US2006235973A1PendingUtilityA1

Network services infrastructure systems and methods

46
Assignee: CIT ALCATELPriority: Apr 14, 2005Filed: Apr 14, 2005Published: Oct 19, 2006
Est. expiryApr 14, 2025(expired)· nominal 20-yr term from priority
H04L 67/53H04L 63/10H04L 67/02H04L 9/32H04L 63/20H04L 41/28
46
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Network services infrastructure systems and methods are disclosed. Policies for client access to a services network and network services available in the services network are enforced at client gateways. Once authenticated and authorized at a client gateway, a client of the services network may make its own network service(s) available in the services network, use network services provided by other clients of the services network, or both. The policies are centrally managed within a services network and distributed to the client gateways. Various registries which store policies, information associated with network services, and possibly other information may also be provided.

Claims

exact text as granted — not AI-modified
1 . An apparatus for providing network services in a services network, the apparatus comprising: 
 a policy enforcement module configured to enforce rules for client access to the services network in accordance with an authentication policy of the services network and to allow an authenticated client to access the services network to make a network service provided by the client available to another client of the services network, to use a network service provided by another client of the services network, or to both make a network service provided by the client available to another client of the private services network and use a network service provided by another client of the services network.    
   
   
       2 . The apparatus of  claim 1 , wherein the policy enforcement module is further configured to allow the authenticated client to make the network service available to any other client in the services network and to use a network service provided by another client according to respective service policies associated with the network services.  
   
   
       3 . The apparatus of  claim 1 , further comprising: 
 a security module for enforcing secure end to end communication, between the authenticated client and the services network, within the services network and between services network and a destination client of the services network.    
   
   
       4 . The apparatus of  claim 1 , further comprising: 
 a security module operatively coupled to the policy enforcement module and configured to apply authentication and authorization actions based on the rules to communication traffic, and to pass or drop the communication traffic responsive to the authentication and authorization actions.    
   
   
       5 . The apparatus of  claim 4 , wherein the security module is further configured to apply security rules to communication traffic associated with the authenticated client.  
   
   
       6 . The apparatus of  claim 4 , further comprising: 
 a Simple Object Access Protocol (SOAP) proxy module operatively coupled to the security module and configured to classify traffic associated with the authenticated client as control traffic or data traffic, to transmit control traffic comprising information associated with the network service provided by the authenticated client for publication in a services registry, and to modify SOAP information in data traffic for further processing.    
   
   
       7 . The apparatus of  claim 6 , further comprising: 
 a Universal Description, Discovery, and Integration (UDDI) proxy module operatively coupled to the SOAP proxy module,    wherein the SOAP proxy module is further configured to identify received UDDI control traffic, and to forward the received UDDI control traffic to the UDDI proxy module for further processing.    
   
   
       8 . The apparatus of  claim 7 , wherein the received UDDI control traffic comprises requests for network services lookups, and wherein the UDDI proxy module is further configured to handle resolution of the requests and to respond to a client which initiated each request.  
   
   
       9 . The apparatus of  claim 6 , wherein the policy enforcement module is configured allow the authenticated client to make the network service available to another client through the UDDI proxy module by allowing the authenticated client to publish information associated with the network service to a services registry, and to allow the authenticated client to use a network service provided by another client by allowing the authenticated client to access the services registry.  
   
   
       10 . The apparatus of  claim 9 , wherein the information associated with the network service comprises access information specifying access rules for the network service for use by other members of the services network, and wherein the policy enforcement module is further configured to allow the authenticated client to access information associated with a network service provided by another client of the services network from the services registry through the UDDI proxy module in accordance with access rules specified by the other client of the services network.  
   
   
       11 . The apparatus of  claim 7 , further comprising: 
 a service handling module operatively coupled to the SOAP proxy module and configured to exchange data traffic with the SOAP proxy module.    
   
   
       12 . The apparatus of  claim 1 , further comprising: 
 a forwarding/routing module operatively coupled to the policy enforcement module and configured to route communication traffic in the services network, the forwarding/routing module supporting at least one of: a layer1 forwarding method, a layer 2 forwarding method, Internet Protocol (IP) routing, and eXtensible Markup Language (XML) routing.    
   
   
       13 . The apparatus of  claim 1 , wherein the policy enforcement module is further configured to enforce a transform policy of the services network, the transform policy specifying respective formats for transfer to the authenticated client and to the services network.  
   
   
       14 . A communication system for providing a services network in which network services provided by network service providers are made accessible to network service consumers, the communication system comprising: 
 at least one client gateway to be operatively coupled to network service providers and network service consumers, each of the at least one client gateway comprising the apparatus of  claim 1;  and    a network controller operatively coupled to the at least one client gateway for managing policies enforced by the client gateways and a registry of the network services.    
   
   
       15 . An apparatus for managing policies associated with network services available in a services network, the apparatus comprising: 
 a client gateway interface to be operatively coupled to a client gateway through which a client of the services network accesses the services network; and    a policy manager operatively coupled to the client gateway interface and configured to distribute network service policies specifying access controls for respective network services to the client gateway through the client gateway interface to cause the client gateway to control access to the network services by the client of the services network in accordance with the network service policies.    
   
   
       16 . The apparatus of  claim 15 , wherein the policy manager is further configured to manage at least one of: authentication of clients with the services network, and format transformations to be applied to data traffic by the client gateway.  
   
   
       17 . The apparatus of  claim 15 , wherein the network service policies comprise network service policies stored in a network service policies registry, and wherein the policy manager is further configured to maintain the network service policies registry, and to integrate into the network service policies registry an existing network service policy received from a client of the services network by which a network service is provided.  
   
   
       18 . The apparatus of  claim 15 , further comprising at least one of: 
 a security manager operatively coupled to the client gateway interface and configured to manage security of client communications through the services network;    a registries manager operatively coupled to the client gateway interface and configured to manage at least one of: a registry of network services available in the services network, service timeout information, extensible Markup Language (XML) schemas, service contracts, Quality of Service (QoS) parameters, subscription information, addressing information, billing information, Service Level Agreement (SLA) monitoring information, transactional network service activity monitoring information, activity logs, performance auditing information, and exception alerts; and    a system manager operatively coupled to the client gateway interface and configured to receive and manage audit records captured by the client gateway.    
   
   
       19 . A communication system for providing a services network in which private network services provided by network service providers are made accessible to network service consumers, the communication system comprising: 
 at least one client gateway to be operatively coupled to the network service providers and the network service consumers for providing the network service providers and the network service consumers with access to the services network; and    a network controller operatively coupled to the at least one client gateway and comprising the apparatus of  claim 15 .    
   
   
       20 . An apparatus for managing network services available in a services network, the apparatus comprising: 
 a client gateway interface to be operatively coupled to a client gateway through which a client of the services network accesses the services network; and    a registry manager operatively coupled to the client gateway interface and configured to receive from the client gateway requests regarding information in a services registry and provide requested information responsive thereto, to receive from the client gateway information associated with a network service to be made available in the services network and publish the received information in the services registry, and to receive from the client gateway subscriptions for modifications of the information in the services registry associated with the network and send notifications of the modifications responsive to the subscriptions.    
   
   
       21 . A communication system comprising: 
 a network controller comprising the apparatus of  claim 20;     a memory operatively coupled to the network controller for storing the services registry; and    a client gateway operatively coupled to at least one client of the services network and to the memory, the client gateway being configured to control access to the network services published in the services registry by the at least one client.    
   
   
       22 . A method of providing network services in a services network, the method comprising: 
 authenticating and authorizing a client of the private services network; and    where the client has been authorized: 
 making a network service provided by the client available in the services network; or  
 allowing the client to access the services network to use a specific network service or group of network services provided by another client of the services network for which the client has been authorized.  
   
   
   
       23 . The method of  claim 22 , wherein: 
 making comprises initiating a connection with the services network for services publication; and    allowing comprises allowing the client to use a targeted network service by initiating a connection with the targeted network service and sending requests to and receiving replies from the targeted service.    
   
   
       24 . The method of  claim 23 , wherein allowing further comprises allowing the client to consult a registry of network services to access information for the specific network service or group of network services or to subscribe to changes at the registry level for the specific network service or group of network services.  
   
   
       25 . The method of  claim 22 , wherein making comprises making the network service available to another client in accordance with a service policy of the network service provided by the client, and wherein allowing comprises determining network services having associated service policies which permit use by the client.  
   
   
       26 . A machine-readable medium storing instructions which when executed perform the method of  claim 22.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.