17530185. TRUSTED EXECUTION ENVIRONMENT FOR SERVICE MESH simplified abstract (International Business Machines Corporation)
Contents
TRUSTED EXECUTION ENVIRONMENT FOR SERVICE MESH
Organization Name
International Business Machines Corporation
Inventor(s)
Constantin Mircea Adam of Norwalk CT (US)
Nerla Jean-louis of Champaign IL (US)
Hubertus Franke of Cortlandt Manor NY (US)
Edward Charles Snible of Bronx NY (US)
Abdulhamid Adebowale Adebayo of White Plains NY (US)
TRUSTED EXECUTION ENVIRONMENT FOR SERVICE MESH - A simplified explanation of the abstract
This abstract first appeared for US patent application 17530185 titled 'TRUSTED EXECUTION ENVIRONMENT FOR SERVICE MESH
Simplified Explanation
The patent application describes techniques for managing and processing configuration changes in a service container associated with a service mesh. Here are the key points:
- An application management component determines immutable configuration data (ICD) for the service container based on policies from the application owner.
- A message processing component (MMC) of a service proxy receives a message associated with an untrusted entity via a control plane.
- The MMC determines if the message is a configuration change request related to the application's interaction with the service mesh.
- If it is a configuration change request, the MMC analyzes the request and the ICD to decide whether to allow the service proxy to process the change.
- If the ICD indicates that the configuration change is not allowed, the service proxy discards the request.
- If the ICD indicates that the configuration change is allowed, the service proxy implements the change.
Potential applications of this technology:
- Service mesh management: This technology can be used to efficiently manage and process configuration changes in a service mesh environment.
- Application security: By analyzing configuration change requests, this technology helps ensure that only authorized changes are implemented, enhancing application security.
Problems solved by this technology:
- Configuration change management: The techniques described in the patent application provide a systematic approach to managing and processing configuration changes in a service container.
- Unauthorized configuration changes: By analyzing configuration change requests and comparing them with policies, this technology helps prevent unauthorized changes from being implemented.
Benefits of this technology:
- Improved security: By allowing only authorized configuration changes, this technology enhances the security of the service container and the service mesh.
- Efficient management: The systematic approach to configuration change processing helps streamline the management of service containers and service meshes.
Original Abstract Submitted
Techniques for managing and processing of configuration changes associated with a service container associated with a service mesh are presented. An application management component can determine immutable configuration data (ICD) relating to configuration change processing for the service container based on policies received from an application owner. A message processing component (MMC) of a service proxy associated with the service container can receive, via a control plane, a message associated with an untrusted entity. MMC can determine whether the message comprises a configuration change request relating to interaction between the application and the service mesh, and, if so, can determine whether to allow the service proxy to process the configuration change based on analysis of the configuration change and ICD. If ICD indicates the configuration change is not allowed, service proxy can discard the request. If ICD indicates the configuration change is allowed, service proxy can implement the configuration change.
