Home
Patent Search
IMT Blog
REGISTER
|
SIGN IN
United States Patent Application
20030172127
Kind Code
A1
Northrup, Charles J. ; et al.
September 11, 2003
Execution of process by references to directory service
Abstract
Service registration, discovery, connectivity, and administration are provided on a computer network. The invention includes a directory service, a service provider service, and a consumer provided service. A first software component registers as a service with a directory service process executing on a second computer, and the directory service process creates a registration for the first component of software. A second component of software executes on a third computer and communicates to the directory service process, a request to access and interact with the first software component. The directory service process responds by locating the registration entry for the first component of software, and facilitates communication with the first component of software on behalf of the second component of software. Services may include software engine service, authentication service, generic front end loading service, payment connection service, a data sharing service, medical test results reporting service, data store forwarding service, physician pharmaceutical service, academic transcript service, public office election service, medical records service, resume matching service, company credit reporting service, a prepay service, translation service, and an environment service.
Inventors:
Northrup; Charles J.
(Old Bridge, NJ)
, Angel; Franklin J.
(Mount Laurel, NJ
)
Correspondence Name and Address:
P O BOX 209
ELMAN TECHNOLOGY LAW, P.C.
SWARTHMORE
PA
19081-0209
US
Series Code:
068077
Filed:
February 6, 2002
U.S. Current Class:
709/219
U.S. Class at Publication:
709/219
Intern'l Class:
G06F 015/16
Claims
What is claimed:
1. In a network comprised of a multiplicity of computers, each computer having a communication device, each computer having an operating system with interfaces for communication connectivity and synchronization, a method for using a service, the method comprising: a. a first component of software executing on a first computer and registering as a specified service with a directory service process executing on a second computer; b. the directory service process creating a registration for the first component of software; c. a second component of software executing on a third computer and communicating a request to the directory service process, the request representative of a request to access and interact with the specified service provided by the first component of software; d. the directory service process, responsive to receiving the request, locating the registration entry for the first component of software, and facilitating communication with the first component of software on behalf of the second component of software.
2. The method of claim 1 wherein the specified service is a software engine service.
3. The method of claim 1 wherein the specified service is an authentication service.
4. The method of claim 1 wherein the specified service is a generic front end loading service.
5. The method of claim 1 wherein the specified service is a payment connection service.
6. The method of claim 1 wherein the specified service is a data sharing service.
7. The method of claim 1 wherein the specified service is a medical test results reporting service
8. The method of claim 1 wherein the specified service is a data store forwarding service.
9. The method of claim 1 wherein the specified service is a physician pharmaceutical service.
10. The method of claim 1 wherein the specified service is an academic transcript service.
11. The method of claim 1 wherein the specified service is a public office election service.
12. The method of claim 1 wherein the specified service is a medical records service.
13. The method of claim 1 wherein the specified service is a resume matching service.
14. The method of claim 1 wherein the specified service is a company credit reporting service.
15. The method of claim 1 wherein the specified service is a prepay service.
16. The method of claim 1 wherein the specified service is a translation service.
17. The method of claim 1 wherein the specified service is an environment service.
18. Computer readable media containing computer instructions implementing the method of claim 1.
19. In a network comprised of a multiplicity of computers, each computer having a communication device, each computer having an operating system with interfaces for communication connectivity and synchronization, a method for using a service, the method comprising: a. a first component of software executing on a first computer and registers as a specified service with a directory service process executing on a second computer; b. the directory service process creating a registration entry in a registry for the specified service; c. a second component of software executing on a third computer and communicating a request to the directory service process, the request representative of a request to communicate with the specified service provided by the first component of software; d. the directory service process, responsive to receiving the request, locating the registration entry for the first component of software, and creating a transaction in progress registration entry, the transaction entry having a transaction the unique identifier; e. the directory service process connects to specified service provided by first component of software and communicating the transaction the unique identifier; f. the specified service receiving the transaction the unique identifier and both the directory service process and the specified service disconnect from the communication; g. the specified service connects to the directory service and communicating the transaction the unique identifier; and h. the directory service, responsive to receiving the transaction the unique identifier, connects the specified service to the second component of software.
20. Computer readable media containing computer instructions implementing the method of claim 1.
Description
COPYRIGHT AUTHORIZATION
[0001] A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent disclosure, as it appears in the PTO patent file or records, but otherwise reserves all copyright rights whatsoever.
BACKGROUND OF THE INVENTION
[0002] 1. Field of the Invention
[0003] This invention relates to a network and provides a means for a user to provide a service, to consume a service, and to access and interact with a multiplicity of services.
[0004] 2. Description of Related Art
[0005] The Internet and the World Wide Web have grown in size and complexity since inception. A common activity is to use a graphic rendering program such as Microsoft Internet Explorer, Netscape Navigator, Opera, or even Microsoft Word, to request and graphically render a Hypertext Markup Language (HTML) document. In requesting the HTML document, the user indicates a Uniform Resource Identifier (URI) to the graphic rendering process.
[0006] The following terms are defined in: "Hypertext Transfer Protocol--HTTP/1.1, RFC 2616 Fielding, et al." One who is not skilled in the state of the art is encouraged to read the reference for clarity on the subject manner.
[0007] URI--Uniform Resource Identifier. The generic set of all names/addresses that are short strings that refer to resources.
[0008] URL--Uniform Resource Locator. An informal term (no longer used in technical specifications) associated with popular URI schemes: http, ftp, mailto, etc.
[0009] URN--Uniform Resource Name. A URN is an URI that has an institutional commitment to persistence, availability, etc. Note that this sort of URI may also be a URL. See, for example, PURLs. A particular scheme, urn:, specified by RFC2141 and related documents, intended to serve as persistent, location-independent, resource identifiers.
[0010] The "http" scheme is used to locate network resources via the HTTP protocol. This section defines the scheme-specific syntax and semantics for http URLs.
[0011] http_URL="http:""//"host[":"port][abs_path["?"query]]
[0012] If the port is empty or not given, port 80 is assumed. The semantics are that the identified resource is located at the server listening for TCP connections on that port of that host, and the Request-URI for the resource is abs_path (section 5.1.2). The use of IP addresses in URLs SHOULD be avoided whenever possible (see RFC 1900
[24]). If the abs_path is not present in the URL, it MUST be given as "/" when used as a Request-URI for a resource (section 5.1.2). If a proxy receives a host name which is not a fully qualified domain name, it MAY add its domain to the host name it received. If a proxy receives a fully qualified domain name, the proxy MUST NOT change the host name.
[0013] By way of example, but not limitation, the user can enter an http schema URL such as:
[0014] http://www.gtlinc.com/products.html
[0015] In this example, the user is requesting the products.html document from the server given as www.gtlinc.com.
[0016] To retrieve the HTML document, the server must be running a Hypertext Transfer Protocol daemon (HTTPD) such as Apache from http://www.apache.org, or equivalent thereof. The HTTPD executes on a service provider system and listens for request on a port, typically port 80, which is a well-known, industry standard port, for the HTTP daemon. By using a standard port, a person can indicate to the Netscape Navigator, or equivalent thereof, to request an http document via a given Uniform Resource Location (URL). By having the standard port 80 used, anybody can request the URL since they do not have to worry about what port the HTTP Daemon is listening on. Otherwise, the user would have to indicate the desired port, such as http://www.gtlinc.com:399, where :399
indicates to connect on port 399. Using the industry standard port simplifies the data entry and the ability to access Hypertext Markup Language (HTML) documents.
[0017] A user of a computer system (or somebody on behalf of the user) pays for access to the Internet through an Internet Service Provider (ISP), such as AT&T WorldNet, America On-Line, or Microsoft Network. In a typical situation, the ISP frequently blocks request to port 80 on the user computer system to prevent the user from running a web site via an HTTP Daemon on their home computer, on the well known port 80. The user could provide the HTTP Daemon on a different port, such as port 399, but nobody would know to access that port unless the user published the port number. Even in publishing the port number, the enormous potential audience would unlikely see the advertisement.
[0018] Another challenge for the user accessing the Internet through an ISP, is that the ISP frequently uses Dynamic Addressing. In such circumstances, an Internet Address is assigned only when the user connects to the Internet through the ISP. When the user disconnects, then the IP address will be reassigned to a different user. This poses a problem in publishing the alternative HTTP Daemon running on port 399
since the Internet Address changes each time the user access the Internet. Even cable modem providers frequently use dynamic internet addressing. In some cases though, a cable modem ISP may offer a dedicated Internet Address, but still frequently blocks port 80 on the user computer. In some cases, the ISP requires the user of the ISP service to enter an agreement wherein the user is precluded from running a service on port 80. Even if the user were to publish the current dynamic Internet address, they could only do so via publishing the physical address such as 190.190.83.2 and potentially the corresponding port. In any case, the user does not have a domain name associated with their computer such as gtlinc.com, wherein they could publish the domain name, which is easier for a prospect visitor to remember.
[0019] Although the problem of port blocking and dynamic Internet Address assignment frequently affects a user of an ISP service, similar challenges are faced by the industry in general. By way of example, but not limitation, a computer provider, a software provider, a tax service provider, a news service, a stock broker, a sales person selling goods or services, and others offering goods or services, are limited to providing the HTTP Daemon on port 80 because it is the industry standard port for the HTTP daemon. If any of the aforementioned wished to provide an alternative service on a port other than port 80, they would have to undertake a massive marketing campaign to educate potential visitors (users or businesses requesting information) on the particular port number.
