JP2005056079A - Service providing method and service providing system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a service to be realized according to the hierarchical combination of a plurality of services for reflecting various policies concerning the service use of a client. <P>SOLUTION: This service providing method is provided by a server 401 connected to a client 301 who requests a service and a policy database 601 to which pieces of policy information corresponding to a service requested by the client 301 are stored, for providing hierarchically configured services. This service providing method comprises a first step to receive a request for a service from the client 301, and to acquire policy information corresponding to the request from a policy database 601, a second step to select a server which executes a service based on the policy information to configure the hierarchical services and a third step to transmit the execution result of the service by the selected server to the client. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a service and a service providing method reflecting various policies related to client service use in a service realized by a hierarchical combination of a plurality of services such as a Web service.

  In order to perform distributed processing by a plurality of computers connected to a computer network such as the Internet, a client / server system is generally used. This client / server system is configured by a computer having two roles of a client computer and a server computer for each service. However, this role is not fixed, and each computer may be a client computer in one service and a server computer in another service. Similarly, a server computer in one service may become a client computer in another service.

  In addition, a client program operates on the client computer, and a server program operates on the server computer. The role of the client is to request the server to execute the service and acquire the execution result of the service. The role of the server is to receive a service execution request from the client, execute the service, and return the result to the client. In this specification, the computer or client program itself in which the client program is operating is referred to as “client”, and the computer or server program in which the server program is operating is simply referred to as “server”.

  The client program and the server program are described in a compiler type language or an interpreter type language. In the case of a compiler type language, a source program is converted into a format (machine language) that can be executed by a computer by a program called a compiler, and then directly operates on the computer. In an interpreter language, a source program or an intermediate code obtained by converting the source program is dynamically interpreted and executed by a program called an interpreter operating on a computer.

  In particular, client programs and server programs are often described in an interpreter language as a method for realizing a client-server system using the Internet as a network. Furthermore, a method is generally provided in which middleware including a program called a “virtual machine” that is an interpreter that executes intermediate code is executed on a server computer, and the server program is executed on the middleware to provide a service. Such middleware including a virtual machine is called an “application server”.

  In the client / server system, communication between the client and server can be realized by programming each service individually, but the service interface is defined in advance and the service is realized by the defined definition. Generally, a method of automatically generating an interface part of a server program to be executed and a client program thereof. Examples of known interface definition means include WSDL (Web Service Description Language) in Web services shown in Non-Patent Document 1, and IDL in CORBA (Common Object Request Broker Architecture) shown in Non-Patent Document 2. (Interface Definition Language). Details of the Web service and WSDL are described in the document “Web Service Description Language” published by the World Wide Web Consortium (W3C), and the CORBA and IDL documents “Common Object” published by OMG (Object Management Group, Inc.) It is described in detail in “Request Broker Architecture: Core Specification”. In this specification, the Web service is not a Web service in a broad sense that indicates the entire service on the Internet, but an XML-based Web service described later (sometimes referred to as an XML Web service).

  Many of the codes automatically generated by these interface definition means are based on a “Remote Procedure Call” (RPC) model. In a remote procedure call, a request from a client server and a processing result of the service are paired. In other words, when a client issues a service execution request to the server, processing (service) corresponding to the request is performed by the server, and a series of flows in which the execution result of the service is notified to the client is inseparable It is. In the program, this remote procedure call is handled in a network transparent manner by a function call or a class method call in an object-oriented language.

  In Web services, a remote procedure call model is often used to execute services. This may be referred to as “synchronous web service”. On the other hand, in the “asynchronous Web service”, the service execution result is asynchronously returned in response to the service execution request from the client. That is, the result of executing the service is not returned immediately. In this specification, the Web service is assumed to be a “synchronous Web service”.

  Further, as described above, in the Web service, the service interface description is performed by WSDL. The WSDL description includes the definition of the data format of the message that the client sends to the server during service execution and the definition of the data format of the service execution result message that the server sends back to the client. In addition, the WSDL description includes information about a place where the service is provided, and the information on the place is usually indicated by a URL (Uniform Resource Locator) of the server (for example, see Non-Patent Document 3). The message between the client and the server is described using XML (eXtensible Markup Language) (for example, see Non-Patent Document 4).

  This message is converted from the internal format of the program into the XML format by the client program or the server program and transferred via the network. Note that the WSDL description itself is also described in XML. This XML is a kind of markup language based on SGML (Standard Generalized Markup Language), and is one of language specifications for describing a description (tag) in the document to indicate the structure of the document. In XML, the document structure can be separated and transmitted by separately defining DTD (Document Type Definition) that defines the structure of the document. In the Web service, an XML format message is transmitted and received between a client and a server using a protocol called SOAP (Simple Object Access Protocol) (for example, see Non-Patent Document 5). SOAP is normally encapsulated and transmitted by HTTP (Hypertext Transfer Protocol) (for example, see Non-Patent Document 6), which is a standard protocol of the Internet.

  As described above, the message framework of the Web service based on the XML format is important for the service to become independent as a “part” (component) having an interface as described later.

  The URL is a document “RFC1738: Uniform Resource Locators (URL)” issued by IETF (Internet Engineering Task Force), the document is “RFC2616: Hypertext Transfer Protocol” issued by IETF for HTTP, and the document issued by W3C for XML. “Extensible Markup Language (XML) 1.0: W3C Recommendation” and SOAP are described in detail in the document “Simple Object Access Protocol (SOAP) 1.1: W3C Note” published by W3C.

  A Web service is suitable as an example of a client-server service provision infrastructure. A clear definition of a service interface makes it easy to make components (components) in a network of services, and generalizes individual service functions. It becomes a factor to advance. One of the methodologies for realizing a distributed system on a network using such a client-server service provision framework is a distributed object model. The distributed object model is sometimes called a component object model.

  In the distributed object model, a service is considered as a set of components constituting the service, and each of these components is realized as a service. Next, the overall service function is realized by combining these services. In this way, service components can be reused, and service construction productivity can be improved. In addition, since it becomes possible to create a new service using service components, the service provider can focus only on the service provided by the service provider, and the cost required for providing the service can be reduced.

