US20140188972A1 - Modeling enterprise resources and associating metadata therewith - Google Patents
Modeling enterprise resources and associating metadata therewith Download PDFInfo
- Publication number
- US20140188972A1 US20140188972A1 US14/012,882 US201314012882A US2014188972A1 US 20140188972 A1 US20140188972 A1 US 20140188972A1 US 201314012882 A US201314012882 A US 201314012882A US 2014188972 A1 US2014188972 A1 US 2014188972A1
- Authority
- US
- United States
- Prior art keywords
- application
- port
- name
- policy
- computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/04—Network management architectures or arrangements
- H04L41/046—Network management architectures or arrangements comprising network management agents or mobile agents therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/10—Architectures or entities
- H04L65/1063—Application servers providing network services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1069—Session establishment or de-establishment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/53—Network services using third party service providers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4411—Configuring for operating with peripheral devices; Loading of device drivers
Definitions
- Every platform has its own method for describing the structure of its resources and the metadata that describe them. Further, such methods rarely provide a mechanism for an administrator to associate additional metadata with them, especially metadata required for configuring the behavior of third-party add-on products (e.g., Oracle Web Services Manager). In those situations where a platform actually provides some type of mechanism to store custom metadata, however, it is generally proprietary to the platform, thus making any solutions for managing third-party resources difficult and potentially prohibitively expensive to develop, especially if the product is to consistently manage resources in multiple, differing platforms.
- third-party add-on products e.g., Oracle Web Services Manager
- Message protection typically involves keeping the contents of a message confidential (e.g., preventing inspection by a third party) and ensuring that the integrity of a message is protected (e.g., preventing modification thereof).
- a message typically involves keeping the contents of a message confidential (e.g., preventing inspection by a third party) and ensuring that the integrity of a message is protected (e.g., preventing modification thereof).
- authentication there are a wide number of algorithms that are currently employed to fulfill this. However, many of those that are performed at the message layer are computationally expensive, often prohibitively so on the constrained platform available on mobile devices. Therefore, most message protection is done at the transport layer using secure sockets (SSL).
- SSL secure sockets
- Service-oriented client applications that access SOAP web services and RESTful resources often must ensure that the requests they send to a service adhere to certain requirements prescribed by the service. For example, the service might require that all clients provide a special token that identifies the user on whose behalf a request is being made. This is currently accomplished by building the client application using a comprehensive client library that provides a rich set of features to support various service-side requirements. This is often one that implements a standard API (e.g., WLS JAX-WS for SOAP or Jersey JAX-RS for REST).
- a standard API e.g., WLS JAX-WS for SOAP or Jersey JAX-RS for REST.
- FIG. 1 illustrates an example of an architecture of a web services manager (WSM) within a heterogeneous enterprise in accordance with certain implementations of the disclosed technology.
- WSM web services manager
- FIG. 2 illustrates an example of computer-controlled method of registering an application with a web services manager, such as the web services manager illustrated by FIG. 1 , in accordance with the disclosed technology.
- FIG. 3 illustrates a first example of computer-controlled method of incorporating an agent for mobile application development framework (APPDF) applications in accordance with the disclosed technology.
- APPDF mobile application development framework
- FIG. 4 illustrates a second example of computer-controlled method of incorporating an agent for mobile APPDF applications in accordance with the disclosed technology.
- FIG. 1 depicts the architecture 100 of a web services manager (WSM) within a heterogeneous enterprise. This illustrates the relationship between application resources, WSM components, WI applications and the WSM metadata repository.
- WSM web services manager
- four application servers or instances 110 , 120 , 130 , 140 such as WebLogic Server (WLS) domains, WebSphere software, or JBoss servers, each have an WSM Policy Manager (PM) 112 , 122 , 132 , 142 , respectively, that are configured to interact with a policy database 150 .
- WSM PM 112 of the first server/instance 110 is further configured to interact with a WSM Console 114 , which may manage resource registration and Web Service (WS) policy attachment as described below.
- WSM Console 114 which may manage resource registration and Web Service (WS) policy attachment as described below.
- a new WSM Console may be created to provide a WI for managing third party enterprises.
- the WSM Console may provide an administrator with easy access to the most common management tasks relevant for third party enterprises. This may include application registration/modification, policy attachment/detachment, and agent/PAP configuration. Secondary tasks currently supported by EM (i.e. DMS, enforcement audit reporting, PSEC/Audit configuration, policy authoring, global policy attachment, and policy usage analysis) that could be relevant for third party enterprises may or may not be supported.
- EM i.e. DMS, enforcement audit reporting, PSEC/Audit configuration, policy authoring, global policy attachment, and policy usage analysis
- FIG. 2 illustrates an example of computer-controlled method 200 of registering an application with a web services manager, such as the web services manager illustrated by FIG. 1 , in accordance with the disclosed technology.
- a type of platform is indicated.
- application information is provided.
- one or more WS ports hosted by the application are registered.
- the application configuration is then saved, as shown at 208 .
- a policy may be attached to the application and the application configuration may then be saved, as shown at 210 and 212 , respectively.
- the policy may be subsequently detached and the application configuration again saved, as shown at 214 and 216 , respectively.
- the registered application may be stored as a document within a WSM metadata repository, as shown at 218 .
- Various examples of the illustrated method 200 are described below.
- New applications may be registered with Web Services. This registration process may include the following:
- New applications may be registered with Web Service Clients. This registration process may include the following:
- New applications may be registered with both Web Services and Web Service Clients. This registration process may include the following:
- a policy may be attached to a registered application. This attachment process may include the following:
- a policy may be detached from a registered application. This detachment process may include the following:
- Application registration may be used to describe an application that has been deployed in an enterprise.
- the registration process may require the administrator to provide all relevant topology information about the deployed application. This may include details such as the type of platform (e.g., WebSphere or JBOSS), name of the management domain (e.g., cell in WebSphere), and server or servers to which it has been targeted.
- type of platform e.g., WebSphere or JBOSS
- name of the management domain e.g., cell in WebSphere
- a registered application may be stored as a document within a WSM metadata repository.
- the creation, deletion, or modification of a registered application may be audited using a Common Audit Framework.
- An audit record may be generated when modifying a registered application to indicate the application that was modified, but may not indicate the nature of the modification, including any attachment or detachment of policies.
- Database-based metadata repositories may provide support for document versioning.
- an administrator may be able to view an earlier version of a registered application or make an earlier version the current one. Making an earlier version of the current one will generally result in a new version that is an exact copy of the one that was restored.
- Port registration may be used to describe the [client or service] ports that are being hosted by a registered application.
- the registration may require the administrator to provide all relevant structural information about a port. This may include details such as the type and name of the module that is hosting it, the type of port (e.g., client or service), the name of the enclosing client or service, and the name of the port itself.
- the module, client/service, and port names will generally match those that are understood by the hosting third party web service stack. Typically, these logical names are derived from the physical names for the corresponding entities.
- a port registration may be stored within a registered application document describing the application that is hosting it.
- an administrator may provide the names of the hosting module, client, and client port. If it is available, the administrator may also supply the URL for a WSDL describing the service that a client port connects to. The information within the WSDL may be used to guide the attachment of compatible policies to a client port.
- the URL for a WSDL may be modified after registration, but the other data generally cannot be changed. If the data needs to be adjusted, the relevant port registration may be deleted and a new one declared.
- the administrator may provide the name of the hosting module, service, and service port. If it is available, the administrator may instead supply the name of the hosting module and the URL of the WSDL associated with it. When provided, the WSDL may be scanned and each service port it contains may be automatically declared.
- While the URL for the WSDL may be changed after registration, other information provided during registration generally cannot be changed. If such data needs to be adjusted, the relevant port registration may be deleted and a new one declared.
- Resource management generally allows an administrator to view or modify the registered applications in an enterprise. This may include the ability to unregister an application, unregister any of the ports a registered application hosts, or register an additional port in an existing registered application.
- the task of locating a specific registered application or port registration may be time consuming in an enterprise that hosts a large number of resources, but the administrator may simplify this process by providing relevant criteria in a search for resources.
- An administrator may be able to search for registered applications by supplying any combination of platform type, management domain, and application name criterion.
- the administrator may be able to search for port registration by supplying any combination of platform type, management domain, application name, module name, port type, and port name criterion.
- the administrator may be able to include an asterisk (*) wildcard character for a name-type criterion that will match any number of characters in its place.
- exportRepository and importRepository CLI commands may provide a mechanism to migrate the contents of a WSM repository from one environment to another. This may be used to migrate a verified configuration from a test environment to a production environment. Because the target environment often uses different names for its entities, the importRepository command may allow an administrator to provide a file that describes how to map physical information from the source environment to the target environment. This may be used to transform each document as it is imported to ensure that it is valid.
- Physical information in a registered application resource may be updated during import. This may include the ability to rename the management domain, modify the list of servers to which a registered application has been targeted, and update the URL of a WSDL that has been associated with a [client or service] port.
- the command will generally not support the migration of registered applications from one platform to another or the modification of the port registrations hosted in a registered application.
- a feature may provide an administrator with the capability to attach web service policies to the [client and service] ports within an enterprise. These attachments may be declared external to the native deployment descriptors of the hosting application. This mechanism may operate independent of, and exclusive to, an existing global policy attachment feature.
- Attachment by reference may be used to attach policies to a port registration by providing the URI (e.g., within a WSM metadata repository) of the desired policy.
- the runtime may automatically retrieve the policy from the repository when it needs to enforce the behavior it describes.
- the administrator may be able to attach or detach any number of policies as well as indicate whether each policy reference is enabled or disabled.
- a policy attachment may be stored within the registered application document containing the port registration it is attached to.
- the policy attachment will generally not be managed as an independent resource.