[0020] The industry currently has products and services for providing directory services, but the directory service is generally limited to the enterprise within which the directory service is executing. By way of example, the Sun Microsystems iPlanet Directory Service is sold as a light weight directory access protocol for administering directory services within the enterprise. Even at that, Sun marketing information indicates the iPlanet Directory Service as primarily for user administration within the enterprise. It does not provide a solution or function effectively for the global network. It does not provide a solution or function effectively for the Internet.
[0021] Industry members such as IBM, Microsoft, Hewlett Packard, SAP, and even Sun Microsystems have been indicating the Universal Definition Discovery Interchange (UDDI) as a means for providing information on service providers. The UDDI Specification, (available on-line at http://www.uddi.org) however, does not indicate registration of information such as other than port 80.
[0022] A more generalized solution for accessing and interacting with services provided on the Internet is needed.
[0023] It is therefore an object of this invention to provide methods and systems for accessing and interacting with a multiplicity of services.
[0024] The use of a service often will require payment for the services rendered. The standard method of providing credit card payment over the Web is viewed as insecure and tedious. A user completes a form displayed through the graphic rendering process and uses a pointing device such as a mouse to "click" on a graphical representation indicating to send the content of the user provided information to the service provider.
[0025] The Microsoft Corporation recently announced their Passport implementation wherein a user subscribes to the Microsoft Passport service, provides credit card information such as card type, card number, expiration date, card holder, billing address, and possible other information such as shipping address. The disadvantage of the Microsoft Passport implementation is that Microsoft controls that information. By way of example, the subscriber payment information is maintained on a computer system administered by Microsoft. The data set that Microsoft maintains may be propagated to other servers as needed. While Microsoft claims the method to be secure, the disadvantage is that by having a centralized data set containing payment information for an enormous number of subscribers, would make that centralized data set a computer cracker's main target.
[0026] An alternative implementation is being proposed by Sun Microsystems under their Liberty Alliance consortium. Numerous members such as Mastercard, VISA, American Express, and others have signed up for the Liberty Alliance. The downside of the Liberty Alliance implementation is that as of today, the implementation is not yet defined. Furthermore, the indications are that they will still transmit credit card payment information to port 80 of the service provider providing the service (i.e., sale of service or goods is still a service). Sun Microsystems currently offers the Java Wallet, which is a family of products written in the Java programming language that are designed to enable secure commerce operations.
[0027] An alternative payment mechanism is provided by PayPal, which is used quite frequently for auction sites such as www.ebay.com. The PayPal implementation, however, requires PayPal to act in the capacity of a credit card merchant. Therefore a buyer provides PayPal with credit card information and PayPal charges the credit card and receives payment. PayPal then credits the seller's account with the appropriate amount. A second disadvantage is that PayPal charges a transaction fee which is then deducted from the seller's amount. A third disadvantage is that both the buyer and the seller must provide account information, which is then maintained by PayPal.
[0028] It is understood that a user of a computer system could cause a process to execute wherein the process can provide payment information to a requesting process. The disadvantage is that there is no mechanism for verifying whom the requesting process is executing on behalf of. In this case, the user process could provide payment information to anybody, including a computer hacker, and thus is unacceptable.
[0029] It is therefore another object of this invention to provide methods and systems for payment of services.
[0030] In the current state of the computing industry, a user who desires to access a web page, but, who does not know the corresponding URI, must use a browser such as Microsoft Internet Explorer to visit a search engine such as Yahoo or Google and submit keywords to query for pages satisfying their request. The user is then presented with one or more URIs and text descriptions of the content at the URI. The user can then "click" on one of the URIs satisfying the request. The corresponding HTML document is then retrieved and rendered for the user to see. A disadvantage is that the user must undergo a two-step approach. First, the user must visit Google, enter the terms, and then "click" on the desired URI.
[0031] It is therefore another object of this invention to provide methods and systems for simplifying connections.
[0032] An alternative is provided by RealNames. RealNames allows a corporation, such as Global Technologies Ltd., Inc., to register a keyword GTL so that when a user enters GTL as the desired site, the RealName would be translated to http://www.gtlinc.com. The challenge, of course, is that the user must know the keyword.
SUMMARY OF THE INVENTION
[0033] According to the present invention, a method for using a service in a computer network a first software component executes on a first computer. The first software component registers as a service with a directory service process executing on a second computer, and the directory service process creates a registration for the first component of software. A second component of software executes on a third computer and communicates to the directory service process, a request to access and interact with the first software component. The directory service process responds by locating the registration entry for the first component of software, and facilitates communication with the first component of software on behalf of the second component of software.
BRIEF DESCRIPTION OF THE DRAWINGS AND LISTINGS
[0034] FIG. 1 is a diagram of a computer network communicating according to the present invention.
[0035] FIGS. 2-7 are flow charts of the operation of the present invention.
[0036] FIG. 2 is a flowchart of a directory service connection service.
[0037] FIG. 3 is a flowchart of a directory service use.
[0038] FIG. 4 is a flowchart of a service provider registration.
[0039] FIG. 5 is a flowchart of a service registration.
[0040] FIG. 6 is a flowchart of a consumer registration.
[0041] FIG. 7 is a flowchart of a consumer request for service.
[0042] FIGS. 8-13 are diagrams showing the communications relationships of different types of data providers in accordance with the present invention.
[0043] FIG. 8 is a schematic block diagram of connectivity depicting horizontal partition by category.
[0044] FIG. 9 is a schematic block diagram of connectivity depicting horizontal partition by provider.
[0045] FIG. 10 is a schematic block diagram of connectivity depicting horizontal partition by activity.
[0046] FIG. 11 is a schematic block diagram of connectivity depicting horizontal partition by cost.
[0047] FIG. 12 is a schematic block diagram of connectivity depicting horizontal partition by protocol.
[0048] FIG. 13 is a schematic block diagram of connectivity depicting horizontal partition by entity type.
[0049] FIGS. 14-16 are diagrams depicting data transfer provided by a directory service.
[0050] FIG. 14 is a diagram depicting a sample TDS with three service directories according to the present invention.
[0051] FIG. 15 is a diagram depicting a sample environment with five systems sharing TDS information according to the present invention.
[0052] FIG. 16 is a diagram depicting a sample TDS configuration as applied to directories provided through the Sun Solaris 2.7 operating system according to the present invention.
[0053] The program listings are as follows:
[0054] Program Listing 1.1 source code listing of one implementation for the replacement recv function
[0055] Program Listing 2.0 Engine Service engine.c
[0056] Program Listing 2.1 Engine Service getnvpair.c
[0057] Program Listing 2.2 Engine Service authorize.c: placeholder authorization service
[0058] Program Listing 2.3 Engine Service input.c: placeholder input service
[0059] Program Listing 2.4 Engine Service postprocess.c: placeholder postprocess service
[0060] Program Listing 2.5 Engine Service preprocess.c: placeholder preprocess service
[0061] Program Listing 2.6 Engine Service process.c: placeholder process service
[0062] Program Listing 2.7 Engine Service response.c: placeholder response service
[0063] Program Listing 2.8 Engine Service readline.c:
[0064] Program Listing 2.9 Engine Service wait_read.c
[0065] Program Listing 2.10 Engine Service--peek.c
[0066] Program Listing 2.11 Engine Service peek_c.c
[0067] Program Listing 2.12 Engine Service main.c
[0068] Program Listing 2.13 Engine Service--Makefile
[0069] Program Listing 2.14 Engine Service--engine.mk
[0070] Program Listing 2.15 Engine Service--dummy.mk
[0071] Program Listing 2.16 Engine Service--engine.conf
[0072] Program Listing 3.0 authentication service--authenticate.c
[0073] Program Listing 3.1 Authentication Service--log.h
[0074] Program Listing 3.2 Authentication Service--tds2.h
[0075] Program Listing 3.3 Authentication Service--makefile
[0076] Program Listing 3.4 authentication Service--authenticate.conf
[0077] Program Listing 4.1--Thread Directory Service--tds3.c
[0078] Program Listing 4.2--Thread Directory Service--ste.c
[0079] Program Listing 4.3--Thread Directory Service--log.c
[0080] Program Listing 4.4 Thread Directory Service--ic.c
[0081] Program Listing 4.5 thread directory service--set_blocking.c
[0082] Program Listing 4.6 thread directory service--set_nonblocking.
[0083] Program Listing 4.7 thread directory service--Makefile
[0084] Program Listing 5.0 fopenc service--fopen.c
[0085] Program Listing 6.0 fscanf service--fscanf.c
[0086] Program Listing 7.0 fclose service--fclose.c
[0087] Program Listing 8.0 caps service caps.c
[0088] Program Listing 9.1 generic front end loader service gfel.c
[0089] Program Listing 9.2 generic front end loader service client_gl.c
[0090] Program Listing 9.3 generic front end loader service client_gl2.c
[0091] Program Listing 9.4 generic front end loader service gl3.c
[0092] Program Listing 10.1 thread connection service--talk2.c
[0093] Program Listing 10.2 thread connection service--participant.c
[0094] Program Listing 10.3 thread connection service--tcp_accept2.c
[0095] Program Listing 10.4 thread connection service--tcp_connect.c
[0096] Program Listing 10.5 thread connection service--tcp_listen.c
[0097] Program Listing 11.1 supporting functions--reaper.c
[0098] Program Listing 12.1 supporting service--cat_service.c
[0099] Program Listing 12.2 supporting service--echo_service.c
[0100] Program Listing 12.3 supporting service--daytime_service.c
[0101] Program Listing 12.4 supporting service--ksh_service.c
[0102] Program Listing 12.5 mail service--mail_service.c
[0103] Program Listing 13.1 TDS supporting functions--tds_query_p.c
[0104] Program Listing 13.2 TDS supporting functions--tds_register_p.c
[0105] Program Listing 13.3 TDS supporting functions--getdtscinfo.c
[0106] Program Listing 13.4 TDS supporting functions--tds.c
[0107] Program Listing 14.0 process function--cps.c
[0108] Program Listing 14.1 process function--cps2.c
[0109] Program Listing 14.2 process function--cps3.c
[0110] Program Listing 15.0 stateful service--main.c
[0111] Program Listing 15.1 stateful service--tcp_accept.c
[0112] Program Listing 15.2 stateful service--tcp_listen.c
[0113] Program Listing 15.3 stateful service--getaddrinfo.c
[0114] Program Listing 16.1--File SERVICES1 Service prototype table.
