US20080162499A1 - System and Method for Facilitating Access to Content Information - Google Patents
System and Method for Facilitating Access to Content Information Download PDFInfo
- Publication number
- US20080162499A1 US20080162499A1 US12/041,161 US4116108A US2008162499A1 US 20080162499 A1 US20080162499 A1 US 20080162499A1 US 4116108 A US4116108 A US 4116108A US 2008162499 A1 US2008162499 A1 US 2008162499A1
- Authority
- US
- United States
- Prior art keywords
- service provider
- data service
- access
- client
- access object
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/20—Software design
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/567—Integrating service provisioning from a plurality of service providers
Definitions
- the present invention discloses systems and methods for facilitating the development of a customizable portlet, facilitating access to content information, and managing an access contract between a client and a data service provider.
- Portals provide a secure, single point of access to diverse information and applications that are personalized to the needs of their users.
- Portals typically provide a variety of services including, but not limited to, Web searching, news, white and yellow pages directories, e-mail, discussion groups, online shopping and links to other sites.
- Portals are increasingly being used as points to disseminate information particular to a specific industry such as banking, insurance, or computer technology, for example.
- Corporate portals also often include information relevant to a specific company, such as intranet information, and links to other information sources relevant to the company's business.
- Portlets may comprise a plurality of portlets.
- Portlets are applications, typically executed or presented in the context of a portal, that perform one or more specific functions. Creating these highly customizable applications that run over a network, however, has traditionally been a difficult and resource-intensive effort requiring many hours of programming and configuration effort.
- the ubiquitous accessibility of the Internet and the popularity of corporate and enterprise portals has increased the demand for portlets whose level of difficulty to modify is low.
- Users of Enterprise Resource Planning (ERP) systems have in particular required to endure a prescribed portlet format and difficult user-interface to perform even the simplest tasks.
- ERP Enterprise Resource Planning
- the ability of a user to customize a portlet has been extremely limited, often requiring modifications to be made from a position local to the server or other host computer.
- the present invention addresses these and other problems.
- the present invention provides for a method and system where the responsibilities of data access and retrieval, data presentation, and data security are separated into multiple modular components.
- a portal end user can mix and match portlet characteristics as preferred.
- the user interface is logical, easy-to-use, and in some embodiments, non-programmatic.
- portlets are individual sets of functionality that perform a specific function, the invention enables the creation of declarative portlets through a set of intercommunicating modules, which take generalized business logic and allow for multiple levels of customization.
- the present invention also includes a method and system for developing an environment for the declarative development of portlets and for the orchestration of web service flows.
- the method and system provides content information, presentation, and security management modules, which are swappable or exchangeable to allow for a variety of solutions.
- the method and system provides controls for customizing, e.g., building or tailoring, portlets, web services, etc. This modular design supports portlet development and the declarative development of web services, mobile applications, etc.
- portlets developed using the techniques described herein include customizability and portability since the presentation of a portlet is separated from the data interaction and logic.
- the functionality of a portlet is defined by a configuration or specification, which is customizable, for example, by an administrator, for browsing a content source, configuring security, and the like.
- the resulting configuration or specification is then made available to the employees or customers. These employees or customers may choose to further customize the portlet for use in their specific pages, e.g., by filtering data, arranging or formatting.
- the present invention provides a method for facilitating development of a customizable portlet.
- the method comprises receiving requested content information and merging specified presentation information with the requested content information to form merged information adapted to be rendered in the customizable portlet.
- the present invention comprises rendering the customizable portlet on a client display device.
- the rendered portlet may be displayed as part of a portal, in its own screen, or in an administrative screen.
- the modules may be swappable, for example, an information broker or other data access and content-retrieval modules may be exchanged for an alternative content-retrieval module or modules.
- the portlet is customizable by a client, such as a user, administrator, or any other individual responsible for or interested in an aspect of portal customization.
- a client requests the content and presentation information, although the same client or a different client that specifies the presentation information may request content information. Further, the client that requests the requested content information or the client that specifies the presentation information can be the same or different as the end user client.
- a presentation module ascertains the presentation vehicle at run-time based on properties of an associated client.
- Such presentation vehicle may include, for example, an HTML-based browser, a WML-compatible wireless device, a conduit for a web service, etc.
- An authentication module or functionality may be provided.
- a credential broker manages circumstances under which users may access certain resources.
- the authentication functionality involves the receipt of a request and a user-associated token from a user and associating the user-associated token with credentials associated with the user.
- a request for content information is passed to a corresponding data service provider if the credentials associated with the user indicate that user access is authorized.
- the authentication functionality may comprise passing the request to a data service provider corresponding to the request, and providing the requested content information if the data service provider indicates that user access is authorized.
- the present invention is a system for facilitating development of a customizable portlet.
- the system comprises a presentation module configured to receive specified presentation information, a content-retrieval module, and a director module configured to provide the presentation module with requested content information from the content-retrieval module.
- the presentation module is configured to merge the requested content information and specified presentation information to form merged information to be rendered in the customizable portlet.
- the content-retrieval module is swappable.
- the requested content information may comprise client-requested content information and the specified presentation information may comprise client-specified presentation information.
- the merged information may be accessible at a server and configured to be rendered in a client display.
- the merged information may therefore be rendered in a client-customizable portlet, a portal screen, or administration screen.
- the merged information may preferably be rendered in at least one of an HTML-based browser and a WML-compatible wireless device.
- the presentation module is configured to ascertain the presentation application or module being used at run-time based on properties of an associated client.
- the director module implements a scenario chosen from a group of at least one scenario.
- a credential module may be provided and configured to receive a request for content information and a user-associated token from a user, associate the user-associated token with credentials associated with the user, and block passage of the request to a corresponding data service provider if the credentials associated with the user indicate that user access is unauthorized.
- the system is further configured to allow the data service provider to reject the service request when the data service provider identifies that user access is unauthorized.
- the present invention also provides a method for facilitating access to content information.
- the method comprises receiving a request for content information, choosing at least one data service provider access object that is configured to access a data service provider responsive to the request, and assigning the chosen data service provider access object to the request.
- Choosing may comprise choosing a pluggable data service provider access object from a group of one or more pluggable data service provider access objects.
- the method comprises identifying the data service provider associated with the request from a group of one or more data service providers.
- the data service provider access object may be accessed either locally or remotely.
- the method comprises accessing the data service provider with the chosen data service provider access object, which may also comprise authenticating access rights.
- the associated data service provider for which access is sought may perform authentication. Alternatively, multiple authentication schemes may be utilized by the invention.
- the method comprises retrieving the content information from the data service provider with the chosen data service provider access object, and may further comprise transmitting the content information to a module configured to merge the content information with presentation information, thereby forming information for rendering by a rendering application.
- the method provided herein also manages an access contract between a client and a data service provider.
- the method comprises identifying the client and assigning use of a data service provider access object associated with the data service provider to the client for the duration of the access contract.
- the method comprises notifying the client when the access contract is expired or about to expire.
- the method comprises canceling the assignment to the client after the access contract expires.
- the method comprises identifying another client having an access contract with the data service provider and reassigning use of the data service provider access object to the another client for the duration of the access contract between the another client and the data service provider.
- the system comprises a management module configured to receive a request for content information and a data service provider access object that is configured to access a data service provider associated with the request.
- the management module chooses a the data service provider access object from a group of at least one data service provider access object and assigns the chosen data service provider access object to the request.
- the data service provider access object comprises a pluggable data service provider access object, which may be local or remote to the management module.
- the management module is configured to identify the data service provider associated with the request from a group comprising at least one data service provider wherein the chosen data service provider access object is configured to access the data service provider.
- the chosen data service provider access object is preferably configured to retrieve the content information from the data service provider.
- the management module transmits the content information from the data service provider access object to a module configured to merge the content information with presentation information, thereby forming information that may be rendered on a client device.
- the system is compatible with one or more authentication schemes associated with the data service provider.
- the system is provided with an authentication module that is configured to authenticate the request and selectively allow access to the data service provider.
- the present invention also provides a system for managing an access contract between a client and a data service provider.
- the system comprises a management module and a data service provider access object associated with the data service provider.
- the management module is configured to identify the client and assign use of the data service provider access object to the client for the duration of the access contract. In one embodiment, the management module notifies the client when the access contract expires or is about to expire.
- the management module may cancel an assignment to the client after the access contract expires.
- the management module is configured to identify another client having an access contract with the data service provider and reassign use of the data service provider access object to the another client for the duration of the access contract between the another client and the data service provider.
- the management module is also adapted to receive a request for content information, choose from a group of at least one data service provider access object, a data service provider access object that is adapted to access a data service provider associated with the request, and assign the chosen data service provider access object to the request.
- FIG. 1 is a block diagram presenting a configuration of hardware and software components according to one embodiment of the present invention
- FIG. 2 is a package diagram presenting an embodiment of a scenario director with associated packages according to one embodiment of the present invention
- FIG. 3 is a block diagram presenting an embodiment of the connectivity between a presentation broker and portlet player(s) according to one embodiment of the present invention
- FIG. 4 is a block diagram presenting an information broker according to one embodiment of the present invention.
- FIG. 5 is a block diagram presenting an information broker according to an alternative embodiment of the present invention.
- FIG. 6 is a flow chart presenting an embodiment of an authentication method according to one embodiment of the present invention.
- the present invention meets the need for a personalized approach to implementing portlets that can be tailored to different companies, business units and users.
- the portlet development system disclosed herein creates an operating environment for integrating enterprise processes.
- the invention provides tools and an architecture for creating operational task scenarios that are understandable to the average user and that may be invoked by human or machine processes as clients from various computing devices.
- the system provides non-programmatic solutions, including both declarative and graphical tools, to the problem of composing and orchestrating enterprise-related task specifications.
- Automating application specifications is a challenging task, which is simplified by separating this task into manageable categories.