- Policy subject configuration analysis may be used to validate a port's configuration, validate that the set of attached policies are compatible with each other, and determine whether it is secured or not.
- a port is generally considered secure if one or more of the assertions in the policies attached to it enforce a security behavior.
- Compatible client policy selection may be used to determine the URIs of the policies that are compatible with the service a client interacts with. If the WSDL of the service is available, then the administrator may request a list of the policies that are compatible with it and select from it the policies to attach to the client port.
- Scoped configuration overrides may be used to provide properties that affect the behavior of the assertions within a policy.
- a configuration override may be expressed as a simple name-value pair. The effect of a given property generally depends on the assertions it is applied to.
- the administrator may be able to define any number of configuration overrides that are scoped to a specific policy attachment. Each policy may expose the properties that it recognizes and their default values. This information may be used to assist an administrator with providing relevant configuration overrides for each attachment.
- a configuration override may be stored within the registered application document containing the policy attachment it is configuring.
- the product may implement features to assist with managing configuration and providing an inventory of third party agent installations.
- a feature may provide an administrator with the capability to centrally manage product configuration. This may include the ability to specify the PM connection information, cache refresh rates, nonce timeout, clock skew, and other similar configuration parameters.
- Product configuration parameters may be stored in a WSM metadata repository.
- An agent instance may use bootstrap connection information specified during installation to connect to the PM to retrieve its full configuration. Whenever a configuration parameter is added, modified, or removed, the agent will generally update its active configuration and persist the full set of parameters locally for the next time it initializes. The detection of configuration changes may be performed periodically using a configurable polling mechanism.
- An administrator may be able to specify the value for each supported parameter and have it applied to all agents within a management domain. Additionally, some parameters may allow the administrator to override a value for a single server or application.
- a feature may provide an administrator with the capability to inventory third party agent installations within an enterprise. This inventory may track various statistics about each installation, including the hosting platform, its version, and the version of the WSM product in use. The inventory will generally include relevant details about each management domain and server. It may also indicate which applications have been configured to support a third party agent.
- Certain embodiments of the disclosed technology are generally directed toward techniques for managing multiple resources in an enterprise in an independent and consistent manner regardless of the native capabilities of the platform containing them. Such embodiments generally allow a management product (e.g., a Web Services Manager) to easily support any third-party platform without any dependency on features that are specific to the platform.
- a management product e.g., a Web Services Manager
- Certain embodiments of the disclosed technology are generally directed toward techniques for describing the structure, or model, of various types of physical and/or logical resources in an enterprise (e.g., traditional entities such as applications, servers, management domains, platforms, and the enterprise itself) and the relationships that exist between instances of such resources.
- embodiments may be generally directed toward defining different types of virtual resources in an enterprise that can be used to represent various collections of resources that are either defined statically (i.e., having a constant set of members) based on identifying specific resource instances or defined dynamically (i.e., having a variable set of members) based on the current characteristics of resource instances.
- Certain embodiments of the disclosed technology are generally directed toward techniques for describing specific instances of a resource type along with any standard or custom characteristics that may be relevant thereto. Such techniques may also include attaching web service policies to any part of a resource structure that describes behaviors to be enforced during interactions with the resource.
- a model metadata component may define a schema used to describe a type of resource or model using an XML infoset. The following describes certain attributes and elements that may be in the schema:
- ENTERPRISE for an Enterprise model
- TOPOLOGY for a Domain, Platform, or Server model
- DEPLOYABLE for an Application model
- a Policy Manager component may store model metadata in its document repository.
- the type of these documents is generally model and the URI of these documents is generally the name of the model.
- Model metadata may be accessed using a document manager component of the Policy Manager.
- An instance metadata component may provide a schema to describe a specific resource as an instance of a resource model using an XML infoset. The following describes certain attributes and elements in such a schema:
- a Policy Manager component may store instance metadata in its document repository.
- the type of these documents is resource and the URI of these documents is indicated by its model.
- Instance metadata may be accessed using a document manager component of the Policy Manager.
- a properties metadata component may provide a schema to describe the configuration or inventory of a specific resource using an XML infoset. The following describes certain attributes and elements that may be in the schema:
- a property element generally must contain either one or more value elements or one or more values elements.
- a Policy Manager component may store properties metadata in its document repository.
- the type of these documents is the lowercase form of their @type attribute and the URI for these documents is the value of their @resource attribute.
- Configuration properties metadata may be accessed using a document manager component of the Policy Manager.
- Inventory properties metadata may be accessed using a usage tracker component of the Policy Manager.
- a seed model metadata component may define a set of documents describing the models predefined by the product. Each document may be loaded into the repository during seeding operations performed by the existing upgrade manager bean APIs.
- Enterprise model metadata may be used to describe an enterprise that is managed by the product and access the configuration properties supported by the product. Because the product can typically manage only a single enterprise, attempts to create an Enterprise instance will usually result in an error.
- Search criterion identifying the model may be the following: model/Enterprise Search criterion identifying an instance of the model may use the following pattern:
- Platform model metadata may be used to describe a platform certified for use by the product. Because the product can typically manage only certified platforms, attempts to create or modify a Platform instance will usually result in an error.
- Search criterion identifying the model may be as follows:
- Search criterion identifying an instance of the model may use the following pattern:
- Domain model metadata may be used to describe a management domain that is managed by the product.
- Search criterion identifying the model may include the following:
- Search criterion identifying an instance of the model may use the following pattern:
- Server model metadata may be used to describe a server instance running in a management domain that is managed by the product.
- Search criterion identifying the model may include the following:
- Search criterion identifying an instance of the model may use the following pattern:
- Application model metadata may be used to describe an application that has been deployed into a management domain managed by the product and, potentially, targeted to one or more of the domain's servers.
- Search criterion identifying the model may include the following:
- Search criterion identifying an instance of the model may use the following pattern:
- a seed instance metadata component may define a set of documents describing the instances predefined by the product. Each document may be loaded into the repository during seeding operations performed by the existing upgrade manager bean APIs.
- Certain embodiments of the disclosed technology are generally directed toward techniques for defining a product's configurable characteristics, which may also be referred to herein as properties, including the specifying of each property's name, description, structure, and default value, for example, along with indicating which resource type(s) each property may be associated with.
- embodiments may be generally directed toward techniques for associating one or more supported configuration values with a resource and collecting an arbitrary set of values, which may also be referred to herein as an inventory, that describes the particular environment that is hosting the resource.
- Certain embodiments of the disclosed technology may allow an administrator to model an application and its [client and service] ports by describing them in terms of the nodes and components. Furthermore, such embodiments may allow an administrator to attach security and management policies to these ports and configure their behavior.
- Certain embodiments may implement a feature that provides an administrator with the capability to model the applications within an enterprise and the (client and service) ports which they host. This may be limited to J2EE applications which host web service or web service client ports using the SOAP over HTTP protocol.
- Certain embodiments of the disclosed technology generally allow developers to build applications that satisfy client-side requirements without having to implement standard behaviors (e.g., providing security tokens) themselves. Such implementations may do so in a manner that builds on top of the platform's native APIs (for REST) or other commonly used lightweight libraries (for SOAP) instead of requiring a developer to learn how to use an entirely new one.
- Such embodiments generally define a declarative, lightweight solution for enforcing behaviors required by accessing SOAP web services and RESTful resources that requires little integration.
- Certain embodiments of the disclosed technology are directed to an agent for mobile application development framework (APPDF) applications, which may be implemented as a Web Services Manager component.
- APPDF mobile application development framework
- Such a component may provide a library that can be used by application development frameworks (e.g., APPDF-Mobile) to enforce authentication, message protection, and other behaviors for Java-based mobile clients that access REST resources and SOAP-based web services.
- application development frameworks e.g., APPDF-Mobile
- An APPDF-Mobile product in accordance with the disclosed technology may be used to enforce policies attached to mobile web service clients.
- web service clients may be defined by entries in the APPDF's connections . xml file, for example. These entries may indicate the location of the web service and the protocol used to access it (e.g., SOAP or RESTful). They may also specify the policies to be enforced by URI and any policy configuration properties.
- Mobile applications may use the APPDF-Mobile product to access SOAP [version 1.1/1.2, for example] and RESTful web services exposed by an application deployed to an enterprise-class server (e.g., a JEE container).
- a SOAP service may be hosted by a WebLogic Server and be configured to use the WSM to enforce security policies.
- SOAP web services may be configured to use a seed policy that allows a client to use one of a variety of different authentication mechanisms (e.g., HTTP Basic authentication credentials, a [WS-SecurityPolicy] username token, or a [WS-SecurityPolicy] SAML token) with either [WS-SecurityPolicy] message protection or SSL.
- An agent for mobile applications in accordance with the disclosed technology may provide the ability to enforce pre-defined security and management scenarios when making requests to REST resources and SOAP-based web services.
- a scenario to be enforced may be specified in the form of a URI that references a web service policy document (e.g., expressed using the [WS-Policy] language) that contains one or more assertions that define the desired behavior. Additionally, a reference may be accompanied by configuration properties that override the default behavior defined by the policy.
- Such an agent for mobile applications may be packaged with a framework (e.g., [APPDF-Mobile]) that provides facilities for developing mobile applications including Java-based business logic that accesses REST resources or SOAP-based web services. Rather than being directly consumed by an application's business logic, the agent may act as an internal component supporting the application development framework.
- a framework e.g., [APPDF-Mobile]
- An agent for mobile applications in accordance with the disclosed technology may be delivered to consuming frameworks in the form of a library (e.g., packaged as a set of Java archives (JAR files)) to be included with the customer's application.
- the framework will be generally responsible for calling the relevant APIs provided by the library to initialize the agent and integrating it with the appropriate web service stack (e.g., [kSOAP2]) before client requests and server responses are processed.