[0115] Program Listing 16.2--File SERVICES2 Service prototype table.
[0116] Program Listing 16.3--File SERVICES3 Service prototype table.
[0117] Program Listing 16.4--Command line to generate data dictionary from prototype table
[0118] Program Listing 16.5--Generated Data Dictionary
[0119] Program Listing 16.6--Services2 prototype table
[0120] Program Listing 16.7--Generated Data Dictionary for Services2
[0121] Program Listing 16.8--Providers prototype table
[0122] Program Listing 16.9--Providers generated data dictionary
[0123] Program Listing 16.10--Cymbal instructions to insert record
[0124] Program Listing 16.11--Cymbal instructions to report registration entry information
[0125] Program Listing 16.12--Global Definitions
[0126] The Architecture
[0127] The Internet is a network linking computer systems together and communicating via a standard protocol. A computer network is simply a collection of autonomous computers connected together to permit sharing of hardware and software resources, and to increase overall reliability. The qualifying term "local area" is usually applied to computer networks in which the computers are located in a single building or in nearby buildings, such as on a college campus or at a single corporate site. When the computers are further apart the term "wide area network" may be used.
[0128] As computer networks have developed, various approaches have been used in the choice of communication medium, network topology, message format, protocols for channel access, and so forth. Some of these approaches have emerged as de facto standards, but there is still no single standard for network communication. The Internet is a continually evolving collection of networks, including Arpanet, NSFnet, regional networks, local networks at a number of university and research institutions, a number of military networks, and increasing, various commercial networks. The protocols generally referred to as TCP/IP were originally developed for use through Arpanet and have subsequently become widely used in the industry. The protocols provide a set of services that permit processes to communicate with each other across the entire Internet.
[0129] A computer can be a mainframe, minicomputer, microcomputer, or any of a number of other computing devices. In the case of the present invention, the computer should be able to communicate with the outside world. Therefore, for example, a first generation microwave oven controller using a Z-80 chip would not be able to use the invention, but it is conceivable that providing a communications capability to a microwave controller would enable it to use the invention. A number of different computing devices are able to communicate with the outside world while computing. Such devices include set top boxes, PDAs (personal digital assistants), and cellular phones using CDMA or similar technologies.
[0130] Likewise, a server is traditionally at a fixed location; however it is possible to provide a server in any of a number of forms. The server can be running as a client of another server and in fact it is often the case that a computing device may be a client to another device which functions as a host, and yet perform server functions for that other device.
[0131] A model for network architectures has been proposed and widely accepted. It is known as the International Standards Organization (ISO) Open Systems Interconnection (OSI) reference model. The OSI reference model is not itself a network architecture. Rather it specifies a hierarchy of protocol layers and defines the function of each layer in the network. Each layer in one computer of the network carries on a conversation with the corresponding layer in another computer with which communication is taking place, in accordance with a protocol defining the rules of this communication. In reality, information is transferred down from layer to layer in one computer, then through the channel medium and back up the successive layers of the other computer. However, for purposes of design of the various layers and understanding their functions, it is easier to consider each of the layers as communicating with its counterpart at the same level, in a "horizontal" direction. (See, e.g. The TCP/IP Companion, by Martin R. Arick, Boston: QED Publishing Group 1993, and U.S. Pat. No. 5,159,592. These, and all patents and publications referenced herein, are hereby incorporated by reference.)
[0132] The lowest layer defined by the OSI model is called the "physical layer," and is concerned with transmitting raw data bits over the communication channel. Design of the physical layer involves issues of electrical, mechanical or optical engineering, depending on the medium used for the communication channel. The second layer, next above the physical layer, is called the "data link" layer. The main task of the data link layer is to transform the physical layer, which interfaces directly with the channel medium, into a communication link that appears error-free to the next layer above, known as the network layer. The data link layer performs such functions as structuring data into packets or frames, and attaching control information to the packets or frames, such as checksums for error detection, and packet numbers.
[0133] The Internet Protocol (IP) is implemented in the third layer of the OSI reference model, the "network layer," and provides a basic service to TCP: delivering datagrams to their destinations. TCP simply hands IP a datagram with an intended destination; IP is unaware of any relationship between successive datagrams, and merely handles routing of each datagram to its destination. If the destination is a station connected to a different LAN, the IP makes use of routers to forward the message.
[0134] The basic function of the Transmission Control Protocol (TCP) is to make sure that commands and messages from an application protocol, such as computer mail, are sent to their desired destinations. TCP keeps track of what is sent, and retransmits anything that does not get to its destination correctly. If any message is too long to be sent as one "datagram," TCP will split it into multiple datagrams and makes sure that they all arrive correctly and are reassembled for the application program at the receiving end. Since these functions are needed for many applications, they are collected into a separate protocol (TCP) rather than being part of each application. TCP is implemented in the "transport layer," namely the fourth layer of the OSI reference model.
[0135] Except as otherwise is evident from the context, the various functions of the present invention reside above the transport layer of the OSI model. The present invention may be used in conjunction with TCP/IP at the transport and network layers, as well as with any other protocol that may be selected.
[0136] The OSI model provides for three layers above the transport layer, namely a "session layer," a "presentation layer," and an "application layer," but in the Internet these theoretical "layers" are undifferentiated and generally are all handled by software.
[0137] Internet Firewall
[0138] A security system placed between the Internet and an organization's network (such as a LAN) to provide a barrier against security attacks. Internet firewalls typically operate by monitoring incoming and/or outgoing traffic to/from the organization's network, and by allowing only certain types of messages to pass. For example, a firewall may be configured to allow the passage of all TCP/IP traffic addressed to port 80, and to block all other traffic. For more information of Internet Firewalls, see Chapman and Zwicky, Building Internet Firewalls, O'Reilly publishing, 1995 (ISBN 1-56592-124-0).
[0139] Computer systems having access to the Internet, can have a dynamic Internet Address assigned to them. The Internet Firewall can be configured to perform network address translation as defined in "Network Working group Request for Comments 1631, and Request for Comments 3022."
[0140] A computer system having access to the Internet can be assigned a private Internet Address, as defined in Request For Comments 1597.
[0141] Component of Software
[0142] A basic principle of the invention is that of a component of software. The term component of software is deliberately chosen to indicate that less then an executable program may be used. By way of example, but not limitation, a component of software can be:
[0143] an executable program
[0144] an executable program linked with shared libraries, dynamic link libraries, or other such libraries as would be provided for in an embodiment
[0145] an object as one would understand in using remote procedure call
[0146] an object as one would understand in using the Microsoft Component Object Model or other such industry standard
[0147] a dynamically loadable module such as a module in a shared library (also called dynamic link library on Microsoft Windows) or other such library as defined by the operating system or embodiment
[0148] a function that is called by a dynamically loadable library initialization function, such as occurs with the use of a Microsoft's Windows DLL. In such cases, a DllMain function may be called when a thread (either a process, or a thread created by the process) attaches to the library. Initialization functions are also accessible through KornShell and other such processes. The initialization function may therefore perform the functionality required of the component of software
[0149] a software assembly as defined in the Microsoft C# Language
[0150] a builtin function of a shell program such as the KornShell
[0151] a function of an interpretive language processing element, such as a KornShell function, shell function, or a perl function.
[0152] a shell script as defined by a shell program such as the KornShell or other interpretive language processing element.
[0153] a script that is interpreted by another process such as that which is used by BASIC, Kornshell, Csh, Tcsh, Perl, Tcl/Tk, or other such interpreter
[0154] a module which is then linked into an executable with a just-in-time compiler
[0155] a byte stream which is communicated to an interpreter such as that which is available with KornShell, Java
[0156] a data stream which is communicated to an interpreter process
[0157] Note that when used with the invention, the component of software may require the use of a generic front end loader process that initializes an address space. By way of example, but not limitation such a generic front end loader could:
[0158] accept command line parameters identifying the component of software to be used, or
[0159] determine such information by accessing a configuration, or
[0160] accessing a memory location accessible to the generic front-end loader, or
[0161] communication with a second process providing such information, or
[0162] accessing and interacting with a directory service process, or
[0163] accessing and interacting with a component of software to determine such information, or
[0164] communicating with a second process to determine such information, or
[0165] use inter-process communications to determine such information, or
[0166] use intra-process communications to determine such information, or
[0167] use operating system interfaces providing such information, or
[0168] use an application programming interface to determine such information, or
[0169] use a combination of the above to determine such information.