  Such service components are managed by a directory service called a registry and stored with a description of the service in order to enable reuse in a computer network. A registry is a service that registers services and can be searched by interface or function.

  A service provider who intends to construct a new service searches for a service from the registry, procure parts necessary for the service to be constructed, and combine them to constitute a new service. This search from the registry may be dynamic, and the service may be dynamically searched when the service is executed, and a new service may be configured using a desired service. However, the interface for using the service, that is, the WSDL description must be assumed in advance. That is, each service function itself is static.

  In this distributed object model, each part generally has a hierarchical structure, and a part is composed of dependent parts. In a service having such a hierarchical structure, in general, the connection between the individual services constituting the service is sparse, and only linked by the public interface definition and its function. Each service provides a specific function by itself, and in many cases, each service is provided by a separate service provider.

  In this way, when service components are abundantly registered in the registry, when a service provider tries to provide a service with a hierarchical structure, the service provider realizes only the part specific to the service to be provided. do it. This is because the part not unique to the service can be realized by using the service retrieved from the registry. Once the service component market is formed, multiple service providers will provide the same type of service for a particular service component type. That is, if a registry is searched when trying to configure a service, a plurality of services are obtained as search results. Selecting one of the plurality of service components depends on the intention (policy) of the service provider to provide the service. Among the services constructed in this way, a criterion for the client to select a service is a client policy for a service provider providing an upper layer service, a client policy for a service content, or the like.

Further, as a method for providing a server / client system service using this policy, policy information for selecting a server providing the service is stored in an inquiry message sent from the client to the server, and the policy is stored. There is known a server selection method in which a directory server that receives information selects a server based on the contents of the policy and notifies the selected server to a client (see, for example, Patent Document 1).
JP-A-9-198346 "Web Service Description Language", World Wide Web Consortium “Common Object Request Broker Architecture: Core Specification”, Object Management Group, Inc. "RFC1738: Uniform Resource Locators (URL)", Internet Engineering Task Force “Extensible Markup Language (XML) 1.0: W3C Recommendation”, World Wide Web Consortium "Simple Object Access Protocol (SOAP) 1.1: W3C Note", World Wide Web Consortium "RFC2616: Hypertext Transfer Protocol", Internet Engineering Task Force

  As the infrastructure for providing a service having a hierarchical structure as described above becomes widespread, compatibility between service contents provided by individual services and requests for client services becomes a problem. Some service providers providing services may be reluctant to quality control of services. Moreover, there is a possibility that a malicious service provider who illegally attempts to fraudulently pay for service provision. Also, even if the service execution result is normal as an interface when the service is used, it is unknown until the client tries to execute it. Client requests for services are diverse, such as those related to the quality of services and those based on the trust of service providers that provide services.

  It is difficult to prepare a single service that meets all of the various client service requests (client policies). In a situation where a service has various attributes relating to service quality and the like, in order for the service to have utility value for the client, a mechanism for drawing up the client policy and reflecting it in the service configuration is required.

  As described above, since the service generally has a hierarchical structure as a combination of a plurality of services, individual services constituting the service are provided by different service providers. Therefore, in order to configure a service that satisfies the client policy, a complicated exchange is required between the client and the service provider that provides each hierarchical service.

  Client policies for services are broadly divided into service configuration level policies and service application level policies. The service configuration level policy is the client's request for what attributes the service is configured with, and the application level policy is the runtime of the service when given the service configuration. It is a request regarding the operation of

  In general, the policy at the service configuration level is not fixed for each service use, but is fixed, and represents the end user's desire for service quality as a client, the creditworthiness of the organization, personal habits and preferences. In a service having a hierarchical structure, a lower layer service is selected according to a unique policy of the upper layer service, and a client using the entire service can only use the service by accepting the service configuration policy of the top level service. In order to reflect the policy at the service configuration level of the client, the entire service can only be selected from a plurality of candidates, and the degree of freedom of the service configuration is low.

  In addition, in order to apply a client policy to a service as in the invention described in Patent Document 1, a client policy is usually specified as a parameter at the time of executing the service, and the policy input on the service side The method of executing the service according to the above is used. This method is appropriate when applying application-level policies, but as service configuration-level policies are applied, as the service hierarchy grows, the service parameters can be used to accommodate diverse client policies. There is a drawback that the number becomes huge. Since the increase in the number of parameters is directly related to the service implementation cost by the service provider, it becomes difficult to provide the service itself. Furthermore, it is difficult for the upper layer service to accept parameters for all lower layer services in advance.

An object of the present invention is to provide a service providing method for each of the following items (A) to (F) in view of the necessity of applying a policy to such a service configuration.

(A) For a service, it is necessary to be able to acquire client policy information and change the service configuration. As described above, in a service having a hierarchical structure, the service is configured by a plurality of service providers. Therefore, in the service customization method at the application level by specifying parameters for the top-level service, the service configuration level This is because the policy of the client cannot be supported.

  Further, in order to reflect the client policy to the service configuration, a means for transmitting policy information to the service is required. However, some of the client policy information corresponds to privacy and confidential information, and it is problematic for the client to provide all policy information to the top-level service when the service is executed. Therefore, a mechanism for transferring only policy information necessary for service configuration to the service is required.

  (B) A uniform method for determining whether the client policy and the service configuration are compatible is required.

  (C) When determining a policy of a client, it becomes difficult for the client to determine all policies as the number of types of policy information increases. Also, if the client belongs to a particular organization, the client may have to follow the organization's policy. In order to cope with such a case, a means capable of reflecting the third party policy in the service configuration in the same way as the client policy is required.

  (D) In a service having a hierarchical structure, even when a service configures a lower-layer service in accordance with a client policy, there is a policy regarding service provision of the service provider itself. A means for reflecting such a service provider's own policy in the service configuration is necessary.

  (E) When determining whether the attributes corresponding to the policy of the client and the policy of the service are compatible, the server program itself may or may not be able to make the determination. Therefore, in such a case, a means for determining suitability by a third party is required.