- Embodiments of the disclosed technology may be integrated with systems that use separate specific abstractions for web service messages and the transports used to send/receive them.
- FIG. 3 illustrates a first example of computer-controlled method 300 of incorporating an agent for mobile application development framework (APPDF) applications in accordance with the disclosed technology.
- an envelope is created for a request from a mobile application to invoke a web service.
- the envelope is passed to a transport component, which creates a connection through which the envelope will be sent and also uses an agent to create an enforcement context, as shown at 306 and 308 , respectively.
- a proxy envelope and proxy connection may then be created based on the enforcement context, as shown at 310 and 312 , respectively.
- the proxy envelope is streamed through the proxy connection to the web service.
- a Mobile Application initializes the APPDF Mobile Framework before it can invoke SOAP-based web services.
- the APPDF Mobile Framework manages a list of APPDF Connection components, one for each callable web service.
- an APPDF Connection component When an APPDF Connection component is created for a SOAP web service, it creates one instance of a kSOAP2 HTTP Transport component to call the web service and one instance of the WSM kSOAP2 Agent component to enforce policies attached to it (according to the Configuration supplied to it).
- the APPDF Mobile Framework component (2) creates an envelope for a request (a kSOAP SOAP Envelope component) and then (3) calls the service by passing the envelope to the kSOAP2 HTTP Transport component created during initialization.
- the transport (4) creates a connection (based on a kSOAP2 Service Connection) through which the envelope will be sent and uses the agent to (5) create an enforcement context. This context is used to create proxies for both the envelope (a WSM SOAP Envelope Proxy) and connection (a WSM Service Connection Proxy).
- the transport (6) streams the proxy envelope through the proxy connection to the web service.
- Embodiments of the disclosed technology may be integrated with systems that use a single specific abstraction for the transportation of web service messages but do not have a specific abstraction for the messages themselves and, instead, use primitive mechanisms such as binary/text data streams.
- FIG. 3 illustrates an example of system implementing a Java ME HTTPConnection API in accordance with certain embodiments of the disclosed technology.
- a Mobile Application initializes the APPDF Mobile Framework before it can invoke RESTful web services.
- the APPDF Mobile Framework manages a list of APPDF Connection components, one for each callable web service.
- an APPDF Connection component is created for a SOAP web service, it creates one instance of the WSM HTTP Connection Agent component to enforce policies attached to it (according to the Configuration supplied to it).
- FIG. 4 illustrates a second example of computer-controlled method 400 of incorporating an agent for mobile APPDF applications in accordance with the disclosed technology.
- a connection is created through which a request to invoke a web service will be sent.
- an agent is used to create an enforcement context.
- a proxy is created for the connection based on the enforcement context and, at 408 , the request is streamed through the proxy connection to the web service.
- the APPDF Mobile Framework component (2) creates a connection (based on a Java ME HTTP Connection) through which a request will be sent and uses the agent to (3) create an enforcement context. This context is used to create a proxy for the connection (an WSM HTTP Connection Proxy). Finally, the framework (4) streams the request through the proxy connection to the web service.
- machine is intended to broadly encompass a single machine or a system of communicatively coupled machines or devices operating together.
- Exemplary machines may include computing devices such as personal computers, workstations, servers, portable computers, handheld devices, tablet devices, and the like.
- a machine typically includes a system bus to which processors, memory such as random access memory (RAM), read-only memory (ROM), and other state-preserving medium, storage devices, a video interface, and input/output interface ports can be attached.
- the machine may also include embedded controllers such as programmable or non-programmable logic devices or arrays, Application Specific Integrated Circuits (ASICs), embedded computers, smart cards, and the like.
- the machine may be controlled, at least in part, by input from conventional input devices such as keyboards and mice, as well as by directives received from another machine, interaction with a virtual reality (VR) environment, biometric feedback, or other pertinent input.
- VR virtual reality
- the machine may utilize one or more connections to one or more remote machines, such as through a network interface, modem, or other communicative coupling.
- Machines can be interconnected by way of a physical and/or logical network, such as an intranet, the Internet, local area networks, wide area networks, etc.
- network communication may utilize various wired and/or wireless short range or long range carriers and protocols, including radio frequency (RF), satellite, microwave, Institute of Electrical and Electronics Engineers (IEEE) 545.11, Bluetooth, optical, infrared, cable, laser, etc.
- RF radio frequency
- IEEE Institute of Electrical and Electronics Engineers
- Embodiments of the disclosed technology may be described by reference to or in conjunction with associated data including functions, procedures, data structures, application programs, instructions, etc. that, when accessed by a machine, may result in the machine performing tasks or defining abstract data types or low-level hardware contexts.
- Associated data may be stored in, for example, volatile and/or non-volatile memory, such as RAM and ROM, or in other storage devices and their associated storage media, which can include hard-drives, floppy-disks, optical storage, tapes, flash memory, memory sticks, digital video disks, biological storage, and other non-transitory, physical storage media.
- Associated data may be delivered over transmission environments, including the physical and/or logical network, in the form of packets, serial data, parallel data, etc., and may be used in a compressed or encrypted format. Associated data may be used in a distributed environment, and stored locally and/or remotely for machine access.
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Multimedia (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Stored Programmes (AREA)
- Computer And Data Communications (AREA)
Abstract
A computer-controlled method of registering an application can include indicating a type of platform, providing information about the application, registering at least one port hosted by the application, and saving the application configuration.
Description
- This application claims benefit of provisional patent applications 61/747,913 and 61/747,924, both filed Dec. 31, 2012; and provisional patent application 61/800,701, filed Mar. 15, 2013, all of which are incorporated by reference herein their entirety.
- When managing resources that exist within an enterprise, the ability to describe such resources, including their logical structure and relationships with each other, is critical for allowing an administrator to visualize the enterprise. It is also important to use well-established and standardized mechanisms (such as those defined by the WS-Policy and WS-SecurityPolicy standards) when configuring resources behavior, especially with regard to how access to such resources will be secured. It is also helpful to allow administrators to associate arbitrary metadata (e.g., aliases, categories, or pointers to related information) with the resources they are managing.
- However, every platform has its own method for describing the structure of its resources and the metadata that describe them. Further, such methods rarely provide a mechanism for an administrator to associate additional metadata with them, especially metadata required for configuring the behavior of third-party add-on products (e.g., Oracle Web Services Manager). In those situations where a platform actually provides some type of mechanism to store custom metadata, however, it is generally proprietary to the platform, thus making any solutions for managing third-party resources difficult and potentially prohibitively expensive to develop, especially if the product is to consistently manage resources in multiple, differing platforms.
- Many enterprise products provide an ability to configure certain aspects of its behavior. One of the current solutions is to express all of the associated information as a simple, flat collection of name-value pairs or dictionary (e.g., where each name identifies one aspect of the product to be configured) and store the collection as either a block of plain text or simple XML document or database table.
- Mobile applications are a rapidly expanding market. With the meteoric rise in the use of smart phones and tablets in recent years, businesses are seeking solutions to enable remote access to their services from these devices. Since many of these interactions will happen via the “cloud” (e.g., over the public Internet), it is critical that access to these services be secured. Minimally, this requires that mobile clients be authenticated but, in many cases, it also requires that messages be protected from interception and modification.
- Current authentication mechanisms vary widely. Since these interactions are typically built on an HTTP transport model, the standard HTTP Basic authentication scheme is frequently used. Additionally, other new authentication mechanisms (e.g., OAUTH) are emerging and growing in popularity. For SOAP services, [WS-SecurityPolicy] provides more advanced authentication mechanisms, such as those based on the use of SAML tokens.
- Message protection typically involves keeping the contents of a message confidential (e.g., preventing inspection by a third party) and ensuring that the integrity of a message is protected (e.g., preventing modification thereof). As with authentication, there are a wide number of algorithms that are currently employed to fulfill this. However, many of those that are performed at the message layer are computationally expensive, often prohibitively so on the constrained platform available on mobile devices. Therefore, most message protection is done at the transport layer using secure sockets (SSL).
- Service-oriented client applications that access SOAP web services and RESTful resources often must ensure that the requests they send to a service adhere to certain requirements prescribed by the service. For example, the service might require that all clients provide a special token that identifies the user on whose behalf a request is being made. This is currently accomplished by building the client application using a comprehensive client library that provides a rich set of features to support various service-side requirements. This is often one that implements a standard API (e.g., WLS JAX-WS for SOAP or Jersey JAX-RS for REST). While this may work well in environments with relatively few constraints, such as within a JEE container, in tightly constrained environments (e.g., the iOS or Android mobile platforms) it is often unacceptable to require large, multi-megabyte libraries to enforce these behaviors. In the absence of any native support being provided by the platform, application developers are thus forced to implement each variation themselves.
- Thus, there remains a need for a way to address these and other problems associated with the prior art.
-
FIG. 1 illustrates an example of an architecture of a web services manager (WSM) within a heterogeneous enterprise in accordance with certain implementations of the disclosed technology. -
FIG. 2 illustrates an example of computer-controlled method of registering an application with a web services manager, such as the web services manager illustrated byFIG. 1 , in accordance with the disclosed technology. -
FIG. 3 illustrates a first example of computer-controlled method of incorporating an agent for mobile application development framework (APPDF) applications in accordance with the disclosed technology. -
FIG. 4 illustrates a second example of computer-controlled method of incorporating an agent for mobile APPDF applications in accordance with the disclosed technology. -
FIG. 1 depicts thearchitecture 100 of a web services manager (WSM) within a heterogeneous enterprise. This illustrates the relationship between application resources, WSM components, WI applications and the WSM metadata repository. In the example, four application servers orinstances policy database 150. Also in the example, the WSM PM 112 of the first server/instance 110 is further configured to interact with a WSM Console 114, which may manage resource registration and Web Service (WS) policy attachment as described below. - A new WSM Console may be created to provide a WI for managing third party enterprises. The WSM Console may provide an administrator with easy access to the most common management tasks relevant for third party enterprises. This may include application registration/modification, policy attachment/detachment, and agent/PAP configuration. Secondary tasks currently supported by EM (i.e. DMS, enforcement audit reporting, PSEC/Audit configuration, policy authoring, global policy attachment, and policy usage analysis) that could be relevant for third party enterprises may or may not be supported.
