The present invention relates to the outsourcing of applications to application service providers (ASP).
To decrease fixed IT costs, companies (businesses) are increasingly looking to Application Service Providers (ASPs) to supply business applications and services on their behalf (outsourcing). An ASP may develop and tailor applications to meet a customers' (clients' ) needs, or a company may provide the ASP with the applications but leave any maintenance to the ASP.
In either situation, the application and any associated resource(s) (e.g. database; an enterprise server; a legacy application) is hosted on machines outside of the owning company's control. Once the ASP controls a company's critical business resources, that company is heavily reliant upon the ASP and it becomes difficult to change provider without significant costs and risks.
The ASP becomes party to that company's sensitive information/business processes and when the associated resource is a database containing sensitive data (e.g. about their customers, suppliers, partners and business operations), a very real concern for such a company is the protection of that sensitive data.
Currently businesses have two methods to manage and protect their data and other resources:
i) Keep IT systems, data etc. in-house and rely on firewalls and other security technologies applied by their system administrators to protect such resources; or
ii) Outsource systems and rely on the technology and ability of a third party provider (the ASP) to protect/manage the business' resources.
The former has the advantage of keeping (sensitive) resources in-house but means the business loses the advantages of IT outsourcing. The latter means less control over security and reliance on the ASP.
Accordingly the invention provides an apparatus for coordinating application logic and an associated resource, the apparatus comprising: means for receiving application logic from an application service provider (ASP); means for receiving a request from a client requesting a service from the ASP; means for matching the application logic from the ASP with the client request; and means for using the application logic to execute the client request by accessing the resource.
According to another aspect, the invention provides an application service provider service, performance of the service comprising the steps of: receiving a request for a service from a client; providing application logic to the apparatus of the preceding paragraph; instructing the client to request a service via the apparatus of the preceding paragraph.
Thus the present invention provides the ability to outsource the provision of application logic to Application Service Providers, whilst permitting a company to retain control over the resource(s) with which such application logic interacts.
Such an apparatus could be used to separate banking application logic from customers' sensitive bank details. By way of another example, the apparatus could be one part of an electronic payment system. (U.S. Pat. No. 6,029,150 is another example of an electronic payment system however this system does not match application logic (received from an ASP) with a client request and execute the application logic (by accessing a resource) in order to fulfill the client's request.)
The request may include data inserted by the client—in which case this data is preferably used in executing the request.
Preferably the result of the request is returned to the client in a format specified by the application logic.
Preferably the result is returned with a correlator identifier (id). Thus if a second request is received from the client including the same correlator id, this can be used to correlate the second request with a previous request. Thus the correlator id feature can be used to group a number of requests into a single unit of work.
The application logic, in accordance with a preferred embodiment, comprises at least one web page. An appropriate web page can be selected to return to the client based on the result of executing application logic.
In one embodiment the resource is a database and the returned web page includes data extracted from the database.
In another embodiment the resource is accessed via intermediate logic—for example an application server.
According to another aspect, the invention provides an apparatus according to claim 8.
According to another aspect, the invention provides a system according to claim 9.
According to another aspect, the invention provides a client comprising: means for requesting a service from an application service provider (ASP); means for receiving details of how to enable performance of the service, the details comprising an identifier and an address to forward the identifier to; means for forwarding the identifier to the address in order that the identifier can be matched with associated application logic from the ASP, the application logic for performing the client request using a resource, the client further comprising means for receiving the result of the request back from the address.
Preferably the means for forwarding the identifier comprises means for also forwarding data (e.g. provided by the client) to the address. This data can then be used in processing the request.
Preferably, the client also comprises means for receiving a correlator id back from the address; and means for using the correlator id to associate later requests sent to the same address.
According to another aspect, the invention provides a method for coordinating application logic and an associated resource, the apparatus comprising: receiving application logic from an application service provider (ASP); receiving a request from a client requesting a service from the ASP; matching the application logic from the ASP with the client request; and using the application logic to execute the client request by accessing the resource.
According to another aspect, the invention provides a method according to claim 20.
According to another aspect, the invention provides a method comprising: requesting a service from an application service provider (ASP); receiving details of how to enable performance of the service, the details comprising an identifier and an address to forward the identifier to; forwarding the identifier to the address in order that the identifier can be matched with associated application logic from the ASP, the application logic for performing the client request using a resource, the method further comprising receiving the result of the request back from the address.
Preferably data is also forwarded to the address. A correlator id may be received back from the address and used to associate later requests sent to the same address.
According to another aspect, the invention provides a resource management service for coordinating application logic and an associated resource, performance of the service comprising the method steps of: receiving application logic from an application service provider (ASP); receiving a request from a client requesting a service from the ASP; matching the application logic from the ASP with the client request; and using the application logic to execute the client request by accessing the resource.
It will be appreciated that the present invention/parts thereof may be implemented in computer software.
Embodiments of the present invention will now be described, by way of example only, and with reference to the following drawings:
a is a component diagram of a preferred embodiment of the present invention;
b illustrates the processing of the present invention in accordance with the preferred embodiment;
The present invention is applicable to the separation of sensitive resource(s) (e.g. data) from outsourced application logic; the separation of outsourced application logic from in-house resource(s) such as application(s); and is also applicable for use with multiple ASPs and multiple resources.