[0170] Note that when the component of software is provided by a data stream interpreted by an interpreter, then the data stream may require a local process to communicate with an accessible process in order to facilitate the data stream. By way of example, but not limitation, such a data stream may be communicated from an Internet Address and Port as one would understand when using the socket application programming interface, or equivalent thereof. Alternative network Application Programming Interfaces can be used (See the discussion on communications for examples). Such an implementation would require connecting to the process at the specified network (which could include an Internet Address and port), possibly communicating a request to the connected process, and receiving a response wherein the response communication includes the data stream. Alternatively, by way of example, such a data stream may be communicated from a process accessible through communications over the Internet wherein the process is defined by a Universal Resource Location (URL) as in http://www.gtlinc.com/proc/stream or equivalent thereof.
[0171] A device driver can be used. Either one provided through the operating system interfaces, or, one provided by an application operating environment such as the AST ToolKit. By way of example, but not limitation, an implementation can use an open system call to open a device such that by accessing and interacting with the device, information such as that required for facilitating the methods, can be achieved. By way of example, a process issues:
[0172] fp=fopen("directory service", "rw");
[0173] The process opens a device called directory service. As this may not be an operating system device, the fopen implementation determines how to access and interact with the device based on the device name specified. See function call and system calls for details on implementing augmented functions.
[0174] A component of software can be installed on the computer system, or accessible to the computer system through the network. A user, such as a consumer, or a service provider, can cause the software to be installed. This can include the use of software downloaded from the network, as well as software that is preinstalled on the computer system as purchased, or software that is installed during the installation of the operating system or component thereof. The component of software downloaded from the network may require an installation process to be executed, which then installs on the computer such that it can be executed. By way of example, but not limitation, a first component of software downloaded can be compressed and require decompression, resulting in an executable that then installs one or more components of software on the computer system. Examples would include such techniques as downloading an InstallShield package, a Java component, a C# Assembly or other such techniques as known in the industry.
[0175] One or more programming languages and programming techniques can be used to create various embodiments of the invention, and the invention can be implemented on various operating systems such as AIX, BSD, Linux, HP-UX, Solaris, UNIX, IRIX, OpenEdition, UnixWare, and Windows.
[0176] A component of software can provide a service for a daemon process listening on a particular network endpoint, such as Internet Address and port (i.e. 192.127.0.3 port 80). In such cases, the information communicated to the daemon process will be used by the daemon process to cause the service to be executed. According to U.S. Pat. No. 5,850,518, the service can be dynamically loaded, or can be executed in a manner in which the daemon process connects to the service via a communication link. Such cases may be necessary to provide the desired functionality.
[0177] Program Listing 15.0 through 15.3 provide an embodiment using a main program that accepts command line parameters indicating the type of primitive to use, the internet address and port, and the name of the service to load. The service is dynamically loaded from the libservices.so.1.0 library. Each time a connection is received, the service is invoked.
[0178] Application Service
[0179] An application is said to provide a primary service. The application may also offer one or more minor services. The primary service, along with any minor services, collectively constitute the application service. By way of example, an application such as the Netscape Communicator can provide a primary service of graphically rendering HTML documents. A minor service offered by the Netscape Communicator is a Messenger for administering (such as creating, sending, receiving, deleting, cataloging, viewing, forwarding, editing) electronic mail. A second minor service offered by the Netscape Communicator is a Composer for creating new HTML documents or editing existing documents. One skilled in the state of the art would understand that the a first user of an application could perceive the application as providing a primary service that is different from a second user of the same application.
[0180] Minor Service
[0181] A minor service provides some functionality towards the overall application service. The Minor Service is implemented through a component of software. When used in an active context, it is understood that the term Minor Service refers to the process executing the component of software. When used in the inactive context, the minor service refers to the component of software. Thus one would understand that a minor service is provided by a component of software and when the application requires interaction with the minor service, then the minor service is executing.
[0182] Service
[0183] A service is provided for by a component of software. A service may be a minor service, or a primary service. A service can be a primary service of a first application service, and a minor service of a second application service. A service can be a service to itself. By way of example, a service can be implemented as a first process which then issues a fork( ) system call to create a child process.
[0184] In standard UNIX environments, its it standard coding technique to create a daemon process listening for requests for services on a particular Internet Address and port. When a client connects to the specified port, then the daemon process will typically accept the connection, and then issue a fork function call. The fork function creates a child process. The original daemon process, called the parent process, remains executing. The child process typically closes its standard input, standard out, and standard error file descriptors. The child process then duplicates the file descriptor (or handle) associated with the accepted connection, as the new standard input, standard output, and standard error file descriptors. The child process then typically issues an exec function call. The exec function call overlays the image of the current process with a new image of a new executable program to be executed. The child process typically performs whatever action is necessary, and then exits.
[0185] There are cases, however, where the process providing the service may need to stay executing even after responding to the first requesting process. Different methods can be used. One method is for the first process to accept the connection, perform the desired service, and respond to the requesting process. In this manner, whatever state changes where made to the first process remain intact, and are available to subsequent processes. A second method is for the first process to create the child process, and to have the child process remain executing. In this manner, the changes made to the state of the child remain intact. For subsequent requesting processes to gain access to such state information, the child process provide means to permit the subsequent requesting process to access and interact with the child, which may include having the child connect to the requesting process, or, having the requesting process connect to the child, or both. An example of where such state information is useful to retain is when the service is to provide a function or system call on behalf of a requesting process. There are cases where the result of the function or system call must be retained by the service and accessible to subsequent requesting processes (which could be the same requesting process later accessing and interacting with the service). By way of example, a first requesting process sends a request to a service to perform a file open function call. The service perform the open function call and has associated therewith a file descriptor (or handle). The service provides the results to the requesting process. The requesting process then disconnects. A requesting process later accesses and interacts with the service, providing the service with the previous response indicating the results of the open function call. The requesting process provides a request indicating the service is to read a string from the file descriptor. The service, still having the file descriptor open, performs the read and returns the results thereof to the requesting process.
[0186] Application Process
[0187] The term application process, as used in this document, refers to the overall computer representation of the application service. In this definition, the term application process is defined to incorporate all processes of various "weight" including, but not limited to, heavy weight, medium weight, and light weight processes relating to the application service. A heavy-weight process executes in its own address space, whereas medium-weight and light-weight processes may execute within the same address space. The application process may constitute one or more of these processes. Each of these processes is said to have a thread of execution.
[0188] A thread, in this context, represents an execution stream of the application process. The notion of a thread can be provided by the underlying operating system, referred to as kernel-supported threads, or can be provided at the application level, referred to as user-level threads, or can be a mixture of the two. For the purposes of this description, these will collectively be referred to as threads. Note that in a distributed environment, one or more of these threads may be executing on a remote computer system.
[0189] The application process may be confined locally to the computer system on which the application process was initially started, or may have its execution threads distributed among various computer systems accessible to the computer system on which the application process was initially started.
[0190] When a user of the computer system requests to execute an application, a corresponding program is loaded into the computer's memory and a single thread of execution begins. This initial thread may then create additional threads on the local computer system, or possibly on a remote computer system, such as that which would occur with remote procedure call implementations, Microsoft COM, Microsoft DCOM, or other such industry standard techniques.
[0191] The creation of a new thread requires the starting point of the new thread to be specified. In procedural computer languages, for example, this would require the requesting thread to specify the address of the procedure to begin as a new thread.
[0192] Communication Devices
[0193] A computer system includes a communication device. By way of example, but not limitation, a communication device can be a modem, a network card, a RFC device, an infrared device, an optical device, a wireless device, a device connecting the computer to a public switching system device, such as that provided for by a telephone carrier, a T1
connection or equivalent thereof, or any such device for the purpose of facilitating communication between one or more computer systems. All such devices are referred to as communication devices.
[0194] A process can listen on a communication device, awaiting a communication. By way of example, but not limitation, a process can be considered a daemon process, such as that provided by inetd on a UNIX implementation, or other such process, and await a communication. When a communication is received, the process can accept the connection and then send communications, receive communications, or otherwise interact with the communication as appropriate.
[0195] A process that is listening on a communication device generally has a file descriptor open associated with the device. Certain embodiments, such as that with the Microsoft Windows operating system environment, can alternatively use a socket handle to listen on the device. Note, however, that with the U/WIN environment available from Global Technologies Ltd., Inc., the code would refer to a file descriptor that is then translated to a handle for the underlying operating system.
[0196] When a process accepts a connection, the process can cause a second process to begin executing. Alternatively, the second process may already be executing. In either case, the first process can inform the second process of the file descriptor, or handle, that the first process accepted the communication connection on. Various techniques are available to implement this. By way of example, but not limitation, the first process can cause the second process to be created and the file descriptor, or handle, can be inherited by the second process. Alternatively, the first process can open the second process and duplicate the handle from the first process to the second process. Alternatively, the second process can open the first process and duplicate the handle from the first process to the second process. Alternatively, the first process can use file descriptor passing techniques to pass the file descriptor or handle to the second process.
[0197] Communication
[0198] Interprocess, Intraprocess, and network communications are supported. Communication from a first process executing on a first computer to a second process executing on a second computer requires the use of a communication device. The operating system typically provides interfaces for communication connectivity and synchronization in using such communication devices. The operating system interfaces generally provide for a connect/send/receive/disconnect capability. Note, though, that a device can be referenced with equivalent functionality using an open/write/read/close interface, or some other interface as provided for by intermediary components of software providing equivalent functionality.
[0199] By way of example, but not limitation, the socket application programming interface can be used to facilitate communicate. On the Microsoft Windows operating system, equivalent Win32 Application Programming Interfaces can be used.