-
FIG. 2 illustrates an example of computer-controlledmethod 200 of registering an application with a web services manager, such as the web services manager illustrated byFIG. 1 , in accordance with the disclosed technology. At 202, a type of platform is indicated. At 204, application information is provided. At 206, one or more WS ports hosted by the application are registered. The application configuration is then saved, as shown at 208. In certain embodiments, a policy may be attached to the application and the application configuration may then be saved, as shown at 210 and 212, respectively. In such embodiments, the policy may be subsequently detached and the application configuration again saved, as shown at 214 and 216, respectively. In certain embodiments, the registered application may be stored as a document within a WSM metadata repository, as shown at 218. Various examples of the illustratedmethod 200 are described below. - New applications may be registered with Web Services. This registration process may include the following:
-
- 1. Indicate the type of platform (e.g. WebSphere).
- 2. Provide application information (e.g. name, description; cell name, servers, etc.).
- 3. Register web service port(s) hosted by the application. If a WSDL is available, then provide module name and associated WSDL file—the contents of the WSDL will be parsed to determine the hosted service and port names. If a WSDL is not available, then provide the module, service, and port names manually. Repeat as needed to register all services.
- 4. Save the application configuration.
- New applications may be registered with Web Service Clients. This registration process may include the following:
-
- 1. Indicate the type of platform (e.g. WebSphere).
- 2. Provide application information. This would include its: name (required); description (optional); and any relevant topology fields, such as cell, servers, etc. (optional).
- 3. Register web service client port(s) hosted by the application by providing the module, client, and port names manually. Repeat as needed to register all services.
- 4. Save the application configuration.
- New applications may be registered with both Web Services and Web Service Clients. This registration process may include the following:
-
- 1. Indicate the type of platform (e.g. WebSphere).
- 2. Provide application information. This would include its: name (required); description (optional); and any relevant topology fields, such as cell, servers, etc. (optional).
- 3. Register web service port(s) hosted by the application. If a WSDL is available, then provide module name and associated WSDL file—the contents of the WSDL will be parsed to determine the hosted service and port names. If a WSDL is not available, then provide the module, service, and port names manually. Repeat as needed to register all services.
- 4. Register web service client port(s) hosted by the application by providing the module, client, and port names manually. Repeat as needed to register all clients.
- 5. Save the application configuration.
- A policy may be attached to a registered application. This attachment process may include the following:
-
- 1. Navigate to desired application within enterprise or search for registered applications by application name.
- 2. Navigate to desired client or service port (following module, client/service, and port hierarchy) within application, or search for a port its type and name.
- 3. Select one or more policies to be attached to port. A list of compatible policies may be presented to guide selection and may filter out those that are not compatible with the platform or port type. The list may also provide an option to search by policy name.
- 4. Validate policy subject. This may be used to confirm whether the policies attached to the port (if there is more than one) are compatible with each other.
- 5. Save the application configuration.
- A policy may be detached from a registered application. This detachment process may include the following:
-
- 1. Navigate to desired application within enterprise or search for registered applications by application name.
- 2. Navigate to desired client or service port (following module, client/service, and port hierarchy) within application, or search for a port by its type and name.
- 3. Select one or more policies to be detached from port.
- 4. Save the application configuration.
- Application registration may be used to describe an application that has been deployed in an enterprise. The registration process may require the administrator to provide all relevant topology information about the deployed application. This may include details such as the type of platform (e.g., WebSphere or JBOSS), name of the management domain (e.g., cell in WebSphere), and server or servers to which it has been targeted.
- A registered application may be stored as a document within a WSM metadata repository. The creation, deletion, or modification of a registered application may be audited using a Common Audit Framework. An audit record may be generated when modifying a registered application to indicate the application that was modified, but may not indicate the nature of the modification, including any attachment or detachment of policies.
- Database-based metadata repositories may provide support for document versioning. In these environments, an administrator may be able to view an earlier version of a registered application or make an earlier version the current one. Making an earlier version of the current one will generally result in a new version that is an exact copy of the one that was restored.
- Port registration may be used to describe the [client or service] ports that are being hosted by a registered application. The registration may require the administrator to provide all relevant structural information about a port. This may include details such as the type and name of the module that is hosting it, the type of port (e.g., client or service), the name of the enclosing client or service, and the name of the port itself.
- The module, client/service, and port names will generally match those that are understood by the hosting third party web service stack. Typically, these logical names are derived from the physical names for the corresponding entities. A port registration may be stored within a registered application document describing the application that is hosting it.
- During registration, an administrator may provide the names of the hosting module, client, and client port. If it is available, the administrator may also supply the URL for a WSDL describing the service that a client port connects to. The information within the WSDL may be used to guide the attachment of compatible policies to a client port.
- The URL for a WSDL may be modified after registration, but the other data generally cannot be changed. If the data needs to be adjusted, the relevant port registration may be deleted and a new one declared.
- During registration, the administrator may provide the name of the hosting module, service, and service port. If it is available, the administrator may instead supply the name of the hosting module and the URL of the WSDL associated with it. When provided, the WSDL may be scanned and each service port it contains may be automatically declared.
- While the URL for the WSDL may be changed after registration, other information provided during registration generally cannot be changed. If such data needs to be adjusted, the relevant port registration may be deleted and a new one declared.
- Resource management generally allows an administrator to view or modify the registered applications in an enterprise. This may include the ability to unregister an application, unregister any of the ports a registered application hosts, or register an additional port in an existing registered application.
- The task of locating a specific registered application or port registration may be time consuming in an enterprise that hosts a large number of resources, but the administrator may simplify this process by providing relevant criteria in a search for resources. An administrator may be able to search for registered applications by supplying any combination of platform type, management domain, and application name criterion. Similarly, the administrator may be able to search for port registration by supplying any combination of platform type, management domain, application name, module name, port type, and port name criterion. To further simplify the process, the administrator may be able to include an asterisk (*) wildcard character for a name-type criterion that will match any number of characters in its place.
- exportRepository and importRepository CLI commands may provide a mechanism to migrate the contents of a WSM repository from one environment to another. This may be used to migrate a verified configuration from a test environment to a production environment. Because the target environment often uses different names for its entities, the importRepository command may allow an administrator to provide a file that describes how to map physical information from the source environment to the target environment. This may be used to transform each document as it is imported to ensure that it is valid.
- Physical information in a registered application resource may be updated during import. This may include the ability to rename the management domain, modify the list of servers to which a registered application has been targeted, and update the URL of a WSDL that has been associated with a [client or service] port. The command will generally not support the migration of registered applications from one platform to another or the modification of the port registrations hosted in a registered application.
- A feature may provide an administrator with the capability to attach web service policies to the [client and service] ports within an enterprise. These attachments may be declared external to the native deployment descriptors of the hosting application. This mechanism may operate independent of, and exclusive to, an existing global policy attachment feature.
- Attachment by reference may be used to attach policies to a port registration by providing the URI (e.g., within a WSM metadata repository) of the desired policy. The runtime may automatically retrieve the policy from the repository when it needs to enforce the behavior it describes. The administrator may be able to attach or detach any number of policies as well as indicate whether each policy reference is enabled or disabled.
- A policy attachment may be stored within the registered application document containing the port registration it is attached to. The policy attachment will generally not be managed as an independent resource.
- Policy subject configuration analysis may be used to validate a port's configuration, validate that the set of attached policies are compatible with each other, and determine whether it is secured or not. A port is generally considered secure if one or more of the assertions in the policies attached to it enforce a security behavior.
- Compatible client policy selection may be used to determine the URIs of the policies that are compatible with the service a client interacts with. If the WSDL of the service is available, then the administrator may request a list of the policies that are compatible with it and select from it the policies to attach to the client port.
- Scoped configuration overrides may be used to provide properties that affect the behavior of the assertions within a policy. A configuration override may be expressed as a simple name-value pair. The effect of a given property generally depends on the assertions it is applied to. The administrator may be able to define any number of configuration overrides that are scoped to a specific policy attachment. Each policy may expose the properties that it recognizes and their default values. This information may be used to assist an administrator with providing relevant configuration overrides for each attachment.
- A configuration override may be stored within the registered application document containing the policy attachment it is configuring. The product may implement features to assist with managing configuration and providing an inventory of third party agent installations.
- A feature may provide an administrator with the capability to centrally manage product configuration. This may include the ability to specify the PM connection information, cache refresh rates, nonce timeout, clock skew, and other similar configuration parameters.
- Product configuration parameters may be stored in a WSM metadata repository. An agent instance may use bootstrap connection information specified during installation to connect to the PM to retrieve its full configuration. Whenever a configuration parameter is added, modified, or removed, the agent will generally update its active configuration and persist the full set of parameters locally for the next time it initializes. The detection of configuration changes may be performed periodically using a configurable polling mechanism.
- An administrator may be able to specify the value for each supported parameter and have it applied to all agents within a management domain. Additionally, some parameters may allow the administrator to override a value for a single server or application.
- A feature may provide an administrator with the capability to inventory third party agent installations within an enterprise. This inventory may track various statistics about each installation, including the hosting platform, its version, and the version of the WSM product in use. The inventory will generally include relevant details about each management domain and server. It may also indicate which applications have been configured to support a third party agent.