- an architecture and methodology are used that utilize widely adopted industry standards and infrastructure technologies in a novel and useful way.
- the system provides tools that enable services and schemas to define and execute the aggregated components of a presentation specification for a presentation broker, a service request specification for an information broker, and a credential specification for a credential broker.
- the system comprises various aspects, including presentation and framework, security, user management, personalization, content management, performance and scalability, search, and enterprise information connectivity features.
- the system is an XML-driven enterprise process delivery engine having an architecture that unifies widely accepted internetworking technology standards into an operating framework that transforms declaratively generated specifications for data and process services, client presentation and user credentials into custom solutions.
- the architecture of the present invention may be based on a set of data classes and affiliated processing components.
- the architecture defines four primary data classes that are called specifications and comprise the “scenario”, the “service request”, the “presentation”, and the “credential”.
- a scenario generically describes a set of desired services, the ordering of those services and delivery rules for the result.
- a scenario may contain one or more data classes, including another scenario.
- Requests which may be in the form of XML messages, cause specialized objects of these types to interact with one or more of the scenario director 120 and enabling service components, identified as a information broker 150 , presentation broker 160 and credential Broker 140 .
- GUI Graphical User Interface
- a user modifies scenarios to customize or define portlets by navigating metadata catalogs and presentation objects available in a solution space that the master builder 112 provides.
- the system stores the scenarios in scenario store 130 .
- the scenario director 120 processes the scenario to retrieve content via the information broker 150 and present the results in the portlet player 110 to the authorized requester.
- a GUI-based tool may be utilized such as the master builder 112 illustrated in U.S. patent application Ser. No. 10/051,802.
- the use of the term “master builder” herein does not necessarily require the master builder of U.S. patent application Ser. No. 10/051,802. Any compatible customization tool may be used as a master builder 112 .
- the master builder 112 may comprise a processing module that is executed by or within a content rendering application, such as a web browser, or may be a stand-alone executable.
- the master builder 112 which may be resident on a client 105 , comprises a portlet through which other portlets can be defined.
- the portlet player 110 renders data that it receives from the scenario director 120 .
- the scenario director 120 passes the portlet player 110 merged information comprising presentation information and content information.
- the portlet player 110 may be embedded in a container such as the hosted portlet.
- the portlet player 110 manages its own display space and, because it is not dependent on markup language limitations, may deliver a richer user experience that includes graphical controls, direct manipulation and drag and drop.
- the portlet player 110 is maintained at a client 105 .
- the master builder 112 and portlet player 110 may be resident on the same or different clients 105 .
- Multiple master builders 112 or portlet players 110 may be located on one client or distributed across multiple clients 105 .
- the master builder 112 is the design studio for creating scenarios and specifications. Like the portlet player, the master builder 112 works together with the scenario director 120 to present a portlet to the user. This cooperation results in a plurality of specifications, collectively referred to as a scenario, being written to a database, which may comprise a scenario store 130 . As noted above, specifications define the requirements for the presentation, content and credentials of a portlet. Collectively, these three specifications make up an overall scenario 210 , which will be further discussed below with reference to FIG. 2 . Scenarios may be formatted and stored in the scenario store 130 as XML data files according to associated XML schemas. In one embodiment, the service request or presentation definition are predefined by user specification(s) created with the master builder 112 . The specified presentation information may be client-specified, default-specified, or other.
- the portlet player 110 is typically executed on the client side 105 and is utilized by a user to invoke a scenario 210 by the scenario director 120 , which in one embodiment resident on a server 115 .
- the scenario director 120 receives a service request and retrieves a presentation definition from the scenario store 130 , which may be in a memory, database, or other data store.
- the scenario store 130 or other scenario and specification storage is on the client side 105 .
- a user's personal parameter selections may be stored and available to users within their own portal space.
- a scenario director software module 120 is provided that is responsible for aggregating the resources of other components or modules to execute a scenario 210 .
- the scenario director 120 may comprise specialized submodules to handle different communication technologies or protocols such as an HTTP servlet interface, for example, or other specialized protocol or access mechanism.
- the scenario director 120 executes a scenario 210 and uses the scenario's various constituent specifications to implement the enabling package components of the presentation broker 160 , information broker 150 , and credential broker 140 .
- the scenario 210 comprises a collective specification outlining the various enabling components and enabling component specifications including presentation, data access and retrieval, and process flow for a defined process such as portlet or web service.
- the scenario director 120 is responsible for directing the enabling components 140 , 150 and 160 services to execute a scenario 210 .
- the scenario director 120 can manage multiple scenarios 210 for presentation to multiple clients in parallel. Because the enabling service components are self-sufficient, a well-defined task may be invoked directly by an arbitrary client through a specification, for example, a WSDL-compliant service request to the information broker 150 . In this way, a “facsimile” director module 120 may entirely replace the scenario director 120 or other director module.
- Each enabling service component such as the information broker 150 or presentation broker 160 , is self-sufficient in servicing requests with respect to its domain of responsibility. Thus, a well-defined task may be invoked directly by an arbitrary client through a corresponding specification.
- a service request can be sent directly to an independent information broker 150 .
- a service request is WSDL-compliant.
- the enabling components 140 , 150 and 160 are swappable to thereby allow alternate content-retrieving modules to or retrieve alternative data or to provide alternate functionality while still maintaining compatibility.
- the architecture may define multiple specification classes in the form of XML schemas comprising a scenario 210 , the primary specification, a presentation specification, a service request, a credential specification, and a sequence.
- a sequence is an addressable unit combining a service request and its presentation. Objects of these types may interact with the scenario director 120 , information broker 150 , presentation broker 160 and credential broker 140 packages.
- the scenario director 120 aggregates system services and orchestrates the playback of a scenario 210 .
- the presentation broker 160 provides a service for merging presentation information of a display specification and the requested content information into merged information to present a portlet to a given client type.
- the information broker 150 comprises an enabling service that supplies requested content information results based on a service request.
- An authentication module referred to as a credential broker 140 , comprises an enabling service that maps known users, via a trusted token, to the system's secured resources.
- the portlet player 110 renders portlets and enables behaviors, while the master builder 112 provides the tools for creating specifications.
- scenario 210 may be used to create declarative portlets and serve those portlets to the user of an enterprise portal
- other embodiments contemplate a scenario 210 not limited to defining portlets.
- a scenario 210 generically describes a set of desired services, the ordering of those services and delivery rules for the result.
- the delivery rules need not refer to a human controlled end-point.
- the presentation information may define data mapping from XML into some other structured or record-oriented scheme for direct use, for example, by another machine process, remote host, or application.
- Web services are self-contained, self-describing, modular applications that can be published, located, and invoked across a computer network, such as the Internet.
- Web services provide callable functions that may comprise anything from a simple request to complicated business processes; for example, web retailer's “shopping cart”.
- the credential broker 140 is an authentication module responsible for policy enforcement and security. Standard or other widely adopted trusted token schemes, such as Lightweight Third Party Authorization (LTPA) or secure cookies as implemented by the serving platform (e.g., WPS-based portals), are utilized to provide the client level authorization necessary to run portlets. System level credential management may be implemented and maintained in the infrastructure whenever other suitable mechanisms are lacking.
- the credential broker 140 is configured so that it may use, defer to, or be superseded by other standard policy enforcement APIs or products, such as the Java Authentication and Authorization Service (JAAS) and Policy Director.
- the credential broker 140 may also defer to an authentication scheme specific to and primarily managed by an individual data service provider associated with a given service request.
- the credential broker 140 preferably maintains policy information about secured resources, such as databases, tables, ERP processes, etc.
- the credential broker 140 provides a credential directory lookup service where the credential broker 140 accepts an authenticated user token from a client entry point, such as a portal, and associates that user token with a user's collection of available credentials.
- a single credential is mapped on a per-individual basis to secured resources, such as a data service provider.
- such mapping is dynamically created at initialization time. In this manner, the exact mappings are interchangeable. For example, mapping may be interchangeable between Lotus Connectors for Java (LCJava) and Java Database Connectivity (JDBC).
- the credential broker 140 has pass-through functionality deferring to the authentication services of one or more software components or modules comprising the requesting environment and back-end systems, such as a DSP authentication system.
- the credential broker 140 associates the token with an individual's collection of published credentials.
- the presentation broker 160 provides client format transformation service that merges requested content information with specified presentation information.
- a single portlet expressed as a scenario, may have several presentation specifications.
- the presentation broker 160 inspects the characteristics of a client's presentation definition and merges specified presentation information with service requested content information into merged information.
- such merged information is in a client-compatible form, which is proper for rendering by the client on a display device.
- the presentation broker 160 and scenario director 120 are adapted to communicate in parallel with a plurality of clients or a plurality of portlet players 110 in different or the same formats.
- the portlet player 110 is adapted to render content according different formats and applications.
- a portlet player 110 is adapted to render a Hypertext Markup Language (HTML) portlet 320
- another portlet player 110 is configured to render a Wireless Mark-Up Language (WML) portlet 310 .
- HTML Hypertext Markup Language
- WML Wireless Mark-Up Language
- the particular presentation to apply may be derived dynamically by caller supplied device characteristics. In this way, a single portlet can be served as needed to an HTML-based browser or WML-compatible wireless device.
- the portlet player 110 may also be configured to act as a conduit for web services 330 .
- Web services 330 are self-contained, self-describing, modular applications that can be published, located, and invoked across the Internet, an Intranet, a wireless network, a LAN, or any other network.
- Web services 330 provide callable functions that comprise services ranging from a simple request to complicated business processes, such as for example, web retailer's “shopping cart”.
- a portlet player 110 can be used to act as a conduit or render for a web service 330 as part of or in addition to a portlet.
- the scenario director 120 is adapted to present merged information to any portlet player 110 in a format compatible with the device presenting the portlet. Such information is created from merging the content information retrieved by the information broker 150 with the presentation information.
