1. Field of the Invention
The present invention is in the field of networked computer systems. In particular, the present invention relates to the provision of an application to a user, the provision of the application requiring a system and a method for managing a plurality of servers accessible over a network, wherein each server supplies a separate service for use in the application.
2. Description of the Related Art
Many modern computer applications make use of external services. These services may comprise functions, methods or data that are provided by a third party independently of the computer-program code or hardware that implements the computer application. The service may be provided by computer-program code processed by a local or remote processor or may be provided using dedicated electronic circuitry. Typically, the computer application will not have access to the operation of the external service and the external service will not have access to the operation of the computer application, e.g. have access to protected code loaded into local memory. Instead, the computer application will call upon the service using a defined interface.
The use of external services is particularly suited to the provision of a computer application over a network. In this case, an application server may comprise computer-program code that, in use, is processed by a processor of a first server computer. Said server computer may then be connected to a client device over the network. By exchanging data with the client device, the application server provides an application to a user. When the application server wishes to make use of external services it may communicate with a second server computer over the network, wherein, in use, the second server computer processes computer-program code to supply the service. By using such an arrangement the application can make use of services provided by remote systems.
In the following discussion, as is known in the art, the term “server” may be used to refer to computer-program code that provides a service, the hardware processing such code or a combination of the above. It may also be used to refer to a dedicated hardware device providing an equivalent function. Examples of possible servers include, amongst others: report servers, email servers, Public-Key Infrastructure (PKI) servers, Lightweight Directory Access Protocol (LDAP) repository servers, and Single Sign-On (SSO) manager servers. Reference will also be made to “external” or “third-party” services, however, such a definition is also to include services provided by the same company or organization of a given application. The term “service” should also be distinguished from the inclusion of external libraries (e.g. Dynamic Link Libraries (DLLs) or Java ARchives (JARs)) within a software application. In this case, such libraries need to be packaged with the application and thus may be seen as existing within the boundary of the application. Even in cases when such libraries are not packaged with the application they may be seen to form part of the operating environment of the application and are thus not provided independently.
By using external services, application developers are able to quickly and easily build application systems by effectively outsourcing non-essential operations to external applications. The application developer is also able to make use of knowledge that may not be available in their own team or company. For example, in order to rapidly produce a reasonably inexpensive application, an application developer may make use of a third party reporting service to provide reports to a user. This also increases specialization, modularity and labor re-use.
In the prior art, in order to make use of an external service, the application developer would typically incorporate information pertaining to the defined interface for the service into their application. For example, said application could comprise a module comprising computer-program code that integrates the internet-protocol (IP) address and required command protocol for the server hosting the external service, e.g. “diamond_report_server=123.168.2.1; diamond_report_server.report_cmd—56(data1, data2. . . dataN);”. The module may then be used as part of the application implementation to send a service call to the server hosting the service.
With the growth of services available over the internet and the like, an application developer is increasingly offered a wide choice of service providers. A user may also regularly use existing or legacy software systems, and may expect new applications to successfully operate with such systems. Even with the use of modern standards and open-source methods, an application developer may be bombarded with interface specifications and communications protocol. As the details of the service or services to be used by the application are typically integrated into the compiled code of the application itself (i.e. “hard-wired” into the application), much time, effort and money is required adapting the application to make use of the service or services. This not only negates a large portion of the initial efficiencies provided by the use of an external service, it also makes the resulting application reasonably inflexible. Furthermore, when producing a plurality of applications for a number of different users, much effort is duplicated when adapting the application to make use of a known service. In such systems it is also difficult for a user to suggest their own services in place of a predetermined service or change said service at a later point in time.
With the management of third-party services, one technology that exists to facilitate the management of such services is referred to as “single sign-on” (SSO). An SSO system uses a primary domain manager to present an authorization front-end to the user, e.g. in the form of a log-in screen implemented in Hyper-Text Markup Language (HTML) provided at a particular Hyper-Text Transfer Protocol (HTTP) address. The user logs into the primary domain through the authorization front-end using their primary domain log-in and password. Once registered with the primary domain, the user registers their log-in details for a number of secondary domains, these authorization details are then saved by a user account manager. The user is then able to access services provided in the secondary domain via a primary domain shell, wherein the log-in details for the secondary domains are passed from the primary domain to the secondary domain by the user account manager transparently to the user. Thus after the user “signs-on” once he or she is provided with access to multiple services. A well known example of an SSO system is the Athens service provided by Eduserv, a UK charity.
Whereas SSO systems facilitate the use of multiple services their operation is limited to authentication and authorization, i.e. to passing username and password parameters between servers. They typically operate by the redirection of uniform resource locators (URLs), i.e. access of secondary domain servers via a defined HTTP address will be routed via the HTTP address of the primary domain manager. This makes them unsuitable for providing the data exchanges required for the implementation of services with applications. Additionally, such systems require a central identity manager. The communication of authentication and authorization information also risks interception and exploitation by malicious parties.
Hence, in the art there is a need for systems and methods to enable the organization of services that are used within the provision of an application to a user. Furthermore, there is a need for systems and methods that provide flexible and expandable use of such services.