The present invention will be described in terms of a web environment, it should however be appreciated that the invention is not intended to be limited to such. For example, it would be possible to construct a system using different components—e.g. in place of the web server and/or web browser there would be other components using custom formats and protocols to enable the various components of the system to interoperate.
In accordance with one embodiment, the invention provides a method for separating e-business applications from their data stores. In this way, applications can be outsourced to application service providers (ASPs) without exposing any sensitive data required for the operation of such applications. One example of where this might be particularly useful is in online banking. Customer bank records can be retained in-house, whilst the banking application necessary to provide customers with access to their accounts can be outsourced.
a is a component diagram of a preferred embodiment of the present invention. A company, such as a bank 10, retains sensitive data about its customers (clients) in database 20. Database 20 is accessed by external clients 50 (one shown) through web server and firewall 60, via a custom-built database manager 30.
The company outsources its applications (one example shown—a banking application 90) to an ASP 80 which is accessible by external clients 50 through web server and firewall 95. The ASP can access the database manager 30 (and consequently the database 20) through firewall 70, however no sensitive data is returned from the database to the ASP. In this way the ASP is completely unaware as to the contents of database and thus security is less likely to be compromised.
b illustrates the processing of a preferred embodiment of the present invention when used for online banking. It should be read in conjunction with
A client 50 enters the URL of the ASP into web browser 55 in order to access the banking application 90 through the web server and firewall 95. The client requests an account (a/c) logon (step 100). The ASP returns the logon page to the client for completion and at the same time, the ASP sends an application page (described in detail later) (AP) to database manager 30 (step 110). Note, the database manager may confirm receipt of the AP to the ASP.
The AP includes a unique instruction id which is allocated to it by the ASP. The same instruction id is also provided as part of the logon page returned to the client. The client completes the logon information and a client request is constructed and transmitted to the bank (step 120). The client request preferably includes:
(i) the instruction id extracted from the logon page;
(ii) a filter code comprising the client completed logon details; and
(iii) a client return address (where needed by the protocol being used).
Since the initial logon page sent to the client preferably includes the address of the bank, this information can be used to transmit the client request to the bank, where it is forwarded onto the database manager 30.
The database manager 30 upon receipt of the client request is able to match it (using the instruction id field) with the corresponding AP (step 130). Note, the AP may include a timeout value. If the AP has not been matched with a client request within the time period specified by the timeout value, then the AP preferably expires. The database manager/AP is preferably programmed with instructions on what to do after an AP expires. For example, to ignore client request/return “Page Expired” message to the client/return the previous page such that the client can restart the transaction again etc.
Assuming that the AP can be matched with a client request, the database manager executes logic contained within the AP using the data contained within the client request's filter code. The AP contains HTML pages which can be selected as appropriate and completed using data from database 20. Note, application logic (including HTML pages) is preferably provided by the ASP.
In this example, the AP contains logic for using client logon data to validate the client against database 20 (step 140). Such logic is likely to be of the form:
Using this AP logic, a client's logon details may be validated against database 20; account summary logic may be executed (step 150); and a web page returned to the client including account summary details (step 160).
The account summary details page returned to the client preferably includes a menu pertaining to additional requests which the client may make to the ASP. Assuming the client selects one of these (step 170), the ASP will either return a page (including a new instruction id) to the client for completion or will simply return the new instruction id (if there is no data for the client to complete)—step 180. A page might be returned to the client for completion if the client wishes to update some data—e.g. their address.
At the same time an AP (including the new instruction id and appropriate logic) is sent to the bank (step 190).
Meantime, client 50 constructs a client request including:
i) a filter code including completed data (if appropriate);
ii) the client's return address (if appropriate);
iii) the secure token it received as part of the logon process; and
iv) the new instruction id.
This is transmitted to the bank (step 200).
At step 210 the bank matches the client request with the newly received AP (via the new instruction id contained within both). This AP contains logic of the form:
In this way, the bank is able to validate the client using the secure token (step 220), execute logic contained within the AP (step 230); and return the appropriate HTML page to the client (step 240).
It will thus be appreciated that database manager 30 preferably includes a list of commands which may be executed against the database and which it knows how to execute in order to extract the appropriate data/modify the data appropriately.
Preferably no sensitive data is ever received by the application service provider. Database manager 30 employs normal security measures to authenticate the identity of the client and the ASP and to ensure privacy of sensitive data.”
The database manager preferably refuses to send sensitive data (e.g. an account balance) to a different address than that of the requesting client.
The database interface may also provide some degree of audit facility. For example the interface may keep track of the number of requests which matched APs; the number of rejected requests; the number of timeouts etc. Since such auditing is done in-house (as opposed to being done by the ASP), the accuracy of such data can be guaranteed.
Whilst the invention is particularly applicable to the separation of outsourced application logic from associated sensitive data, it is by no means limited to such.
By way of another example, different ASPs could be used to separately outsource different (cooperating) parts of a larger application. According to one such embodiment, a direct electronic payment system is disclosed. When making purchases over the web or through other electronic media, this system permits that a customer's sensitive personal and bank details are only ever sent to their bank. The supplier of whatever they were ordering is only informed that the transaction had been requested and when it had taken place.
From the figure it can be seen that the flow of information between components is shown via numbered arrows. The following explains what each numbered arrow means:
1 A customer (client) 300 browses a supplier's website (which is hosted and managed by the supplier's ASP 310) and issues a purchase request for a particular stock item.
2 The supplier's ASP 310 sends a request for the customer which includes an instruction id and a template for the customer to complete. The template preferably includes space for the customer to complete the part number of the item that they wish to purchase.
2′ At the same time, the supplier's ASP 310 sends an AP to the stock database. The AP includes the same instruction id as that allocated to the client request at step 2.
3 The customer completes the template sent as part of the request at step 2 and sends the completed client request to the supplier's stock database 320. The supplier's stock database manager (not shown) matches the client request and the AP (sent at step 2′) and this causes (due to logic contained within the AP) an HTML page to be sent to the customer at step 4.
4 The HTML page is sent to the customer 300 and contains the price of stock item and also details regarding the suppliers bank (e.g. bank name and suppliers name).
5 The customer informs the Customer Bank ASP 330 that a purchase is being initiated.
6 The Customer Bank ASP 330 generates a client request for the customer. Such a request includes an instruction id, space for the customer to fill in the price and also the supplier's bank details (the latter two being obtained from the AP sent by the supplier's stock database at step 4).
6′ At the same time, the Customer Bank ASP 330 generates an AP to send to the Customer Bank's Database 340. This AP includes the same instruction id as that provided by the client request of step 6.
7 The customer sends the client request received at step 6, duly completed, to the Customer Bank's Database 340. The client request will also include customer bank logon information in order that the customer can be authenticated as a true customer. The Customer Bank's Database manager (not shown) can then match the AP of step 6′ with the client request of step 6.
8 Assuming that the AP and client request can be matched, the AP includes logic which enables the Customer Bank's database manager to first validate the customer and then to interact with the supplier's bank in order that the customer's bank account can be debited and the supplier's bank account can be credited. Note, the Supplier's Bank 350 is not necessarily using the separated application logic/data methodology of an embodiment of the present invention. Thus the customer bank's database manager and the supplier's bank may interact in accordance with standard payment clearing methods.
The logic provided within the AP of step 6′ also enables the Customer Bank's Database manager to provide confirmation that the transaction has taken place to the Customer 300 once the Customer Bank's Database manager receives confirmation of this (not shown) from the supplier's bank 350 in the form of an HTML page.
On receipt of confirmation, the customer issues a shipping request (including their address) via the supplier's website and in the same manner as the previously described transactions. The supplier, having confirmed with their own bank that the payment has been made, can confirm the shipment and the order is complete.
Note, the Supplier's ASP 310 and the Customer Bank ASP should preferably being using a standard format of client request.
Note, the Customer Bank ASP is a separate entity from the Customer Bank's Database and the same is true of the Supplier's ASP and supplier's stock database. Each entity is under the control of somebody different. It will be appreciated that both databases make use of a database manager (not shown) in a similar way to that described with reference to
Preferably, where multiple client requests each form a part of one operation, each client request contains a correlator that can be used to relate it to the larger operation. Similarly, responses related to the operation should preferably convey the same correlator. The correlator can be considered as part of the “payload” of the requests and responses of which the application is comprised.
It will be appreciated that, with a typical payment system a customer would provide a supplier with their bank details/credit card details in order for the supplier to action a payment. In doing this, the customer trusts that the supplier will not misuse their sensitive data. If the supplier has outsourced their purchasing application, then previously the customer would have had to trust the supplier's ASP and this in itself might not be desirable. By using the present invention, a customer's sensitive data is preferably only ever transmitted between the customer and the bank.
Whilst the invention has mainly been described in terms of separation of application logic from sensitive data, the invention is not limited to such. A system may, in accordance with an embodiment of the invention, coordinate interaction between a client and any resource that the client might want to access. Whilst that resource may be a database, it could just as easily be an enterprise server or non-outsourced applications/application parts.
Thus the invention preferably allows a company to keep some of its resources in-house (where it has all the expertise to manage those resources), whilst outsourcing other resources.
Such a system works in much the same way as the banking system described with reference to
Note, the bank may choose to use the application server since this may have been specially tailored to the bank's needs. There is little point in having an ASP develop something new, when the application server is already available for use. Further the bank may choose to retain the application server in-house due to specialist skills which it may require.
Note, whilst the invention has been described in terms of customers external to a company that has outsourced the provision of their application, the invention is by no means limited to such. Internal users of the outsourced application may also use this invention in a similar manner to access the required resources.
Number | Date | Country | Kind |
---|---|---|---|
0315187.5 | Jun 2003 | GB | national |
Filing Document | Filing Date | Country | Kind | 371c Date |
---|---|---|---|---|
PCT/EP04/51203 | 6/23/2004 | WO | 11/29/2005 |