as a magnetic or optical medium, for example, a disk, a CD-ROM, a RAM (SDRAM, RDRAM, SRAM).
Etc.), volatile or non-volatile media such as ROM, as well as transmission media or signals such as electrical, electromagnetic or digital signals that are communicated over communication media such as networks and / or wireless links.

Various modifications and changes will be apparent to those of ordinary skill in the art who wish to utilize the present disclosure. The present invention is intended to embrace all such modifications and alterations in its entirety, and therefore the specification, appendices, and drawings should be regarded as illustrative rather than restrictive. .

[Brief description of drawings]

[Figure 1]   FIG. 1 is a stacking diagram of conventional distributed computing technology.

FIG. 2 is a diagram of a distributed computing environment programming model according to one embodiment.

FIG. 3 is a diagram of messaging and networking layers of a distributed computing environment in accordance with one embodiment.

FIG. 4 is a diagram of a discovery service for finding space to advertise objects or services in a distributed computing environment according to one embodiment.

FIG. 5 is a diagram of a client profile supporting static and formatted messages in a distributed computing environment according to one embodiment.

FIG. 6 is a distributed computing system employing XML messaging according to one embodiment.
It is a figure of a model.

FIG. 7 is a diagram of a platform independent distributed computing environment according to one embodiment.

FIG. 8 is a diagram of a distributed computing model in which services are advertised within a space according to one embodiment.

FIG. 9 is a diagram of a distributed computing model in which results are stored in space according to one embodiment.

FIG. 10 a: Messaging in a distributed computing model according to one embodiment
FIG. 3 is a diagram of a client and a service gate as endpoints. b: illustrates creating a message endpoint according to a schema to access a service according to one embodiment.

FIG. 11 a: Diagram of gate creation in a distributed computing environment according to one embodiment. b: A diagram of gate creation and gate pairs in a distributed computing environment according to one embodiment.

FIG. 12 is a diagram of possible gating components in a distributed computing environment according to one embodiment.

FIG. 13 is a diagram of a proxy client for a conventional browser that participates in a distributed computing environment according to one embodiment.

FIG. 14 illustrates a method for providing a remote method invocation interface to a service using a method gate in a distributed computing environment according to one embodiment.

FIG. 15 illustrates a method of using space in a distributed computing environment according to one embodiment.

FIG. 16   FIG. 6 illustrates a notification structure according to one embodiment.

FIG. 17 illustrates an example notification state transition in which a notification is placed during its lifetime, according to one embodiment.

FIG. 18 is a diagram of various space identification mechanisms in a distributed computing environment according to one embodiment.

FIG. 19   FIG. 6 is a diagram of a space federation in a distributed computing environment according to one embodiment.

FIG. 20 is a flow diagram illustrating a method for a client to create a session with a space service in a distributed computing environment according to one embodiment.

FIG. 21   FIG. 6 is a diagram of a space event type hierarchy of one embodiment.

FIG. 22 is a flow diagram illustrating service instantiation in a distributed computing environment according to one embodiment.

FIG. 23 is a diagram of a default space in a distributed computing environment according to one embodiment.

FIG. 24 illustrates a device for bridging a proximity-based device to another transport mechanism that allows services provided by the proximity-based device to be accessed by devices outside the device's proximity, according to one embodiment. It is a figure which shows an example.

FIG. 25 illustrates a method of using a lease renewal message in a distributed computing environment according to one embodiment.

FIG. 26 a: A flow chart illustrating an authentication service for providing an authentication certificate to a client according to one embodiment. b: is a flow diagram illustrating an authentication service that evolves on step 1002 of FIG. 26a to generate an authentication certificate, according to one embodiment.

FIG. 27   FIG. 6 is a diagram of one embodiment of a bridging mechanism.

FIG. 28 is an illustration of an example space discovery protocol mapped to an external discovery service according to one embodiment.

FIG. 29 illustrates a method of bridging a client external to a distributed computing environment to a space within the distributed computing environment according to one embodiment.

FIG. 30   FIG. 6 is a diagram of a proxy mechanism according to one embodiment.

