CLOUD-NATIVE CONTENT MANAGEMENT SYSTEM

Abstract

A cloud-native content management system includes a content file system for storing digital content to be accessed via the Internet using a compute device. The system includes an authentication and authorization service that applies rules of granular access controls among a group of specified individuals. Using a token-based, temporary access process, authorized individuals are provided direct access to selected digital content in order to bypass time-restriction limitations that traditionally prevent the streaming of large data files. The system is additionally designed to support the interactive, online editing of stored software models by authorized users. As part of the modeling process, model change requests are submitted by authorized individuals using user-intuitive, domain-specific language. Thereafter, the software model is temporarily locked while the change request is validated for correctness and compatibility. Utilizing a staged modeling approach ensures that the software model remains continuously active and allows for granular model versioning.

Claims

1. A cloud-native content management system for electronically storing digital content, the content management system being electronically accessible via the Internet using a compute device, the content management system comprising: (a) a content file system for storing the digital content; (b) content management business logic services for regulating the exchange of digital content between the content file system and the compute device; and (c) an authentication and authorization service in communication with the content management business logic services, the authentication and authorization service applying a set of access rules for the digital content; (d) wherein the authentication and authorization service selectively enables the compute device to directly communicate and exchange digital content with the content file system.

2. The content management system as claimed in claim 1 wherein the authentication and authorization service restricts the direct exchange of digital content between the content file system and the compute device based on the set of access rules.

3. The content management system as claimed in claim 2 wherein the authentication and authorization service issues an access token to the compute device that provides temporary access to a selection of the digital content stored in the content file system.

4. The content management system as claimed in claim 3 further comprising a metadata database service in communication with the content management business logic services, the metadata database service maintaining metadata to be associated with the digital content.

5. The content management system as claimed in claim 4 wherein the metadata database service is in direct communication with the authentication and authorization service.

6. The content management system as claimed in claim 5 wherein the metadata database service maintains the set of access rules applied by the authentication and authorization service.

7. The content management system as claimed in claim 6 further comprising a search engine for facilitating identification of the digital content stored in the content file system.

8. The content management system as claimed in claim 7 further comprising an event bus for real-time data streaming of digital content to the compute device.

9. The content management system as claimed in claim 3 wherein the content file system is adapted to store a first version of a software model which can be selectively accessed and edited by the compute device in compliance with the set of stored access rules.

10. The content management system as claimed in claim 9 further comprising a model update request service for receiving an electronic change request for the first version of the software model.

11. The content management system as claimed in claim 10 wherein the change request is submitted electronically from the compute device using domain-specific language.

12. The content management system as claimed in claim 11 wherein the update model request service temporarily locks the first version of the software model upon receiving the electronic change request.

13. The content management system as claimed in claim 12 further comprising a job-handing process service for validating the change request for correctness and compatibility with the first version of the software model.

14. The content management system as claimed in claim 13 wherein the job-handling process service constructs a second version of the software model which incorporates the change request.

15. The content management system as claimed in claim 14 wherein the second version of the software model is unlocked for selective access and editing in compliance with the set of stored access rules.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0027] In the drawings, wherein like reference numerals represent like parts:

[0028] FIG. 1 is a simplified system diagram of the architecture for a prior art cloud-native content management system which is useful in understanding the traditional approach for downloading content files;

[0029] FIG. 2 is the basic architecture of a cloud-native content management system designed according to the teachings of the present invention;

[0030] FIG. 3 is the basic architecture of the cloud-native content management system of FIG. 2, the architecture being used to illustrate a novel approach for downloading content files; and

[0031] FIG. 4 is a flow of events depicting a novel process for executing a data model change using the cloud-native content management system of FIG. 2; and

[0032] FIG. 5 is a screen display of a sample content model change request submitted as part of the process depicted in FIG. 4.

DETAILED DESCRIPTION OF THE INVENTION

Cloud-Native Content Management System 111

[0033] Referring now to FIG. 2, there is shown the basic architecture a cloud-native content management system designed according to the teachings of the present invention, the content management system being identified generally by reference numeral 111. As will be explained in detail below, system 111 is a network-based platform which is designed to store digital content and regulate the modification and dissemination of such content among a designated group of individuals. As a feature of the present invention, system 111 is uniquely configured to provide users with secure, credentialed access to its digital content with adequate duration to stream relatively large data files.

[0034] As defined herein, use of the term “digital content” represents any type of electronic data, or work, which is stored on digital media and includes, inter alia, text-based documents, images, audio files, and video files.

[0035] In the description that follows, cloud-native content management system 111 is shown implemented using an Amazon Web Services (AWS) cloud computing services platform, thereby allowing for an optimized selection and configuration of web services tools. However, is should be known that the use of an AWS-based cloud computing services platform is provided for illustrative purposes only and system 111 could be similarly implemented using alternative cloud computing services platforms, such as the Microsoft Azure cloud computing services platform, without departing from the spirit of the present invention.

[0036] As can be seen, system 111 is designed to be accessed by a user compute device, or client, 113 via the internet 115. System 111 is preferably configured with (i) a content file system 121, shown implemented herein using AWS Simple Storage Service (S3) 123, for maintaining all digital content generated by the user workgroup in a simple cloud storage device, (ii) content management business logic services 131, which are designed with customized rules for handling the real-time exchange of information between an application programming interface (API) user gateway 133 and content-management databases, (iii) authentication and authorization service 141, shown implemented herein using AWS Cognito authentication service 143, for providing identification (ID) management and security to ensure proper authorization for system services and content, (iv) metadata database service 151, shown implemented herein using AWS DynamoDB key-value and document service 153, for processing digital content (e.g., parsing, applying metadata, categorizing, and the like) and storing such data, (v) a search engine 161, shown implemented herein using AWS Elasticsearch service 163, for facilitating the identification of digital content (e.g., using metadata stored in database service 151), and (vi) an event bus 171, shown implemented herein using AWS Kinesis data-streaming service 173 and AWS Kinesis with DDB adapter data-streaming service 175, for the real-time data streaming of content to client 113.

[0037] System 111 is additionally configured with several serverless processing services 181, each of which is designed to perform a custom, user-specified task without directly provisioning or managing specific servers (i.e., function-as-a-service). For illustrative purposes only, processing, or compute, services 181 are represented herein as being implemented using the AWS Lambda processing service.

[0038] As seen in FIG. 2, system 111 comprises (i) a service layer processing service 181-1 for controlling and integrating operations between various system services, (ii) a sync handler processing service 181-2 for synchronizing application user-data across multiple user devices, (iii) an indexing processing service 181-3 for indexing metadata and documents between AWS Elasticsearch service 163 and event bus 171, and (iv) a custom authorizer service 181-4 for implementing a custom authorization scheme that uses a token authentication strategy to provide temporary access to documents stored in content file system 121.

[0039] As will be explained further in detail below, the inclusion of custom authorizer service 181-4 enables system 111 to bypass all serverless processing services 181 during the upload and download of content between user 113 and content file system 121. As a result, system 111 is able to overcome time restrictions and other related shortcomings associated with conventional cloud-native content management systems, and therefore serves as a principal novel feature of the present invention.

Content Transfer Process

[0040] As referenced above, system 111 is uniquely designed to provide user 113 with direct access to content within simple cloud storage device 123 by implementing a token-based, temporary access process in order to bypass time-restriction limitations that prevent the streaming of large files in conventional systems.

[0041] Specifically, in FIG. 3, cloud-native content management system 111 is shown modified to illustrate the novel approach for transferring content files directly between client 113 and content file system 121 in order to avoid the incurrence of time restrictions and/or excessive use costs. As the first step of the novel process, client 113 sends a content download request via API gateway 133, as represented generally by arrow 211. In turn, API gateway 133 communicates with authentication and authorization services 141 to ensure that client 113 is authorized to access the content.

[0042] As a feature of the present invention, authentication and authorization service 141 is in direct communication with metadata database service 151. Accordingly, through update operations handled by processing service 181-2, detailed user access controls can be established and maintained as metadata in metadata database service 151. As a result, rules of granular access control among a group of individuals can be enforced by content management system 111, thereby precisely detailing the extent of access and control afforded to each individual with respect to stored content.

[0043] If client 113 is authorized to access the content, the content request is received and processed by service layer processing service 181-1, as represented generally by arrow 213. Namely, service 181-1 identifies the content, ensures access can be granted, and locates the content file within content file system 121.

[0044] Thereafter, service layer processing service 181-1 instructs custom authorizer service 181-4 to implement a temporary credential routine to obtain a JSON web token (JWT) key from a security token service (STS). The JWT key, or access token, is restricted to the designated content and is delivered to client 113 via authentication and authorization service 141, as represented generally by arrow 215.

[0045] Accordingly, using the access token, client 113 initiates a second content download request directly with content file system 121, as represented generally by arrow 217. It is to be understood that, to ensure optimal security, the temporary access token only provides authorization and access to the designated content in content file system 121. In response to the request set forth in step 217, a stream of restricted content is directly transferred from simple cloud storage device 123 to client 113, as represented generally by arrow 219.

[0046] Although the above-described example details the download of content from simple cloud storage device 123 to client 113, it is to be understood a similar process could be implemented to upload content from client 113 to simple cloud storage device 123.

[0047] Enabling client 113 to directly stream content to and/or from content file system 121 thereby eliminates time-restriction parameters and processing costs inherent in processing services 181, which is a principal object of the present invention. Furthermore, by providing access credentials that are both temporary and content restrictive, proper security for content file system 121 is maintained.

[0048] As detailed above, the unique architecture of content management system 111 enables users 113 to directly access content within simple cloud storage device 123 by implementing a token-based, temporary access process. However, it should be noted that the unique architecture of content management system 111 enables a number of additional features to be readily implemented.

[0049] In particular, by providing user 113 with direct access to content file system 121 as well as authentication and authorization service 141, all data management processes need not be executed through a single service layer (e.g., service layer 41) within content management business logic services (e.g., services 31). Furthermore, system 111 allows for a selection of customizable, task-specific, web-services tools to be seamlessly integrated into the system architecture in order to support a wide array of enhanced capabilities.

[0050] For instance, the inclusion of metadata database service 151 enables content management system 111 to dynamically maintain an abundance of metadata. By associating an increased amount of metadata with the content, the data model is afforded with a wide scope of potential applications.

Interactive Content Management Software Modeling

[0051] As a principal feature of the present invention, system 111 is uniquely designed to permit interactive, online editing of software models by authorized users. In this manner, user-specified data can be requested and compiled in a specialized fashion relative to the particular domain application. As such, system 111 is effectively able to support domain-specific language (DSL).

[0052] More particularly, the unique architecture of system 111 supports a flexible content model with a high-level, semantic-based database description and structuring formalism. In other words, detailed attributes of digital content (e.g., types, properties, relationships) can be easily maintained and modified via system 111 in order to create an optimal data model. This enhanced flexibility in managing digital content allows for data modeling in any business domain with precision and agility.

[0053] As noted above, system 111 is uniquely designed to support data model changes in a simple, user-friendly fashion. For ease of understanding, an illustrative implementation of a data model change executed via system 111 is set forth in detail below. Specifically, in FIG. 4, there is shown a novel process for executing a data model change using the basic architecture of cloud-native content management system 111, the process being represented generally by reference numeral 311. As can be seen, in the first step of process 311, an authorized individual, or user, 313 (e.g., a data model administrator) electronically interfaces with content management system 111 (e.g., through API Gateway 133) and deploys a request to change a specified data model.

[0054] In FIG. 5, a screen display of a sample content model change request is shown, the screen display being represented generally by reference numeral 411. As a principal feature of the present invention, interactive modeling is accomplished using a simple, user-intuitive UI webpage of the type shown herein. As can be seen, the webpage is designed so that content model change requests can be submitted using concise, terse, and minimal language. Furthermore, it should be noted that change requests can be submitted as (i) fragmentary changes, either a single type (as shown herein) or several types at a time, or (ii) for all the types that make up the entire model. Adopting a format-specific domain language, as well as the accompanying parser generator grammar that defines the rules of that language, improves the authoring experience and enables changes to be rendered by non-technical staff.

[0055] Referring back to FIG. 4, a processing service 315, which is customized to handle model change requests, temporarily locks the model while the change request is being processed, as represented by reference numeral 317. All model change requests temporarily lock the data model to ensure no conflicting submissions cause corruption or consistency issues.

[0056] Thereafter, service 315 creates and stores a model-change job 319, which details the specific updates to be implemented in the designated data model. Model-change job 319 is then inserted as an event with event bus 171 so that this activity can be handled by the appropriate down-stream components for asynchronous processing.

[0057] A custom-designed, job-handling process service 321 receives model-change job 319 and validates the proposed data model change for correctness. In the present implementation, a message queuing service 323 and monitoring platform 325 are utilized to perform the validation process for the proposed data model change.

[0058] During the validation, or staging, process, the model change submission is validated for correctness and compatibility with the currently deployed (i.e., active) model. As part of the staging process, user 313 may receive compatibility notifications with options on how to proceed. For example, a change request that is normally validated but is reported as incompatible (e.g., a change of a property from non-mandatory to mandatory) may enable user 313 to bypass the notification and proceed with the model change.

[0059] Once validated, service 321 deploys a new mapping template for model-change job 319 to search engine service 163. As a result, search queries can be properly mapped for the model changes included in job 319. Thereafter, service 321 constructs a new data model 327, which includes the proposed modifications set forth in model-change job 319, into content management system 111. Once the status of the update is deemed successful, the lock on the data model is released.

[0060] To summarize, the unique architecture of content management system 111 enables various users, with granular access controls, to dynamically add, delete, or modify metadata associated with each content item. As a result, a comprehensive amount of metadata can be associated with stored content in order to enhance the data model.

[0061] Furthermore, the specific manner in which data modeling process 311 handles content change submissions provides a number of unique advantages over conventional content management systems.

[0062] As a first advantage, process 311 enables data modeling changes to be implemented safely and easily by authorized individuals. Notably, utilizing a staged approach for proposed data model changes (i) ensures that the data model remains active at all times and does not require a system restart, (ii) provides compatibility checks which inform users of the impact of proposed changes before completion, and (iii) enables patch-type data updates to be readily integrated into the data model.

[0063] As a second advantage, process 311 enables data modeling changes to be simply and easily implemented, even by a non-technical user. As previously referenced, the webpage utilized to submit model changes is designed using concise, user-friendly language that facilitates the process for creating a change request.

[0064] As a third advantage, process 311 supports data modeling with semantic precision. As a result, data models can be constructed for interoperability across various systems and organizations. For instance, multiple model roots are permissible. Instead of requiring a data model to inherit an existing system-provided type, any model or ontology can be utilized.

[0065] As a fourth advantage, process 311 supports model versioning wherein every change to the model creates a new numerically labeled version of the whole model as a snapshot in time. Through granular versioning, the difference between model changes can be inspected and traced. As a result, even if an old content-data item is found to be incompatible with the currently deployed model, the item can still be validated against a traceable referenced model schema.

[0066] The invention described in detail above is intended to be merely exemplary and those skilled in the art shall be able to make numerous variations and modifications to it without departing from the spirit of the present invention. All such variations and modifications are intended to be within the scope of the present invention as defined in the appended claims.