| 发明名称 |
Secure and stable hosting of third-party extensions to web services |
| 摘要 |
Described herein are one or more computer operating environments that include a standard set of web services via a communications network (e.g., the Internet) and a mechanism for extending the standard set of web services to execute one or more extended web services. Since these extended web services may be produced by an unconfirmed or untrusted source (e.g., a third-party software developer), the described computer operating environments isolate the extended web services from the standard set of web services and from the communication network. Furthermore, each extended web service is an isolated process (isoproc) with a limited ability to communicate with other services. In particular, each isoproc's ability to communicate is limited to only associated defined communication channels over which it has express permission to communicate. |
| 申请公布号 |
US8849968(B2) |
申请公布日期 |
2014.09.30 |
| 申请号 |
US200511275160 |
申请日期 |
2005.12.15 |
| 申请人 |
Microsoft Corporation |
发明人 |
Hunt Galen C.;Larus James R.;Gounares Alexander G.;Endres Raymond E. |
| 分类号 |
G06F15/173;G06F21/53 |
主分类号 |
G06F15/173 |
| 代理机构 |
|
代理人 |
Choi Dan;Yee Judy;Minhas Micky |
| 主权项 |
1. One or more computer operating environments, comprising:
a host computing system, having one or more processing cores and one or more memory subsystems, configured to execute computer-executable instructions of an operating system (OS) which support and provide at least a first executing isolation process (isoproc) and a second executing isoproc that execute on the OS; an isolation boundary provided by the OS for each executing isoproc, wherein the isolation boundary includes a separate and distinct interface between the OS and each executing isoproc; and one or more defined typed communication channels between the first executing isoproc and the second executing isoproc, wherein each executing isoproc is capable of communication with the other executing isoproc via the one or more defined communication channels therebetween; a communication-channel regulator of the OS configured to selectively grant the first executing isoproc express permission to communicate over the one or more defined typed communication channels to the second executing isoproc, wherein the express permission defines communication properties of the one or more defined typed communication channels, and wherein the first executing isoproc is capable of accessing resources on the host computing system via the second executing isoproc across the one or more defined typed communication channels; and a cloaking or filtering mechanism configured to hide data from the executing isoprocs by replacing the data with replacement data. |
| 地址 |
Redmond WA US |