[0200] It is expressly understood that when a first process communicates with a second process, the communication may be sent by the first process on a first computer to a second process on a second computer and that such communication may be sent through intermediary computer systems on the network. Thus the communication from the first computer may be processed by one or more intermediaries before arriving at the final destination which is the second process.
[0201] It is expressly understood that when a first process communicates with a second process, the communication can be sent by the first process to a process executing on a second computer, and that this process can cause the communication to be made available to the second process. By way of example, but not limitation, the phrase "a first process sends a communication to a second process" can be understood as the first process sends a communication to a daemon process which receives the communication, causes the second process to begin executing, and causes the communication to be accessible to the second process. By way of example, but not limitation, the phrase "causes" can be interpreted as the process provides the second process with the file descriptor or handle, or, the process receives the communication and uses interprocess or intraprocess communications to make the communication available to the second process.
[0202] As provided for by U.S. Pat. No. 5,850,518 patent, a process can create a thread to perform the communication. By way of example, but not limitation, a first process can create a reader thread to receive a communication from a second process. When a message is received by the reader thread, the first process is notified and can access and interact with the message.
[0203] Various forms of encryption, message scrambling, or other such techniques can be used by the implementation to add additional layers of security as required by the implementation.
[0204] Content and Format
[0205] The term communicate implies content. It is further understood that the format of the content of the communication can be defined by the embodiment. By way of example, but not limitation, formats such as HTML, SGML, XML, schema information, data type information, name value pairs, text, or even components of software fabricated to convey the information. A shell script, for example, can have variable names and values to convey information. The only limitation is that the participants in the conversation must have a method to communicate the necessary information. This may, for example, include the use of various filters or translation services to transpose the communicated content from a first format to a second format, and possibly from the second format back to the first format. A multiplicity of formats may be used along the path as the communicated content moves along the network.
[0206] One skilled in the state of the art would understand that content could be expressed according to rules of grammar. For example, a scripting language such as KornShell, or Perl, or Tcl, or Tk, employ particular grammatical rules. It is understood that the content can be formatted according to a language's grammatical rules.
[0207] Furthermore, content can be filtered through various filtering techniques as defined by the implementation.
[0208] Furthermore, content can be verified through various verification techniques as defined by the implementation. By way of example, but not limitation, the verification can be implemented through one or more of:
[0209] the use of XML facets
[0210] the use of components of software such as that provided for by the Daytona Data Management system
[0211] the use of a binding service, such as that provided for by the methods of U.S. Pat No. 5,850,518
[0212] the use of industry standard protocols
[0213] the use of industry standard specifications.
[0214] Protocols
[0215] Communication implies the use of a protocol. A protocol defines a set of rules for communication. Protocols such as TCP, HTTP, FTP, computer mail protocols, application defined protocols, industry standard protocols, proprietary protocols, and the likes can be used. Once skilled in the state of the art would understand that various protocols could be developed in the future which can also be used for such communication. Furthermore, a multiplicity of protocols may be used as required. By way of example, but not limitation, protocols such as SOAP (Simple Object Access Protocol) can be used in conjunction with transport protocols such as HTTP. From the standpoint of the invention, all such protocols are contemplated for and collectively referred to as a protocol.
[0216] Consumer Service
[0217] The term consumer is meant as a consumer of a service. The service consumed can be an on-line service such as banking, electronic commerce, data acquisition, news reports, a service describing something of interest, changes to a web site, changes to a catalog, changes to what is available on-line, or even an online service such as that provided by an Internet Service Provider. Regardless, though, the service is provided by at least one component of software. A person, acting as a consumer, can also provide a service and such a service is referred to as a consumer service. In such cases, the consumer service is provided by a component of software.
[0218] A consumer causes a component of software to be installed on the computer system wherein the component of software provides a consumer service. Alternatively, the component of software can be pre-installed by a provider of such computing device as one may anticipate when purchasing a computer from a provider such as Compaq, Dell, or Gateway. Alternatively a component of software can be downloaded from the network which implies the use of transferring the component of software from a first computer to a second computer, the second computer representative of the computer system being used by the consumer.
[0219] Registry
[0220] The term registry is understood to imply a collection of related data. The term service directory could be used as well. The embodiment can use a database, a data management system such as the Daytona Data Management System from Global Technologies Ltd., Inc., a directory service, an ascii text file, a binary file, an indexed file, an industry standard method of organizing data, a method for administering data as provided for by an operating system, or other such techniques as would be understood in the state of the art, to facilitate the administration and administrative functions required. Such administrative functions can include one or more of collecting, organizing, accessing, interacting, verifying, replicating, or indexing of such information. A minimum administrative functionality set should include the ability to register, query, and delete. Additional administrative functionality would include the ability to change, update, or otherwise modify existing data. Within this specification, a directory service constitutes the application service for administering the data in the registry. When implemented with the Daytona Data Management System, a multiplicity of individual programs, libraries, applications can collectively constitute the directory service.
[0221] In a preferred embodiment, the Daytona Data Management System would be used instead of a commercial database system such as Oracle. The distinction is that Daytona provides full database capability in the development environment, and supports a runtime environment without the capability to define or add new tables and new schemas. A Daytona runtime environment has a significantly lower cost then comparable database systems such as Orcale or Informix, and does not require the customer to hire a database administrator. The Daytona system is specialized for run time applications needing data management, without the overhead of a Oracle or Informix.
[0222] Multiple registries can be used, and the registries may reside on different computers of the network. In one sense, this can be used to provide collections of services based on geographic areas. By way of example, a first registry contains entries representative of service providers providing service only within the state of New Jersey. A second registry contains entries representative of service providers providing service only within the state of New York. One skilled in the state of the art would understand that both registries could reside on a single server located in Connecticut, or on a first server in New Jersey and a second service in New York.
[0223] The organization of the data within the registry can be defined by a schema, as one skilled in the state of the art would understand the term schema. By way of example, a database consist of one or more tables, each table has a schema. An XML document may have a schema defining the content. A data management system provides the use of schemas for defining the content of a data set. The organization of the data within the registry can include a multiplicity of schemas. Thus a first data set having a first schema, and a second data set having a second schema, wherein the first data set and the second data set can be logically related to the task at hand.
[0224] An embodiment can use one or more in-core tables to facilitate the registry. Such techniques are known in the state of the art and are provided for with the Daytona Data Management System from Global Technologies Ltd., Inc. See the Daytona User's Guide for details.
[0225] The registry can include encrypted or compressed data and that this is implementation issue. When using the Daytona Data Management System, for example, a record class description can include compressed fields. From the services viewpoint, however, the data is uncompressed until saved by Daytona in a compressed format. Similarly, when the service requests data, the data may be decompressed by Daytona and provided to the service in an uncompressed format.
[0226] The registry can be implemented using horizontal and, or, vertical partitioning techniques. See the Daytona Users Guide for details.
[0227] Administrative functions can be implemented through access methods [access plans] as one would understand the term in database techniques. By way of example, but not limitation, a SQL statement can be used. The implementation, possibly through the use of an ODBC Compliant Driver, (or JDBC Compliant Driver) can create an access plan for accessing and interacting with the data. Similarly, a Daytona Cymbal statement can be compiled into object code and the object contains the access method.
[0228] Administrative functions can be implemented through a 4th generation language such as that of Cymbal, as provided by the Daytona Data Management System [see Daytona's User Guide].
[0229] An embodiment can use one or more components of software to facilitate administering the registry. In such content, the components of software can communicate as required by the embodiment. By way of example, a first component of software on a first computer can communicate with a second component of software executing on a second computer to facilitate an administrative function.
[0230] The schema can be implemented through the techniques of the Daytona Data Management System. The term Record Class Description equates to a schema. A component of software can include the access method for accessing and interacting with the registry.
[0231] The registry can be implemented as a Daytona Project and that one or more administrative functions can be implemented through a first Daytona Application, while additional administrative functions can be implemented through a second Daytona Application. A Daytona Application has one or more Record Class Definitions. See Daytona's User Guide].
[0232] A registry entry can consist of a multiplicity of information components, and an information component can have an attribute describing the use of the information component. By way of example, but not limitation, an attribute can be PUBLIC, in which case the information component is available to any requesting process. An attribute can be PRIVATE in which case the information component is only accessible to the entity requesting the registration in the registry. An attribute can be SECURE, in which case the information component is accessible to a process satisfying security criteria as defined by the implementation. In the use of attributes, a more robust implementation would define a service associated with the attribute such that the service can be invoked as necessary to perform the functionality desired. By way of example, but not limitation, the PRIVATE attribute can have an associated PRIVATE service that is called by the service accessing the registry, to perform the validation, parsing, filtering, or otherwise data manipulation required to fulfill the functionality of the service. One skilled in the state of the art would understand that such functionality and management of attributed field capability could be implemented with the Daytona Data Management System.
[0233] Program Listings 4.1 through 4.7 provide an embodiment of a directory service. The directory service is started by the generic front end loader, and listens on an Internet Address and port for requests. The directory service reads name/value information components, and acts upon them according to the specified command. The directory service configures the command table during initialization. In the current embodiment, the commands register, create, query, and delete are registered with the directory service. In a second embodiment, additional commands can be registered such as update, modify, replicate, report, and others. In a third embodiment, the commands to be registered can be read from a configuration file, such as that used by the software engine service. In yet another embodiment, the commands to be registered can be queried from a common directory service. The directory service accesses the request, and locates the command information component. The directory service then locates the corresponding registered command and accesses and interacts with the service associated with that command. By way of example, if the command is register, then the directory service locates the service associated with the register command and accesses and interacts with that service. In the embodiment of Program Listings 4.1 through 4.7, the directory service recognizes the ".private" attribute of an information component and treats such information components accordingly.