- the presentation broker 160 comprises a plurality of presentation-related software modules.
- presentation broker 160 comprises a device detection object comprising the device-centric interpreted results of playing scenario 310 .
- the particular presentation to apply is derived dynamically by caller-supplied device characteristics. For example, the appropriate presentation vehicle may be determined at runtime in accordance with the properties of the requesting client device.
- the presentation of the product of a given task specification may optionally allow itself to be configured for different client devices dynamically.
- a portlet may have alternate presentation specifications for both a standard desktop browser client and a hand-held device.
- the presentation broker 160 may comprise a software module that defines the physical form and layout of the presentation, which may be rendered as part of the GUI on a display.
- the presentation broker 160 may also include a personality software module, which comprises a device-specific profile with content fields and a personality type, e.g., handheld device, web browser, etc.
- the information broker 150 comprises a content-retrieving module that facilitates access to service requested content information from data service providers.
- Data service providers include, for example, ERP systems such as SAPTM and PeopleSoftTM. Many enterprises rely on ERP systems to maintain critical data and functional processes that operate the business.
- the information broker 150 may be utilized to open, assign and manage connections to enterprise data resources such as ERP systems.
- a “data service provider” should be given its broadest possible meaning.
- Data service providers include any data source that is adapted to provide content, including for example, web services, database information, ERP information, web-site or Internet information, intranet information, etc.
- the information broker may also be utilized to structure and execute data operations, e.g., queries, updates etc. as described in a Service Request.
- data operations e.g., queries, updates etc.
- standards based Java technology such as JDBC or J2EE Connector Architecture, for example, are used.
- the content-retrieving module may work together with the presentation module, an authorization module or as a self-sufficient module.
- the information broker 150 may provide facilities such as pooling and reusing data service provider connections.
- the information broker 150 comprises a data service provider (DSP) manager 410 and a DSP pool 420 , comprising at least one DSP access object 430 .
- the information broker 150 provides a data brokering service for requested content information and the DSP manager 410 orchestrates the process of accessing or retrieving content from the multiple data service providers 440 .
- the DSP manager 410 manages the resources of the DSP pool 420 , including in one embodiment, the allocation and management of the pluggable DSP access objects 430 to data service providers 440 .
- the pluggable DSP access objects 430 can be used to access ERP resources 440 b , such as SAPTM, relational and other database services 440 a , such as IBM's DB2TM, or web services 440 c .
- the information broker 150 may also access other content information sources 440 d , such as the Internet or an intranet source, for example.
- DSP access objects 430 may exist remotely from the DSP manager 410 , such as on a computer remote from the computer hosting the DSP manager 410 .
- Each DSP access object 430 is associated with at least one compatible data service provider 440 .
- the DSP manager 410 can manage multiple heterogeneous DSP objects 430 .
- the DSP manager 410 assigns a DSP access object 430 to a given service request when a service request's profile is compatible with a DSP access object 430 that is available in the DSP pool 420 .
- a scenario 210 may thus utilize any number and type of data service providers 440 via DSP access objects 430 .
- a portal or portlet can be constructed with content information requested from various combinations of SAPTM, PeopleSoftTM, DB2TM, and other network sources, such as a web service, Internet or intranet site.
- a contract manager 510 may alternatively age active contracts according to a defined assignment duration.
- the contract manager may also notify the client 520 when a contract is about to expire.
- a client 520 may renew its contract an unlimited number of times and clients may have an arbitrary number of active contracts.
- an expired contract causes the contract manager 510 to free the resources committed to the contract, allowing the assigned DSP access object 430 to become available once again in the DSP pool 420 .
- the DSP access object 430 is then available for reassignment by the DSP manager 410 or other management module to another client.
- a contract may expire because the client 520 notifies the data service provider to terminate it or because the client 520 is no longer acknowledging data service provider renewal inquiries, which would indicate an orphaned DSP source 440 .
- the contract manager 510 identifies an expired contract and frees up DSP resources when attempting to obtain requested data from a DSP source 440 that indicates a terminated contract.
- the contract manager 510 asynchronously monitors each contract in its contract list. When the contract manager 510 detects a contract that is up for renewal, the contract manager 510 arranges contact with the client 520 to renew to contract.
- FIG. 6 presents one possible method of authentication.
- the credential broker 140 receives a service request and any applicable user tokens.
- the credential broker 140 or other authentication module checks the user token to see if a system-wide method of authentication, primarily managed by the credential broker 140 for example, is to be implemented. If not, the method proceeds to step 650 , which will be further discussed below. If the check evaluates to true, the credential broker associates the user tokens with client-associated credentials at step 620 .
- the credential broker uses the credentials to determine if the client is authorized to access the data service provider associated with the request.
- the data service provider may or may not apply an authentication scheme that is specific to that data service provider associated with the service request. If an authentication scheme does not apply, then the method proceeds to step 680 where the data service provider allows access. If an authentication scheme does apply, then at step 660 , the data service provider determines if the client is authorized to access the requested content at the data service provider. If the client is not authorized, then access is disallowed at step 670 . Otherwise, the data service provider at step 680 allows access.
- the credential broker 140 enables single sign-on (SSO) to thereby relieve the user from repeated authentication while maintaining the portal's integrity as it extends its reach into enterprise systems.
- Single sign-on only requires the user to enter a single username or password at the initiation of a session.
- the SSO functionality authenticates the user so the user may access all the applications to which they have been given rights and eliminates future authentication prompts when the user switches applications during the session.
Abstract
The invention disclosed herein presents systems and methods for facilitating access to content information. The method according to one embodiment of the invention comprises receiving a request for the content information, choosing a data service provider access object that is configured to access a data service provider associated with the request, and assigning the selected data service provider access object to the request.
Description
- This application is related to, and hereby incorporates by reference, each of the following: U.S. application Ser. No. 09/760,612, filed Jan. 16, 2001, entitled “Method And System For System For Virtualizing Logic Between Disparate Systems” (Atty Docket No. 3330/51), U.S. application Ser. No. 09/881,374, filed Jun. 14, 2001, entitled “Method And System For Providing Access To Computer Resources That Utilize Distinct Protocols For Receiving Security Information And Providing Access Based On Received Security Information” (Atty Docket No. 3330/54), U.S. application Ser. No. 10/104,999, filed Mar. 22, 2002, entitled “Centralized Mapping Of Security Credentials For Database Access Operations” (Atty Docket No. 3330/57), U.S. application Ser. No. 09/877,609, filed Jun. 8, 2001, entitled “Method For Processing External Data For Access And Manipulation Through A Host Operating Environment” (Atty Docket No. 3330/59), U.S. application Ser. No. 09/877,513, filed Jun. 8, 2001, entitled “Virtualizing External Data As Native Data” (Atty Docket No. 3330/60), U.S. application Ser. No. 10/114,633, filed Apr. 1, 2002, entitled “Method And System For Virtualizing Metadata Between Disparate Systems” (Atty Docket No. 3330/64), U.S. application Ser. No. 10/051,802, filed Jan. 17, 2002, entitled “Portlet Builder System For Processing Client-Neutral Networked Applications” (Atty Docket No. 3330/63), and U.S. application Ser. No. __/______ file concurrently herewith, entitled “System and Method for Facilitating Development of a Customizable Portlet” (Atty Docket No. 3330/65).
- A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all copyright rights whatsoever.
- The present invention discloses systems and methods for facilitating the development of a customizable portlet, facilitating access to content information, and managing an access contract between a client and a data service provider.
- Portals provide a secure, single point of access to diverse information and applications that are personalized to the needs of their users. Portals typically provide a variety of services including, but not limited to, Web searching, news, white and yellow pages directories, e-mail, discussion groups, online shopping and links to other sites. Portals are increasingly being used as points to disseminate information particular to a specific industry such as banking, insurance, or computer technology, for example. Corporate portals also often include information relevant to a specific company, such as intranet information, and links to other information sources relevant to the company's business.
- Portals, in turn, may comprise a plurality of portlets. Portlets are applications, typically executed or presented in the context of a portal, that perform one or more specific functions. Creating these highly customizable applications that run over a network, however, has traditionally been a difficult and resource-intensive effort requiring many hours of programming and configuration effort. Moreover, the ubiquitous accessibility of the Internet and the popularity of corporate and enterprise portals has increased the demand for portlets whose level of difficulty to modify is low. Users of Enterprise Resource Planning (ERP) systems have in particular required to endure a prescribed portlet format and difficult user-interface to perform even the simplest tasks. Further, the ability of a user to customize a portlet has been extremely limited, often requiring modifications to be made from a position local to the server or other host computer.
- The present invention addresses these and other problems.
- The present invention provides for a method and system where the responsibilities of data access and retrieval, data presentation, and data security are separated into multiple modular components. By separating the components of business logic, presentation, and connectivity, and presenting the exposed characteristics in a standard point and click interface, a portal end user can mix and match portlet characteristics as preferred. The user interface is logical, easy-to-use, and in some embodiments, non-programmatic. While portlets are individual sets of functionality that perform a specific function, the invention enables the creation of declarative portlets through a set of intercommunicating modules, which take generalized business logic and allow for multiple levels of customization. The present invention also includes a method and system for developing an environment for the declarative development of portlets and for the orchestration of web service flows.
- In one embodiment, the method and system provides content information, presentation, and security management modules, which are swappable or exchangeable to allow for a variety of solutions. In one embodiment, the method and system provides controls for customizing, e.g., building or tailoring, portlets, web services, etc. This modular design supports portlet development and the declarative development of web services, mobile applications, etc.
- Advantages of portlets developed using the techniques described herein include customizability and portability since the presentation of a portlet is separated from the data interaction and logic. The functionality of a portlet is defined by a configuration or specification, which is customizable, for example, by an administrator, for browsing a content source, configuring security, and the like. The resulting configuration or specification is then made available to the employees or customers. These employees or customers may choose to further customize the portlet for use in their specific pages, e.g., by filtering data, arranging or formatting.