  (F) When a framework for changing the service configuration as described above according to the policy of the client is provided, if the same procedure is performed every time the service is executed, a problem occurs in the service execution efficiency.

  As described above, the reason why it is difficult to reflect the client policy in the service configuration is that the framework for applying the client policy is not provided for the infrastructure for providing the service.

  Therefore, the present invention provides a framework for applying a policy regarding the configuration of a client service. Specifically, the following means (A) to (F) are provided in response to the problems (A) to (F) described above.

  (A) A database (policy database) that stores policy information of clients in advance is provided. A policy server program (hereinafter simply referred to as policy server) having a function of returning policy information upon request is operated. In this situation, the service to which the client policy is applied is executed based on the following procedure.

  First, when a client who wants to execute a service issues a service execution request to the server along with the location information of the policy server, the server program inquires the policy server about the policy information necessary for the service configuration. Next, the policy server searches the policy database and returns policy information to the server. At this time, depending on the nature of the policy information, the policy server confirms the transmission of the policy information to the client. By this process, it is possible to avoid the leakage of unnecessary policy information. Next, the server that has obtained the policy information configures a service using the policy information, executes the service, and returns an execution result to the client. In addition, in order to execute the above-described procedure hierarchically for a service having a hierarchical structure, a means for transmitting a policy inquiry destination, that is, policy server location information to a dependent service is provided.

  (B) In order to reflect the client policy to the service configuration, the client policy information must be clear. Therefore, a general-purpose format is defined for the client policy description, and the policy is formulated. That is, a policy item and a condition related thereto are described as a set.

  (C) For a query for a policy item that includes policy server location information as a condition for a specific policy item in the policy database, the query is transferred to the policy server. That is, when a server program that provides a service queries the policy server for a policy, the policy server that received the query searches the policy database, and if the policy information indicates a transfer to the policy server, the policy server Returns server location information. Next, the server program inquires about the policy again using the returned position information of the policy server.

  (D) The service provider has its own policy database and operates the policy server. When a service request is received from a client, the server providing the service includes the policy server location information received from the client in the policy database of the service provider. Next, the server configures a dependent lower layer service according to the policy of the client, and then requests each lower layer service together with location information of the policy server of the service provider.

  (E) The client policy information and the attribute corresponding to the service policy information are acquired from the server program, and it is determined whether the acquired policy information and the service attribute are compatible according to a unique criterion, and the determination result A policy conformity determination server having a function of returning the message to the server program is installed.

  (F) The result of inquiring the client policy information from the server providing the service to the policy server is stored in the server for a period allowed by the client policy, and the same service is received from the client during the period. Even if there is a request, the service is configured using the stored query result without re-querying the policy server. In addition, the result of configuring the service based on the client policy information is stored by the server program for a period allowed by the client policy, and even during the period, even if the same service request is received from the client, The service configuration process is not performed, and the service is executed using the stored service configuration.

  Therefore, according to the present invention, only the policy information necessary for the configuration of the hierarchical structure of the service and permitted by the client is transmitted to the server program that provides the service, and has a hierarchical structure provided by a plurality of service providers. It is possible to configure and execute a service that reflects a client policy. Specifically, the following effects (A) to (F) are exhibited in correspondence with the means (A) to (F) described above.

  (A) By providing a database (policy database) for storing client policy information and operating a policy server program having a function of returning policy information upon request, a server providing a service obtains client policy information. It is possible to query and to configure the service hierarchy to match the client policy. Also, by providing a means for notifying the policy server of the inquiry destination at the time of service execution, it is possible to execute the procedure for configuring the service in a hierarchical manner so as to conform to the policy of the client. Even if it is configured with a service provided by, it becomes possible to cope.

  (B) The policy expression of the client is generally defined in the form of a set of policy items and corresponding conditions, and the policy information is formulated, so that the policy can be easily transferred between the client and the service. In addition, the suitability of the service to the client policy can be easily determined. This policy information is stored in the above-mentioned policy database, extracted through the policy server when configuring the service, and compared with the attribute corresponding to the service policy, the conformity between the service and the client policy is determined. Can do.

  (C) By including the location information of the policy server related to another policy database as a condition for a specific item in the policy database, an inquiry about the policy information of the client is transferred. By this method, the client can adopt a third party policy as his own policy, and the burden of the client preparing all detailed policies in advance can be reduced. In addition, it becomes easy for clients belonging to the organization to adopt the policy of the organization.

  (D) In addition to the client policy, the service provider has its own policy database, the policy server is running, and the location information of the client policy server is included in the service provider's own policy database. It becomes possible to reflect the service provider policy in the configuration and execution of the service.

  (E) Based on the policy information of the client and the attribute corresponding to the policy information of the service, by providing a policy conformity determination server by a third party that determines whether the service conforms to the policy, The degree of freedom in expressing policies required for services is improved.

  (F) Since the service is configured using the saved inquiry result or the service is executed using the saved service configuration, the processing for executing the service reflecting the client policy is made more efficient. It becomes possible.

  Embodiments of the present invention will be described below with reference to the drawings.

  First, the configuration of the computer network system according to the first embodiment of the present invention will be described with reference to the block diagram of FIG.

  The computers 201 to 205 are connected to the network 101 through network connections 901 to 905, respectively.

  The client 301 is a client program that requests and uses a service that operates on the computer 201, the server 401 operates on the computer 202, and the server 402 is a server program that provides a service that operates on the computer 203.

  The policy server 501 is a server having a function of responding to a policy inquiry of a server operating on the computer 204, and the policy database 601 is a database for storing policy information of clients operating on the computer 204 and other policy information. is there.

  The registry 701 is a directory server that can search which service can be executed by which server operating on the computer 206.

  The network 101 may be a large-scale network such as the Internet, or a relatively small-scale network such as a corporate network. In FIG. 1, the network 101 is constituted by a single network, but it is not always necessary that the computers are connected by a single network, and computers that need to communicate with each other are connected through individual networks. May be. Further, the computers 201 to 205 may be any computers such as a personal computer, a workstation, and a server dedicated machine having a function capable of network connection.

  In FIG. 1, the client computer and the server computer are shown separately, but the programs of the client 301 and the servers 401 and 402 may be the same computer. This is common in the case of a service constituting a service having a hierarchical structure.

  Furthermore, in the present embodiment, each program such as the client 301 and the servers 401 and 402 may operate on the same computer, or may operate by being distributed to different computers in the network.

  Next, the operation when the service is an XML-based Web service in the computer network system according to the first embodiment configured as described above will be described.

  FIG. 2 is a diagram illustrating processing executed by hierarchically configuring services reflecting client policies in the computer network system according to the first embodiment.

  In FIG. 2, servers 401 and 402, a registry 701, and a policy server 501 are configured as Web services, and the system is implemented so that each can provide services. Policy information corresponding to the service requested by the client 301 is set in advance by the client 301 and stored in the policy database 601.

  First, the client 301 transmits an execution request message 1001 that is an execution request of a service desired by the client to the server 401. Simultaneously with the transmission of the execution request message 1001, the service description (WSDL description) of the policy server 501 that is the policy inquiry destination of the client 301 or the URL of the policy server 501 that is the policy inquiry destination is used as a parameter when the service is called. It transmits to the server 401. The service description of the policy server 501 for the server 401, which is the top-level service of this service configuration, is obtained in advance by searching the registry 701 by the client 301 or by another method.

  Next, the server 401 that has received the service execution request message 1001 transmits an inquiry message 1002 for inquiring about necessary policy information to the policy server 501. The policy server 501 that has received the inquiry message 1002 transmits a search request message 1003 to the policy database 601 in order to search for relevant policy information. The policy database 601 that has received the search request message 1003 searches for the corresponding policy, and transmits a response result message 1004 that is the search result to the policy server 501.

  An example of a set of policy items and policy conditions stored in the policy database is shown in FIG. In FIG. 3, for example, a policy condition “within 1 second” is assigned to the policy item “response time”, and a policy condition “authentication is acquired” is assigned to the policy item “reliability standard B”. , A policy condition of “rating AA or higher” is stored for a policy item of “rating by rating agency A”, and policy information composed of the policy item and the policy condition is a stylized description. Has been accumulated by.

  Further, each policy item may be given an attribute (publication rule) about policy information disclosure. If the policy information has previously been given an attribute that restricts disclosure (for example, “non-public”), the policy server 501 may disclose the policy information to the server 401 to the client 301. An inquiry message 1005 for inquiring is sent, and a result message 1006 that is a response to the inquiry is received.

  The client 301 receives this inquiry message 1005 and confirms whether or not the policy information can be disclosed by a method of directly inquiring the user. For example, if the result message 1006 for this inquiry permits the disclosure of the policy, or if the policy information is not attached with an attribute that restricts the disclosure, the policy server 501 requests the service execution request message 1001. A result message 1007 that is a result of the policy information inquiry is transmitted to the server 401. However, if the client 301 does not allow the policy information to be disclosed, the execution of the service is stopped at that time.

  Next, when the server 401 acquires the policy information requested by the inquiry message 1002 as a result message 1007, a hierarchical structure of services by lower servers is configured based on the acquired policy information.

  Specifically, first, the server 401 searches the registry 701 for a service group (information of a server that provides a service) that is a candidate for a lower layer service on which the service depends, and sends a search request message 1008 to the registry 701. Send. When the registry 701 receives the search request message 1008, the registry 701 transmits a search result message 1009, which is a search result (information indicating a candidate of a subordinate server capable of executing the service), to the server 401.

  The server 401 acquires attribute information corresponding to the policy information for each acquired service group that is a candidate for the lower layer service, and compares the attribute information with the client policy information acquired by the result message 1007. As a result of the comparison, if there is a service conforming to the policy information of the client, the service hierarchy of the lower layer is configured using the service. In FIG. 2, only one server 402 is illustrated for simplicity, but in general, a plurality of computers have a plurality of hierarchical structures.

  The server 401 transmits a service execution request message 1010 to the server 402 that has been determined to constitute the lower layer service. The server 402 that has received the execution request message 1010 transmits a result message 1011 that is an execution result for the execution request. In addition, the server 401 transmits an execution request message 1010 to the server 402 and executes a service (a service-specific portion provided by the server 401) that the server 401 executes.

  Then, the server 401 transmits a service execution result message 1012 that is a service execution result of the entire server (servers 401 and 402) to the client 301 together with a service execution result (execution result message 1011) by the lower server 402. .

  In the computer network system according to the first embodiment configured as described above, when the client 301 transmits an execution request to the server 401, the server 401 acquires policy information corresponding to the execution request from the policy server 501. To do. The server 401 makes an inquiry to the registry 701 based on the acquired policy information, searches the lower server 402 that executes the service, transmits an execution request to the searched lower server 402, the result of the execution request, and the server 401. The result of the execution of the unique service performed is transmitted to the client 301. Therefore, even in a service having a hierarchical structure, the service can be configured with the standardized policy information.

  Further, by using an attribute related to policy disclosure, only a policy necessary for service configuration can be delivered to the lower server 402.

  Next, a second embodiment of the present invention will be described.

  The second embodiment is different in that the top level server 401 makes an execution request to the lower level server without inquiring of the registry 701. In addition, the same code | symbol is attached | subjected to the structure which carries out the same operation | movement as 1st Embodiment, and the description is abbreviate | omitted.

  FIG. 4 is a diagram illustrating processing executed by hierarchically configuring services reflecting client policies in the computer network system according to the second embodiment.

  In FIG. 4, servers 401 and 402 and a policy server 501 are configured as Web services, and the system is implemented so as to provide services.

  First, the client 301 transmits an execution request message 1001 that is an execution request of a service desired by the client to the server 401. Next, the server 401 that has received the service execution request message 1001 transmits an inquiry message 1002 for inquiring about necessary policy information to the policy server 501. The policy server 501 that has received the inquiry message 1002 transmits a search request message 1003 to the policy database 601 in order to search for relevant policy information. The policy database 601 that has received the search request message 1003 searches for the corresponding policy, and transmits a response result message 1004 that is the search result to the policy server 501.

  The policy server 501 transmits to the client 301 an inquiry message 1005 that inquires whether or not the policy information can be disclosed to the server 401, and receives a result message 1006 that is a response to the inquiry.

  The client 301 receives the inquiry message 1005 and confirms whether or not the policy information can be disclosed by a method of directly inquiring the user. For example, if the result message 1006 for this inquiry allows the policy to be disclosed, or if the policy information does not have an attribute for limiting the disclosure, the policy server 501 is requested by the service execution request message 1001. A result message 1007 which is the inquiry result of the policy information that has been sent is transmitted to the server 401. However, if the client 301 does not allow the policy information to be disclosed, the execution of the service is stopped at that time.

  Next, when the server 401 acquires the policy information requested by the inquiry message 1002 as a result message 1007, a hierarchical structure of services by lower servers is configured based on the acquired policy information.

  Specifically, the server 401 uses the acquired policy information to configure a lower-layer service of a lower server on which the service provided by the server 401 depends, and transmits a service execution request 1010 to the lower server 402. . The server 401 transmits the service execution request 1010 and the lower server 402, and also transmits the service description (or its URL) of the client policy server 501.

  Based on the service description of the policy server received together with the service execution request, the server 402 that provides the lower layer service transmits an inquiry message 1013 for inquiring the client policy to the policy server 501. The policy server 501 that has received this inquiry message 1002 transmits a response result message 1014 based on the search result 1004 that has already been obtained by searching the policy database 601. Further, the server 402 similarly configures a lower-layer service on which it depends, and transmits a service execution request together with the service description (or its URL) of the policy server to a server (not shown) that provides the lower-layer service.

  Finally, the server 401 transmits a service execution result message 1012 that is a service execution result of the entire server (servers 401 and 402) to the client 301 together with a service execution result (execution result message 1011) by the lower server 402. To do.

  In FIG. 4, an example of only one layer of the server 402 is shown. In general, the above-described processing is hierarchically repeated by a lower server (not shown), so that the client in each layer constituting the entire service. A service reflecting the policy is configured and the service is executed.

  In the computer network system of the second embodiment configured as described above, in addition to the effects of the first embodiment, policy information is sent to a lower server without using a directory server that holds the server structure. Thus, a hierarchical service similar to that in the first embodiment can be provided.

  Next, a third embodiment of the present invention will be described.

  The third embodiment is different from the first and second embodiments described above in that the computer network system has a plurality of policy servers and a policy database. In addition, the same code | symbol is attached | subjected to the structure which carries out the same operation | movement as 1st and 2nd embodiment, and the description is abbreviate | omitted.

  FIG. 5 is a block diagram illustrating a configuration of a computer network system according to the third embodiment.

  The computer 206 is connected to the network 101 through a network connection 906. The computer 206 includes a policy server 502 and a policy database 602. Similar to the policy server 501, the policy server 502 is a server having a function of responding to a server policy inquiry. The policy database 602 is a database that stores client policy information and other policy information, similar to the policy database 601. is there.

  Next, the operation when the service is configured as an XML-based Web service in the computer network system according to the third embodiment will be described.

  FIG. 6 is a diagram for explaining processing executed by hierarchically configuring services reflecting client policies in the computer network system according to the third embodiment.

  In FIG. 6, a server 401 and policy servers 501 and 502 are configured as Web services, and the system is realized so that the services can be provided.

  First, the client 301 transmits an execution request message 1001 that is an execution request of a service desired by the client to the server 401. Next, the server 401 that has received the service execution request message 1001 transmits an inquiry message 1002 for inquiring about necessary policy information to the policy server 501. The policy server 501 that has received the inquiry message 1002 transmits a search request message 1003 to the policy database 601 in order to search for relevant policy information. The policy database 601 that has received the search request message 1003 searches for the corresponding policy, and transmits a response result message 1004 that is the search result to the policy server 501.

  The policy server 501 transmits to the client 301 an inquiry message 1005 that inquires whether or not the policy information can be disclosed to the server 401, and receives a result message 1006 that is a response to the inquiry.

  The client 301 receives the inquiry message 1005 and confirms whether the policy information can be disclosed by a method of directly inquiring the user. For example, if the result message 1006 for this inquiry allows the policy to be disclosed, or if the policy information does not have an attribute for limiting the disclosure, the policy server 501 is requested by the service execution request message 1001. A result message 1007 which is the inquiry result of the policy information that has been sent is transmitted to the server 401. However, if the client 301 does not allow the policy information to be disclosed, the execution of the service is stopped at that time.

  Next, when the server 401 acquires the policy information requested by the inquiry message 1002 as a result message 1007, a hierarchical structure of services by lower servers is configured based on the acquired policy information.

  Here, a case is considered where the policy information inquiry result indicates an inquiry to the policy server 502. More specifically, the policy database 601 stores the contents shown in FIG. In FIG. 7, the policy condition “response time” is stored (accumulated) in the policy database 601 with the policy condition “within 1 second”. However, for the policy item “reliability standard B”, “policy The server 502 service description (WSDL description) "is stored. This means that this policy item is described as a pointer to the policy server 502 and it is necessary to inquire the policy server 502 about the policy condition.

  A policy item “default policy item” can also be included in the policy database. This is a response message indicating that it is necessary to make an inquiry to the policy server specified in "Default Policy Item" when the corresponding policy has not been accumulated in the policy database that the server has inquired about. Means to reply.

  Here, when the server 401 requests the policy item “reliability standard B” by the policy inquiry message 1002, the policy server 501 determines the policy server 502 from the contents of the policy database 601 (FIG. 7). The service description is transmitted as a result message 1007 for the policy inquiry. Upon receiving this inquiry result message 1007, the server 401 transmits an inquiry message 1015 for inquiring policy information to the policy server 502.

  The policy server 502 that has received the inquiry message 1015 transmits a search request message 1016 to the policy database 602 in order to search for the corresponding policy information. The policy database 602 that has received the search request message 1016 searches for the corresponding policy, and transmits a search result message 1017 that is the search result to the policy server 502. The policy server 502 that has received the search result message 1017 transmits a result message 1018 that is a result of querying policy information to the server 401.

  Finally, the server 401 configures a service based on the acquired policy information. The procedure of this configuration is the same as that of the first embodiment described above. The service execution result is transmitted to the client 301 as an execution result message 1012.

  In the computer network system of the third embodiment configured as described above, in addition to the effects of the first and second embodiments, other policy server location information is added to the policy information stored in the policy database. By including (pointer), it is possible to include a third-party policy in the client policy. For example, the policy of the organization to which the client belongs can be reflected in the execution of the service.

  Next, a fourth embodiment of the present invention will be described.

  In the fourth embodiment, a service provider that operates a server has a unique policy database, and configures a service by adding unique policy information to a client policy. In addition, the same code | symbol is attached | subjected to the structure which carries out the same operation | movement as 1st thru | or 3rd Embodiment, and the description is abbreviate | omitted.

  FIG. 8 is a diagram illustrating processing executed by hierarchically configuring services reflecting client policies in the computer network system according to the fourth embodiment.

  In FIG. 8, servers 401 and 402 and policy servers 501 and 502 are configured as Web services, and the system is implemented so as to provide services.

  First, the client 301 transmits an execution request message 1001 that is an execution request of a service desired by the client to the server 401. Next, the server 401 that has received the service execution request message 1001 transmits an inquiry message 1002 for inquiring about necessary policy information to the policy server 501. The policy server 501 that has received the inquiry message 1002 transmits a search request message 1003 to the policy database 601 in order to search for relevant policy information. The policy database 601 that has received the search request message 1003 searches for the corresponding policy, and transmits a response result message 1004 that is the search result to the policy server 501.

  The policy server 501 transmits to the client 301 an inquiry message 1005 that inquires whether or not the policy information can be disclosed to the server 401, and receives a result message 1006 that is a response to the inquiry.

  The client 301 receives the inquiry message 1005 and confirms whether the policy information can be disclosed by a method of directly inquiring the user. For example, if the result message 1006 for this inquiry permits the disclosure of the policy, or if the policy information is not attached with an attribute that restricts the disclosure, the policy server 501 requests the service execution request message 1001. A result message 1007 that is the inquiry result of the policy information that has been sent is transmitted to the server 401. However, if the client 301 does not allow the policy information to be disclosed, the execution of the service is stopped at that time.

  Next, when the server 401 receives the policy information requested by the inquiry message 1002 as a result message 1007, the server 401 forms a hierarchical structure of the server service based on the received policy information.

  Here, in order to reflect the policy of the service provided by the server 401 (the policy of the service provider operating the server 401) in the service configuration, a request message 1019 is sent to the unique policy server 502 of the server 401. Send. Upon receiving this request message, the policy server 502 transmits a pointer to the policy server 501 to the policy database 602, and adds a service description (pointer) of the policy server 501 as a default policy item to the policy database 602. An example of the contents of the policy database 602 at this time is shown in FIG.

  As shown in FIG. 9, an item indicating the priority order is provided for each item in the policy database. The priority of the policy set by the client 301 (policy by the policy server 501) is set higher than the priority of the policy of the service provided by the server 401 (policy of the policy server 502). Therefore, the policy set by the client 301 is applied with priority over the policy of the service provided by the server 401.

  Next, the server 401 configures a hierarchical structure of services by lower servers based on the policy information acquired by the result message 1007. Then, a service execution request message 1010 is transmitted to the server 402 that provides the lower layer service. At this time, the service description (or its URL) of the policy server 502 is transmitted as a parameter together with the execution request message 1010. The server 402 that has received this service execution request message 1010 first transmits an inquiry message 1020 for inquiring policy information to the policy server 502.

  The policy server 502 that has received the inquiry message 1020 transmits a search request message 1021 to the policy database 602 in order to search for the corresponding policy information. The policy database 602 that has received the search request message 1021 searches for the corresponding policy, and transmits a search result message 1023 that is the search result to the policy server 502. The policy server 502 that has acquired the search result message 1017 transmits a result message 1024 that is a policy information inquiry result to the server 402.

  The server 402 obtains policy information with priorities as shown in FIG. 9 from the acquired result message 1024. Since the result message 1024 includes a pointer to the policy server 501, the server 402 also transmits an inquiry message 1025 for inquiring policy information to the policy server 501 and receives the result message 1026. Then, considering the priority of the policy information obtained from the policy server 502, the final policy condition corresponding to the policy item giving priority to the policy server 501 is determined from the policy information obtained from the policy servers 501 and 502.

  Using this policy information, the server 402 hierarchically configures lower layer services. Then, the server 401 transmits a service execution result message 1012 that is a service execution result of the entire server (401, 402) to the client 301 together with a service execution result (execution result message 1011) by the lower server 402.

  Although FIG. 8 illustrates an example of only one layer of the server 402, even in a lower-layer service by a lower server such as the server 402, an original policy server and a policy database are installed to provide the service. The service can be configured to reflect the service provider's policy, and the service can be executed.

  In the computer network system of the fourth embodiment configured as described above, in addition to the effects of the first to third embodiments, the service provider has its own policy database 602, and when the service is configured, the lower server 402 Since the service request is made together with the location information of the service provider policy server 502, the service provider policy information can be reflected in the service configuration in addition to the policy information (policy database 601) of the client 301.

  Next, a fifth embodiment of the present invention will be described.

  In the fifth embodiment, a policy conformity determination server 801 that is a third-party certification organization determines whether a policy is valid. In addition, the same code | symbol is attached | subjected to the structure which carries out the same operation | movement as the 1st thru | or 4th embodiment, and the description is abbreviate | omitted.

  FIG. 10 is a block diagram showing a configuration of a computer network system according to the fifth embodiment.

  The computer 207 is connected to the network 101 through the network connection 907. This computer 207 is provided with a policy conformity determination server 801. The policy conformity determination server 801 is a server having a function of determining whether or not a client policy and a service provided by the server are compatible.

  Next, the operation when the service is configured as an XML-based Web service in the computer network system according to the fifth embodiment will be described.

  FIG. 11 is a diagram illustrating processing executed by hierarchically configuring services reflecting client policies in the computer network system according to the fifth embodiment.

  In FIG. 11, the server 401, the registry 701, the policy servers 501, 502, and the policy conformity determination server 801 are configured as Web services, and the system is realized so that the services can be provided.

  First, the client 301 transmits an execution request message 1001 that is an execution request of a service desired by the client to the server 401. Next, the server 401 receiving the service execution request message 1001 transmits an inquiry message 1002 for inquiring about necessary policy information, to the policy server 501. The policy server 501 that has received the inquiry message 1002 transmits a search request message 1003 to the policy database 601 in order to search for relevant policy information. The policy database 601 that has received the search request message 1003 searches for the corresponding policy, and transmits a response result message 1004 that is the search result to the policy server 501.

  The policy server 501 transmits to the client 301 an inquiry message 1005 that inquires whether or not the policy information can be disclosed to the server 401, and receives a result message 1006 that is a response to the inquiry.

  The client 301 receives the inquiry message 1005 and confirms whether the policy information can be disclosed by a method of directly inquiring the user. For example, if the result message 1006 for this inquiry allows the policy to be disclosed, or if the policy information does not have an attribute for limiting the disclosure, the policy server 501 is requested by the service execution request message 1001. A result message 1007 which is the inquiry result of the policy information that has been sent is transmitted to the server 401. However, if the client 301 does not allow the policy information to be disclosed, the execution of the service is stopped at that time.

  Next, when the server 401 acquires the policy information requested by the inquiry message 1002 as a result message 1007, a hierarchical structure of services by lower servers is configured based on the acquired policy information.

  Here, the server 401 transmits a search request message 1008 to the registry 701 in order to obtain a lower layer service candidate (information on a server that provides the service) on which the service depends. When the registry 701 receives the search request message 1008, the registry 701 transmits a search result message 1009, which is a search result (information indicating a candidate of a subordinate server capable of executing the service), to the server 401.

  The server 401 uses the compatibility server 801 to determine whether the acquired policy information of the client and the attribute corresponding to the policy information of each service of the lower layer service candidate are compatible. First, the attribute information of each service candidate service is acquired. Then, a policy conformity determination request message 1027 is transmitted to the policy conformity determination server 801 to determine whether each service conforms to the client policy. The policy conformity determination server 801 transmits a determination result message 1028 that is a determination result for the policy conformity determination request message 1027 to the server 401.

  As a result, the server 401 uses only the server that provides the service that conforms to the policy information of the client to configure the service hierarchy, and the result of the service executed by the configured service hierarchy is sent to the client 301 as a result message 1012. Send.

  In the computer network system according to the fifth embodiment configured as described above, the service required by the client policy and the service provided by the server are matched by the service authenticity matching server which is a third party organization. Can be determined. Thus, for example, when there is a policy that requires that the service conforms to a standard such as service quality as an attribute of the service, the policy conformity determination server operated by the organization that has certified the standard Validity can be confirmed.

  Next, a sixth embodiment of the present invention will be described.

  In the sixth embodiment, the inquiry result of the client policy information and the service configuration result are stored as a cache in the top-level server, and when the same request is made again, the cache is referred to. Configured a server to provide services. In addition, the same code | symbol is attached | subjected to the structure which carries out the same operation | movement as 1st thru | or 5th Embodiment, and the description is abbreviate | omitted.

  Processing executed by hierarchically configuring services reflecting client policies in the computer network system according to the sixth embodiment will be described with reference to FIG.

  First, the client 301 transmits an execution request message 1001 that is an execution request of a service desired by the client to the server 401. Next, the server 401 that has received the service execution request message 1001 transmits an inquiry message 1002 for inquiring about necessary policy information to the policy server 501. The policy server 501 that has received the inquiry message 1002 transmits a search request message 1003 to the policy database 601 in order to search for relevant policy information. The policy database 601 that has received the search request message 1003 searches for the corresponding policy, and transmits a response result message 1004 that is the search result to the policy server 501.

  The policy server 501 transmits to the client 301 an inquiry message 1005 that inquires whether or not the policy information can be disclosed to the server 401, and receives a result message 1006 that is a response to the inquiry.

  The client 301 receives the inquiry message 1005 and confirms whether the policy information can be disclosed by a method of directly inquiring the user. For example, if the result message 1006 for this inquiry allows the policy to be disclosed, or if the policy information does not have an attribute for limiting the disclosure, the policy server 501 is requested by the service execution request message 1001. A result message 1007 which is the inquiry result of the policy information that has been sent is transmitted to the server 401. However, if the client 301 does not allow the policy information to be disclosed, the execution of the service is stopped at that time.

  Next, when the server 401 acquires the policy information requested by the inquiry message 1002 as a result message 1007, a hierarchical structure of services by lower servers is configured based on the acquired policy information.

  Here, the server 401 stores (caches) it in the cache memory until the validity period preset for the inquiry result (policy information) ends. If there is the same service request from the same client 301 during the effective period of the policy information, the policy information stored in the memory is used without making an inquiry to the policy server 501 again. The service is configured, and a service execution result message 1012 that is a service execution result is transmitted to the client 301.

  As another method, a similar effective period is set in advance for each item in the policy database. As described above, the server 401 receives the service execution request message 1001 of the client 301, the server 401 transmits a policy information inquiry message 1002 to the policy server 501, and receives a result message 1007 as the inquiry result. get.

  Here, the server 401 configures a hierarchical structure of services by lower servers based on the acquired policy information. At this time, the service configuration information is stored (cached) in a memory or the like provided in the server 401. If there is a service request from the same client 301 during the effective period of the policy information, the service is executed using the stored service configuration without configuring the service hierarchy again.

  In the computer network system according to the sixth embodiment of the present invention configured as described above, the client policy information inquiry result and the service configuration result are stored as a cache for a certain period, and the same request is received again. The service is provided by referring to the cache and constructing a hierarchical structure of services by lower servers. This optimization process can reduce the time required to execute the service to which the policy according to the present invention is applied, thereby reducing the service cost.

  Specifically, the present invention can be applied to the services described below.

  (A) When using a service for creating a portfolio in stock trading or the like, a policy relating to a brand is input in the policy database in advance. When the portfolio creation service is called by applying the policy, a portfolio that conforms to the policy can be created by selecting and executing a service that conforms to the policy from the services of various trust companies and securities companies.

  (B) When using a calculation service distributed over a network, a policy (calculation reliability, calculation end time) relating to a service for which calculation is requested is input in advance. When the calculation service is called by applying the policy, the calculation is performed using only the service conforming to the policy.

  (C) When using a parts procurement service for a product, a policy regarding a parts manufacturer or a parts store is input in advance. When using the parts procurement service by applying the policy, parts procurement that matches the policy is performed. If services are configured hierarchically for the components constituting the components, the policy can be reflected for all the components.

  (D) When a human resource policy is input in advance from the human resource bank, if a human resource policy is input in advance, using the human resource service by applying the policy can secure a desired human resource that conforms to the policy. .

  (E) When an employee belonging to a company organization uses a service, the organization reflects in advance in the employee's policy database. When the service is used by applying the policy, the execution of the service by the employee can be prevented from violating the policy of the organization.

It is a block diagram which shows the structure of the computer network system of the 1st Embodiment of this invention. It is explanatory drawing of the execution process of the service in the 1st Embodiment of this invention. It is explanatory drawing of the policy information accumulate | stored in the policy database of the 1st Embodiment of this invention. It is explanatory drawing of the execution process of the service in the 2nd Embodiment of this invention. It is a block diagram which shows the structure of the computer network system of the 3rd Embodiment of this invention. It is explanatory drawing of the execution process of the service in the 3rd Embodiment of this invention. It is explanatory drawing of the policy information accumulate | stored in the policy database of the 3rd Embodiment of this invention. It is explanatory drawing of the execution process of the service in the 4th Embodiment of this invention. It is explanatory drawing of the policy information accumulate | stored in the policy database in the 4th Embodiment of this invention. It is a block diagram which shows the structure of the computer network system of the 5th Embodiment of this invention. It is explanatory drawing of the execution process of the service in the 5th Embodiment of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 101 Network 201-207 Computer 301 Client 401, 402 Server 501, 502 Policy server 601, 602 Policy database 701 Registry 801 Policy conformity determination server 901-907 Network connection

Claims (12)

A service providing method in a server that provides a hierarchically configured service connected to a policy database in which policy information for a service requested by the client and the service requested by the client is accumulated,
Receiving a service request from the client, obtaining a policy information corresponding to the request from the policy database;
A second step of configuring a hierarchical service by selecting a server that executes the service based on the policy information;
And a third step of transmitting the execution result of the service by the selected server to the client.   2. The service providing method according to claim 1, wherein the first step of acquiring the policy information acquires only policy information permitted by the client. A policy server for managing the accumulated policy information is connected to the policy database,
The first step of obtaining the policy information is:
Requesting policy information from the policy server;
The service providing method according to claim 1, further comprising: obtaining policy information that is a result of the policy server searching the policy database.   4. The service providing method according to claim 1, wherein the policy database stores policy contents and corresponding policy conditions as the policy information. The policy database includes a first policy database and a second policy database;
A first policy server that manages the accumulated policy information is connected to the first policy database,
A second policy server for managing the accumulated policy information is connected to the second policy database,
In the first policy database, information indicating the location of the second policy server is accumulated,
The first step of obtaining the policy information is:
Requesting policy information from the first policy server;
Obtaining policy information that is the search result of the first policy server searching the first policy database and / or information indicating a location of the second policy server;
When obtaining information indicating the location of the second policy server, requesting policy information from the second policy server;
The service providing method according to claim 1, further comprising: obtaining policy information that is a result of searching the second policy database by the second policy server. In the second policy database, policy information based on services provided by lower servers among the selected servers is held,
The service providing method according to claim 5, wherein information indicating a location of the second policy server is notified to a lower-level server configuring the service. A policy conformity determination server for determining whether a service provided corresponding to the policy information acquired by the server conforms to the policy information;
The policy conformity determination server
Obtaining the policy condition and the content of the service corresponding thereto;
Determining whether the content of the service meets the policy condition according to a predetermined criterion;
The service providing method according to claim 1, further comprising: transmitting the determination result.   The server stores the policy information acquired in the first step, and when a service request from a client related to the stored policy information is made within a predetermined period, the server stores the policy information in the stored policy information. The service providing method according to claim 1, wherein a hierarchical service is configured by selecting a server that executes the service based on the service.   The server stores the service hierarchy configured in the second step, and when a service request from a client related to the stored service hierarchy is made within a predetermined period, the server stores the service hierarchy. 8. The service providing method according to claim 1, wherein the service is configured based on a service hierarchy. The server notifies the lower server of the inquiry destination of the policy information together with the service execution request,
The subordinate server is
Contact the notified contact for policy information,
Based on the policy information acquired by the inquiry, select a server that executes the service, configure a hierarchical service,
Based on the policy information obtained by the inquiry, in order to configure a service hierarchy, the server that provides the lower-level service is notified of the inquiry destination of the policy information,
9. The service providing method according to claim 1, wherein the server transmits a result of executing the service by the selected server to the client. A client requesting a service;
A policy database in which policy information for services requested by the client is stored in advance;
A service providing system configured by a server that hierarchically configures the services requested from the client and selects a service;
The server
Upon receiving a service request from the client, information acquisition means for acquiring policy information corresponding to the request from the policy database;
Service configuration means for selecting a server that executes the service based on the policy information and configuring a hierarchical service;
A service providing system comprising: result transmission means for transmitting a result of execution of a service by the selected server to a client.   The service providing system according to claim 11, wherein the information acquisition unit acquires only policy information permitted by the client.

Images