- Certain embodiments of the disclosed technology are generally directed toward techniques for managing multiple resources in an enterprise in an independent and consistent manner regardless of the native capabilities of the platform containing them. Such embodiments generally allow a management product (e.g., a Web Services Manager) to easily support any third-party platform without any dependency on features that are specific to the platform.
- Certain embodiments of the disclosed technology are generally directed toward techniques for describing the structure, or model, of various types of physical and/or logical resources in an enterprise (e.g., traditional entities such as applications, servers, management domains, platforms, and the enterprise itself) and the relationships that exist between instances of such resources. Alternatively or in addition thereto, embodiments may be generally directed toward defining different types of virtual resources in an enterprise that can be used to represent various collections of resources that are either defined statically (i.e., having a constant set of members) based on identifying specific resource instances or defined dynamically (i.e., having a variable set of members) based on the current characteristics of resource instances.
- Certain embodiments of the disclosed technology are generally directed toward techniques for describing specific instances of a resource type along with any standard or custom characteristics that may be relevant thereto. Such techniques may also include attaching web service policies to any part of a resource structure that describes behaviors to be enforced during interactions with the resource.
- A model metadata component may define a schema used to describe a type of resource or model using an XML infoset. The following describes certain attributes and elements that may be in the schema:
-
- /model@name: This attribute may define the name of the model. An instance will indicate the model it is based on using this name.
- /model@kind: This attribute may define the kind of model. The value may be
- ENTERPRISE (for an Enterprise model), TOPOLOGY (for a Domain, Platform, or Server model), or DEPLOYABLE (for an Application model). Each kind may place a set of restrictions on the content of the model and its instances.
-
- /model@locked: This attribute may indicate whether clients should be prevented from modifying this model. The value may be true for all seed models.
- /model@restriction: This attribute may indicate restrictions placed on instances of the model. The value may be MODIFY (indicating that a client is not permitted to modify, create, or delete an instance), CREATE (indicating that a client is not permitted to create or delete an instance), or NONE (indicating that a client is permitted to modify, create, or delete an instance).
- /model@term: This attribute may define the primary resource pattern term associated with instances of the model. The term may be used as a prefix for the path of the document that stores an instance of a model in the repository. A value may be provided for all seed models.
- /model@path: This attribute may define the relative path of the directory containing an instance of the model. The value may contain literal characters, path separators (“/”), or field references in the form “${field_name}”.
- /model/descriptions: This element may contain a collection of localized display names and descriptions to be used when displaying information about the model in a user interface (UI).
- /model/field: This element may define the fields that are natively recognized by an instance of the model. (An instance may provide values for fields that are not specified in the model.) The field definition may contain information that a UI should use to guide the selection of legal values and that the runtime will use to perform validation. A model may have any number of these elements.
- /model/field@name: This attribute may define the name of the field. An instance may indicate the field whose value it is supplying based on this name.
- /model/field@required: This attribute may indicate whether a resource instance must supply a value for this field.
- /model/field@multiple: This attribute may indicate whether a resource instance may supply multiple values for this field.
- /model/field@term: This attribute may indicate the primary resource pattern term associated with the field. The term must generally be valid for the containing model.
- /model/field@type: This attribute may indicate the type of the field and may indicate the type of validation that will be performed on the field's value. The value may be BOOLEAN (indicating a Boolean), INTEGER (indicating an integer), STRING (indicating an arbitrary string), or URI (indicating a URI). If the field contains a linkTo element, then the value of the attribute will generally be ignored. If the type is not specified and does not contain a linkTo element, then it will generally be treated as a STRING.
- /model/field/descriptions: This element may contain a collection of localized display names and descriptions to be used when displaying information about a field in a UI.
- /model/field/linkTo: This element may contain a collection of mappings between the fields in an instance of the model and the fields in an instance of another model.
- /model/field/linkTo@model: This attribute may define the model this field links to.
- /model/field/linkTo/map: This element may define the mapping of a single field in an instance of the model to a single field in an instance of another model. A linkTo may contain one or more map elements.
- /model/field/linkTo/map/@sourceField: This attribute may define the name of the field in the source instance. If the attribute is not supplied, then the name of the field containing it will generally be used.
- /model/field/linkTo/map/@targetField: This attribute may define the name of the field in the target instance. If the value is the empty string, then the field is generally mapped to the instance name.
- /model/linkFrom: This element may define the links which may exist from instances of another model to instances of the model. This element may indicate that a UI should display the instances of resources that have linked to an instance of this model.
- /model/linkFrom@model: This attribute may define the model that links to this one.
- /model/linkFrom/descriptions: This element may contain a collection of localized display names and descriptions to be used when displaying information about this link in a UI.
- /model/model: This element, which is generally valid only when the model's @kind attribute has the DEPLOYABLE value, contains the definition of a sub-model. This may contain the same attribute and elements in a top-level model, except for @kind, @locked, @restriction, and linkFrom.
- A Policy Manager component may store model metadata in its document repository. The type of these documents is generally model and the URI of these documents is generally the name of the model. Model metadata may be accessed using a document manager component of the Policy Manager.
- An instance metadata component may provide a schema to describe a specific resource as an instance of a resource model using an XML infoset. The following describes certain attributes and elements in such a schema:
-
- /resource@name: This attribute may indicate the name of the instance.
- /resource@model: This attribute may indicate the name of the model the instance is based on.
- /resource@{field: any}: This attribute may provide a value for one field. Most fields will generally be defined by the model, but an instance can store values for custom fields.
- /resource/descriptions: This element may contain a collection of localized display names and descriptions to be used when displaying information about the resource instance in a UI.
- /resource/wsp:PolicyReference: This element may contain a reference to a policy.
- /resource/wsp:PolicyReference/@orawsp:category: This attribute may indicate the category of the policy.
- /resource/wsp:PolicyReference/@orawsp:status: This attribute may indicate whether the reference is enabled (meaning that the runtime will enforce the policy) or disabled (meaning that the runtime will ignore the policy).
- /resource/definitions: This element may contain a collection of the supported configuration properties, along with localized descriptions and default values. This element will generally be provided only for instances of the Enterprise resource model.
- /resource/resource: This element, which is generally valid only when the model's @kind attribute has the DEPLOYABLE value, may contain a sub-instance. This will generally contain the same attribute and elements in a top-level instance, except for definitions.
- A Policy Manager component may store instance metadata in its document repository. The type of these documents is resource and the URI of these documents is indicated by its model. Instance metadata may be accessed using a document manager component of the Policy Manager.
- A properties metadata component may provide a schema to describe the configuration or inventory of a specific resource using an XML infoset. The following describes certain attributes and elements that may be in the schema:
-
- /properties@type: This attribute may indicate the type of properties. This may be CONFIGURATION (if the properties are used to configure a runtime) or INVENTORY (if the properties are used to describe a host environment).
- /properties@resource: This attribute may indicate the URI of the instance associated with the configuration.
- /properties/property: This element may contain one or more values for a named property. A configuration element may contain any number of property elements.
- /properties/property@category: This attribute may identify the category of the property. This may be used to group related properties.
- /properties/property@name: This attribute may identify the name of the property.
- /properties/property/value: This element may specify a value for the property.
- A property element generally must contain either one or more value elements or one or more values elements.
-
- /properties/property/values: This element may specify a set of values for the property. A property element generally must contain either one or more value elements or one or more values elements.
- /properties/property/values@group: This element may specify a group name for the values it contains.
- /properties/property/values/value: This element may specify a value for the property. A values element generally must contain one or more value elements.
- A Policy Manager component may store properties metadata in its document repository. The type of these documents is the lowercase form of their @type attribute and the URI for these documents is the value of their @resource attribute. Configuration properties metadata may be accessed using a document manager component of the Policy Manager. Inventory properties metadata may be accessed using a usage tracker component of the Policy Manager.
- A seed model metadata component may define a set of documents describing the models predefined by the product. Each document may be loaded into the repository during seeding operations performed by the existing upgrade manager bean APIs.
- Enterprise model metadata may be used to describe an enterprise that is managed by the product and access the configuration properties supported by the product. Because the product can typically manage only a single enterprise, attempts to create an Enterprise instance will usually result in an error.
- Search criterion identifying the model may be the following: model/Enterprise Search criterion identifying an instance of the model may use the following pattern:
- resource/ENTERPRISE/<instance-name>
- Platform model metadata may be used to describe a platform certified for use by the product. Because the product can typically manage only certified platforms, attempts to create or modify a Platform instance will usually result in an error.
- Search criterion identifying the model may be as follows:
- model/Platform
- Search criterion identifying an instance of the model may use the following pattern:
- resource/PLATFORM/<instance-name>
- Domain model metadata may be used to describe a management domain that is managed by the product.
- Search criterion identifying the model may include the following:
- model/Domain
- Search criterion identifying an instance of the model may use the following pattern:
- resource/DOMAIN/<platform-name>/<instance-name>
- Server model metadata may be used to describe a server instance running in a management domain that is managed by the product.
- Search criterion identifying the model may include the following:
- model/Server
- Search criterion identifying an instance of the model may use the following pattern:
- resource/SERVER/<platform-name>/<domain-name>/<instance-name>
- Application model metadata may be used to describe an application that has been deployed into a management domain managed by the product and, potentially, targeted to one or more of the domain's servers.
- Search criterion identifying the model may include the following:
- model/Application
- Search criterion identifying an instance of the model may use the following pattern:
- resource/APPLICATION/<platform-name>/<domain-name>/<instance-name>
- A seed instance metadata component may define a set of documents describing the instances predefined by the product. Each document may be loaded into the repository during seeding operations performed by the existing upgrade manager bean APIs.
- Certain embodiments of the disclosed technology are generally directed toward techniques for defining a product's configurable characteristics, which may also be referred to herein as properties, including the specifying of each property's name, description, structure, and default value, for example, along with indicating which resource type(s) each property may be associated with. Alternatively or in addition thereto, embodiments may be generally directed toward techniques for associating one or more supported configuration values with a resource and collecting an arbitrary set of values, which may also be referred to herein as an inventory, that describes the particular environment that is hosting the resource.