- The present invention provides a method for facilitating development of a customizable portlet. The method comprises receiving requested content information and merging specified presentation information with the requested content information to form merged information adapted to be rendered in the customizable portlet. In one embodiment, the present invention comprises rendering the customizable portlet on a client display device. The rendered portlet may be displayed as part of a portal, in its own screen, or in an administrative screen. The modules may be swappable, for example, an information broker or other data access and content-retrieval modules may be exchanged for an alternative content-retrieval module or modules.
- In one embodiment, the portlet is customizable by a client, such as a user, administrator, or any other individual responsible for or interested in an aspect of portal customization. A client requests the content and presentation information, although the same client or a different client that specifies the presentation information may request content information. Further, the client that requests the requested content information or the client that specifies the presentation information can be the same or different as the end user client. In one embodiment, a presentation module ascertains the presentation vehicle at run-time based on properties of an associated client. Such presentation vehicle may include, for example, an HTML-based browser, a WML-compatible wireless device, a conduit for a web service, etc.
- An authentication module or functionality may be provided. A credential broker, for example, manages circumstances under which users may access certain resources. In one embodiment, the authentication functionality involves the receipt of a request and a user-associated token from a user and associating the user-associated token with credentials associated with the user. A request for content information is passed to a corresponding data service provider if the credentials associated with the user indicate that user access is authorized. The authentication functionality may comprise passing the request to a data service provider corresponding to the request, and providing the requested content information if the data service provider indicates that user access is authorized.
- Also provided by the present invention is a system for facilitating development of a customizable portlet. The system comprises a presentation module configured to receive specified presentation information, a content-retrieval module, and a director module configured to provide the presentation module with requested content information from the content-retrieval module. The presentation module is configured to merge the requested content information and specified presentation information to form merged information to be rendered in the customizable portlet. In one embodiment the content-retrieval module is swappable. Alternatively, the requested content information may comprise client-requested content information and the specified presentation information may comprise client-specified presentation information.
- The merged information may be accessible at a server and configured to be rendered in a client display. The merged information may therefore be rendered in a client-customizable portlet, a portal screen, or administration screen. The merged information may preferably be rendered in at least one of an HTML-based browser and a WML-compatible wireless device. The presentation module is configured to ascertain the presentation application or module being used at run-time based on properties of an associated client. In one embodiment, the director module implements a scenario chosen from a group of at least one scenario.
- A credential module may be provided and configured to receive a request for content information and a user-associated token from a user, associate the user-associated token with credentials associated with the user, and block passage of the request to a corresponding data service provider if the credentials associated with the user indicate that user access is unauthorized. The system is further configured to allow the data service provider to reject the service request when the data service provider identifies that user access is unauthorized.
- The present invention also provides a method for facilitating access to content information. The method comprises receiving a request for content information, choosing at least one data service provider access object that is configured to access a data service provider responsive to the request, and assigning the chosen data service provider access object to the request. Choosing may comprise choosing a pluggable data service provider access object from a group of one or more pluggable data service provider access objects. In one embodiment, the method comprises identifying the data service provider associated with the request from a group of one or more data service providers. The data service provider access object may be accessed either locally or remotely.
- The method comprises accessing the data service provider with the chosen data service provider access object, which may also comprise authenticating access rights. The associated data service provider for which access is sought may perform authentication. Alternatively, multiple authentication schemes may be utilized by the invention. The method comprises retrieving the content information from the data service provider with the chosen data service provider access object, and may further comprise transmitting the content information to a module configured to merge the content information with presentation information, thereby forming information for rendering by a rendering application.
- The method provided herein also manages an access contract between a client and a data service provider. The method comprises identifying the client and assigning use of a data service provider access object associated with the data service provider to the client for the duration of the access contract. The method comprises notifying the client when the access contract is expired or about to expire. In one embodiment, the method comprises canceling the assignment to the client after the access contract expires. Alternatively, the method comprises identifying another client having an access contract with the data service provider and reassigning use of the data service provider access object to the another client for the duration of the access contract between the another client and the data service provider.
- Also provided herein is a system for facilitating access to content information. The system comprises a management module configured to receive a request for content information and a data service provider access object that is configured to access a data service provider associated with the request. The management module chooses a the data service provider access object from a group of at least one data service provider access object and assigns the chosen data service provider access object to the request. In one embodiment, the data service provider access object comprises a pluggable data service provider access object, which may be local or remote to the management module.
- In one embodiment, the management module is configured to identify the data service provider associated with the request from a group comprising at least one data service provider wherein the chosen data service provider access object is configured to access the data service provider. The chosen data service provider access object is preferably configured to retrieve the content information from the data service provider. The management module transmits the content information from the data service provider access object to a module configured to merge the content information with presentation information, thereby forming information that may be rendered on a client device.
- The system is compatible with one or more authentication schemes associated with the data service provider. In one embodiment, the system is provided with an authentication module that is configured to authenticate the request and selectively allow access to the data service provider. The present invention also provides a system for managing an access contract between a client and a data service provider. The system comprises a management module and a data service provider access object associated with the data service provider. The management module is configured to identify the client and assign use of the data service provider access object to the client for the duration of the access contract. In one embodiment, the management module notifies the client when the access contract expires or is about to expire.
- The management module may cancel an assignment to the client after the access contract expires. In one embodiment, the management module is configured to identify another client having an access contract with the data service provider and reassign use of the data service provider access object to the another client for the duration of the access contract between the another client and the data service provider.
- In one embodiment, the management module is also adapted to receive a request for content information, choose from a group of at least one data service provider access object, a data service provider access object that is adapted to access a data service provider associated with the request, and assign the chosen data service provider access object to the request.
- The invention is illustrated in the figures of the accompanying drawings which are meant to be exemplary and not limiting, in which like references are intended to refer to like or corresponding parts, and in which:
-
FIG. 1 is a block diagram presenting a configuration of hardware and software components according to one embodiment of the present invention; -
FIG. 2 is a package diagram presenting an embodiment of a scenario director with associated packages according to one embodiment of the present invention; -
FIG. 3 is a block diagram presenting an embodiment of the connectivity between a presentation broker and portlet player(s) according to one embodiment of the present invention; -
FIG. 4 is a block diagram presenting an information broker according to one embodiment of the present invention; -
FIG. 5 is a block diagram presenting an information broker according to an alternative embodiment of the present invention; and -
FIG. 6 is a flow chart presenting an embodiment of an authentication method according to one embodiment of the present invention. - The present invention meets the need for a personalized approach to implementing portlets that can be tailored to different companies, business units and users. The portlet development system disclosed herein creates an operating environment for integrating enterprise processes. The invention provides tools and an architecture for creating operational task scenarios that are understandable to the average user and that may be invoked by human or machine processes as clients from various computing devices.
- Building on current and emerging standards for data interchange, software componentization and information access, various embodiments of the system include portlet definition, web service invocation, and business process specification. In one embodiment, the system provides non-programmatic solutions, including both declarative and graphical tools, to the problem of composing and orchestrating enterprise-related task specifications. Automating application specifications is a challenging task, which is simplified by separating this task into manageable categories. To accomplish this, an architecture and methodology are used that utilize widely adopted industry standards and infrastructure technologies in a novel and useful way. To this end, the system provides tools that enable services and schemas to define and execute the aggregated components of a presentation specification for a presentation broker, a service request specification for an information broker, and a credential specification for a credential broker.
- The system comprises various aspects, including presentation and framework, security, user management, personalization, content management, performance and scalability, search, and enterprise information connectivity features. In one embodiment, the system is an XML-driven enterprise process delivery engine having an architecture that unifies widely accepted internetworking technology standards into an operating framework that transforms declaratively generated specifications for data and process services, client presentation and user credentials into custom solutions.
