Browse Prior Art Database

Role Association and Entitlement Web Service

IP.com Disclosure Number: IPCOM000011710D
Original Publication Date: 2003-Mar-12
Included in the Prior Art Database: 2003-Mar-12
Document File: 3 page(s) / 51K

Publishing Venue

IBM

Abstract

Entitlement web service is a service to process user behaviors with hosting resources in web services provisioning technology. These hosting resources and users are associated with services' roles. The interpretation and operation on web services' roles are core pieces in Entitlement web service.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 41% of the total text.

Page 1 of 3

Role Association and Entitlement Web Service

Abstract

Entitlement web service is a service to process user behaviors with hosting resources in web services provisioning technology. These hosting resources and users are associated with services' roles. The interpretation and operation on web services' roles are core pieces in Entitlement web service.

Introduction

Entitlement web service hosts user accounts and provisioning resources which include offer accounts, application accounts, service accounts, resource roles, and user accounts. Service APIs provide entrance points for a user to manage the hosting resources, organization entitle accounts and invoke web applications. In order to provision user activities with web resources, the service relationship is set up among users, services and roles. As a result, the relationship between the user and hosting resources is kept distributed within Entitlement service and is created explicitly, implicitly, or automatically.

The basic ideas of service activities in Entitlement web service are role assignment, role synchronization, and role association. The relationship between users and web resources is defineded in service metadata, initialized by Subscription web service, performed by Entitlement web service, and effected in Application Agent. The overview relationship is as following:

E ntitlem ent W eb S ervice

Role Assignment

A user is entitled to access web resources by assigning a web service role to him/her. When administrator assigns an application role to a user, the Entitlement service will first check the local repository to find the userAccount, if it can't find one, the Entitlement service will contact with application agent to create a userAccount for the user.

Meanwhile, the Entitlement service will also communicate with Contract service to create the usage contract based on user and web service information. In runtime, the Entitlement service will contact with Contract service to get a valid the usage contract key and pass the key along with metering events to charge for using the service.

When an administrator removes a service role from a user, the Entitlement service will remove role from user in both Entitlement service and Application Agent. If the user account represent the last role for the user nad the web service, the Entitlement service will remove that user account from both local and application side.

1

R ole A ssignem ent

lRo e

Role - Users

Client

Sy hnc ron tiza ion Role

As so cia tio n

Application Agent

E n tity - U s e r s

Apps - R oles

repository

[This page contains 5 pictures or other non-text objects]

Page 2 of 3

Role assignment can be done either explicitly by assigning a role directly to a user, or implicitly by assigning a role to an organization entity which will down cast it to users in the organization, and automatically by role association.

Role Synchronization

If a web service role is assigned to a user implicitly which means service role is assig...