[0234] Note that an embodiment of the first directory service can access and interact with a second directory service to determine services to be provided by the first directory service. By way of example, the first directory service can communicate a request for services to the second directory service, and the second directory service can access and interact with the request to determine an appropriate response. The response may include one or more accessible services. This permits a first directory service to be configured according to the criteria supplied by the first directory service to the second directory service. In this regard, the first directory service may have a subset of services that the second directory service supports. By way of example, the first directory service may support a query command, but not a register command. Similarly, the first directory service may support an update command, but not a delete command. By way of example, the first directory service communicates a unique identifier associated with a service provider to the second directory service. The second directory service, responsive to receiving the identifier, accesses and interacts with the registry and determines the unique identifier has a particular security level associated with it. As a result, the second directory service communicates a response indicating one or more commands, and one or more services associated with each command, to the first directory service. Subsequent use of the first directory service would then be limited to those commands supported by the first directory service.
[0235] A multiplicity of registries can be maintained by the embodiment. Each registry can be accessed by a corresponding directory service. A multiplicity of directory services can be used. Each directory service can broadcast its availability. Such an implementation would use standard broadcasting techniques as defined in UNIX Network Programming series, Second Edition, W. Richard Stevens, Addison Wesley, ISBN 0-13-490012-X, or equivalent thereof. By way of example, a first directory service of a first computer of the network can broadcast its availability. A second directory service of a second computer of the network, responsive to receiving the broadcast from the first directory service, can register the first directory service with the second directory service. Alternatively, the first directory service could access and interact with the second directory service to cause the second directory service to register the first directory service.
[0236] The Unique Identifier
[0237] The term the unique identifier implies a sequence of characters used to uniquely qualify an entity. In this context, the term entity can represent a consumer, a service provider, a transaction, an entry in a registry, a thread, a process, a function, or a component of software. The reader will be guided by the context of the term to determine the corresponding entity referenced. For example, a consumer the unique identifier is understood as an identifier uniquely qualifying a consumer from other such consumers. A service provider the unique identifier is understood as an identifier uniquely qualifying the service provider from other such service providers.
[0238] The identifier can be a string of characters in the character code set understood by the embodiment. The identifier could contain white space.
[0239] An embodiment can use a multiplicity of strings to ensure uniqueness. For example, an identifier can include a first string and a second string as in:
[0240] IDENTIFIER: Northrup, C., 15 Spring Street, Suite 200, Princeton, N.J.
[0241] In this context, the uniqueness may require a multiplicity of information components such as Name, Address, City, State.
[0242] When used in conjunction with a Universal Description Discovery and Interchange Node (UDDI), a uddi_key can be used as the unique identifier.
[0243] When used in conjunction with a hashing service, the registration information, or a portion thereof, provided by the subscriber [ie., the consumer] can be communicated to the hashing service to generate a hash key.
[0244] The unique identifier can include a name value pair, or a multiplicity of name value pairs. This is especially useful when using a directory service to create an entry in the registry. By way of example, a unique identifier can include a first name and value indicating a specific data set (or registry) or logically related data sets. The second name and value pair can indicate a unique key within the data set. By way of example, a unique identifier "sd=payment_services id=cjn@gtlinc.com" would indicate that the service directory (ie. The registry) is called payment_services and id=cjn@gtlinc.com is within that registry.
[0245] A given person may have a multiplicity of the unique identifiers, each the unique identifier uniquely qualifying the person with respect to the activity the person is performing. A person at work may have one the unique identifier for work related activities, a separate identifier for home (or personal) related activities, and a separate identifier for organization activities (such as non-profit organization, little league, home-school association, political party activities). Note that a person may have the unique identifiers for other activities within an activity.
[0246] A user may interact with a component of software on the user computer to select the current the unique identifier as appropriate for the current activity. The interaction may be through means of a touch screen system, a pointing device such as a Microsoft mouse, speech recognition apparatus, and the like. Regardless of the implementation, software will be used in determining the current the unique identifier. The interaction may cause software to determine the activity and from the activity determine the unique identifier. The aforementioned may be determined solely by a process monitoring the activity of the user, by a process determining the activity of the user, or, by prerecorded information accessible to the process. Furthermore, such process may require interaction or communication with a second process as in the case of a first process communicating with a directory service.
[0247] When the computer system uses the named execution environment of U.S. Pat. No. 5,850,518, then a process can register attributes with the directory service. In such cases, a first user may have access to a first computer, which registers attributes describing a first process on the first computer. The implementation can use this information to deduce or otherwise determine the activity, or, the current the unique identifier, or a combination thereof. When the first user uses a second computer, then a process on the second computer can register attributes with the directory service. In such a case, the first user's activity or the unique identifier, or combination thereof, can be determined by the registered attributes of the second computer.
[0248] When the invention is used with the methods of U.S. Pat. No. 5,850,518, then a first process of the user's computer can communicate with a directory service to determine the current activity or the unique identifier, or combination thereof.
[0249] An implementation can use a unique identifier associated with a user, combined with access and interaction rights based on the network endpoint that the user is connecting from, to determine privilege and authorization. By way of example, a business maintains an enterprise wide network. An employee has an assigned the unique identifier. The employee uses a computer connected directly to the enterprise wide network (i.e., an ethernet behind a firewall). The employee provides their the unique identifier and can access and interact with a service within the enterprise (ie., behind the firewall). The employee leaves the office and goes home. From home, the employee uses an Internet Service Provider, such as America On-Line, to access the Internet. A process on the employee's home computer, connects to the enterprise service executing behind said firewall. The employee provides their the unique identifier. The enterprise service uses an authentication service and determines that the computer the employee is connecting from is outside of the enterprise wide network. The enterprise service then permits the process executing on the employee's computer to access and interact with a limited set of services. The limited set of services may be publically available services that are provided by the enterprise. For example, an administrator within the enterprise may configure the services such that access to customer information will only be granted to a requesting process executing within the enterprise, but, access to the company phone directory is permissible for requesting processes executing outside of the enterprise.
[0250] Dynamically Loadable Module
[0251] A dynamically loadable module is a component of software stored in a shared library, or a dynamic link library, or equivalent thereof, but collectively referred to as shared library throughout this specification. In a typical embodiment, a first function call is made to attach the shared library to the address space of the requesting process. A second function call is then made to access a particular module within the shared library. It is noted that certain embodiments can take advantage of an initialization function within the shared library that is automatically invoked when the shared library is attached or detached. Examples of this are the DllMain function, or equivalent thereof, as provided by the Microsoft Win32 Interface, and the init function as defined in the KornShell development kit. Various other implementations of shared libraries on UNIX support such initialization functions.
[0252] Function Call and System Call
[0253] For purposes of this disclosure, a function call and a system call are often collectively referred to as a function call. When a particular distinction is necessary, the term system call will be used.
[0254] It must be noted that the AST ToolKit, provided by AT&T Research, and described in Practical Reusable UNIX Software, John Wiley and Sons, ISBN 0-471-05807-6, includes numerous replacement functions via replacement libraries, related to file system access. The replacement functions currently offered by the n-Dimensional File System component of the AST Toolkit and the KornShell, do not augment these standard functions and system calls with access and interactions to services nor to directory service.
[0255] In various embodiments of this invention, a function of a process can be augmented by providing a replacement library containing a replacement function, and using dynamic loading techniques to dynamically load the replacement library (or component thereof), to facilitate the methods and systems of this invention. Alternatively, the corresponding application program could be linked with a library providing functions offering equivalent capability of the replacement function. When reading the term "replacement function" or "augmented function", it is understood as a function providing an augmented capability or feature which is provided by a replacement function, or a function that the corresponding application program was linked with. Note that this may be in addition to the standard functionality of the corresponding function.
[0256] By way of example, the recv function is frequently used in network programming. (See UNIX Network Programming Volume 1 Second Edition, W. Richard Stevens, Addison Wesley, ISBN 0-13-490012-X.). An embodiment can augment the functionality of the recv function to access and interact with a directory service in order to facilitate administrative functionality such as replication, consistency, communication forwarding, and other services such as wire tapping, broadcasting and the like. Similarly, the functionality could include routing a received request to a second service. Thus, when the process makes the function call, the augmented version of the function can be used to augment or replace the standard functionality of the function.
[0257] By way of example, an augmented function can access and interact with a directory service to determine a service providing the underlying desired functionality. An embodiment could interact with a directory service to determine where the underlying functionality should be executed. A process issuing a write function, for example, could use the replacement write function which would access and interact with the directory service to determine how to access and interact with a write service providing means to write to an accessible device. Similarly, a process issuing a read function call, could use the replacement read function which would access and interact with the directory service to determine how to access and interact with a read service providing means to read from an accessible device. It is understood that such embodiments may require parameter passing from the process issuing the function call, to the service providing the underlying functionality. In such cases, the input types, and possibly the output types may also be communicated between the process and the service. An implementation could use SOAP/XML for such parameter passing, and possibly for one or more input types, as well as one or more output types. In this manner, a process compiled for a first operating system can be executed on the first operating system, but have one or more augmented function calls accessing and interacting with a service executing on a second computer of the network having a second operating system which may, or may not be different from the first operating system. Note that the service may be a process having means to perform the desired functionality and maintain state.
[0258] A first process can issue an open system call and have a file descriptor (or handle) associated with the opened file, but the file may physically reside on the second computer of the network.
[0259] By way of example, a code fragment written in the C language could include
[0260] int fd=open("etc/profile",O_RDONLY);
[0261] One skilled in the state of the art would understand that open is a system call and the functionality of the open system call is to open a file identified by the first parameter, which in this case is a file named/etc/profile, for read only. Upon success, the open system call returns a file descriptor value to the process and the file descriptor value is saved in the memory location given by the integer variable field. (For detailed information on the C programming language, see "The C Programming Language, Brian Kernighan and Dennis Ritchie, Prentice Hall Software Series, ISB 0-13-110362-8.)
[0262] When augmenting the open system call, the augmented open function can access and interact with a directory service and specify criteria for selecting a service. By way of example, the criteria could be a service having access to the /etc/profile file. If such a service is found, then the process can access and interact with the service to cause the service to perform the open system call. The service would have access to the file descriptor associated with the opened file. The service would remain executing, and would provide a response to the requesting process wherein the response indicates a value for the opened file descriptor. The response may be a value indicative of the maximum number of open file descriptors allowed by the operating system, plus the number of opened files that are opened by the service at the request of the process.
[0263] The process can then issue a read function call, and specify the value for the opened file descriptor. The augmented read function would examine the value of the opened file descriptor, and realize it is a value higher than maximum number of opened file descriptors supported by the underlying operating system. In this case, the replacement read function would deduct the maximum number of allowed opened file descriptors from the specified value for the opened file descriptor, and would access and interact with the service providing the underlying read functionality. In this sense, the replacement read function would provide the service with the appropriate file descriptor value, and possible other parameters, and the service would then perform the read system call, and provide the results thereof to the process.
[0264] The communication between the process and the service can be implemented using XML, or using other techniques such as messaging according to a format and possibly a protocol determined by the implementation. In one embodiment, the Safe-Fast-IO (sfio) interfaces are used (See Information Disclosure "Practical Reusable UNIX Software" for details on sfio).
[0265] The process may cause one or more standard functions to be executed on the same computer that the process is executing on. By way of example, certain environment settings and user administration may need to occur on the same computer as the first process, while other functions can be performed on a second computer according to this invention.
[0266] The process may also require a graphical user interface on the same computer that the process is executing on. In such cases, the functions calls related to the graphical user interface should not be processed by a service executing on a remote computer system.
[0267] The requesting process can register certain function calls that should be executed on the same computer as the requesting process. The augmented function would then determine if the underlying functionality is to be executed on the same computer, or should be executed by the service. To make such determination, the augmented function may access and interact with a directory service having the registered certain functional calls described above.
[0268] Certain functions return a pointer to a memory location. In such cases, an augmented function would access and interact with the service and the service would communicate the results thereof to the process. The communication can include representing data as characters, such as a hexadecimal character or equivalent (such as %32) and the data can be assembled into an allocated memory location accessible to the process. (See communication for details on communication).
[0269] The mapping of one or more return values and side effects of a function performed by a service can be determined by the implementation without changing the scope of the invention. Thus, a service executing a component of software on behalf of a process, can maintain state information about the results of the execution of the component of software, and, can communicate the results and side effects to the process, which are then assembled and made available to the process as if the function call were completed on the same computer and operating system of the process.
[0270] An embodiment can register additional information components about the devices, services, software, operating system, functionality, communication capability, characteristic and attributes thereof, and other information components as would be necessary to facilitate the invention. By way of example, this can include registration of the service having capability as disclosed herein. Such information may be necessary for the criteria as provided by the process.
[0271] When using name-value pairs, or other identifiers qualifying that portion of a request string which represent a service, the augmented function can use the directory service to discovery the corresponding component of software providing the service. For example, the open function call takes as a parameter, the name of the file to open. However, by providing criteria for accessing the file, the open function call can determine the service it should provide, by interacting with a directory service. By way of example, criteria specified as description="Corporate information about GTL" can be provided to the open function call as the parameter. When the open function calls attempts to open a file with that name, the open will fail. Instead of returning an error condition, the open function call could interact with a directory service to see if there is a service that can satisfy the request. The directory service could either return back entry information and the open function could then access and interact with the service, or, the directory service can connect to the service satisfying the request. Thereafter, when a read function is called, the read function could receive information from the service and provide same to the process. Similarly, when a write function is called, the write function can send the data to the service. Finally, when the close function is called, the close function can disconnect from the service.
[0272] Operating systems typically are deployed with various supporting commands and utilities. By way of example, this often includes a shell, such as ksh. The shell interprets requests and performs desired actions. The POSIX standards define various shell commands and utilities which can be invoked by the shell.
[0273] On a Unix system, such as a Solaris 2.8 operating system, a frequent task is to invoke a cat command to display the content of a file. The cat command takes one or more command line arguments which are file names to display. The output of the cat command is displayed on standard output. Using the shell, one could cat the contents of a file and pipe the standard output as the standard input for a second command.
[0274] The cat command is invoked as a process and the process uses the open function call to open the file. By augmented the open function call with criteria, we can cat the contents provided as a service, as if the content where in a file on the local computer. Thus, the cat command itself does not need to be recompiled to take advantage of this capability. Instead, we use the augmented open function from a dynamically loadable library.
[0275] Similar behavior can be achieved for all standard UNIX commands and utilities that are dynamically linked.
[0276] Similar behavior can be achieved for all standard command and utilities of the U/WIN product line, as well as other applications that are dynamically linked. The U/WIN product line provides the KornShell and the shell commands and utilities for the Windows operating system.
[0277] Registration:
[0278] The registration can be an automated process such that whenever a service begins executing, it always registers its availability with the common directory service. Alternatively, the service can be accessible through a well-defined connection such as a URI, or on a dedicated Internet Address and port. In such cases, the registration process may occur once. In other implementations, a process having appropriate information about the service can register the service. In other implementations, the service may be registered via a user interacting with a graphic rendering program providing a form for the user to complete and submit electronically. Still, in other implementations, the registration process may be via computer mail. The registration process can also be implemented with SOAP/XML techniques. The registration process could also be implemented through remote procedure call, or equivalent thereof. Once skilled in the state of the art would understand that there are a multiplicity of methods for performing the registration process, even calling a person who could manually enter the registration information as required.
[0279] The registration process can include an identifier identifying the directory in which the registration is to occur. By way of example, a registration may indicate: sd="Public Services" in which case the registration is to occur in the Public Services service directory. A default directory can be used when the registration process does not provide such a service directory identifier.
[0280] The registration information includes information provided by the process (or processes) participating in the registration. The registration information is said to contain one or more information components. An implementation can use a name-value pair for an information component, such as name="Charles Northrup", or, can use XML to communicate the information component, or various other techniques which may, or may not require a schema.
[0281] The implementation can support private and public attributes, as described in U.S. Pat. No. 5,850,518. In such cases, an information component can be marked as private, and thus would be accessible only to the directory service, but would not be returned in queries or reports. A private information component is always accessible to the administrator of the directory service. Similarly, a private information component is always accessible to the owner of the service.
[0282] An information component can be marked with a Group attribute. According, members of the specified group (or processes acting on their behalf) would have access to the information component.
[0283] Implementations can use underlying operating system security semantics as well. For example, a Unix system supports the notion of read/write/execute permissions for owner, group, and others. Such operating system semantics can be used.
[0284] The registration process can include the use of a graphical interface to make the registration experience more pleasurable for the user. Such implementations could be facilitated through the use of the Microsoft Internet Explorer or equivalent thereof. Alternatively, the graphical interface can be provided by other means, as one skilled in the state of the art would understand.
[0285] Note that some implementations will have the directory service provide required registration information to the registering process, and that such information may be communicated to a user of a computer system, and that the user would provide the required information and the required information would then be accessible to the directory service.
[0286] The registration information is administered by the directory service, which can use a registry to provide persistence for the data.
[0287] A service provider can register a multiplicity of registrations with the common directory service. This can permit artificial intelligence methods for the selection of the service satisfying criteria. The selection can include events, time specifications, access methods, communication methods, methods providing selection based on response times, and the like. In such cases, a service provider can register that the service provided by the service provider at a particular network endpoint is accessible only during certain hours of operations, which may include day of week, month, year, etc. The same service can be registered for a different network endpoint for a different hour of operations, which may include day of week, month, year, etc. The only restriction is that duplicate entries in a single service directory are not supported.
[0288] It is noted that replication of entries between service directories registries may be provided by the implementation. In such cases, a first directory service can provide a second directory service with one or more registration entries maintained by the first directory service, in order to replicate the data maintained in ithe registry. An implementation can use the methods of U.S. Pat. No. 5,572,709, or equivalent thereof. Each time an entry is written to the registry, the write(2) system call can be augmented to duplicate the write request to a remote file store. The write(2) system call can also use the directory service to determine a remote process having capability to receive registry updates. The write(2) system call can connect to the remote process and communicate the information related to the write system call. The remote process would receive the communication and perform equivalent action to a data store maintained by the remote process. The remote process can either update its registry immediately, or, store the communication until sufficient communications have been received, and use bulk data loading techniques to bulk load the data.
[0289] In a second implementation, a first directory service receives requests, and depending on the request received, will duplicate the request to a second directory service. By way of example, the first directory service receives a request. The request is scanned to determine if the request is to register a new service, and if so, the first directory service accesses and interacts with a remote directory service to replicate the request. This would be in addition to the first directory service performing the operations of the received request.
[0290] To maintain consistency, other request such as delete, modify, change, update, and others can also be replicated.
[0291] The implementation can provide this capability in a function of a dynamically-linkable replacement library. One example of a dynamically-linkable replacement library is found in U.S. Pat. No. 5,572,709.
[0292] By way of example, a gethostbyname standard operating system interface call can be augmented to access and interact with a directory service as required. (See UNIX Network Programming Networking APIs, UNIX Network Programming series, Second Edition, by W. Richard Stevens, pp 240-246, ISBN 0-13-490012-X for details on the standard gethostbyname operating system interface.) Program Listing 1.1 provides a source code listing of one implementation for the replacement gethostbyname function which is then compiled into object code, and archived in a replacement shared library with the same filename as the standard shared library containing the operating system provided gethostbyname function. Using the LD_LIBRARY_PATH environment variable setting to first point to the location of the replacement shared library; the replacement gethostbyname function would be used whenever a process invokes the gethostbyname function.
[0293] The standard system version of the gethostbyname function accepts a single parameter hostname, which is a pointer to a character string and returns a pointer to a hostent structure on success, or a NULL pointer on failure (Program Listing 1.1 line 3).
[0294] In this embodiment, the gethostbyname function will first invoke the system version of the gethostbyname function (Program Listing 1.1
line 8) to see if it is able to resolve the host name reference given by the value pointed to by parameter hostname.
[0295] If the system version of the gethostbyname function is not able to resolve the hostname, then the gethostbyname function will consider the host name reference given by the value pointed to by parameter hostname as criteria for selecting a service. In this case the gethostbyname function will query the directory service (Program Listing 1.1 line 12) and will examine the results of that function to see if connectivity has been registered for a service satisfying the criteria (Program Listing 1.1 lines 13-18). In this case, the gethostbyname function will then invoke the system version of the gethostbyname function (Program Listing 1.1 line 19).
[0296] In a second embodiment, the standard operating system interface call can include the necessary computer instructions to access and interact with the directory service.
[0297] Other embodiments are possible. By way of example, the gethostbyaddr, gethostbyname2, getservbyname, getservbyport, getnameinfo, and others, can have appropriate replacement functions to access and interact with the directory service. This is not limited to socket application programming interfaces. By way of example, an open system call can be modified to access and interact with a service, through the use of a directory service.
[0298] The benefit of using replacement dynamically loadable libraries is that the original source code for the application program need not be modified to gain the advantage of working with the directory service. Thus, applications, such as telnet, Netscape communicator, ftp, ping, and others, can immediately take advantage of the directory service, without having to recompile the application.
[0299] By using a replacement dynamic link library with an alternative gethostbyname function, the user can enter information that can then be communicated to a directory service, and the appropriate response displayed.
[0300] In an enterprise network, such as within the Global Technologies Ltd., Inc., domain (gtlinc.com), we can maintain a registry containing contact information for our employees. When using the browser, a first employee can enter "contact information for Charles Northrup" and the directory service locates a service providing that information, accesses and interacts with the service, and communicates the response from the service, to the browser process.
[0301] Netscape 4.73 and Microsoft Internet Explorer version 5.0 permit the user to enter a string. Both products attempt to resolve the entry by using a domain name lookup service, usually provided by gethostbyname (or equivalent thereof). When a domain name cannot be determined, both products will interact with web search engines to determine a relevant page. By way of example, the Microsoft Internet Explorer will communicate with the Microsoft Service Network search engine site. If the string was entered as C:.backslash., then both products insert a file schema and as translate the request as file:///C.vertline./. Neither product permits access and interaction with a directory service.
[0302] The implementation can also be provided directly by the operating system interfaces themselves.
[0303] An example directory service is shown in Program Listings 4.1
through 4.7. The embodiment provides for a register command, a create command, a query command, and a delete command. When registration is to occur, the name/value pair may include a ".private" notation to indicate that the name/value pair is private, and should not be reported as part of a query command. As an example:
[0304] Name="charles northrup" phone.private=609-924-7305
[0305] In this context, the registration entry will include two information components. The first is a name component, having value "charles northrup" and the second is a phone component having value 609-924-7305. When querying the directory service using:
[0306] Command=query name="charles northrup"
[0307] then the query will report the name component and its value, but not report the phone component nor its value.
[0308] An implementation can add a ".mandatory" attribute to an information component to force the specified information component to be included in a query request. By way of example,
[0309] Command=register name="charles northrup" phone.mandatory=609-924-73- 05
[0310] In this example, a query request must include phone=609-924-7305 in order for the entry to be included in the query results.
[0311] An implementation can add a ".group" attribute to an information component such that the a group list is maintained by the directory service, and only those belonging to the group can see the results of the query. By way of example:
[0312] Command=register name="charles northrup" group.mandatory=officer
[0313] In this example, a query request with criteria name="charles northrup" would require the request process to supply additional information so that the directory service can determine if the request is on behalf of a member of the specified group.
[0314] Note that the use of the attributes can be extended to a connect request facilitated by the directory service. In such cases, a request of:
[0315] Command=connect name="charles northrup"
[0316] Would be subject to the same constraints as the query command, as described above.
[0317] In assigning attributes to information components within a registry entry, an implementation can use the directory service itself to access and interact with a service providing the desired functionality. By way of example, the private attribute described above can be a registered service within the common directory service (CDS). When the CDS receives a query command, and locates one or more entries satisfying the request, the CDS could access and interact with a "private" service which could perform translation to an empty string for that information component. In a another implementation, an information component can have a "normalize_to_upper" attribute and the CDS would access and interact with the service providing normalize_to_upper normalization of the data content for the value portion of the name/value information component.
[0318] Registration Information
[0319] By way of example, but not limitation, this may include one or more of:
[0320] consumer information
[0321] name
[0322] street address
[0323] city
[0324] state
[0325] country
[0326] postal code
[0327] information representative of the consumer computer
[0328] information representative of the operating system of the consumer computer
[0329] information representative of the communication devices of the consumer computer
[0330] information representative of components of software accessible to the consumer computer
[0331] consumer contact information such:
[0332] telephone number
[0333] fax number
[0334] beeper number
[0335] pager number
[0336] wireless access number
[0337] cellular phone number
[0338] company information
[0339] affiliation information
[0340] corporation information
[0341] non-profit business information
[0342] organization information
[0343] agency information
[0344] consumer add-on services
[0345] consumer subscribed services
[0346] consumer billing information
[0347] consumer payment information
[0348] consumer historical usage information
[0349] consumer historical payment information
[0350] consumer transaction information
[0351] consumer security information
[0352] consumer profile information
[0353] consumer access information
[0354] consumer geographical information
[0355] consumer preference information
[0356] consumer enhancement service information
[0357] payment type
[0358] payment provider unique id
[0359] payment account unique id
[0360] payment billing information
[0361] payment billing name
[0362] payment authorization unique id
[0363] payment provider id assigned expiration date
[0364] payment provider code
[0365] payment bank unique id
[0366] payment bank authorization unique
[0367] connectivity required to reach a service
[0368] access point
[0369] Internet address
[0370] port
[0371] protocol
[0372] network type
[0373] data representation
[0374] service availability time
[0375] duration of service
[0376] owner information
[0377] group information
[0378] When used in conjunction with the methods of U.S. Pat No. 5,850,518, the information can include one or more of the information components as defined in the thread directory service. By way of example, but not limitation, this can include the physical connectivity required to reach the consumer, the consumer service, or any service including a minor service, a communication primitive to be used in communications wherein the information on the physical connectivity required is used by the communication primitive to establish connectivity. As an example, a consumer computing device connects to the Internet through an Internet Service Provider [ISP] and is assigned a dynamic Internet Address. The registration information can include the dynamic Internet address and possibly one a port for sending and receiving communications. One skilled in the state of the art would understand that a multiplicity of ports may be used in facilitating the communication.
[0379] Alternatively, if the consumer computing device has a static Internet Address associated with it, that the static Internet Address and a designated port can be registered. One skilled in the state of the art would understand that a network address and possibly a port number, or equivalent thereof, can be used. By way of example, an Internet Address may be 192.127.0.3 and a port may be 3999. Alternatively, an Internet Address can be workhorse.gtlinc.com and a binding service such as that provided by the name daemon or equivalent thereof would bind workhorse.gtlinc.com to an appropriate network address.
[0380] Accesses and Interacts
[0381] The phrase accesses and interacts implies the use of a multiplicity of processes. The processes may communicate via interprocess communications, intraprocess communication, or through a communication device as supported by the underlying operating system. Communications can be instrumented through protocols. A first process can be executing on a first computer of the network, and a second process executing on a second computer of the network. It is understood that this may include one or more intermediary processes to facilitate the communication, as determined by the protocol. It is understood this may include one or more intermediary processes to facilitate the communication, as determined by the network. The network can be the Internet, a private network, a public network, or some other network such as the virtual network as described in U.S. Pat. No. 5,850,518.
[0382] The phrase access(es) and interacts can also imply loading a dynamically loadable module into the address space of the first process and invoking a function entry point in the dynamically loadable module either directory, or indirectly through an initialization function supported by the underlying implementation. By way of example, the DllMain function is invoked whenever a dynamically linked library is attached to a process.
[0383] Criteria
[0384] Criteria can be implemented through name/value pairs, which may include using regular expressions and possibly even using Boolean operators, through SQL statements, through OBDC instructions, JDBC instructions, Microsoft ADO.NET, through Daytona Cymb