- Referring to
FIG. 1 , the architecture of the present invention may be based on a set of data classes and affiliated processing components. In one embodiment, the architecture defines four primary data classes that are called specifications and comprise the “scenario”, the “service request”, the “presentation”, and the “credential”. A scenario generically describes a set of desired services, the ordering of those services and delivery rules for the result. A scenario may contain one or more data classes, including another scenario. Requests, which may be in the form of XML messages, cause specialized objects of these types to interact with one or more of thescenario director 120 and enabling service components, identified as ainformation broker 150,presentation broker 160 andcredential Broker 140. - Using a Graphical User Interface (GUI) tool, such as a
master builder 112, a user modifies scenarios to customize or define portlets by navigating metadata catalogs and presentation objects available in a solution space that themaster builder 112 provides. In one embodiment, the system stores the scenarios inscenario store 130. When invoked by a URL in a browser, for example, thescenario director 120 processes the scenario to retrieve content via theinformation broker 150 and present the results in theportlet player 110 to the authorized requester. In one embodiment, a GUI-based tool may be utilized such as themaster builder 112 illustrated in U.S. patent application Ser. No. 10/051,802. However, the use of the term “master builder” herein does not necessarily require the master builder of U.S. patent application Ser. No. 10/051,802. Any compatible customization tool may be used as amaster builder 112. - The
master builder 112 may comprise a processing module that is executed by or within a content rendering application, such as a web browser, or may be a stand-alone executable. In one embodiment, themaster builder 112, which may be resident on aclient 105, comprises a portlet through which other portlets can be defined. - The
portlet player 110 renders data that it receives from thescenario director 120. Thescenario director 120 passes theportlet player 110 merged information comprising presentation information and content information. Theportlet player 110 may be embedded in a container such as the hosted portlet. Theportlet player 110 manages its own display space and, because it is not dependent on markup language limitations, may deliver a richer user experience that includes graphical controls, direct manipulation and drag and drop. In one embodiment, theportlet player 110 is maintained at aclient 105. Alternatively, themaster builder 112 andportlet player 110 may be resident on the same ordifferent clients 105.Multiple master builders 112 orportlet players 110 may be located on one client or distributed acrossmultiple clients 105. - The
master builder 112 is the design studio for creating scenarios and specifications. Like the portlet player, themaster builder 112 works together with thescenario director 120 to present a portlet to the user. This cooperation results in a plurality of specifications, collectively referred to as a scenario, being written to a database, which may comprise ascenario store 130. As noted above, specifications define the requirements for the presentation, content and credentials of a portlet. Collectively, these three specifications make up anoverall scenario 210, which will be further discussed below with reference toFIG. 2 . Scenarios may be formatted and stored in thescenario store 130 as XML data files according to associated XML schemas. In one embodiment, the service request or presentation definition are predefined by user specification(s) created with themaster builder 112. The specified presentation information may be client-specified, default-specified, or other. - The
portlet player 110 is typically executed on theclient side 105 and is utilized by a user to invoke ascenario 210 by thescenario director 120, which in one embodiment resident on aserver 115. Thescenario director 120 receives a service request and retrieves a presentation definition from thescenario store 130, which may be in a memory, database, or other data store. In one embodiment, thescenario store 130 or other scenario and specification storage is on theclient side 105. A user's personal parameter selections may be stored and available to users within their own portal space. - Referring to
FIG. 2 a scenariodirector software module 120 is provided that is responsible for aggregating the resources of other components or modules to execute ascenario 210. Thescenario director 120 may comprise specialized submodules to handle different communication technologies or protocols such as an HTTP servlet interface, for example, or other specialized protocol or access mechanism. Thescenario director 120 executes ascenario 210 and uses the scenario's various constituent specifications to implement the enabling package components of thepresentation broker 160,information broker 150, andcredential broker 140. In one embodiment, thescenario 210 comprises a collective specification outlining the various enabling components and enabling component specifications including presentation, data access and retrieval, and process flow for a defined process such as portlet or web service. - The
scenario director 120 is responsible for directing the enablingcomponents scenario 210. Thescenario director 120 can managemultiple scenarios 210 for presentation to multiple clients in parallel. Because the enabling service components are self-sufficient, a well-defined task may be invoked directly by an arbitrary client through a specification, for example, a WSDL-compliant service request to theinformation broker 150. In this way, a “facsimile”director module 120 may entirely replace thescenario director 120 or other director module. Each enabling service component, such as theinformation broker 150 orpresentation broker 160, is self-sufficient in servicing requests with respect to its domain of responsibility. Thus, a well-defined task may be invoked directly by an arbitrary client through a corresponding specification. For example, a service request can be sent directly to anindependent information broker 150. In one embodiment, such a service request is WSDL-compliant. In one embodiment, the enablingcomponents - The architecture may define multiple specification classes in the form of XML schemas comprising a
scenario 210, the primary specification, a presentation specification, a service request, a credential specification, and a sequence. In one embodiment, a sequence is an addressable unit combining a service request and its presentation. Objects of these types may interact with thescenario director 120,information broker 150,presentation broker 160 andcredential broker 140 packages. - To summarize thus far, the
scenario director 120 aggregates system services and orchestrates the playback of ascenario 210. Thepresentation broker 160 provides a service for merging presentation information of a display specification and the requested content information into merged information to present a portlet to a given client type. Theinformation broker 150 comprises an enabling service that supplies requested content information results based on a service request. An authentication module, referred to as acredential broker 140, comprises an enabling service that maps known users, via a trusted token, to the system's secured resources. Theportlet player 110 renders portlets and enables behaviors, while themaster builder 112 provides the tools for creating specifications. - While in some embodiments the system may be used to create declarative portlets and serve those portlets to the user of an enterprise portal, other embodiments contemplate a
scenario 210 not limited to defining portlets. Ascenario 210 generically describes a set of desired services, the ordering of those services and delivery rules for the result. Moreover, the delivery rules need not refer to a human controlled end-point. The presentation information may define data mapping from XML into some other structured or record-oriented scheme for direct use, for example, by another machine process, remote host, or application. - In addition to portlets, the invention is extensible to allow for the declarative creation of mobile applications and the orchestration of web services. Web services are self-contained, self-describing, modular applications that can be published, located, and invoked across a computer network, such as the Internet. Web services provide callable functions that may comprise anything from a simple request to complicated business processes; for example, web retailer's “shopping cart”.
- The
credential broker 140 is an authentication module responsible for policy enforcement and security. Standard or other widely adopted trusted token schemes, such as Lightweight Third Party Authorization (LTPA) or secure cookies as implemented by the serving platform (e.g., WPS-based portals), are utilized to provide the client level authorization necessary to run portlets. System level credential management may be implemented and maintained in the infrastructure whenever other suitable mechanisms are lacking. In one embodiment, thecredential broker 140 is configured so that it may use, defer to, or be superseded by other standard policy enforcement APIs or products, such as the Java Authentication and Authorization Service (JAAS) and Policy Director. Thecredential broker 140 may also defer to an authentication scheme specific to and primarily managed by an individual data service provider associated with a given service request. - The
credential broker 140 preferably maintains policy information about secured resources, such as databases, tables, ERP processes, etc. In one embodiment, thecredential broker 140 provides a credential directory lookup service where thecredential broker 140 accepts an authenticated user token from a client entry point, such as a portal, and associates that user token with a user's collection of available credentials. A single credential is mapped on a per-individual basis to secured resources, such as a data service provider. In one embodiment, such mapping is dynamically created at initialization time. In this manner, the exact mappings are interchangeable. For example, mapping may be interchangeable between Lotus Connectors for Java (LCJava) and Java Database Connectivity (JDBC). In other embodiments, thecredential broker 140 has pass-through functionality deferring to the authentication services of one or more software components or modules comprising the requesting environment and back-end systems, such as a DSP authentication system. Thecredential broker 140 associates the token with an individual's collection of published credentials. - Referring to
FIG. 3 , thepresentation broker 160 provides client format transformation service that merges requested content information with specified presentation information. A single portlet, expressed as a scenario, may have several presentation specifications. Thepresentation broker 160 inspects the characteristics of a client's presentation definition and merges specified presentation information with service requested content information into merged information. In one embodiment, such merged information is in a client-compatible form, which is proper for rendering by the client on a display device. - In one embodiment, the
presentation broker 160 andscenario director 120 are adapted to communicate in parallel with a plurality of clients or a plurality ofportlet players 110 in different or the same formats. Furthermore, theportlet player 110 is adapted to render content according different formats and applications. For example, one embodiment of aportlet player 110 is adapted to render a Hypertext Markup Language (HTML)portlet 320, whereas anotherportlet player 110 is configured to render a Wireless Mark-Up Language (WML)portlet 310. The particular presentation to apply may be derived dynamically by caller supplied device characteristics. In this way, a single portlet can be served as needed to an HTML-based browser or WML-compatible wireless device. - The
portlet player 110 may also be configured to act as a conduit forweb services 330.Web services 330 are self-contained, self-describing, modular applications that can be published, located, and invoked across the Internet, an Intranet, a wireless network, a LAN, or any other network.Web services 330 provide callable functions that comprise services ranging from a simple request to complicated business processes, such as for example, web retailer's “shopping cart”. In one embodiment, aportlet player 110 can be used to act as a conduit or render for aweb service 330 as part of or in addition to a portlet. - The
scenario director 120 is adapted to present merged information to anyportlet player 110 in a format compatible with the device presenting the portlet. Such information is created from merging the content information retrieved by theinformation broker 150 with the presentation information. Thepresentation broker 160 comprises a plurality of presentation-related software modules. In one embodiment,presentation broker 160 comprises a device detection object comprising the device-centric interpreted results of playingscenario 310. In an alternative embodiment, the particular presentation to apply is derived dynamically by caller-supplied device characteristics. For example, the appropriate presentation vehicle may be determined at runtime in accordance with the properties of the requesting client device. This is extended to include the ability of the product of a specification to be invoked on behalf of another process such as a web service invocation with the product to be delivered as result-only structured data. The presentation of the product of a given task specification, for example, that of a portlet, may optionally allow itself to be configured for different client devices dynamically. For example, a portlet may have alternate presentation specifications for both a standard desktop browser client and a hand-held device. - In one embodiment, the
presentation broker 160 may comprise a software module that defines the physical form and layout of the presentation, which may be rendered as part of the GUI on a display. Thepresentation broker 160 may also include a personality software module, which comprises a device-specific profile with content fields and a personality type, e.g., handheld device, web browser, etc. - Continuing with
FIG. 2 , theinformation broker 150 comprises a content-retrieving module that facilitates access to service requested content information from data service providers. Data service providers include, for example, ERP systems such as SAP™ and PeopleSoft™. Many enterprises rely on ERP systems to maintain critical data and functional processes that operate the business. Theinformation broker 150 may be utilized to open, assign and manage connections to enterprise data resources such as ERP systems. As used herein, a “data service provider” should be given its broadest possible meaning. Data service providers include any data source that is adapted to provide content, including for example, web services, database information, ERP information, web-site or Internet information, intranet information, etc. - The information broker may also be utilized to structure and execute data operations, e.g., queries, updates etc. as described in a Service Request. In one embodiment, standards based Java technology, such as JDBC or J2EE Connector Architecture, for example, are used. According to various embodiments, the content-retrieving module may work together with the presentation module, an authorization module or as a self-sufficient module.
- Turning to
FIG. 4 , theinformation broker 150 may provide facilities such as pooling and reusing data service provider connections. In one embodiment, theinformation broker 150 comprises a data service provider (DSP)manager 410 and aDSP pool 420, comprising at least one DSP access object 430. Theinformation broker 150 provides a data brokering service for requested content information and theDSP manager 410 orchestrates the process of accessing or retrieving content from the multipledata service providers 440. TheDSP manager 410 manages the resources of theDSP pool 420, including in one embodiment, the allocation and management of the pluggable DSP access objects 430 todata service providers 440. The pluggable DSP access objects 430 can be used to accessERP resources 440 b, such as SAP™, relational andother database services 440 a, such as IBM's DB2™, orweb services 440 c. Theinformation broker 150 may also access othercontent information sources 440 d, such as the Internet or an intranet source, for example. In one embodiment, DSP access objects 430 may exist remotely from theDSP manager 410, such as on a computer remote from the computer hosting theDSP manager 410. Each DSP access object 430 is associated with at least one compatibledata service provider 440. - The
DSP manager 410 can manage multiple heterogeneous DSP objects 430. TheDSP manager 410 assigns a DSP access object 430 to a given service request when a service request's profile is compatible with a DSP access object 430 that is available in theDSP pool 420. Ascenario 210 may thus utilize any number and type ofdata service providers 440 via DSP access objects 430. For example, a portal or portlet can be constructed with content information requested from various combinations of SAP™, PeopleSoft™, DB2™, and other network sources, such as a web service, Internet or intranet site. -
FIG. 5 presents an alternative embodiment of the information broker in conjunction with acontract manager 510. The interaction between a client and adata service provider 440 may be bound in the context of a contract, agreement, etc. A contract represents a commitment on the part of thedata service provider 440 to maintain the resource assignment for as long as the contract remains in force. In this embodiment, theinformation broker 150 is responsible for aging assigned contract connections and cleaning up orphaned contract connections. Such connections may comprise the pluggable DSP object 430 associated with the contracteddata service provider 440. - A
contract manager 510 may alternatively age active contracts according to a defined assignment duration. In one embodiment, the contract manager may also notify theclient 520 when a contract is about to expire. Aclient 520 may renew its contract an unlimited number of times and clients may have an arbitrary number of active contracts. In one embodiment, an expired contract causes thecontract manager 510 to free the resources committed to the contract, allowing the assigned DSP access object 430 to become available once again in theDSP pool 420. The DSP access object 430 is then available for reassignment by theDSP manager 410 or other management module to another client. - A contract may expire because the
client 520 notifies the data service provider to terminate it or because theclient 520 is no longer acknowledging data service provider renewal inquiries, which would indicate an orphanedDSP source 440. In one embodiment, thecontract manager 510 identifies an expired contract and frees up DSP resources when attempting to obtain requested data from aDSP source 440 that indicates a terminated contract. In one embodiment, thecontract manager 510 asynchronously monitors each contract in its contract list. When thecontract manager 510 detects a contract that is up for renewal, thecontract manager 510 arranges contact with theclient 520 to renew to contract. -
FIG. 6 presents one possible method of authentication. Atstep 600, thecredential broker 140 receives a service request and any applicable user tokens. Atstep 610, thecredential broker 140 or other authentication module checks the user token to see if a system-wide method of authentication, primarily managed by thecredential broker 140 for example, is to be implemented. If not, the method proceeds to step 650, which will be further discussed below. If the check evaluates to true, the credential broker associates the user tokens with client-associated credentials atstep 620. Atstep 630, the credential broker uses the credentials to determine if the client is authorized to access the data service provider associated with the request. If the credential broker atstep 630 does not permit access, then access to the requested data service provider content is blocked atstep 640. If the credential broker atstep 630 permits access, then the method proceeds to step 650 where access may still be disallowed at the data service provider. - At
step 650, the data service provider may or may not apply an authentication scheme that is specific to that data service provider associated with the service request. If an authentication scheme does not apply, then the method proceeds to step 680 where the data service provider allows access. If an authentication scheme does apply, then atstep 660, the data service provider determines if the client is authorized to access the requested content at the data service provider. If the client is not authorized, then access is disallowed atstep 670. Otherwise, the data service provider atstep 680 allows access. - Advantageously, the
credential broker 140 enables single sign-on (SSO) to thereby relieve the user from repeated authentication while maintaining the portal's integrity as it extends its reach into enterprise systems. Single sign-on only requires the user to enter a single username or password at the initiation of a session. The SSO functionality authenticates the user so the user may access all the applications to which they have been given rights and eliminates future authentication prompts when the user switches applications during the session. - While the invention has been described and illustrated in connection with preferred embodiments, many variations and modifications as will be evident to those skilled in this art may be made without departing from the spirit and scope of the invention, and the invention is thus not to be limited to the precise details of methodology or construction set forth above as such variations and modification are intended to be included within the scope of the invention.
Claims (22)
1. A method for facilitating access to content information, the method comprising:
receiving a request for the content information;
associating a data service provider with the request; and
selecting a data service provider access object that is configured to access the data service provider associated with the request to facilitate retrieval of the content information.
2. The method of claim 1 comprising substituting the data service provider access object with an alternative data service provider access object.
3. The method of claim 1 , comprising selecting either a local data or remote data service provider access object.
4. The method of claim 1 , comprising requesting content information from the data service provider with the selected data service provider access object.
5. The method of claim 4 , comprising authenticating the request by an authentication module associated with the data service provider.
6. The method of claim 4 , comprising retrieving the content information from the data service provider with the selected data service provider access object.
7. The method of claim 6 , comprising merging the content information with presentation information to form merged information configured to be rendered on a client device.
8. A method for managing an access contract between a client and a data service provider, the method comprising:
identifying the client; and
assigning use of a data service provider access object associated with the data service provider to the client for the duration of the access contract.
9. The method of claim 8 , comprising notifying the client when the access contract is either expired or about to expire.
10. The method of claim 8 , comprising canceling the assignment of the data service provider access object after the access contract expires.
11. The method of claim 10 , comprising:
identifying another client having an access contract with the data service provider; and
reassigning use of the data service provider access object to the another client for the duration of the access contract between the another client and the data service provider.
12. A system for facilitating access to content information, the system comprising:
a management module operative to receive a request for the content information; and
a data service provider access object that is operative to access a data service provider associated with the request;
means in the management module for selecting the data service provider access object from a group of one or more data service provider access objects and assigning the selected data service provider access object with the request.
13. The system of claim 12 , wherein the data service provider access object comprises a pluggable data service provider access object.
14. The system of claim 12 , wherein the data service provider access object is located remotely from the management module.
15. The system of claim 12 , wherein the selected data service provider access object is configured to access the data service provider associated with the request.
16. The system of claim 15 , wherein the request is authenticated by an authentication scheme at the data service provider.
17. The system of claim 15 , wherein the selected data service provider access object is configured to retrieve the content information from the data service provider.
18. A system for managing an access contract between a client and a data service provider, the system comprising:
a data service provider access object associated with the data service provider; and
a management module configured to identify the client and assign use of the data service provider access object to the client for the duration of the access contract.
19. The system of claim 18 , wherein the management module is configured to notify the client when the access contract is either at expired or almost expired.
20. The system of claim 18 , wherein the management module is configured to cancel an assignment to the client after the access contract expires.
21. The system of claim 20 , wherein the management module is configured to identify another client having an access contract with the data service provider, and wherein the management module is adapted to reassign use of the data service provider access object to the another client for the duration of the access contract between the another client and the data service provider.
22. The system of claim 18 , wherein the data service provider access object is located remotely from the management module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/041,161 US20080162499A1 (en) | 2002-12-26 | 2008-03-03 | System and Method for Facilitating Access to Content Information |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/330,006 US7359982B1 (en) | 2002-12-26 | 2002-12-26 | System and method for facilitating access to content information |
US12/041,161 US20080162499A1 (en) | 2002-12-26 | 2008-03-03 | System and Method for Facilitating Access to Content Information |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/330,006 Continuation US7359982B1 (en) | 2002-12-26 | 2002-12-26 | System and method for facilitating access to content information |
Publications (1)
Publication Number | Publication Date |
---|---|
US20080162499A1 true US20080162499A1 (en) | 2008-07-03 |
Family
ID=39281704
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/330,006 Expired - Fee Related US7359982B1 (en) | 2002-12-26 | 2002-12-26 | System and method for facilitating access to content information |
US12/041,161 Abandoned US20080162499A1 (en) | 2002-12-26 | 2008-03-03 | System and Method for Facilitating Access to Content Information |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/330,006 Expired - Fee Related US7359982B1 (en) | 2002-12-26 | 2002-12-26 | System and method for facilitating access to content information |
Country Status (1)
Country | Link |
---|---|
US (2) | US7359982B1 (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070142032A1 (en) * | 2005-12-16 | 2007-06-21 | Jim Balsillie | System and method of authenticating login credentials in a wireless communication system |
US20070167151A1 (en) * | 2005-12-16 | 2007-07-19 | Scotte Zinn | System and method wireless messaging in a wireless communication system |
US20100144314A1 (en) * | 2008-12-09 | 2010-06-10 | Research In Motion Limited | Verification Methods And Apparatus For Use In Providing Application Services To Mobile Communication Devices |
US20120192082A1 (en) * | 2011-01-25 | 2012-07-26 | International Business Machines Corporation | Personalization of web content |
US20160042341A1 (en) * | 2010-11-11 | 2016-02-11 | Paypal, Inc. | Quick payment using mobile device binding |
US9591018B1 (en) * | 2014-11-20 | 2017-03-07 | Amazon Technologies, Inc. | Aggregation of network traffic source behavior data across network-based endpoints |
US11062043B2 (en) | 2019-05-01 | 2021-07-13 | Optum, Inc. | Database entity sensitivity classification |
US11222132B2 (en) | 2018-10-05 | 2022-01-11 | Optum, Inc. | Methods, apparatuses, and systems for data rights tracking |
US11669571B2 (en) | 2020-03-17 | 2023-06-06 | Optum, Inc. | Predicted data use obligation match using data differentiators |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101281217B1 (en) * | 2005-05-06 | 2013-07-02 | 베리사인 인코포레이티드 | Token sharing system and methodd |
US20140033012A1 (en) * | 2006-08-17 | 2014-01-30 | Adobe Systems Incorporated | Time-based optional portion in electronic content |
CN104426660A (en) * | 2013-09-04 | 2015-03-18 | 中兴通讯股份有限公司 | Portal authentication method, BNG (broadband network gateway), Portal server and Portal authentication system |
US9313193B1 (en) | 2014-09-29 | 2016-04-12 | Amazon Technologies, Inc. | Management and authentication in hosted directory service |
Citations (37)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5164751A (en) * | 1990-05-31 | 1992-11-17 | Weyer Frank M | Means for instantaneous review of photographic pictures |
US5201046A (en) * | 1990-06-22 | 1993-04-06 | Xidak, Inc. | Relational database management system and method for storing, retrieving and modifying directed graph data structures |
US5615361A (en) * | 1995-02-07 | 1997-03-25 | International Business Machines Corporation | Exploitation of uniqueness properties using a 1-tuple condition for the optimization of SQL queries |
US5757920A (en) * | 1994-07-18 | 1998-05-26 | Microsoft Corporation | Logon certification |
US5768503A (en) * | 1995-09-25 | 1998-06-16 | International Business Machines Corporation | Middleware program with enhanced security |
US5806079A (en) * | 1993-11-19 | 1998-09-08 | Smartpatents, Inc. | System, method, and computer program product for using intelligent notes to organize, link, and manipulate disparate data objects |
US5822750A (en) * | 1997-06-30 | 1998-10-13 | International Business Machines Corporation | Optimization of correlated SQL queries in a relational database management system |
US5870747A (en) * | 1996-07-09 | 1999-02-09 | Informix Software, Inc. | Generalized key indexes |
US5875296A (en) * | 1997-01-28 | 1999-02-23 | International Business Machines Corporation | Distributed file system web server user authentication with cookies |
US5884024A (en) * | 1996-12-09 | 1999-03-16 | Sun Microsystems, Inc. | Secure DHCP server |
US5899986A (en) * | 1997-02-10 | 1999-05-04 | Oracle Corporation | Methods for collecting query workload based statistics on column groups identified by RDBMS optimizer |
US5913061A (en) * | 1997-01-08 | 1999-06-15 | Crossroads Software, Inc. | Modular application collaboration |
US5931900A (en) * | 1997-08-25 | 1999-08-03 | I2 Technologies, Inc. | System and process for inter-domain interaction across an inter-domain connectivity plane |
US5940819A (en) * | 1997-08-29 | 1999-08-17 | International Business Machines Corporation | User specification of query access paths in a relational database management system |
US5944824A (en) * | 1997-04-30 | 1999-08-31 | Mci Communications Corporation | System and method for single sign-on to a plurality of network elements |
US5960200A (en) * | 1996-05-03 | 1999-09-28 | I-Cube | System to transition an enterprise to a distributed infrastructure |
US5995597A (en) * | 1997-01-21 | 1999-11-30 | Woltz; Robert Thomas | E-mail processing system and method |
US6000033A (en) * | 1997-11-26 | 1999-12-07 | International Business Machines Corporation | Password control via the web |
US6003065A (en) * | 1997-04-24 | 1999-12-14 | Sun Microsystems, Inc. | Method and system for distributed processing of applications on host and peripheral devices |
US6006214A (en) * | 1996-12-04 | 1999-12-21 | International Business Machines Corporation | Database management system, method, and program for providing query rewrite transformations for nested set elimination in database views |
US6021496A (en) * | 1997-07-07 | 2000-02-01 | International Business Machines Corporation | User authentication from non-native server domains in a computer network |
US6065120A (en) * | 1997-12-09 | 2000-05-16 | Phone.Com, Inc. | Method and system for self-provisioning a rendezvous to ensure secure access to information in a database from multiple devices |
US6078924A (en) * | 1998-01-30 | 2000-06-20 | Aeneid Corporation | Method and apparatus for performing data collection, interpretation and analysis, in an information platform |
US6078926A (en) * | 1997-12-18 | 2000-06-20 | Persistence Software, Inc. | Method and apparatus for performing multi-class object fetch in a database management system |
US6088451A (en) * | 1996-06-28 | 2000-07-11 | Mci Communications Corporation | Security system and method for network element access |
US6091412A (en) * | 1997-09-30 | 2000-07-18 | The United States Of America As Represented By The Secretary Of The Navy | Universal client device permitting a computer to receive and display information from several special applications |
US6122639A (en) * | 1997-12-23 | 2000-09-19 | Cisco Technology, Inc. | Network device information collection and change detection |
US6128738A (en) * | 1998-04-22 | 2000-10-03 | International Business Machines Corporation | Certificate based security in SNA data flows |
US6145086A (en) * | 1997-05-30 | 2000-11-07 | Oracle Corporation | Security and password mechanisms in a database system |
US6154751A (en) * | 1998-05-14 | 2000-11-28 | International Business Machines Corporation | Method for executing a user-requested CGI program in a new authentication context while protecting operation of a default web server program |
US6157953A (en) * | 1998-07-28 | 2000-12-05 | Sun Microsystems, Inc. | Authentication and access control in a management console program for managing services in a computer network |
US6178511B1 (en) * | 1998-04-30 | 2001-01-23 | International Business Machines Corporation | Coordinating user target logons in a single sign-on (SSO) environment |
US20020026581A1 (en) * | 2000-08-31 | 2002-02-28 | Sony Corporation | Content distribution system, a content distribution method, an information processing apparatus, and a program providing medium |
US20030055877A1 (en) * | 2001-09-14 | 2003-03-20 | Damon Williams | Remote client manager that facilitates an extendible, modular application server system distributed via an electronic data network and method of distributing same |
US20030093501A1 (en) * | 2001-10-18 | 2003-05-15 | Sun Microsystems, Inc. | Method, system, and program for configuring system resources |
US6697849B1 (en) * | 1999-08-13 | 2004-02-24 | Sun Microsystems, Inc. | System and method for caching JavaServer Pages™ responses |
US6913061B2 (en) * | 2000-10-24 | 2005-07-05 | Summit Tool Company | Tire working tool |
Family Cites Families (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
ES2086636T3 (en) * | 1991-05-22 | 1996-07-01 | Philips Electronics Nv | MULTINODAL DISTRIBUTION DATA PROCESSING SYSTEM FOR USE IN A SURFACE VEHICLE. |
DE69610168D1 (en) | 1995-06-30 | 2000-10-12 | Ibm | Single sign-on method and apparatus in a distributed computing environment |
US5764915A (en) * | 1996-03-08 | 1998-06-09 | International Business Machines Corporation | Object-oriented communication interface for network protocol access using the selected newly created protocol interface object and newly created protocol layer objects in the protocol stack |
US7003587B1 (en) * | 1996-07-18 | 2006-02-21 | Computer Associates Think, Inc. | Method and apparatus for maintaining data integrity across distributed computer systems |
US6292900B1 (en) | 1996-12-18 | 2001-09-18 | Sun Microsystems, Inc. | Multilevel security attribute passing methods, apparatuses, and computer program products in a stream |
JPH1125048A (en) | 1997-06-30 | 1999-01-29 | Hitachi Ltd | Method for managing security of network system |
US6105067A (en) * | 1998-06-05 | 2000-08-15 | International Business Machines Corp. | Connection pool management for backend servers using common interface |
US6108703A (en) * | 1998-07-14 | 2000-08-22 | Massachusetts Institute Of Technology | Global hosting system |
US6633914B1 (en) * | 1998-08-05 | 2003-10-14 | International Business Machines Corporation | Systems, methods and computer program products for handling client requests for server application processing using a thread pool |
US6606663B1 (en) | 1998-09-29 | 2003-08-12 | Openwave Systems Inc. | Method and apparatus for caching credentials in proxy servers for wireless user agents |
US6701367B1 (en) * | 1999-09-24 | 2004-03-02 | Sun Microsystems, Inc. | Mechanism for enabling customized session managers to interact with a network server |
US6886037B1 (en) * | 2000-03-31 | 2005-04-26 | Ncr Corporation | Channel director for cross-channel customer interactions |
US6772216B1 (en) * | 2000-05-19 | 2004-08-03 | Sun Microsystems, Inc. | Interaction protocol for managing cross company processes among network-distributed applications |
JP2002124951A (en) * | 2000-10-12 | 2002-04-26 | Canon Inc | Communication terminal device, service providing system, service utilization method and memory medium |
US6795864B2 (en) * | 2000-12-28 | 2004-09-21 | Sun Microsystems, Inc. | System using lookup service proxy object having code and request rate for managing rate at which client can request for services from server are transmitted |
US7441035B2 (en) * | 2002-03-04 | 2008-10-21 | Nokia Corporation | Reliable server pool |
-
2002
- 2002-12-26 US US10/330,006 patent/US7359982B1/en not_active Expired - Fee Related
-
2008
- 2008-03-03 US US12/041,161 patent/US20080162499A1/en not_active Abandoned
Patent Citations (37)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5164751A (en) * | 1990-05-31 | 1992-11-17 | Weyer Frank M | Means for instantaneous review of photographic pictures |
US5201046A (en) * | 1990-06-22 | 1993-04-06 | Xidak, Inc. | Relational database management system and method for storing, retrieving and modifying directed graph data structures |
US5806079A (en) * | 1993-11-19 | 1998-09-08 | Smartpatents, Inc. | System, method, and computer program product for using intelligent notes to organize, link, and manipulate disparate data objects |
US5757920A (en) * | 1994-07-18 | 1998-05-26 | Microsoft Corporation | Logon certification |
US5615361A (en) * | 1995-02-07 | 1997-03-25 | International Business Machines Corporation | Exploitation of uniqueness properties using a 1-tuple condition for the optimization of SQL queries |
US5768503A (en) * | 1995-09-25 | 1998-06-16 | International Business Machines Corporation | Middleware program with enhanced security |
US5960200A (en) * | 1996-05-03 | 1999-09-28 | I-Cube | System to transition an enterprise to a distributed infrastructure |
US6088451A (en) * | 1996-06-28 | 2000-07-11 | Mci Communications Corporation | Security system and method for network element access |
US5870747A (en) * | 1996-07-09 | 1999-02-09 | Informix Software, Inc. | Generalized key indexes |
US6006214A (en) * | 1996-12-04 | 1999-12-21 | International Business Machines Corporation | Database management system, method, and program for providing query rewrite transformations for nested set elimination in database views |
US5884024A (en) * | 1996-12-09 | 1999-03-16 | Sun Microsystems, Inc. | Secure DHCP server |
US5913061A (en) * | 1997-01-08 | 1999-06-15 | Crossroads Software, Inc. | Modular application collaboration |
US5995597A (en) * | 1997-01-21 | 1999-11-30 | Woltz; Robert Thomas | E-mail processing system and method |
US5875296A (en) * | 1997-01-28 | 1999-02-23 | International Business Machines Corporation | Distributed file system web server user authentication with cookies |
US5899986A (en) * | 1997-02-10 | 1999-05-04 | Oracle Corporation | Methods for collecting query workload based statistics on column groups identified by RDBMS optimizer |
US6003065A (en) * | 1997-04-24 | 1999-12-14 | Sun Microsystems, Inc. | Method and system for distributed processing of applications on host and peripheral devices |
US5944824A (en) * | 1997-04-30 | 1999-08-31 | Mci Communications Corporation | System and method for single sign-on to a plurality of network elements |
US6145086A (en) * | 1997-05-30 | 2000-11-07 | Oracle Corporation | Security and password mechanisms in a database system |
US5822750A (en) * | 1997-06-30 | 1998-10-13 | International Business Machines Corporation | Optimization of correlated SQL queries in a relational database management system |
US6021496A (en) * | 1997-07-07 | 2000-02-01 | International Business Machines Corporation | User authentication from non-native server domains in a computer network |
US5931900A (en) * | 1997-08-25 | 1999-08-03 | I2 Technologies, Inc. | System and process for inter-domain interaction across an inter-domain connectivity plane |
US5940819A (en) * | 1997-08-29 | 1999-08-17 | International Business Machines Corporation | User specification of query access paths in a relational database management system |
US6091412A (en) * | 1997-09-30 | 2000-07-18 | The United States Of America As Represented By The Secretary Of The Navy | Universal client device permitting a computer to receive and display information from several special applications |
US6000033A (en) * | 1997-11-26 | 1999-12-07 | International Business Machines Corporation | Password control via the web |
US6065120A (en) * | 1997-12-09 | 2000-05-16 | Phone.Com, Inc. | Method and system for self-provisioning a rendezvous to ensure secure access to information in a database from multiple devices |
US6078926A (en) * | 1997-12-18 | 2000-06-20 | Persistence Software, Inc. | Method and apparatus for performing multi-class object fetch in a database management system |
US6122639A (en) * | 1997-12-23 | 2000-09-19 | Cisco Technology, Inc. | Network device information collection and change detection |
US6078924A (en) * | 1998-01-30 | 2000-06-20 | Aeneid Corporation | Method and apparatus for performing data collection, interpretation and analysis, in an information platform |
US6128738A (en) * | 1998-04-22 | 2000-10-03 | International Business Machines Corporation | Certificate based security in SNA data flows |
US6178511B1 (en) * | 1998-04-30 | 2001-01-23 | International Business Machines Corporation | Coordinating user target logons in a single sign-on (SSO) environment |
US6154751A (en) * | 1998-05-14 | 2000-11-28 | International Business Machines Corporation | Method for executing a user-requested CGI program in a new authentication context while protecting operation of a default web server program |
US6157953A (en) * | 1998-07-28 | 2000-12-05 | Sun Microsystems, Inc. | Authentication and access control in a management console program for managing services in a computer network |
US6697849B1 (en) * | 1999-08-13 | 2004-02-24 | Sun Microsystems, Inc. | System and method for caching JavaServer Pages™ responses |
US20020026581A1 (en) * | 2000-08-31 | 2002-02-28 | Sony Corporation | Content distribution system, a content distribution method, an information processing apparatus, and a program providing medium |
US6913061B2 (en) * | 2000-10-24 | 2005-07-05 | Summit Tool Company | Tire working tool |
US20030055877A1 (en) * | 2001-09-14 | 2003-03-20 | Damon Williams | Remote client manager that facilitates an extendible, modular application server system distributed via an electronic data network and method of distributing same |
US20030093501A1 (en) * | 2001-10-18 | 2003-05-15 | Sun Microsystems, Inc. | Method, system, and program for configuring system resources |
Cited By (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070167151A1 (en) * | 2005-12-16 | 2007-07-19 | Scotte Zinn | System and method wireless messaging in a wireless communication system |
US8005459B2 (en) | 2005-12-16 | 2011-08-23 | Research In Motion Limited | System and method of authenticating login credentials in a wireless communication system |
US8099082B2 (en) | 2005-12-16 | 2012-01-17 | Research In Motion Limited | System and method wireless messaging in a wireless communication system |
US20070142032A1 (en) * | 2005-12-16 | 2007-06-21 | Jim Balsillie | System and method of authenticating login credentials in a wireless communication system |
US8244217B2 (en) | 2005-12-16 | 2012-08-14 | Research In Motion Limited | System and method of authenticating login credentials in a wireless communication system |
US8380173B2 (en) | 2005-12-16 | 2013-02-19 | Research In Motion Limited | System and method for wireless messaging in a wireless communication system |
US8954744B2 (en) | 2008-12-09 | 2015-02-10 | Blackberry Limited | Verification methods and apparatus for use in providing application services to mobile communication devices |
US20100144314A1 (en) * | 2008-12-09 | 2010-06-10 | Research In Motion Limited | Verification Methods And Apparatus For Use In Providing Application Services To Mobile Communication Devices |
US8386773B2 (en) | 2008-12-09 | 2013-02-26 | Research In Motion Limited | Verification methods and apparatus for use in providing application services to mobile communication devices |
US10152705B2 (en) * | 2010-11-11 | 2018-12-11 | Paypal, Inc. | Quick payment using mobile device binding |
US20160042341A1 (en) * | 2010-11-11 | 2016-02-11 | Paypal, Inc. | Quick payment using mobile device binding |
US8949721B2 (en) * | 2011-01-25 | 2015-02-03 | International Business Machines Corporation | Personalization of web content |
US20120192082A1 (en) * | 2011-01-25 | 2012-07-26 | International Business Machines Corporation | Personalization of web content |
US9591018B1 (en) * | 2014-11-20 | 2017-03-07 | Amazon Technologies, Inc. | Aggregation of network traffic source behavior data across network-based endpoints |
US20170180406A1 (en) * | 2014-11-20 | 2017-06-22 | Amazon Technologies, Inc. | Aggregation of network traffic source behavior data across network-based endpoints |
US9912682B2 (en) * | 2014-11-20 | 2018-03-06 | Amazon Technologies, Inc. | Aggregation of network traffic source behavior data across network-based endpoints |
US11222132B2 (en) | 2018-10-05 | 2022-01-11 | Optum, Inc. | Methods, apparatuses, and systems for data rights tracking |
US11755768B2 (en) | 2018-10-05 | 2023-09-12 | Optum, Inc. | Methods, apparatuses, and systems for data rights tracking |
US11062043B2 (en) | 2019-05-01 | 2021-07-13 | Optum, Inc. | Database entity sensitivity classification |
US11669571B2 (en) | 2020-03-17 | 2023-06-06 | Optum, Inc. | Predicted data use obligation match using data differentiators |
US11734351B2 (en) | 2020-03-17 | 2023-08-22 | Optum, Inc. | Predicted data use obligation match using data differentiators |
Also Published As
Publication number | Publication date |
---|---|
US7359982B1 (en) | 2008-04-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7349949B1 (en) | System and method for facilitating development of a customizable portlet | |
US20080162499A1 (en) | System and Method for Facilitating Access to Content Information | |
KR100600959B1 (en) | Provisioning aggregated services in a distributed computing environment | |
US7415607B2 (en) | Obtaining and maintaining real time certificate status | |
US7392391B2 (en) | System and method for secure configuration of sensitive web services | |
US7089584B1 (en) | Security architecture for integration of enterprise information system with J2EE platform | |
AU2001271596B2 (en) | System and method for integrating public and private data | |
US7428592B2 (en) | Securely persisting network resource identifiers | |
US7802174B2 (en) | Domain based workflows | |
US7389219B2 (en) | Provisioning computing services via an on-line networked computing environment | |
US8082322B1 (en) | Federation of information from multiple data sources into a common, role-based distribution model | |
US7363339B2 (en) | Determining group membership | |
US7428523B2 (en) | Portal bridge | |
US20060129935A1 (en) | Integrated information management system and method | |
US20020143943A1 (en) | Support for multiple data stores | |
AU2001271596A1 (en) | System and method for integrating public and private data | |
EP1057310A1 (en) | System and method for controlling access to stored documents | |
KR20040066097A (en) | Methods for distributed program execution with file-type association in a client-server network | |
US7788315B2 (en) | Infrastructure for management and communication of information | |
EP0989501A2 (en) | Method and apparatus for collaboration support | |
Bartell et al. | The MediaXact† system—A framework for personalized electronic commerce services | |
US20050256808A1 (en) | System and method for implementing authentication web services for remote portlets | |
US20050262219A1 (en) | System and method for implementing web services for remote portlets | |
Will et al. | WebSphere Portal: Unified user access to content, applications, and services | |
WO2005026889A2 (en) | System, method, and computer program product for managing interoperable data processing system services |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |