JP4284060B2 - Distributed system and service transfer environment forming method - Google Patents

Distributed system and service transfer environment forming method Download PDF

Info

Publication number
JP4284060B2
JP4284060B2 JP2002366023A JP2002366023A JP4284060B2 JP 4284060 B2 JP4284060 B2 JP 4284060B2 JP 2002366023 A JP2002366023 A JP 2002366023A JP 2002366023 A JP2002366023 A JP 2002366023A JP 4284060 B2 JP4284060 B2 JP 4284060B2
Authority
JP
Japan
Prior art keywords
device
service
resource
resources
service request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2002366023A
Other languages
Japanese (ja)
Other versions
JP2004199300A (en
Inventor
宮尾  健
克己 河野
芳昭 足達
茂稔 鮫嶋
Original Assignee
株式会社日立製作所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社日立製作所 filed Critical 株式会社日立製作所
Priority to JP2002366023A priority Critical patent/JP4284060B2/en
Publication of JP2004199300A publication Critical patent/JP2004199300A/en
Application granted granted Critical
Publication of JP4284060B2 publication Critical patent/JP4284060B2/en
Application status is Active legal-status Critical
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • G06F9/5055Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals considering software capabilities, i.e. software resources associated or available to the machine

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a distributed system in which a plurality of devices including a processing unit that performs data processing and a communication unit that performs communication between other devices are connected and each performs processing in cooperation. In particular, in order to provide a service, the present invention relates to a technology for constructing an appropriate linkage according to a service to receive resources such as computer resources, programs, and data provided by each device. It can be suitably adapted in building / home automation systems, social systems such as plant control and manufacturing, logistics, and control systems such as transportation systems.
[0002]
[Prior art]
Computer resources that have penetrated social infrastructure facilities and equipment are flexibly used and linked according to the physical environment, time, user status including service users and surrounding people, available computers, network conditions, etc. It is becoming possible to provide services. For example, in a public space such as a building or a city, an arbitrary information terminal near the user is used as an information service output destination, or audio contents are combined to output multimedia contents. Alternatively, data is distributed to a maintenance worker terminal or a worker terminal in accordance with data held by the plant control facility or an event transmitted from the facility, or the operation state of the facility is controlled. In such a system, in order to provide a specific service, it is possible to select an appropriate resource effective for providing the service from the computer, the input / output device connected to the computer, the resource such as software and data, and link the resources. Necessary. Here, since the situation changes, appropriate resources cannot be found unless it is time to provide services. For this reason, dynamic resource discovery and coordination between resources are required. In addition, in order to discover resources and link resources, it is necessary to consider conditions such as security and performance in addition to the functions provided by each resource in order to provide services.
[0003]
As means for performing such dynamic resource discovery, there is a method called plug and play as means for detecting a dynamic resource configuration. This is described in Non-Patent Document 1, for example. Here, a function that can be provided by a device is described as a service, and is broadcast to other devices when connected to the network. A device using a service receives the message or broadcasts a message for searching for another device by designating a service to be used, and searches for a device necessary for providing the service from information on the device responding to the message. . The broadcast range is a network connected range and is limited by the number of hops.
[0004]
In addition, there is a control method using a policy as means for performing such a guarantee based on specific conditions. In this method, execution control is performed by declaring constraints on non-functional requirements such as security and QoS. As a method for controlling the disclosure range of personal information according to services, for example, there is P3P (Platform for Privacy Preferences) established by the World Wide Web Consortium (W3C). This presents the type of personal information used on the service providing site and other servers that publish the personal information, and determines whether to receive the service by collating with the personal information to be disclosed. As a method for restricting access of each resource to other resources, for example, “The Ponder Policy Specification Language” is available. This describes the permission for access to a specific resource, data to be disclosed, restrictions on access, and timing switching conditions for the specific resource. It is also possible to register specific resources to which access is permitted as a group.
[0005]
[Non-Patent Document 1]
UPnP Forum Introduction to Universal Plug and Play [on line] [Search on December 12, 2002], Internet <URL: http://www.upnp.org/download/Compressed-UPnP_Forum_Mktg_Presentation.zip>
[Non-Patent Document 2]
The Platform for Privacy Preferences 1.0 (P3P1.0) Specification
W3C Candidate Recommendation 15 December 2000 [on line] [Search on December 12, 2002], Internet <URL: http://www.w3.org/TR/2000/CR-P3P-20001215>
[Non-Patent Document 3]
The Ponder Policy Specification Language
N. Damianou, N. Dulay, E. Lupu, M Sloman,: The Ponder Specification Language Workshop on Policies for Distributed Systems and Networks (Policy2001), HP Labs Bristol, 29-31 Jan 2001. [on line] [2002 December 12 Search], Internet <URL: http://www.doc.ic.ac.uk/~mss/Papers/Ponder-Policy01V5.pdf>
[0006]
[Problems to be solved by the invention]
In the plug-and-play technique described above, the scope of searching for services is limited to network connectivity, and personal information leaks in order to search for available services. In addition, as described above, the resources to be used vary depending on the user and the service. Therefore, in the conventional method in which the service and the resource to be used are described as a policy and the user determines whether to receive the service, There were limits to the flexible use of resources that provide
[0007]
In addition, devices that cooperate to provide services, such as Kiosk terminals that can be used for the public, entry / exit control devices that can be controlled only by specific users, servers that monitor and manage services, and charge It covers a variety of security settings. These devices range from high specifications with security management functions to low specifications without such functions. There are various combinations of resources having data, resources of the access source, and resources for performing performance guarantee, and not all resources can execute the specified policy. Alternatively, it is often difficult to examine in advance whether performance or security at the time of access can be ensured, and it is difficult to describe all combinations as policies.
[0008]
The present invention has been made in view of the above problems, and among the dynamically discovered resource group, the resource is flexibly shared only by the resource group effective for service provision, and a service exchange environment satisfying the required conditions is established. The purpose is to provide.
[0009]
[Means for Solving the Problems]
To achieve the above object, in the present invention, a distributed system in which a plurality of devices each including a processing unit that performs data processing and a communication unit that performs communication with another device are connected and each performs processing in cooperation with each other. In addition, a means for detecting a resource necessary for the requested service from the plurality of devices, a means for determining whether or not the detected resource satisfies the resource disclosure policy, and a resource satisfying the resource disclosure policy are linked. Ru And means for providing a service.
[0010]
By making the resource disclosure policy a guarantee capability of either the concealment performance or processing performance of the resource, it is possible to prevent leakage of data or the like due to unauthorized use, and to ensure the service provision speed.
[0011]
As one aspect of the present invention, a step of limiting a range of resources to be disclosed, that is, a range in which an access right to the resources is given, according to a security assurance capability such as security for the distributed system, and a resource that can use the service And using the appropriate resources according to the personal information to be disclosed. Service delivery.
[0012]
In another aspect, the mode corresponding to the service for which each resource is disclosed is held in association with the resource, the service is identified and the resource is accessed, and the resource provider side By executing the step of restricting public resources according to the mode, it is possible to form necessary services while maintaining required quality without releasing data other than resources effective for providing a desired service. I made it.
[0013]
Further, as another aspect, in order to share information when a service is hierarchically configured using another service, a part that manages a relationship with another service that configures a service and configures a service The service disclosure conditions of other services are delegated to the service, and the service can be formed without describing the availability of resources for all combinations of resources.
[0014]
For devices that do not have a mode management function in advance, a service is provided by distributing specific software to each device and performing data transmission / reception and execution management between applications via the software. The mode which is effective for provision can be managed.
[0015]
The service is provided if the steps to determine the services that can be provided by limiting the disclosure range and the steps to determine the services to be provided by expanding the disclosure range in stages, and the access rights of each resource are not disclosed Even if it is not possible to determine whether it is possible, the resource group effective for providing the service can be determined step by step.
[0016]
DETAILED DESCRIPTION OF THE INVENTION
Embodiments of the present invention will be described below in detail with reference to the drawings.
In the following examples:
(1) A method of determining the level of service that can be provided according to the range of resources for which access rights are disclosed.
(2) If the availability of the resource group is difficult to describe in advance, that is, if the available resource cannot be determined without revealing the access right, in order to discover and select the available resource by trial, A method of determining services that can be provided in a limited manner and determining services to be provided by expanding the disclosure range in stages.
(3) A method in which each resource has a mode corresponding to the service, and the information used for providing the service is shared by limiting the range of resources to be disclosed.
(4) When transfer of information is permitted between devices in a mode corresponding to each service when the service is hierarchized.
(5) As a method when the device does not have a function for mode management, a method of distributing software and performing device mode management using the software.
Will be described in detail.
[0017]
FIG. 1 shows a configuration example of an embodiment of a system to which the present invention is applied. The service system of this embodiment includes a gateway 111, floor servers 112 to 113, and devices 121 to 124. The devices 121 to 124 are, for example, an information processing device provided with a display device such as a Kiosk terminal, an audio output device such as a speaker, or a facility for controlling a real environment such as an automatic door or an air conditioner. It is a device that is necessary to provide services such as control. The gateway 111, the floor servers 112 and 113, and the device 122 are connected via a communication medium 131. The floor server 112 and the device 121, the floor server 113 and the device 124, and the device 124 and the device 123 are connected via wireless communication media 132, 133, and 134, respectively. The communication medium may be wired such as Ethernet (registered trademark) or a twisted pair cable, or may be wireless such as power saving wireless or infrared.
[0018]
The devices 141 and 142 used by the service user operate in cooperation with these floor servers and devices as the service user moves. The service user device 141 is connected to the floor server 112 and the device 121 via the wireless communication medium 132, and the service user device 142 is connected to the floor server 113 and the device 124 via the wireless communication medium 133, respectively. Here, the personal information of the service user is stored in the service user devices 141 and 142 or the gateway 111. These gateways, floor servers, devices, and user devices are collectively referred to as devices here.
[0019]
FIG. 2 shows a detailed configuration of a system in which two devices to which the present invention is applied are connected. The service request side device 201 is composed of a communication interface with the outside, a software for performing processing in each device and a storage unit for storing various data, and a processing unit for reading a program from the storage unit and performing processing, Each part is connected by an internal bus. As software for processing the device 201, a communication process 231, a service formation process 232, and a processing program 236 are included. Data used in each process includes a user context table 211, a system configuration management table 216, a requested service condition 214, and a resource disclosure policy 217.
[0020]
The communication processing 231 is processing for exchanging data with other devices via a communication interface, and performs communication encryption between devices. The service creation process 232 publishes personal information stored in the user context table 211 of the own device, and also searches for other devices and determines service providing devices using the system configuration management table 216 and the resource disclosure policy 217. Do. The processing program 236 performs service providing processing in cooperation with other devices.
[0021]
Personal information is stored in the user context table 211. The personal information may be generated by some application program, or may be input to the service user via the external input / output unit 243 such as a keyboard. Alternatively, the position information sensor may be acquired by using the external input / output unit 243. Or you may acquire from another apparatus via the communication process 231. FIG.
[0022]
The requested service condition 214 stores the requested service and its conditions. The requested service and its conditions may be input from the service user via the external input / output unit 243, or may be downloaded via the communication process 231.
[0023]
The external input / output unit 243 is a device that is controlled by a processing program 236 such as a sensor, an actuator, or a camera, or a process that is executed on a device via a man-machine interface such as a liquid crystal panel, a keyboard, or a touch panel. It has a function of controlling the program 236 and referring to an output value. However, this is not essential and some devices do not have an external input / output unit.
[0024]
The service requesting device 201 may be the service user devices 141 to 142, may be a device that the service user inputs, or may be a gateway that provides content.
[0025]
The service provider side device 202 is a device that operates the processing program 235 and provides a service. The device 202, like the service requesting device 201, is a communication interface with the outside, software for performing processing in each device, a storage unit for storing various data, and processing for reading a program from the storage unit and performing processing And each part is connected by an internal bus. As software for processing the device 201, a communication process 231, a service formation process 232, a service session management process 233, and a processing program 235 are included. Data used in each process includes a user context table 211, a service list 212, a device group management table 213, and a mode management table 215.
[0026]
The service formation processing 232 searches the service list 212 of the own device or another device using the personal information provided from the service requesting device 201 or the service providing device 202, and presents the device that can provide the service and its interface. To do.
[0027]
The service session management process 233 links data between devices specified by the service requesting device 201, and uses the resource disclosure mode described in the mode management table 215 to disclose data, computing resources, processing programs, etc. Limit resources.
[0028]
The processing program 235 is an application program that runs to provide services, and exchanges information with people and the environment via the external input / output unit 242 and stores and retrieves data using the external storage 241. Or
[0029]
The device management table 213 stores management information related to a device group used for providing services. The service list 212 stores interface information that the processing program 235 discloses to other processing programs.
[0030]
The external input / output unit 242 is the same as that described in the external input / output unit 243 of the service using side device.
[0031]
Although only one service providing device is described here, there are a plurality of these devices and they are connected to each other via one or more communication media.
[0032]
FIG. 3 shows a configuration example of the user context table 211. The file 301 is composed of records 311 to 314. The record 311 is an item indicating location information in the real world, and here, it is stored that “Address” indicating the address is “Chiyoda 1 in Chiyoda-ku” and “Location” indicating the location is “area1”. Record 312 shows personal information on the network. Here, the e-mail address “E-Mail Address” is “ any @ sdl.hitachi.co.jp "is recorded. Similarly, the record 313 indicates an affiliated organization and stores religion, affiliated association, and the like. A record 314 is a field for storing a user identifier, and stores, for example, a login ID for using a computer, an electronic signature indicating the user himself, and the like.
[0033]
FIG. 4 shows a configuration example of the requested service condition 214. (A) shows the constituent elements of the requested service condition 214 as a whole. It consists of a service entry 651, a function condition 652, a data condition 653, and a calculation condition 654.
[0034]
The functional condition 652 includes a software resource number 612, a resource identifier, and usage interfaces 613 to 614 as shown in FIG. The number of software resources 612 stores the number of software resources used by the service indicated by the identifier shown in the service entry 651. The number of resources is the same as the number of items 613-614. The resource identifier and usage interfaces 613 to 614 store a software resource index, an identifier of a processing program used by the service, and an interface used. Here, the resource identifier may or may not be specified. The example of item 613 indicates that the processing program is “*”, that is, an arbitrary processing program, and uses the processing program indicated by the interface “InfoOut (Map)”. The interface identification is described using IDL (Interface Definition Language) as described in "Inside CORBA-CORBA and its application to system development" (ISBN4-7561-2015-6), and stored in the interface repository. Identify using the interface name. Alternatively, as defined in WSDL (Web Service Description Language), a series of call procedures and an interface for call processing from a processing program may be described.
[0035]
The data condition 653 includes a data resource number 615 and data resources 616 to 617 as shown in FIG. The number of data resources 615 stores the number of data resources used by the service represented by the identifier shown in the service entry 651. The number of resources is the number of items 616-617. Data resources 616 to 617 store identifiers and access conditions of data used by the service. In the item 616, the item “Online” of the data UserContext is specified, and in the item 617, the data “Map” is specified. To identify the data resource, a file name may be used, or a unique identifier may be used for each resource.
[0036]
The calculation condition 654 includes a calculation resource number 618 and a calculation resource 619 as shown in FIG. The number of computing resources 618 stores the number of computing resources used by the service indicated by the identifier shown in the service entry 651, and is the number of items 619. The computing resource 619 stores the computing resource and amount used by the service in the device where the processing program specified by the software resource exists. For example, the item 619 indicates that the device indicated by the software resource index 1 requires two threads.
[0037]
FIG. 5 shows a configuration example of the service list 212. The service list 212 includes a service entry 511, a processing program 512, an interface 513, and a device identifier 514. The service entry 511 is a field for storing an identifier indicating the type of service. The processing program 512 is a field for storing an identifier of a processing program that operates to provide the service. The interface 513 is a field for storing an identifier of the type of interface provided by the processing program. The interface 513 is not a processing program call function, as in the usage interface of FIG. 4, but also a series of call procedures and an interface for call processing from the processing program as defined in, for example, WSDL (Web Service Description Language). Including. In some cases, a plurality of processing programs cooperate to provide a service.
[0038]
The device identifier 514 is a field for storing the identifier of the device in which the processing program indicated by each record is stored. In the case of a processing program stored in the own device, the identifier of the own device is stored. When the processing program of another device is used to realize the service entry 511, the identifier of the device storing the processing program 512 is stored. When processing programs provided in a plurality of devices cooperate to provide a certain service, the service list 212 may be constructed in such a format if the relationship is established in advance.
[0039]
The record of the service list 212 may have data resource registration. In this case, the data identifier is stored in the field of the processing program. Record 523 illustrates this example.
[0040]
As described with reference to FIGS. 4 and 5, the requested service condition and the service list are described, and by checking these as shown later, resources effective for service provision are determined. Although the present embodiment has been described with reference to software resources, data resources, and calculation resources, input / output device resources and other resources may be explicitly described and managed. In addition, the flow of data between resources may be described and used for determining effective resources.
[0041]
FIG. 6 shows a configuration example of the device group management table 213. The device group management table 213 includes fields 711 to 715. The service session 711 is a field for storing an identifier of the entity of the service being provided. The service session 711 is generated by the service formation process 232 and used by the service session management process 233. Here, there are a plurality of entities having the same service identifier. For example, there are an entity that provides the navigation service indicated by the service identifier “Navi” to the user A using the device AA, and an entity that provides the user B for the user B using the device BB. In this way, even when the service identifier is the same, when different devices, processing programs, and users are used, they are identified by different service sessions. The configuration member 712 is a field for storing the configuration member device of the session. The device state 713 is a field for storing the state of the device indicated by the record, and the task state 714 is a field for storing the state of the processing program for executing the service of the device indicated by the record. The fields 713 and 714 can be updated by using a method as described in Japanese Patent Application No. 11-322115, for example. The update time 715 stores the latest time when the status of the device and processing program indicated by the record is detected.
[0042]
FIG. 7 is a diagram illustrating an example of the system configuration management table 216. (A) is a logical representation of the system configuration. Calculator 1901 ~ 1906 But communication channel 1951 ~ 1957 Are connected to each other. (B) is a part of the configuration management table and holds the capability of each component. The communication path 1911 is a field for storing the classification of communication paths between devices. The evaluation scale 1912 and the guarantee level 1913 store the evaluation scale and guarantee level of the communication path indicated by each record. The record 1921 indicates that the communication channel “C1”, that is, 1951 to 1953, has an assurance measure “Confidential”, that is, the assurance level “2” regarding the confidentiality of the communication channel. Here, the guarantee level is arbitrarily determined for each system. For example, it can be determined at the following level.
Assurance level 1: Individual encrypted communication between devices
Assurance Level 2: Cryptographic communication shared between multiple devices
Assurance level 3: Level at which messages can be traced
The device 1931 is a field for storing a device identifier. The evaluation scale 1932 and the guarantee level 1933 are fields for storing the evaluation scale and the guarantee level, respectively, in the same manner as the communication path.
[0043]
The information described in FIG. 7 may be acquired in the service formation process described in FIG. Alternatively, it may be acquired and stored by some means.
[0044]
FIG. 8 shows a configuration example of the resource disclosure policy 217. A field 2011 is a field for storing an identifier of a resource to be disclosed. As in the case of the system configuration management table described with reference to FIG. 7, the evaluation scale 2012 and the assurance level 2013 each store an evaluation scale and an assurance level that are acceptable when each resource is disclosed. For example, in the record 2021, the resource “UserContext: Online” is allowed to be released up to the assurance level “2” with respect to the evaluation measure “Confidential”. In the example of FIG. 7, when the resource “UserContext: Online” is stored in the device 1901, it is disclosed on the communication paths C 1 and C 2 but not on C 3. In this example, confidentiality is used as an evaluation scale, but an evaluation scale such as performance can also be used.
[0045]
FIG. 9 shows a process flow of the service formation process 232.
[0046]
Prior to requesting service from the service providing side device, the service requesting side device sets the resource, evaluation scale, and assurance level for the access right to the resource disclosure policy 217, and provides the service providing device within a range that satisfies the assurance level. A search message transmission range is set (step 2111). For the transmission range, for example, the system configuration in the system configuration management table 216 is checked against the resource disclosure policy 217, and only devices that satisfy the guarantee level are specified.
[0047]
The service requesting device acquires the service condition requested from the requested service condition 214, generates a unique request identifier, creates a signature, and transmits a service providing device search message (step 811). The request identifier is created to be unique using, for example, the identifier of the own device and the time. This message may be issued to a server that has a list of services that can be provided and searched for using the method described in “Understanding Universal Plug and Play White Paper”, or may be broadcast to a network segment. Good.
[0048]
Upon receiving this message, the service providing device searches the service list 212 to find out whether the resource that matches the conditions described in this message exists in the device, and determines whether it can be disclosed. .
[0049]
In the case of software resources and data resources, it is determined whether they are registered in the service list. In the case of a computing resource, the specified resource is secured. The record of the detected service list or the reserved computing resource is registered by adding a record to the mode management table 215. Here, if the detected resource is already reserved for another service, it may be determined that the exclusive resource cannot be disclosed by performing exclusive control. Access control may also be performed.
[0050]
If the information can be disclosed, information on matching resources and a signature corresponding to the request message are returned to the service requesting device. If all or some of the matching resources are not found, the search message is transferred to another service providing device (step 812). A case where there is no part of the matching resource may be a case where a processing program which is a part of an element providing a certain service described in a certain service list matches.
[0051]
Transfer the search message to other service providing devices here by using, for example, the Trader service method of “Inside CORBA-CORBA and its application to system development” (ISBN4-7561-2015-6). May be restricted.
[0052]
The service request side device receives the response message issued in step 812 and checks whether the response is the response to the device itself by comparing the request identifier added to the message with the request identifier created in step 811. Further, the resource information included in the response message is acquired (step 813).
[0053]
After receiving the response, the system configuration management table 216 and the resource disclosure policy 217 are collated, and a combination of a resource effective for service provision and a service provision form using the resource is extracted. Here, the flow of data between resources may be described in the required service condition 214 and may be determined including this. Thereafter, a device to be used as a service providing device is selected based on a predetermined determination criterion (step 814).
[0054]
Whether or not the service determined here is valid is determined using a predetermined evaluation scale (step 2113). Here, it is assumed that the predetermined evaluation scale is whether or not all resources providing the service described in the required service condition are accessible. If the determination is valid, the session identifier information indicating the access right and the resource allocation are transmitted to the selected device (step 815) to receive the service.
[0055]
If the determination in step 2113 is not valid, the resource disclosure policy 217 is updated (step 2115), and the process returns to step 811. An update of a resource disclosure policy, for example, relaxes the conditions of assurance level 2003 or adds resources to be released Is it The process is as follows. These may be selected based on the difference between the requested service condition 214 and the searched resources.
[0056]
Although selection of the service providing device is omitted in the present embodiment, for example, resource attributes and the like are registered in the service list 212, and can be used by returning them together with the resource information. Further, the data added to the service providing device search message may be used for authentication and access control of the service requesting device. Furthermore, in the present embodiment, a method of adding a session identifier to a message and distributing it for designating a service providing device for providing a specific service has been described. However, as shown in Japanese Patent Application No. 2002-44113, for each service. A session for sharing data between devices may be established and used to identify a particular service. Further, in the present embodiment, an example is shown in which the requested service condition is added to the service providing device search message to search for resources that can be provided by the service providing device. May be checked against the requested service conditions.
[0057]
The above processing flow is an example when the availability of resources is difficult to describe in advance, that is, the validity of the service cannot be determined unless the access right is disclosed (for example, personal information specifying a specific person) Is included in the required service conditions and you do not want to send to unspecified service provider devices) The processing flow including the “method for determining the service to be performed” has been described, but this processing (steps 2111, 2113, and 2115) may be omitted if the processing in the above case is not necessary.
[0058]
FIG. 10 shows an example of a message configuration exchanged between devices. (A) is a figure which shows the structural example of the search message of a service provision apparatus. This is issued by the message (1) of the service formation processing 232 described in FIG. This message includes a message header 911, a message type 912, a request service condition 913, a request source signature 914, a request identifier 915, and data 916. The message header 911 is used in the communication processing 231 and stores information necessary for exchanging data between devices. Message encryption and sender anonymization are also performed here. The message type 912 stores information for identifying the type of the message, and stores information such as a service providing device search message and a response message to the message. The requested service condition 913 is a service providing device search condition, and stores information on the requested service condition 214 described with reference to FIG. The request source signature 914 stores a signature at the time of issuing the message in the service using side device that has issued the service providing device search message. The request identifier 915 is information for uniquely identifying the service providing device search message. Data 916 is a field for storing other additional data.
(B) is a figure which shows the structural example of the response message to the service provision apparatus search message demonstrated in (a) figure. This is issued by the message (2) of the service formation process 232 described in FIG. The message header is the same as that in (a), and the message type 912 stores that it is a service providing device response message. In the request source signature 914 and the request identifier 915, the request source signature 914 and the request identifier 915 stored in the service providing device search message received as a trigger for transmitting the response are stored. The provided service 921 stores the resource provided by the transmission source device of the response message acquired from the service list 212, or the service identifier and related information.
(C) is a figure which shows the structural example of the message which determines and designates a service provision apparatus. This is issued by the message (3) of the service formation processing 232 described in FIG. The message header 911, the message type 912, the request source signature 914, and the session identifier 932 are the same as those in the service providing device search message described in FIG. Here, the session identifier 932 stores a unique identifier generated in step 815 and serving as a key for using resources for providing the service. The allocation data 931 stores a sequence of resource identifiers that operate to provide the service. FIG. 5C shows an example in which the soft resource identifier and the usage interface are stored in the fields 941 to 942 as an example of the soft resource. Here, the number of resources constituting the allocation data 931 can be any number.
[0059]
In this embodiment, an example in which the resource public policy 217 exists in the service request side device 201 is shown. However, even when the resource public policy 217 exists in another device, it can be easily implemented by acquiring the resource public policy 217. Can do.
With the method described in this embodiment, it is possible to determine the level of service that can be provided according to the range of resources for which access rights are disclosed, and to form an appropriate service.
[0060]
FIG. 11 shows a configuration example of the mode management table 215. The mode management table 215 includes a resource identifier 411, a public mode 412, and a public purpose service 413. The resource identifier 411 is an identifier of a resource in the device, and stores identifiers such as processing programs, data, and computer resources. The disclosure mode 412 is an item for storing the disclosure mode of the resource specified in each record. For example, the following specification is performed.
-Public: State to be disclosed for any request
・ Private: A state of disclosure only for the purpose of providing a specific service
-Protected: The status that is actually used to provide a specific service
The publication purpose service 413 designates the identifier of the service that is intended to publish the resource specified in each record. For example, the record 422 indicates that the resource “map data” is disclosed to other resources for the service specified by the identifier “Navi”. Record 424 contains the resource “ The thread of the operating system indicated by <Thread> is the service “Navi”, in which a specific resource is selected by the method shown in the first embodiment of the present invention and the session identifier “1” is assigned. It shows that it can be used for.
[0061]
FIG. 15 shows a service configuration example in which a “video viewing service” for user A is provided as service 1111 and a service (air conditioning temperature control) for user B is provided as service 1112. The service 1111 uses the resource “speaker” and provides a service using another service 1121 “video playback”. The service “video playback” provides a service using the resource “VCR” and the resource “speaker”. Here, the users of the service 1111 and the service 1112 are different, and data is not disclosed between them. The service 1111 and the service 1121 are services for the same user A, and data is shared to provide the service.
[0062]
FIG. 12 shows a process flow of the service session management process 233 when providing a service as shown in FIG. 15, for example. Here, the service providing side device x is the user context table 211 Equipment with 201 The service providing side device y indicates a device 101 having an application program for providing a service. Here, the cooperation between the device x and the device y is designated by the service formation process 232 described above.
[0063]
A request for location information is issued from the service providing side device y (step 1011), and the service providing side device x This is received (step 1012), and the service session identifier in the request message is confirmed (step 1013).
[0064]
After this, the hierarchical relationship between services Confirmation (Step 1211). Resources were secured Case Confirms whether it is a designated member of the requested service. If the service is created by the service creation process 232, that is, if it is a set of a service session and a device registered in the device group management table, request data is returned (step 1016). If the resource cannot be secured or if it is not a designated member of the request service, the request is rejected (step 1015).
[0065]
Here, the description of the service hierarchy is formed by registering the service formed in the service list 212. In addition, by registering a service as a component in the task state 714 of the device group management table 213, the relationship and state with other services can be managed.
[0066]
Data sharing between services can be controlled by registering service identifiers as constituent elements in the mode management table 215 as resource identifiers. Using this, it is possible to control according to the following applications.
Data disclosure range restriction: When user location data is shared between specific devices, a service for sharing data among these devices is set independently. A service that links the service with another device is set, and only the processing result such as a trigger at a specific position or content near the user position is provided to the other device.
・ Restriction of resource disclosure: Being a component of a service prevents the resource from being directly disclosed to other services. For example, while providing a video playback service that outputs video output to a TV, access to a processing program having an interface such as TV program setting or power supply setting is suppressed.
[0067]
In this method, a service can be formed without describing the availability of resources for all combinations of resources.
[0068]
In the present embodiment, an example is shown in which data is requested from the service providing device y in which the application program exists. However, data corresponding to the managed service session identifier is received from the service providing device x having the user Context table. , May be sent spontaneously. At this time, the service providing device y performs control so that data is passed only to the resource that provides the service specified by the service session identifier, and data is not passed to other resources. Also, the service session identifier is used as a key for encrypting the public data, encrypted on the public side, Decryption May be performed.
[0069]
According to the service session management of the present embodiment, a necessary service can be formed while maintaining the required quality without exposing the access right of resources other than resources effective for providing a specific service.
[0070]
Even if the services are hierarchized, if it is not necessary to control the transfer of information between devices in the mode corresponding to each service, step 1211 and the subsequent determination step can be omitted.
[0071]
Next, an embodiment will be described in which software is distributed and mode management of the device is performed by the software when the device does not have a function for mode management.
[0072]
FIG. 13 is a diagram illustrating a flow of software distribution processing in the service formation processing. A service providing device group is searched between the service using device and the service providing device using a known method described in, for example, “Understanding Universal Plug and Play White Paper” (step 1311), and effective for providing the service. A device group having a specific function is selected, a resource management function necessary for the service to be provided is selected (step 1312), and software having the selected resource management function is distributed to the selected device (step 1313). . The distributed device receives this and links it with software already running on the device (step 1314).
[0073]
FIG. 14 is a diagram illustrating a combination example of distribution software and an existing program. In the present embodiment, an example in which the method described in “Understanding Universal Plug and Play White Paper” is implemented will be described. At this time, a service list 212 exists in the device, and data can be exchanged with the processing program 235 via the communication processing 1711. Processing program 235 Performs data processing by accessing the external input / output unit 242 or the external storage 241. The distributed software 1712 cooperates with the processing program 235 via the communication processing 1711. At this time, the mode is managed in 1712 so that the processing program and the processing program of the other device are not linked directly but linked to the other device via the distributed software 1712. Also, the software configuration in the device acquires the service list 212 through communication processing, and publishes it to other devices only through the distributed software 1712.
[0074]
In the present embodiment, an example is shown in which software is distributed from a service use side device, but may be performed from another device. In addition, as software to be distributed in the present embodiment, software for monitoring data transmission / reception between devices may be distributed in addition to software for publishing data and processing programs and securing computing resources.
[0075]
With the method described in this embodiment, even a device that does not have a mode management function in advance can manage a mode effective for providing a service.
[0076]
According to the embodiment described above, among the dynamically discovered resource groups, the resources can be flexibly linked only with the resource groups effective for providing the service according to the service. In particular, it is possible to determine the level of services that can be provided according to the range of resources for which access rights are disclosed, and to form appropriate services.
[0077]
In addition, each resource has a mode for identifying whether or not it is effective for providing a specific service. By using this mode to control public resources, data can be disclosed in addition to resources effective for providing a desired service. Therefore, necessary services can be formed while maintaining the required quality.
[0078]
Furthermore, by managing the hierarchical relationship between services and releasing resources accordingly, services can be formed without describing the availability of resources for all resource combinations.
[0079]
In addition, resource management software is distributed to each device, and each device performs data transmission / reception and execution management between applications, making it possible to provide services even for devices that do not have a mode management function in advance. Mode can be managed.
Further, even if the resources are not disclosed to unspecified devices, it is possible to determine services that can be provided by limiting the disclosure range, and to determine services that are provided by expanding the disclosure range in stages.
[0080]
【The invention's effect】
According to the present invention, it is possible to flexibly link resources with only resource groups effective for providing the service according to the service among the dynamically discovered resource groups.
[Brief description of the drawings]
FIG. 1 is a diagram showing an overall system configuration of an embodiment of the present invention.
FIG. 2 is a diagram showing a detailed block of a system configuration.
FIG. 3 is a view showing a configuration example of a user context table 211;
FIG. 4 is a diagram showing a configuration example of a requested service condition 214.
FIG. 5 is a diagram showing a configuration example of a service list 212.
6 is a diagram showing a configuration example of a device group management table 213. FIG.
7 is a diagram showing a configuration example of a system configuration management table 216. FIG.
FIG. 8 is a diagram showing a configuration example of a resource disclosure policy 217.
FIG. 9 is a diagram showing a process flow of a service formation process 232;
FIG. 10 is a diagram showing a message configuration example.
FIG. 11 is a diagram showing a configuration example of a mode management table 215.
FIG. 12 is a diagram showing a process flow of a service session management process 233;
FIG. 13 is a diagram illustrating a process flow of an embodiment in which a service formation process distributes software.
FIG. 14 is a diagram illustrating an example of combining distribution software and an existing program.
FIG. 15 is a diagram showing a system configuration in a situation where a specific service is realized.
[Explanation of symbols]
Communication processing 231, service formation processing 232, service session management processing 233, device configuration management 234, processing programs 235 and 236, user context table 211, requested service condition 214, service list 212, device group management table 213, mode management table 215 System configuration management table 216, resource disclosure policy 217, external storage 241, external input / output units 242, 243.

Claims (8)

  1. A communication interface with the outside, a communication unit, a service formation process, a processing program and other software and system configuration management table, a storage unit that stores requested service conditions and other data, and a processing unit that reads and processes a program from the storage unit In a distributed system in which the first, second, and third devices are connected by an internal bus, and each performs processing in cooperation.
    The first device further stores a resource disclosure policy indicating a disclosure range of resources necessary for realizing a service in the storage unit, and sets a range for transmitting a service request based on the resource disclosure policy. And a means for transmitting a service request including the signature of the first device to the second device together with information relating to a range for transmitting the service request ,
    The second device further stores a mode management table in the storage unit, and detects a resource necessary for the service included in the service request transmitted from the first device from the second device. Means for limiting the disclosure of data, computing resources, processing programs, and other resources disclosed between devices using a resource disclosure mode that is described in the mode management table and indicates a service request to be disclosed of the resources; Means for providing resources necessary for service within a range limited by means for limiting the disclosure of the resources ,
    The third device further stores a mode management table in the storage unit, and detects resources necessary for the service included in the service request transferred from the second device from the third device. Means for limiting the disclosure of data, computing resources, processing programs, and other resources disclosed between devices using a resource disclosure mode that is described in the mode management table and indicates a service request to be disclosed of the resources; Means for providing resources necessary for service within a range limited by means for limiting the disclosure of the resources,
    When the means for detecting the second device detects a resource that matches the second device for providing the service, the second device displays information on the detected resource. A response message including the request message is transmitted to the first device based on the signature of the first device included in the service request, and there is a shortage of resources among the resources necessary for the detection means to provide the service. If it is detected, the service request is transferred to the third device within the range of transmitting the service request set by the first device ,
    The third device, when the means for detecting the third device detects a resource that matches the third device for providing the service, a response including information on the resource Sending a message to the first device based on the signature of the first device included in the service request;
    The distributed system, wherein the first device acquires a response message transmitted from the second device or the third device and determines whether or not the service can be executed .
  2.   The distributed system according to claim 1, wherein the resource is any one of a processing program, data, a calculation resource, an external input / output device, and a network stored in the device.
  3.   The distributed system according to claim 1, wherein a processing program for performing resource management processing is distributed from the first device to the second device.
  4.   When the first device receives from the second device information indicating that the resources required for the service satisfying the resource disclosure policy are not available, the first device changes the resource disclosure policy, and changes to the changed resource disclosure policy. The apparatus further comprises means for retransmitting a service request to the second device based on the request and determining whether or not the changed resource disclosure policy is satisfied based on a response from the second device. Distributed system.
  5. A communication interface with the outside, a communication unit, a service formation process, a processing program and other software and system configuration management table, a storage unit that stores requested service conditions and other data, and a processing unit that reads and processes a program from the storage unit In the service transfer environment forming method in the distributed system in which the first, second, and third devices are connected by the internal bus, and each performs processing in cooperation with each other,
    The first device sets a range for transmitting a service request based on a resource disclosure policy indicating a disclosure range of resources necessary for realizing the service stored in the storage unit of the first device; Transmitting a service request including a signature of the first device to the second device together with information regarding a range for transmitting the service request ;
    The second device detects a resource necessary for the service included in the service request transmitted from the first device from the second device, and is stored in the storage unit of the second device. Using the resource disclosure mode, which is described in the table and indicates the service request to which the resource is to be disclosed, the disclosure of data, computing resources, processing programs and other resources to be disclosed between devices is limited, and within the limited range Providing the necessary resources for the service;
    The third device detects a resource necessary for the service included in the service request transferred from the second device from the third device, and is stored in the storage unit of the third device. Using the resource disclosure mode, which is described in the table and indicates the service request to which the resource is to be disclosed, the disclosure of data, computing resources, processing programs and other resources to be disclosed between devices is limited, and within the limited range Providing the necessary resources for the service ,
    When the second device detects a matching resource among the resources necessary for providing the service, a response message including information on the detected resource is sent to the first device included in the service request. Within the range of transmitting the service request set by the first device when it is transmitted to the first device based on the signature and it is detected that there are insufficient resources among the resources necessary for providing the service. And forwarding the service request to the third device;
    If the third device detects a resource that matches the third device for providing the service, a response message including information on the resource is included in the service request. Transmitting to the first device based on a signature of the first device;
    The first device further includes a step of acquiring a response message transmitted from the second device or the third device and determining whether or not the service can be executed. Method.
  6.   The service transfer environment forming method according to claim 5, wherein the resource is any one of a processing program, data, a calculation resource, an external input / output device, and a network stored in the device.
  7.   6. The service transfer environment forming method according to claim 5, further comprising a step of distributing a processing program for performing resource management processing from the first device to the second device.
  8.   When the first device receives information from the second device indicating that there are no resources necessary for the service that satisfies the resource disclosure policy, the first device changes the resource disclosure policy, and changes to the changed resource disclosure policy. 6. The method further comprises a step of retransmitting a service request to the second device based on and determining whether or not the changed resource disclosure policy is satisfied based on a response from the second device. Service transfer environment formation method.
JP2002366023A 2002-12-18 2002-12-18 Distributed system and service transfer environment forming method Active JP4284060B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2002366023A JP4284060B2 (en) 2002-12-18 2002-12-18 Distributed system and service transfer environment forming method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2002366023A JP4284060B2 (en) 2002-12-18 2002-12-18 Distributed system and service transfer environment forming method
PCT/JP2003/013078 WO2004055687A1 (en) 2002-12-18 2003-10-10 Distribution system and service transmission/reception environment formation method

Publications (2)

Publication Number Publication Date
JP2004199300A JP2004199300A (en) 2004-07-15
JP4284060B2 true JP4284060B2 (en) 2009-06-24

Family

ID=32588296

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2002366023A Active JP4284060B2 (en) 2002-12-18 2002-12-18 Distributed system and service transfer environment forming method

Country Status (2)

Country Link
JP (1) JP4284060B2 (en)
WO (1) WO2004055687A1 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2416872A (en) * 2004-07-30 2006-02-08 Canon Kk System for managing tasks on a network by using a service discover, a task manager and a service publisher
GB0425860D0 (en) * 2004-11-25 2004-12-29 Ibm A method for ensuring the quality of a service in a distributed computing environment
US8320880B2 (en) * 2005-07-20 2012-11-27 Qualcomm Incorporated Apparatus and methods for secure architectures in wireless networks
WO2011018937A1 (en) * 2009-08-11 2011-02-17 日本電気株式会社 Terminal device, communication system, data management method, server device, and recording medium
KR101653237B1 (en) * 2010-03-25 2016-09-01 삼성전자주식회사 Method and system for providing contents service using multiple devices
JP5691318B2 (en) 2010-09-09 2015-04-01 株式会社リコー Image processing apparatus and image processing system
GB2520051A (en) * 2013-11-08 2015-05-13 Ibm Entitlement system and method for resources in a multi-computer system controlled by a single instance
JP6340996B2 (en) 2014-08-22 2018-06-13 富士通株式会社 Encryption method, information processing program, and information processing device
JP6583424B2 (en) * 2015-11-02 2019-10-02 富士通株式会社 Information processing system, information processing method, and information processing program

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3552147B2 (en) * 1998-01-20 2004-08-11 日本電信電話株式会社 Network resources combination method
US6549932B1 (en) * 1998-06-03 2003-04-15 International Business Machines Corporation System, method and computer program product for discovery in a distributed computing environment
JP2001306535A (en) * 2000-04-19 2001-11-02 Hitachi Ltd Application service providing method, apparatus for executing the same, and recording medium recording processing program therefor
JP2002073576A (en) * 2000-08-31 2002-03-12 Toshiba Corp Batch job control system
AU2002234258A1 (en) * 2001-01-22 2002-07-30 Sun Microsystems, Inc. Peer-to-peer network computing platform

Also Published As

Publication number Publication date
WO2004055687A1 (en) 2004-07-01
JP2004199300A (en) 2004-07-15

Similar Documents

Publication Publication Date Title
Ammar et al. Internet of Things: A survey on the security of IoT frameworks
JP5731679B2 (en) Interoperating system and method for peer-to-peer service organization
Yuan et al. Attributed based access control (ABAC) for web services
JP5065305B2 (en) Data transmission control method, content transmission control method, content processing information acquisition method, and content transmission system
AU2007222400B2 (en) Data transfer controlling method, content transfer controlling method, content processing information acquisition method and content transfer system
Lopez et al. Authentication and authorization infrastructures (AAIs): a comparative survey
US7904720B2 (en) System and method for providing secure resource management
JP5356221B2 (en) Convert role-based access control policies to resource authorization policies
RU2372651C2 (en) Architecture of hybrid authorised domain based on device and personality
US8255970B2 (en) Personal information distribution management system, personal information distribution management method, personal information service program, and personal information utilization program
EP1586976A2 (en) Distributed dynamic security for document collaboration
US7752442B2 (en) Virtual distributed security system
JP4214807B2 (en) Copyright protection system, transmission apparatus, copyright protection method, and recording medium
US8474027B2 (en) Remote management of resource license
Covington et al. Securing context-aware applications using environment roles
US7735117B2 (en) Context-sensitive confidentiality within federated environments
US20030018491A1 (en) Content usage device and network system, and license information acquisition method
US20030028639A1 (en) Access control system
JP4490083B2 (en) Method for grouping technical devices that are nodes of a network and apparatus for communication between technical devices that are nodes of a network
Hulsebosch et al. Context sensitive access control
Alam et al. Interoperability of security-enabled internet of things
US20030074579A1 (en) Virtual distributed security system
US20080086763A1 (en) Network node machine and information network system
KR100970771B1 (en) Dynamic negotiation of security arrangements between web services??? ??
KR101215343B1 (en) Method and Apparatus for Local Domain Management Using Device with Local Domain Authority Module

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20041112

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20041130

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20050131

A02 Decision of refusal

Free format text: JAPANESE INTERMEDIATE CODE: A02

Effective date: 20051004

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20051205

A911 Transfer of reconsideration by examiner before appeal (zenchi)

Free format text: JAPANESE INTERMEDIATE CODE: A911

Effective date: 20051208

RD01 Notification of change of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7421

Effective date: 20060427

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20060523

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20060605

A912 Removal of reconsideration by examiner before appeal (zenchi)

Free format text: JAPANESE INTERMEDIATE CODE: A912

Effective date: 20061006

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20081226

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20090220

A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20090323

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20120327

Year of fee payment: 3

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20120327

Year of fee payment: 3

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20130327

Year of fee payment: 4

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20130327

Year of fee payment: 4