FIG. 31 is a diagram of an embodiment of a client with associated display and display services according to one embodiment.

FIG. 32 is a diagram illustrating an example of using a schema of a dynamic display object according to an embodiment.

FIG. 33 is a diagram of a representative string representation in the A: C programming language. B: It is a figure which shows the example of the conventional character string function. C: Shows an efficient way to represent and manage strings in general and space-saving systems in particular, such as embedded systems, according to one embodiment.

FIG. 34 illustrates a process of moving an object between a client and a service, according to one embodiment.

FIG. 35. An extension for a virtual machine (eg, JVM) to compile an object (eg, Java object) into an XML representation of the object and (Java
6 is a data flow diagram illustrating an embodiment that includes a) an extension that decompiles an XML representation of an object into a (Java) object.

FIG. 36 is a diagram of clients and services accessing a store mechanism in a distributed computing environment in accordance with one embodiment.

FIG. 37 illustrates a process transition using an XML representation of the state of a process according to one embodiment.

FIG. 38 is a diagram of a mobile client device accessing space on a local distributed computing network according to one embodiment.

FIG. 39 a: A mobile device user discovers the location of a docking station, according to one embodiment. b: A diagram of a mobile client device connecting to a docking station according to one embodiment.

FIG. 40 a: illustrates one embodiment of an embedded device controlled by a control system and accessible within a distributed computing environment, according to one embodiment. b: is a diagram of a device control system for connecting to embedded devices accessible in a distributed computing environment via a network (eg, the Internet), according to one embodiment.

FIG. 41   6 is a flow chart illustrating a method of making a gate according to one embodiment.

FIG. 42a is a flow diagram illustrating a method for a client to send a message to a service according to one embodiment.

FIG. 42b is a flow diagram illustrating a service for receiving a message from a client and authenticating the message using an authentication service according to one embodiment.

FIG. 42c is a flow diagram illustrating a general process by which clients and services exchange messages with embedded authentication credentials according to one embodiment.

FIG. 43 is a flow diagram illustrating a mechanism for verifying message integrity according to one embodiment.

FIG. 44   6 is a flow diagram illustrating a mechanism for leasing resources according to one embodiment.

FIG. 45a is a flow diagram illustrating various embodiments of a mechanism of communication between a client and a service using method gates.

FIG. 45b is a flow chart illustrating various embodiments of a mechanism of communication between a client and a service using a method gate.

FIG. 45c is a flow chart illustrating various embodiments of a mechanism of communication between a client and a service using a method gate.

FIG. 45d is a flow chart illustrating various embodiments of a mechanism of communication between a client and a service using a method gate.

FIG. 46 is a flow diagram illustrating a mechanism for sending an object from a service to a client using an XML representation of the object.

FIG. 47 is a flow diagram illustrating a mechanism for secure object decompilation at a client device.

FIG. 48 is a flow diagram of a mechanism for migrating a process using a data representation language representation of the process in a distributed computing environment.

─────────────────────────────────────────────────── ─── Continued front page    (31) Priority claim number 60 / 209,430 (32) Priority date June 2, 2000 (June 2000) (33) Priority claiming countries United States (US) (31) Priority claim number 60 / 209,140 (32) Priority date June 2, 2000 (June 2000) (33) Priority claiming countries United States (US) (31) Priority claim number 09 / 663,563 (32) Priority date September 15, 2000 (September 15, 2000) (33) Priority claiming countries United States (US) (81) Designated countries EP (AT, BE, CH, CY, DE, DK, ES, FI, FR, GB, GR, IE, I T, LU, MC, NL, PT, SE, TR), OA (BF , BJ, CF, CG, CI, CM, GA, GN, GW, ML, MR, NE, SN, TD, TG), AP (GH, G M, KE, LS, MW, MZ, SD, SL, SZ, TZ , UG, ZW), EA (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM), AE, AG, AL, AM, AT, AU, AZ, BA, BB, BG, BR, BY, B Z, CA, CH, CN, CR, CU, CZ, DE, DK , DM, DZ, EE, ES, FI, GB, GD, GE, GH, GM, HR, HU, ID, IL, IN, IS, J P, KE, KG, KP, KR, KZ, LC, LK, LR , LS, LT, LU, LV, MA, MD, MG, MK, MN, MW, MX, MZ, NO, NZ, PL, PT, R O, RU, SD, SE, SG, SI, SK, SL, TJ , TM, TR, TT, TZ, UA, UG, UZ, VN, YU, ZA, ZW (72) Inventor Soulpuff, Thomas Yee             United States95120California             State San Jose Brett Heart Dry             B 6938 (72) Inventor Traversat, Bernard A.             United States94109California             State / San Francisco / California             Street 2055 Apartment 402 (72) Inventor Abderazis, Mohammed Em             United States95051 California             State Santa Clara Cabot Aveni             U 78 (72) Inventor Duigo, Michael Jay             United States · 94555 · California             State / Fremont Caplet Sark             Le 33928 F-term (reference) 5B081 CC01 [Continued summary] Can be accepted, which is a representation of the object And all its referenced objects (objects Object graph (and its object Output all objects in the eject graph) It In one embodiment, an intermediate format is used to represent the data representation language. Represents a word document, dynamically processing this intermediate form, Data representation language document to class instance Can be generated.

Claims (90)

[Claims] 1. A method of expressing a computer programming language object in a data representation language, the process executing in a virtual machine that sends a first computer programming language object to a compilation process of a virtual machine, the method comprising: A first object is an instance of a class in a computer programming language, and a process of compiling a virtual machine for converting the first object into a data representation language representation of the first object; A method in which a data representation language representation is configured for use in generating a copy of a first object. 2. A virtual machine compilation process in which a first object references one or more computer programming language objects and transforms the first object into a data representation language representation of the first object. The method of claim 1 or including a compilation process for converting a plurality of objects into a data representation language representation of the one or more objects. 3. A virtual machine compilation process for converting a first object into a data representation language representation of the first object processing the first object into an intermediate table representation of the first object. The method of claim 1, comprising: processing an intermediate table representation of the first object into a data representation language representation of the first object. 4. The first object includes one or more instance variables, and the step of processing the first object into an intermediate table representation includes each of the one or more instance variables in the first object. A method according to claim 3, including the step of generating an entry of an intermediate table representation of the first object for each of the one or more instance variables, each entry including an identifier of the instance variable and a value of the instance variable. 5. The first object includes a plurality of instance variables having the same identifier, and each entry of the plurality of instance variables having the same identifier further uniquely identifies the instance variable by the plurality of instance variables having the same identifier. 5. The method of claim 4, including enumerated values that: 6. The step of processing the intermediate table representation of the first object into a data representation language representation of the first object includes, for each of the one or more entries in the intermediate table representation of the first object, 5. The method of claim 4, including the step of generating a corresponding element in the data representation language representation of the one object, the elements in the data representation language representation of the first object including an instance variable identifier and an instance variable value. . 7. Configuring one or more elements of a data representation language representation of a first object for use in initializing one or more corresponding instance variables in a copy of the first object. The method according to claim 6, wherein 8. The method further comprising providing an application programming interface (API) to the compilation process, the API
Interface with one or more methods of a compilation process configured for use by a process executing within a virtual machine that transforms a computer programming language object into a data representation language representation of the object. The method described. 9. The method of claim 1, wherein the data representation language is Extensible Markup Language (XML). 10. The method of claim 1, wherein the computer programming language is the Java® programming language. 11. The method of claim 1, wherein the virtual machine is a Java Virtual Machine (JVM). 12. A method of generating a computer programming language object from a data representation language representation of an object, the virtual machine receiving a data representation language representation of a first computer programming language object from a first process, the method comprising: A decompilation process of the machine produces a first object from a data representation language representation of a first object that is an instance of a class in a computer programming language, and the decompilation process of the virtual machine produces the first object To a second process executing in the virtual machine. 13. The method of claim 12, wherein the first object refers to one or more computer programming language objects and the representation of the first object includes a representation of one or more referenced objects. the method of. 14. A decompilation process of a virtual machine that generates a first object from a representation of a first object is one of a representation of one or more referenced objects included in the representation of the first object. 14. A decompilation process that produces one or more referenced objects.
The method described in. 15. A decompilation process that generates a first object from a data representation language representation of a first object processes the data representation language representation of the first object into an intermediate table representation of the first object, The method of claim 12, wherein the first object is generated from an intermediate table representation of the first object. 16. A data representation language representation of a first object includes one or more elements each representing an instance variable of the first object, each element in the data representation language representation being represented by that element. 16. The method of claim 15 including the instance variable identifier represented by the instance variable and the value of the instance variable represented by the element. 17. Processing a data representation language representation of a first object into an intermediate table representation of the first object is a first for each of one or more elements in the data representation language representation of the first object. 17. The method of claim 16 including creating an entry in the intermediate table representation of the object of the. 18. Generating a first object from an intermediate table representation of a first object instantiates the first object as an instance of a class, one or more in the intermediate table representation of the first object. 18. The method of claim 17, comprising, for each of the entries of, initialize a corresponding instance variable in the first object according to the entry. 19. Processing an intermediate table representation of a first object into a first object instantiating the first object as an instance of a class, one or more in the intermediate table representation of the first object. 18. For each of the entries of, including invoking a method corresponding to the identifier of the instance variable from the entry that initializes the corresponding instance variable in the first object to the value of the instance variable from the entry. Method. 20. A decompilation process for generating a first object from a data representation language representation of a first object, wherein the data representation language representation of the first object includes an identifier of a class of the first object, and 13. The method of claim 12 including instantiating the object in the object as an instance of the class associated with the class identifier. 21. The API further comprising providing an application programming interface (API) to the decompilation process.
13. Interface with one or more methods of a decompilation process configured for use by a process executing within a virtual machine that generates a computer programming language object from a data representation language representation of an object. The method described in. 22. The method of claim 12, wherein the data representation language is Extensible Markup Language (XML). 23. The method of claim 12, wherein the computer programming language is the Java programming language. 24. The method of claim 12, wherein the virtual machine is a Java Virtual Machine (JVM). 25. A method of passing a computer programming language object between processes in a distributed computing environment, wherein a first virtual machine receives a computer programming language object from a first process, wherein the object Is an instance of a class of computer programming language, the first virtual machine generating a representation of the object in the data representation language after said receiving, and generating a message in the data representation language containing the data representation language representation of the object, A method comprising sending a message to a second process, the second process generating a copy of a computer programming language object from a data representation language representation of an object included in the message. 26. An object refers to one or more computer programming language objects, and generating a representation of the object in a data representation language includes generating a data representation language representation of the one or more objects. The method of claim 25. 27. The object includes one or more instance variables, and generating a representation of the object in a data representation language includes providing an element for each of the one or more instance variables in the object as a first object. 26. The method of claim 25, wherein each element of the one or more instance variables comprises an identifier of the instance variable and a value of the instance variable, the method comprising: 28. A second process of creating a copy of an object receives a message containing a data representation language representation of an object and sends the data representation language representation of the object to a second virtual machine, the second virtual machine 26. The method of claim 25, comprising generating a copy of the object from a data representation language representation of the object, the second virtual machine sending the copy of the object to a second process. 29. A first object refers to one or more computer programming language objects, and a data representation language representation of the first object is a data representation language representation of one or more referenced objects. Generating a copy of the object from the data representation language representation of the object, including generating a copy of the one or more referenced objects from the data representation language representation of the one or more referenced objects. 29. The method of claim 28, including. 30. A data representation language representation of an object includes one or more elements, each of which represents an instance variable of the object, and generating a copy of the object from the data representation language representation of the object creates a copy of the object. 29. The method of claim 28, including instantiating as an instance of the class and for each of one or more elements in the data representation language representation of the object, corresponding instance variables in the copy of the object according to the element. Method. 31. The method of claim 25, wherein the data representation language is Extensible Markup Language (XML). 32. The method of claim 25, wherein the computer programming language is the Java programming language. 33. The method of claim 25, wherein the first virtual machine is a Java Virtual Machine (JVM). 34. A method of passing a computer programming language object between processes in a distributed computing environment, the method comprising: a message in a data representation language, the message including information representative of the computer programming language object. One process receives from a second process, the first process sends information representing an object to a virtual machine, and the virtual machine creates the object from the information representing the object that is an instance of a class of computer programming language. , A virtual machine providing the created object to a first process. 35. The information representing the object includes information representing one or more instance variables of the object, and the information representing each of the one or more instance variables includes an identifier of the instance variable and a value of the instance variable. Item 34. The method according to Item 34. 36. Generating an object from information representing its object instantiates the object as an instance of a class, and for each of one or more instance variables, a corresponding instance in the object according to the information representing the instance variable. 36. The method of claim 35, including initializing a variable. 37. The method of claim 34, wherein the data representation language is Extensible Markup Language (XML). 38. The method of claim 34, wherein the computer programming language is the Java programming language. 39. The method of claim 34, wherein the virtual machine is a Java Virtual Machine (JVM). 40. A first computer programming language object comprising a processor and a memory containing virtual machine program instructions executable by the processor, the first computer programming language object being an instance of a class of the computer programming language. A device configured to convert to a data representation language representation of an object and to be used by the data representation language representation of the first object to create a copy of the first object. 41. The device of claim 40, wherein the virtual machine program instructions are further executable to provide a virtual machine and receive a first computer programming language object from a process executing within the virtual machine. . 42. In converting the first object into a data representation language representation of the first object, virtual machine program instructions process the first object into an intermediate table representation of the first object, 41. The device of claim 40, wherein the device is executable to process an intermediate table representation of one object into a data representation language representation of a first object. 43. A virtual machine, when the first object contains one or more instance variables, the first object being processed into an intermediate table representation.
Program instructions are executable to generate an entry for an intermediate table representation of the first object for each of the one or more instance variables in the first object, and for each of the one or more instance variables. 43. The device of claim 42, wherein the entry comprises an instance variable identifier and an instance variable value. 44. In processing the intermediate table representation of the first object into a data representation language representation of the first object, the virtual machine program instructions include one or more virtual machine program instructions in the intermediate table representation of the first object. For each of the entries of the first object, the element in the data representation language representation of the first object is executable, and the element in the data representation language representation of the first object is an instance variable identifier and an instance variable A value, configured to be used by one or more elements of the first object's data representation language representation in initializing one or more corresponding instance variables in the copy of the first object 44. The device of claim 43, which is: 45. The memory further comprises an application programming interface (API) to virtual machine program instructions, the API receiving as input a computer programming language object for converting a data representation language representation of the object. 45. The device of claim 44, configured to receive and, as output, send a data representation language representation of an object. 46. The device of claim 40, wherein the data representation language is Extensible Markup Language (XML). 47. The device of claim 40, wherein the computer programming language is the Java programming language. 48. The device of claim 40, wherein the virtual machine programming instructions are executable to implement a virtual machine configured to process bytecodes into process-executable program instructions. . 49. The device of claim 48, wherein the virtual machine is a Java Virtual Machine (JVM). 50. A processor and a memory containing virtual machine program instructions executable on the processor, the instructions receiving a data representation language representation of a first computer programming language object, the computer programming language comprising: A device that creates a first object from a data representation language representation of a first object that is an instance of a class of. 51. The device of claim 50, wherein the virtual machine program instructions are executable to use the virtual machine to send the created first object to a process executing on the virtual machine. 52. A first object refers to one or more computer programming language objects, and a representation of the first object includes a representation of one or more referenced objects, the first object The first
When a virtual machine program instruction is generated from the representation of an object,
51. The device of claim 50, further executable to generate one or more referenced objects from a representation of one or more referenced objects contained in a representation of the first object. 53. When generating a data representation language representation of a first object for a first object, a virtual machine program instruction converts the data representation language representation of the first object into an intermediate table representation of the first object. 51. The device of claim 50, further operable to process and generate a first object from an intermediate table representation of the first object. 54. A data representation language representation of a first object includes one or more elements each representing an instance variable of the first object, each element in the data representation language representation being represented by that element. 51. The device of claim 50, comprising the instance variable identifier represented by the instance variable and the value of the instance variable represented by the element. 55. In processing the data representation language representation of the first object into an intermediate table representation of the first object, a virtual machine program instruction causes one or more of the data representation language representation of the first object to be processed. 55. The device of claim 54, further executable to create an entry in the intermediate table representation of the first object for each of the plurality of elements. 56. In processing an intermediate table representation of a first object into a first object, a virtual machine program instruction instantiates the first object as an instance of a class, the intermediate table of the first object. For each of the one or more entries in the representation, the method can further be executed from the entry by calling the method corresponding to the identifier of the instance variable, which method returns the corresponding instance variable in the first object from the entry. 56. The device of claim 55, which initializes to the value of an instance variable. 57. Further comprising an application programming interface (API) to virtual machine program instructions, the API receiving as input a data representation language representation of a first object and, as output, a generated first representation. 52. The device of claim 51 configured to send an object of 1. 58. The device of claim 50, wherein the data representation language is Extensible Markup Language (XML). 59. The device of claim 50, wherein the computer programming language is the Java programming language. 60. The virtual machine programming instructions are further executable to implement a virtual machine configured to process bytecodes into program instructions executable on a process. device. 61. The device of claim 60, wherein the virtual machine is a Java Virtual Machine (JVM). 62. A distributed computing system comprising: a first device comprising a first processor and a first memory, the first memory for implementing a first virtual machine. A virtual machine program instructions executable on a processor of the first virtual machine and a first process executable on the first virtual machine, the first virtual machine being an instance of an object of a class of a computer programming language. When receiving a computer programming language object from the first process and operative to generate a representation of the object in a data representation language after said receiving, the first process sending a message containing the data representation language representation of the object. A distributed computing system generated by a data expression language. 63. A second device further comprising a second processor and a second memory, the second memory executing on the second processor to implement a second virtual machine. 63. The method of claim 62, comprising possible virtual machine program instructions and a second process executable in a second virtual machine, the first process further operable to send a message to the second process. The system described. 64. A second process is operable to receive a message containing a data representation language representation of an object and send the data representation language representation of the object to a second virtual machine, the second virtual machine 64. The system of claim 63, wherein the system is operable to generate a copy of the object from the data representation language representation of the object and send the copy of the object to the second process. 65. The system of claim 63, wherein the first virtual machine and the second virtual machine are further operable to process the bytecode into program instructions executable on the process. 66. The system of claim 63, wherein the first virtual machine and the second virtual machine are Java virtual machines (JVM). 67. A first object refers to one or more computer programming language objects, and a data representation language representation of the first object is a data representation language representation of one or more referenced objects. A second virtual machine, in generating a copy of the object from the data representation language representation of the object, the second virtual machine includes a copy of the referenced object or data representations of the referenced object or objects. 63. The system of claim 62, further operable to generate from a linguistic representation. 68. A second virtual representation in generating a copy of an object from a data representation language representation of an object, the data representation language representation of the object including one or more elements, each representing an instance variable of the object. So that the machine further instantiates a copy of the object as an instance of the class, and for each one or more elements in the data representation language representation of the object, initializes the corresponding instance variable in the copy of the object according to that element. 63. The system of claim 62 operable with. 69. The system of claim 62, wherein the data representation language is Extensible Markup Language (XML). 70. The system of claim 62, wherein the computer programming language is the Java programming language. 71. A carrier medium storing program instructions, the program instructions being the first computer programming language object of a virtual machine when the first object is an instance of a class in the computer programming language. Computer-executable to perform a process executed in a virtual machine that sends to a compilation process and a virtual machine compilation process that translates a first object into a data representation language representation of the first object; A carrier medium that is configured for use by a data representation language representation of a first object in generating a copy of the first object. 72. When converting the first object into a data representation language representation of the first object, program instructions process the first object into an intermediate table representation of the first object, the first object 72. The system of claim 71, which is further computer-executable to perform processing the intermediate table representation of to the data representation language representation of the first object. 73. The first object includes one or more instance variables, and in processing the first object into an intermediate table representation, a program instruction causes one or more instances in the first object. For each of the variables, further computer-executable to implement generating an entry of an intermediate table representation of the first object, each entry of one or more instance variables being an identifier of the instance variable and the instance 73. The carrier medium of claim 72, including the value of a variable. 74. In processing the intermediate table representation of the first object into a data representation language representation of the first object, a program instruction causes one or more entries in the intermediate table representation of the first object to be processed. For each, it is further computer-executable to perform generating a corresponding element in the data representation language representation of the first object, the element in the data representation language representation of the first object being an identifier of an instance variable. 74. The carrier medium of claim 73, including a value of an instance variable. 75. The carrier medium of claim 71, wherein the data representation language is Extensible Markup Language (XML). 76. The carrier medium of claim 71, wherein the computer programming language is the Java programming language. 77. The carrier medium of claim 71, wherein the virtual machine is a Java Virtual Machine (JVM). 78. A carrier medium for storing program instructions, the program instructions comprising: a virtual machine receiving a data representation language representation of a first computer programming language object from a first process, the virtual machine decompilation process. Generates a first object from a data representation language representation of a first object that is an instance of a class in a computer programming language and a decompilation process of the virtual machine executes the first object in the virtual machine. A computer-executable carrier medium that implements sending to a second process. 79. When generating the first object from the data representation language representation of the first object, program instructions process the data representation language representation of the first object into an intermediate table representation of the first object. 79. The carrier medium of claim 78, wherein generating the first object from the intermediate table representation of the first object is further computer-executable. 80. In generating the first object from the intermediate table representation of the first object, a program instruction instantiates the first object as an instance of the class and stores the first object in the intermediate table representation of the first object. 80. The carrier medium of claim 79, wherein for each of the one or more entries, initializing a corresponding instance variable in the first object according to the entry is further computer-executable. 81. The carrier medium of claim 78, wherein the data representation language is Extensible Markup Language (XML). 82. The carrier medium of claim 78, wherein the computer programming language is the Java programming language. 83. The carrier medium of claim 78, wherein the virtual machine is a Java Virtual Machine (JVM). 84. A carrier medium storing program instructions, the program instructions comprising: a first virtual machine from a first process to a computer programming language object when the object is an instance of a class of the computer programming language. The first virtual machine generates a representation of the object in a data representation language after the receipt, generates a message in the data representation language that includes the data representation language representation of the object, and sends the message to the second process, A carrier medium that is computer-executable for a second process to generate a copy of a computer programming language object from a data representation language representation of an object contained in a message. 85. The object includes one or more instance variables, and when generating the representation of the object in a data representation language, program instructions include a first instruction for each of the one or more instance variables in the object. A computer-implementable to effectuate generating an element in a data representation language representation of an object of the one or more instance variables, each element including an identifier of the instance variable and a value of the instance variable. Item 84. The carrier medium according to Item 84. 86. In producing a copy of an object, a program instruction receives a message in which a second process includes a data representation language representation of the object and the second process receives a data representation language representation of the object. It is further computer executable to send to the virtual machine, the second virtual machine generating a copy of the object from the data representation language representation of the object, and the second virtual machine sending the copy of the object to the second process. A carrier medium according to claim 84. 87. A program instruction in generating a copy of an object from a data representation language representation of an object, wherein the data representation language representation of the object includes one or more elements, each representing an instance variable of the object. Further computerizing instantiating a copy of the object as an instance of the class, and for each of one or more elements in the data representation language representation of the object, initializing the corresponding instance variable in the copy of the object according to that element 87. The carrier medium of claim 86, which is executable. 88. The carrier medium of claim 84, wherein the data representation language is Extensible Markup Language (XML). 89. The carrier medium of claim 84, wherein the computer programming language is the Java programming language. 90. The carrier medium of claim 84, wherein the first virtual machine is a Java Virtual Machine (JVM).