- Certain embodiments of the disclosed technology may allow an administrator to model an application and its [client and service] ports by describing them in terms of the nodes and components. Furthermore, such embodiments may allow an administrator to attach security and management policies to these ports and configure their behavior.
- Certain embodiments may implement a feature that provides an administrator with the capability to model the applications within an enterprise and the (client and service) ports which they host. This may be limited to J2EE applications which host web service or web service client ports using the SOAP over HTTP protocol.
- Certain embodiments of the disclosed technology generally allow developers to build applications that satisfy client-side requirements without having to implement standard behaviors (e.g., providing security tokens) themselves. Such implementations may do so in a manner that builds on top of the platform's native APIs (for REST) or other commonly used lightweight libraries (for SOAP) instead of requiring a developer to learn how to use an entirely new one. Such embodiments generally define a declarative, lightweight solution for enforcing behaviors required by accessing SOAP web services and RESTful resources that requires little integration.
- Certain embodiments of the disclosed technology are directed to an agent for mobile application development framework (APPDF) applications, which may be implemented as a Web Services Manager component. Such a component may provide a library that can be used by application development frameworks (e.g., APPDF-Mobile) to enforce authentication, message protection, and other behaviors for Java-based mobile clients that access REST resources and SOAP-based web services.
- An APPDF-Mobile product in accordance with the disclosed technology may be used to enforce policies attached to mobile web service clients. In their architecture, web service clients may be defined by entries in the APPDF's connections . xml file, for example. These entries may indicate the location of the web service and the protocol used to access it (e.g., SOAP or RESTful). They may also specify the policies to be enforced by URI and any policy configuration properties.
- Mobile applications may use the APPDF-Mobile product to access SOAP [version 1.1/1.2, for example] and RESTful web services exposed by an application deployed to an enterprise-class server (e.g., a JEE container). In an example, a SOAP service may be hosted by a WebLogic Server and be configured to use the WSM to enforce security policies. For example, SOAP web services may be configured to use a seed policy that allows a client to use one of a variety of different authentication mechanisms (e.g., HTTP Basic authentication credentials, a [WS-SecurityPolicy] username token, or a [WS-SecurityPolicy] SAML token) with either [WS-SecurityPolicy] message protection or SSL.
- An agent for mobile applications in accordance with the disclosed technology may provide the ability to enforce pre-defined security and management scenarios when making requests to REST resources and SOAP-based web services. A scenario to be enforced may be specified in the form of a URI that references a web service policy document (e.g., expressed using the [WS-Policy] language) that contains one or more assertions that define the desired behavior. Additionally, a reference may be accompanied by configuration properties that override the default behavior defined by the policy.
- Such an agent for mobile applications may be packaged with a framework (e.g., [APPDF-Mobile]) that provides facilities for developing mobile applications including Java-based business logic that accesses REST resources or SOAP-based web services. Rather than being directly consumed by an application's business logic, the agent may act as an internal component supporting the application development framework.
- An agent for mobile applications in accordance with the disclosed technology may be delivered to consuming frameworks in the form of a library (e.g., packaged as a set of Java archives (JAR files)) to be included with the customer's application. The framework will be generally responsible for calling the relevant APIs provided by the library to initialize the agent and integrating it with the appropriate web service stack (e.g., [kSOAP2]) before client requests and server responses are processed.
- Embodiments of the disclosed technology may be integrated with systems that use separate specific abstractions for web service messages and the transports used to send/receive them.
-
FIG. 3 illustrates a first example of computer-controlledmethod 300 of incorporating an agent for mobile application development framework (APPDF) applications in accordance with the disclosed technology. At 302, an envelope is created for a request from a mobile application to invoke a web service. At 304, the envelope is passed to a transport component, which creates a connection through which the envelope will be sent and also uses an agent to create an enforcement context, as shown at 306 and 308, respectively. A proxy envelope and proxy connection may then be created based on the enforcement context, as shown at 310 and 312, respectively. At 314, the proxy envelope is streamed through the proxy connection to the web service. An example of the illustratedmethod 300 is now described. - In the example, a Mobile Application initializes the APPDF Mobile Framework before it can invoke SOAP-based web services. Internally, the APPDF Mobile Framework manages a list of APPDF Connection components, one for each callable web service. When an APPDF Connection component is created for a SOAP web service, it creates one instance of a kSOAP2 HTTP Transport component to call the web service and one instance of the WSM kSOAP2 Agent component to enforce policies attached to it (according to the Configuration supplied to it).
- When a Mobile Application (1) invokes a web service, the APPDF Mobile Framework component (2) creates an envelope for a request (a kSOAP SOAP Envelope component) and then (3) calls the service by passing the envelope to the kSOAP2 HTTP Transport component created during initialization. The transport (4) creates a connection (based on a kSOAP2 Service Connection) through which the envelope will be sent and uses the agent to (5) create an enforcement context. This context is used to create proxies for both the envelope (a WSM SOAP Envelope Proxy) and connection (a WSM Service Connection Proxy). Finally, the transport (6) streams the proxy envelope through the proxy connection to the web service.
- Embodiments of the disclosed technology may be integrated with systems that use a single specific abstraction for the transportation of web service messages but do not have a specific abstraction for the messages themselves and, instead, use primitive mechanisms such as binary/text data streams.
FIG. 3 illustrates an example of system implementing a Java ME HTTPConnection API in accordance with certain embodiments of the disclosed technology. - In the example, a Mobile Application initializes the APPDF Mobile Framework before it can invoke RESTful web services. Internally, the APPDF Mobile Framework manages a list of APPDF Connection components, one for each callable web service. When an APPDF Connection component is created for a SOAP web service, it creates one instance of the WSM HTTP Connection Agent component to enforce policies attached to it (according to the Configuration supplied to it).
-
FIG. 4 illustrates a second example of computer-controlledmethod 400 of incorporating an agent for mobile APPDF applications in accordance with the disclosed technology. At 402, a connection is created through which a request to invoke a web service will be sent. At 404, an agent is used to create an enforcement context. At 406, a proxy is created for the connection based on the enforcement context and, at 408, the request is streamed through the proxy connection to the web service. An example of the illustratedmethod 400 is now described. - When a Mobile Application (1) invokes a RESTful web service, the APPDF Mobile Framework component (2) creates a connection (based on a Java ME HTTP Connection) through which a request will be sent and uses the agent to (3) create an enforcement context. This context is used to create a proxy for the connection (an WSM HTTP Connection Proxy). Finally, the framework (4) streams the request through the proxy connection to the web service.
- The following discussion is intended to provide a brief, general description of a suitable machine in which embodiments of the disclosed technology can be implemented. As used herein, the term “machine” is intended to broadly encompass a single machine or a system of communicatively coupled machines or devices operating together. Exemplary machines may include computing devices such as personal computers, workstations, servers, portable computers, handheld devices, tablet devices, and the like.
- Typically, a machine includes a system bus to which processors, memory such as random access memory (RAM), read-only memory (ROM), and other state-preserving medium, storage devices, a video interface, and input/output interface ports can be attached. The machine may also include embedded controllers such as programmable or non-programmable logic devices or arrays, Application Specific Integrated Circuits (ASICs), embedded computers, smart cards, and the like. The machine may be controlled, at least in part, by input from conventional input devices such as keyboards and mice, as well as by directives received from another machine, interaction with a virtual reality (VR) environment, biometric feedback, or other pertinent input.
- The machine may utilize one or more connections to one or more remote machines, such as through a network interface, modem, or other communicative coupling. Machines can be interconnected by way of a physical and/or logical network, such as an intranet, the Internet, local area networks, wide area networks, etc. One having ordinary skill in the art will appreciate that network communication may utilize various wired and/or wireless short range or long range carriers and protocols, including radio frequency (RF), satellite, microwave, Institute of Electrical and Electronics Engineers (IEEE) 545.11, Bluetooth, optical, infrared, cable, laser, etc.
- Embodiments of the disclosed technology may be described by reference to or in conjunction with associated data including functions, procedures, data structures, application programs, instructions, etc. that, when accessed by a machine, may result in the machine performing tasks or defining abstract data types or low-level hardware contexts. Associated data may be stored in, for example, volatile and/or non-volatile memory, such as RAM and ROM, or in other storage devices and their associated storage media, which can include hard-drives, floppy-disks, optical storage, tapes, flash memory, memory sticks, digital video disks, biological storage, and other non-transitory, physical storage media.
- Associated data may be delivered over transmission environments, including the physical and/or logical network, in the form of packets, serial data, parallel data, etc., and may be used in a compressed or encrypted format. Associated data may be used in a distributed environment, and stored locally and/or remotely for machine access.
- Having described and illustrated the principles of the invention with reference to illustrated embodiments, it will be recognized that the illustrated embodiments may be modified in arrangement and detail without departing from such principles, and may be combined in any desired manner. And although the foregoing discussion has focused on particular embodiments, other configurations are contemplated. In particular, even though expressions such as “according to an embodiment of the invention” or the like are used herein, these phrases are meant to generally reference embodiment possibilities, and are not intended to limit the invention to particular embodiment configurations. As used herein, these terms may reference the same or different embodiments that are combinable into other embodiments.
- Consequently, in view of the wide variety of permutations to the embodiments described herein, this detailed description and accompanying material is intended to be illustrative only, and should not be taken as limiting the scope of the invention. What is claimed as the invention, therefore, is all such modifications as may come within the scope and spirit of the following claims and equivalents thereto.
Claims (17)
1. A computer-controlled method of registering an application, comprising:
indicating a type of platform;
providing information about the application;
registering at least one port hosted by the application; and
saving the application configuration.
2. The computer-controlled method of claim 1 , wherein the type of platform is WebSphere.
3. The computer-controlled method of claim 1 , wherein the information about the application comprises at least one of a group consisting of the following: name, description, cell name, and servers.
4. The computer-controlled method of claim 1 , wherein registering the at least one port comprises a module name and associated WSDL file.
5. The computer-controlled method of claim 1 , wherein registering the at least one port comprises providing a module name, service name or client name, and port name.
6. The computer-controlled method of claim 1 , further comprising attaching a policy to the registered application.
7. The computer-controlled method of claim 6 , wherein attaching the policy to the registered application comprises navigating to the desired application within an enterprise or searching for the registered application by application name.
8. The computer-controlled method of claim 7 , wherein attaching the policy to the registered application further comprises navigating to the desired client port or service port, or searching for the port by port type, port name, or both.
9. The computer-controlled method of claim 8 , wherein attaching the policy to the registered application further comprises selecting at least one policy to be attached to the port.
10. The computer-controlled method of claim 9 , wherein attaching the policy to the registered application further comprises validating the policy subject.
11. The computer-controlled method of claim 10 , further comprising saving the application configuration.
12. The computer-controlled method of claim 6 , further comprising detaching the policy from the registered application.
13. The computer-controlled method of claim 12 , wherein detaching the policy from the registered application comprises navigating to the desired application within an enterprise or searching for the registered application by application name.
14. The computer-controlled method of claim 13 , wherein detaching the policy from the registered application further comprises navigating to the desired client port or service port, or searching for the port by port type, port name, or both.
15. The computer-controlled method of claim 14 , wherein detaching the policy from the registered application further comprises selecting at least one policy to be detached from the port.
16. The computer-controlled method of claim 15 , further comprising saving the application configuration.
17. The computer-controlled method of claim 1 , further comprising storing the registered application as a document within a WSM metadata repository.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/012,882 US20140188972A1 (en) | 2012-12-31 | 2013-08-28 | Modeling enterprise resources and associating metadata therewith |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201261747924P | 2012-12-31 | 2012-12-31 | |
US201261747913P | 2012-12-31 | 2012-12-31 | |
US201361800701P | 2013-03-15 | 2013-03-15 | |
US14/012,882 US20140188972A1 (en) | 2012-12-31 | 2013-08-28 | Modeling enterprise resources and associating metadata therewith |
Publications (1)
Publication Number | Publication Date |
---|---|
US20140188972A1 true US20140188972A1 (en) | 2014-07-03 |
Family
ID=51018479
Family Applications (5)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/012,892 Active US9632764B2 (en) | 2012-12-31 | 2013-08-28 | Defining configurable characteristics of a product and associating configuration with enterprise resources |
US14/012,899 Abandoned US20140189136A1 (en) | 2012-12-31 | 2013-08-28 | Enforcing web service policies attached to clients operating in restricted footprint platforms |
US14/012,882 Abandoned US20140188972A1 (en) | 2012-12-31 | 2013-08-28 | Modeling enterprise resources and associating metadata therewith |
US15/467,271 Active 2033-10-24 US10644929B2 (en) | 2012-12-31 | 2017-03-23 | Defining configurable characteristics of a product and associating configuration with enterprise resources |
US16/129,359 Active US10693708B2 (en) | 2012-12-31 | 2018-09-12 | Defining configurable characteristics of a product and associating configuration with enterprise resources |
Family Applications Before (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/012,892 Active US9632764B2 (en) | 2012-12-31 | 2013-08-28 | Defining configurable characteristics of a product and associating configuration with enterprise resources |
US14/012,899 Abandoned US20140189136A1 (en) | 2012-12-31 | 2013-08-28 | Enforcing web service policies attached to clients operating in restricted footprint platforms |
Family Applications After (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/467,271 Active 2033-10-24 US10644929B2 (en) | 2012-12-31 | 2017-03-23 | Defining configurable characteristics of a product and associating configuration with enterprise resources |
US16/129,359 Active US10693708B2 (en) | 2012-12-31 | 2018-09-12 | Defining configurable characteristics of a product and associating configuration with enterprise resources |
Country Status (1)
Country | Link |
---|---|
US (5) | US9632764B2 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10644929B2 (en) | 2012-12-31 | 2020-05-05 | Oracle International Corporation | Defining configurable characteristics of a product and associating configuration with enterprise resources |
US20220046061A1 (en) * | 2018-08-20 | 2022-02-10 | Cisco Technology, Inc. | Elastic policy scaling in multi-cloud fabrics |
Families Citing this family (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9081746B1 (en) * | 2012-10-16 | 2015-07-14 | Teradici Corporation | Method for client configuration management in remote computing |
US9258668B2 (en) * | 2013-07-31 | 2016-02-09 | Sap Se | Mobile application framework extensibiilty |
EP3097481B1 (en) | 2014-01-21 | 2022-11-30 | Oracle International Corporation | System and method for supporting multi-tenancy in an application server, cloud, or other environment |
US10015242B2 (en) * | 2014-06-23 | 2018-07-03 | Oracle International Corporation | System and method for supporting restful management in a multitenant application server environment |
US10318280B2 (en) | 2014-09-24 | 2019-06-11 | Oracle International Corporation | System and method for supporting patching in a multitenant application server environment |
US9405530B2 (en) | 2014-09-24 | 2016-08-02 | Oracle International Corporation | System and method for supporting patching in a multitenant application server environment |
US10250512B2 (en) | 2015-01-21 | 2019-04-02 | Oracle International Corporation | System and method for traffic director support in a multitenant application server environment |
US10320935B2 (en) * | 2015-01-28 | 2019-06-11 | Red Hat, Inc. | Cache data validation |
US10073707B2 (en) * | 2015-03-23 | 2018-09-11 | n.io Innovations, LLC | System and method for configuring a platform instance at runtime |
CN105117347B (en) * | 2015-09-24 | 2018-09-28 | 上海爱数信息技术股份有限公司 | Analogy method, system and the automated testing method of test data, system |
EP3188010A1 (en) * | 2015-12-29 | 2017-07-05 | Tata Consultancy Services Limited | System and method for creating an integrated digital platform |
US10616320B2 (en) | 2016-09-16 | 2020-04-07 | Oracle International Corporation | System and method for restful management distributed collection in an application server environment |
US10868721B2 (en) | 2017-08-17 | 2020-12-15 | Oracle International Corporation | System and method for supporting a situational configuration in an application server environment |
US10715472B2 (en) | 2017-08-22 | 2020-07-14 | Oracle International Corporation | System and method for unit-of-order routing |
US11070559B2 (en) | 2017-08-23 | 2021-07-20 | Oracle International Corporation | System and method for supporting object-based security |
US11416235B2 (en) * | 2017-09-28 | 2022-08-16 | Oracle International Corporation | System and method for managed server independence for deployment of software applications and libraries |
US10425456B2 (en) * | 2017-11-29 | 2019-09-24 | Bank Of America Corporation | Request processing system using a splitting engine |
US11144513B1 (en) * | 2018-02-09 | 2021-10-12 | Amazon Technologies, Inc. | Policy based management for key-value pairs |
US11683294B2 (en) * | 2019-12-30 | 2023-06-20 | Imperva, Inc. | Privacy-preserving learning of web traffic |
US20220330013A1 (en) * | 2021-04-13 | 2022-10-13 | Bank Of Montreal | Managing configurations of mobile devices across mobility configuration environments |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030009253A1 (en) * | 2001-06-22 | 2003-01-09 | Wonderware Corporation | Remotely monitoring/diagnosing distributed components of a supervisory process control and manufacturing information application from a central location |
US20060047665A1 (en) * | 2001-01-09 | 2006-03-02 | Tim Neil | System and method for simulating an application for subsequent deployment to a device in communication with a transaction server |
US20060122939A1 (en) * | 2004-11-19 | 2006-06-08 | Cohen Mark S | System and method for generating and verifying application licenses |
US7522060B1 (en) * | 2005-04-25 | 2009-04-21 | Anytransactions, Inc. | Graduated sanction/progressive response system and method for automated monitoring, scheduling and notification |
US20100281458A1 (en) * | 2009-04-30 | 2010-11-04 | Business Objects, S.A. | Application modification framework |
US20110302656A1 (en) * | 2009-02-24 | 2011-12-08 | Fadi El-Moussa | Detecting malicious behaviour on a computer network |
US20120226530A1 (en) * | 2006-07-18 | 2012-09-06 | American Express Travel Related Services Company, Inc. | System and method for providing coupon-less discounts based on a user broadcasted message |
US8291378B2 (en) * | 2008-07-29 | 2012-10-16 | International Business Machines Corporation | Simplified deployment modeling |
Family Cites Families (35)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060036941A1 (en) | 2001-01-09 | 2006-02-16 | Tim Neil | System and method for developing an application for extending access to local software of a wireless device |
US7191435B2 (en) * | 2002-06-07 | 2007-03-13 | Sun Microsystems, Inc. | Method and system for optimizing software upgrades |
US8775649B2 (en) * | 2002-11-26 | 2014-07-08 | Oracle America, Inc. | Optimizing client code through automated server specialization |
US7409674B2 (en) * | 2002-12-26 | 2008-08-05 | Research In Motion Limited | System and method of creating and communicating with component based wireless applications |
US8069435B1 (en) | 2003-08-18 | 2011-11-29 | Oracle America, Inc. | System and method for integration of web services |
US7831693B2 (en) | 2003-08-18 | 2010-11-09 | Oracle America, Inc. | Structured methodology and design patterns for web services |
US8346929B1 (en) | 2003-08-18 | 2013-01-01 | Oracle America, Inc. | System and method for generating secure Web service architectures using a Web Services security assessment methodology |
US7698398B1 (en) * | 2003-08-18 | 2010-04-13 | Sun Microsystems, Inc. | System and method for generating Web Service architectures using a Web Services structured methodology |
US7624393B2 (en) * | 2003-09-18 | 2009-11-24 | International Business Machines Corporation | Computer application and methods for autonomic upgrade maintenance of computer hardware, operating systems and application software |
US8340283B2 (en) * | 2004-06-30 | 2012-12-25 | International Business Machines Corporation | Method and system for a PKI-based delegation process |
US8082541B2 (en) * | 2004-12-09 | 2011-12-20 | Advantest Corporation | Method and system for performing installation and configuration management of tester instrument modules |
US20090030773A1 (en) * | 2005-03-10 | 2009-01-29 | Kamhoot Ronald P F | Information Acquisition System |
US7747983B2 (en) | 2005-04-18 | 2010-06-29 | Research In Motion Limited | System and method for generating a web service definition and database schema from wireless application definition |
US20060236254A1 (en) | 2005-04-18 | 2006-10-19 | Daniel Mateescu | System and method for automated building of component based applications for visualizing complex data structures |
US20060235882A1 (en) | 2005-04-18 | 2006-10-19 | Daniel Mateescu | System and method for developing arbitrary and efficient mappings between complex message structures |
US8769021B2 (en) * | 2006-01-12 | 2014-07-01 | Broadcom Corporation | Method and system for light-weight SOAP transport for web services based management |
US20080014929A1 (en) * | 2006-05-05 | 2008-01-17 | Infosys Technologies Ltd. | Occasionally connected computing for mobile web services |
US9002018B2 (en) * | 2006-05-09 | 2015-04-07 | Sync Up Technologies Corporation | Encryption key exchange system and method |
US8180735B2 (en) * | 2006-12-29 | 2012-05-15 | Prodea Systems, Inc. | Managed file backup and restore at remote storage locations through multi-services gateway at user premises |
US20080270382A1 (en) * | 2007-04-24 | 2008-10-30 | Interse A/S | System and Method of Personalizing Information Object Searches |
US9280335B2 (en) * | 2010-09-30 | 2016-03-08 | International Business Machines Corporation | Semantically rich composable software image bundles |
US9003387B2 (en) * | 2009-09-25 | 2015-04-07 | Fisher-Rosemount Systems, Inc. | Automated deployment of computer-specific software updates |
US8478812B2 (en) * | 2009-09-29 | 2013-07-02 | Core Wireless S.A.R.L. | Method and apparatus for providing device compatibility information |
JP5482329B2 (en) * | 2010-03-15 | 2014-05-07 | 株式会社リコー | Image processing apparatus, device management system, job management method, job management program, and recording medium recording the program |
US9098363B2 (en) * | 2010-04-07 | 2015-08-04 | Apple Inc. | Search extensibility to third party applications |
US9461996B2 (en) | 2010-05-07 | 2016-10-04 | Citrix Systems, Inc. | Systems and methods for providing a single click access to enterprise, SAAS and cloud hosted application |
WO2011156532A2 (en) * | 2010-06-08 | 2011-12-15 | Google Inc. | Determining conversion rates for on-line purchases |
CA2838763C (en) * | 2011-06-10 | 2019-03-05 | Securekey Technologies Inc. | Credential authentication methods and systems |
US8990266B2 (en) * | 2011-10-18 | 2015-03-24 | CipherPoint Software, Inc. | Dynamic data transformations for network transmissions |
CA2889387C (en) * | 2011-11-22 | 2020-03-24 | Solano Labs, Inc. | System of distributed software quality improvement |
US20130139183A1 (en) * | 2011-11-28 | 2013-05-30 | Wyse Technology Inc. | Creation or installation of a disk image for a target device having one of a plurality of hardware platforms |
US8863299B2 (en) * | 2012-01-06 | 2014-10-14 | Mobile Iron, Inc. | Secure virtual file management system |
US8918387B1 (en) * | 2012-04-04 | 2014-12-23 | Symantec Corporation | Systems and methods for classifying applications configured for cloud-based platforms |
US9195840B2 (en) * | 2012-04-23 | 2015-11-24 | Google Inc. | Application-specific file type generation and use |
US9632764B2 (en) | 2012-12-31 | 2017-04-25 | Oracle International Corporation | Defining configurable characteristics of a product and associating configuration with enterprise resources |
-
2013
- 2013-08-28 US US14/012,892 patent/US9632764B2/en active Active
- 2013-08-28 US US14/012,899 patent/US20140189136A1/en not_active Abandoned
- 2013-08-28 US US14/012,882 patent/US20140188972A1/en not_active Abandoned
-
2017
- 2017-03-23 US US15/467,271 patent/US10644929B2/en active Active
-
2018
- 2018-09-12 US US16/129,359 patent/US10693708B2/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060047665A1 (en) * | 2001-01-09 | 2006-03-02 | Tim Neil | System and method for simulating an application for subsequent deployment to a device in communication with a transaction server |
US20030009253A1 (en) * | 2001-06-22 | 2003-01-09 | Wonderware Corporation | Remotely monitoring/diagnosing distributed components of a supervisory process control and manufacturing information application from a central location |
US20060122939A1 (en) * | 2004-11-19 | 2006-06-08 | Cohen Mark S | System and method for generating and verifying application licenses |
US7522060B1 (en) * | 2005-04-25 | 2009-04-21 | Anytransactions, Inc. | Graduated sanction/progressive response system and method for automated monitoring, scheduling and notification |
US20120226530A1 (en) * | 2006-07-18 | 2012-09-06 | American Express Travel Related Services Company, Inc. | System and method for providing coupon-less discounts based on a user broadcasted message |
US8291378B2 (en) * | 2008-07-29 | 2012-10-16 | International Business Machines Corporation | Simplified deployment modeling |
US20110302656A1 (en) * | 2009-02-24 | 2011-12-08 | Fadi El-Moussa | Detecting malicious behaviour on a computer network |
US20100281458A1 (en) * | 2009-04-30 | 2010-11-04 | Business Objects, S.A. | Application modification framework |
Non-Patent Citations (4)
Title |
---|
"Oracle Fusion Middleware Security and Administrator's Guide for Web Services". 11g Release 1 (11.1.1.5) April 2011. pgs. 1 - 676. * |
"Oracle Fusion Middleware Third-Party Application Server Guide" 11g Release 1 (11.1.1.6) November 2011. pgs. 1 - 234. * |
"Securing Web Services and Service-Oriented Architectures with Oracle Web Services Manager 11g". An Oracle White Paper. June 2009. pgs. 1 - 19. * |
Sun Microsystems. "Building Web Services". Chapter 3 - Creating a Web Service Client. pgs. 1 - 22. 2002. * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10644929B2 (en) | 2012-12-31 | 2020-05-05 | Oracle International Corporation | Defining configurable characteristics of a product and associating configuration with enterprise resources |
US10693708B2 (en) * | 2012-12-31 | 2020-06-23 | Oracle International Corporation | Defining configurable characteristics of a product and associating configuration with enterprise resources |
US20220046061A1 (en) * | 2018-08-20 | 2022-02-10 | Cisco Technology, Inc. | Elastic policy scaling in multi-cloud fabrics |
US11838325B2 (en) * | 2018-08-20 | 2023-12-05 | Cisco Technology, Inc. | Elastic policy scaling in multi-cloud fabrics |
Also Published As
Publication number | Publication date |
---|---|
US10644929B2 (en) | 2020-05-05 |
US10693708B2 (en) | 2020-06-23 |
US20140189681A1 (en) | 2014-07-03 |
US9632764B2 (en) | 2017-04-25 |
US20170195165A1 (en) | 2017-07-06 |
US20190013995A1 (en) | 2019-01-10 |
US20140189136A1 (en) | 2014-07-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10693708B2 (en) | Defining configurable characteristics of a product and associating configuration with enterprise resources | |
Subramanian et al. | Hands-On RESTful API Design Patterns and Best Practices: Design, develop, and deploy highly adaptable, scalable, and secure RESTful web APIs | |
US7761885B2 (en) | Task computing | |
US9043864B2 (en) | Constraint definition for conditional policy attachments | |
US8117280B2 (en) | Task computing | |
US8965958B2 (en) | File fetch from a remote client device | |
US8090844B2 (en) | Content management across shared, mobile file systems | |
EP3364631B1 (en) | Dynamic orchestration of microservices | |
US20030208533A1 (en) | Method and apparatus for managing web services within a computer network system | |
KR20180102212A (en) | Automated service profiling and orchestration | |
US11882154B2 (en) | Template representation of security resources | |
JP2013541069A (en) | Method, service registry, and computer program for service deployment from a service registry | |
EP2778968B1 (en) | Mobile telecommunication device remote access to cloud-based or virtualized database systems | |
US20150046994A1 (en) | Zero-step auto-customization of mobile applications | |
US20080216050A1 (en) | Method and System for Accessing a Resource Implemented in a Computer Network | |
US20100325139A1 (en) | Service Provider Management Console | |
Sefid‐Dashti et al. | A reference architecture for mobile SOA | |
US20230247081A1 (en) | Declarative rendering of hypertext transfer protocol headers | |
Ravi Kumar et al. | Setting Up Oracle GoldenGate on the OCI Marketplace | |
Karnouskos | Security-enabled code deployment for heterogeneous networks | |
Polgar | WSRP, SOA and UDDI |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: ORACLE INTERNATIONAL CORPORATION, CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BRYAN, JEFFREY J.;REEL/FRAME:031105/0110 Effective date: 20121231 Owner name: ORACLE INTERNATIONAL CORPORATION, CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:KAVANTZAS, NICKOLAS;REEL/FRAME:031104/0821 Effective date: 20130827 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |