Generally, a web service or e-service may be considered as a set of network endpoints operating on messages containing either document-oriented or procedure-oriented information. Web services are explicitly specified by web service descriptions, in which operations and messages are described abstractly and bound to a concrete network protocol and message format to define an endpoint. Related concrete endpoints may be combined into abstract endpoints (or services), and various message transport protocols are appropriate, including especially HTTP and SMTP.
The global information network is a network of intellectual property. All information made accessible on such a network has been disseminated within some sort of Intellectual Property Rights (IPR) context, in which relationships between information objects and parties (such as creators, publishers and consumers) have been defined in some specific way, either implicitly or explicitly. The manifestation of those relationships in terms of specific objects, parties and actions can be thought of as IPR policies.
Considerable research is currently being carried out with regard to the provision of a consistent mechanism for the expression of IPR policies on the Internet and similar digital, networked environments, and to the provision of ways for information consumers (or agents operating on their behalf) to easily and automatically discover, access and interpret such policies for information of interest. The quality of such networked environments suffers by not having an open and accessible way to persistently associate IPR policies with information objects, both before and after their dissemination.
The present invention is concerned particularly, but by no means exclusively, with providing access control and policy enforcement for web services that disseminate aspects of heterogeneous information objects, especially services that provide different content types (for example, MIME types) and/or transformations (for example, language translations). However, because the network interfaces of interest are generally programmatic by design, the present invention may be applied more generally to any remote method invocation, including, for example, access to sensitive material and information such as portions of business documents that may have been modelled as distributed objects.