DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-23 have been examined. 

Priority
Acknowledgement is made of the applicant’s claim to priority as a continuation of parent application 14/576141, now, U.S Patent No. 10924482.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-23 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-22 of U.S. Patent No. 10924482. Although the claims at issue are not identical, they are not patentably distinct from each other because: 
Instant application
U.S. Patent No. 10924482
1. A computer-implemented method, comprising: under the control of one or more computer systems of a service provider, the one or more computer systems configured with executable instructions, receiving an application programming interface request that specifies: a first identifier of a resource hosted by a service of the service provider for a first customer of the service provider; and a first representation of an operation to perform with respect to the resource; 












selecting a set of request-mapping rules from a plurality of sets of mapping rules stored by the service provider for multiple customers of the service provider; applying the selected set of request-mapping rules to the received application programming interface request to determine: a second identifier of the resource; and a second representation of the operation; 
applying a set of authorization rules to at least the determined second identifier and the second representation of the operation to determine that fulfillment of the received application programming interface request is authorized; and 
as a result of determining that fulfillment of the received application programming interface request is authorized, performing the operation with respect to the resource.
4. The computer-implemented method of claim 1, wherein selecting the set of request-mapping rules is encoded in metadata of the resource.

2. The computer-implemented method of claim 1, further comprising: receiving a set of application programming interface requests that specifies the set of request-mapping rules and the set of authorization rules; and fulfilling the received set of application programming interface requests that specifies the set of mapping rules and the set of authorization rules by storing the set 6 authorization rules in association with the resource.

3. The computer-implemented method of claim 1,wherein: the application programming interface request is associated with a first identity managed by a second customer of the plurality of customers; the first identity lacks permission independent of the authorization rules to access the resource.
1. A computer-implemented method, comprising: obtaining, from a service, an application programming interface (API) request to access a resource hosted by a computing resource service provider, wherein the API request includes information indicating a first identifier of the resource and a first representation of an operation to perform using the resource; 



determining, based at least in part on data associated with the resource, that the first identifier and the first representation are insufficient to access a portion of the resource hosted by the computing resource service provider and the API request corresponds to a custom-defined API request, wherein the custom-defined API request is a transformed representation of the API request defined by a customer of the computing resource service provider; generating, based at least in part on set of mapping rules corresponding to the resource, the first identifier and the first representation, the custom-defined API request to include a second identifier of the resource and a second representation of the operation, wherein the set of mapping rules is encoded in metadata of the resource; 

causing the computing resource service provider to enforce a set of authorization rules to the custom-defined API request to determine that fulfillment of the custom-defined API request is authorized; and 
as a result of determining that fulfillment of the custom-defined API request is authorized, accessing, based at least in part on the second identifier and the second representation, the portion.





2. The computer-implemented method of claim 1, further comprising: obtaining a different set of requests that specify a different set of mapping rules and a different set of authorization rules; and fulfilling the obtained different set of requests that specify the different set of mapping rules and the different set of authorization rules by storing the different set of authorization rules in association with the resource.


3. The computer-implemented method of claim 1, wherein: the API request is associated with a first identity different than a second identity associated with the resource; and the first identity lacks permission independent of the set of authorization rules to access the resource.


Similarly, the rest of the independent and dependent claims of the instant application are analogous to the rest of the independent and dependent claims of U.S. Patent No. 10924482.

Claim Objections
Claim 14 is objected to because of the following informalities: claim 14 ends in a semi-colon instead of a period.  Appropriate correction is required.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 6, 8-13 and 15-21 are rejected under 35 U.S.C. 102(1)(1) as being anticipated by US 20140317701 to Eicken et al (hereinafter Eicken).
As per claim 6, Eicken teaches:
A system, comprising at least one computing device configured to implement one or more services, the one or more services configured to: 
receive a request of a first request type, the request type mapped to a second request type and having an associated set of authorization rules applicable to the first request type (Eicken: [0044] At step 330, the manager 110 receives a request for the cloud-based service instance, the request authenticated as originating from a requestor. [0046] At step 350, the manager 110 consults a set of access controls associated with the cloud-based service instance and determines if the request is allowable by the requestor. [0050]: The manager may convert the request from a first request language or format into a second request language or format tailored to the destination cloud-based service instance or cloud host); 
apply the set of authorization rules to a request of the first request type to determine whether fulfillment of the request of the first request type is authorized (Eicken: [0046]: The access controls indicate if the requestor of an authenticated request is authorized to make the request. The manager 110 determines if the request is authorized); and 
as a result of determining that fulfillment of the request of the first request type is authorized, submit a request of the second request type to a service corresponding to the second request type, the request of the second request type matching the request of the first request type by the mapping (Eicken: [0050] The manager 110 only enables a request that originated with a verified requestor authorized to make the request. In some embodiments, the manager passes the authenticated authorized request to the cloud host or cloud-based service instance. The manager may convert the request from a first request language or format into a second request language or format tailored to the destination cloud-based service instance or cloud host. [0006]: The method may include, prior to forwarding the request, converting the request from a first request structure, format, or language, into a second request structure, format, or language).

As per claim 8, Eicken teaches:
The system of claim 6, wherein the one or more services are further configured to: receive the request of the first request type (Eicken: [0044] At step 330, the manager 110 receives a request for the cloud-based service instance, the request authenticated as originating from a requestor); and apply the mapping to the request of the first request type to determine the request of the second type (Eicken: [0050]: The manager may convert the request from a first request language or format into a second request language or format tailored to the destination cloud-based service instance or cloud host).

As per claim 9, Eicken teaches:
The system of claim 6, wherein the service corresponding to the request one of the one or more services (Eicken: [0044] At step 330, the manager 110 receives a request for the cloud-based service instance. [0047] A request received by the manager 110 may be a request to collect monitoring data, configure or modify settings, read data, write data, perform a query, etc.).

As per claim 10, Eicken teaches:
The system of claim 6, wherein the system is a network device in a distributed computer system that implements the service corresponding to the second request type (Eicken: [0017] FIG. 1 is a block diagram illustrating an example environment including third-party multi-tenant computing clouds, virtual servers and services operating in the computing clouds, and a cloud management service. In brief overview, a customer device 115 interacts with a cloud management service 110, or more simply "manager" 110. The manager 110 is designed to interact with multiple multi-tenant computing clouds 120a-z, each provided by one of many possible cloud providers and managed via cloud controllers 124a-z. [0052]: The apparatus and execution environment can realize various different computing model infrastructures, such as, distributed computing).

As per claim 11, Eicken teaches:
The system of claim 6, wherein: the one or more services are further configured to receive request type definitions (Eicken: [0044] At step 330, the manager 110 receives a request for the cloud-based service instance. [0047] A request received by the manager 110 may be a request to collect monitoring data, configure or modify settings, read data, write data, perform a query, etc.); and the first request type was defined through the provided application programming interface (Eicken: [0024] The customer, or representatives of the customer, may access or communicate with the manager 110 via a customer device 115 over a communication channel 152. The manager 110 presents an API (Application Programming Interface) via the communication channel 152 to the customer device 115).

As per claim 12, Eicken teaches:
The system of claim 6, wherein the first request type and the second request type have different syntaxes (Eicken: [0050]: The manager may convert the request from a first request language (first syntax) or format into a second request language (second syntax) or format tailored to the destination cloud-based service instance or cloud host).

As per claim 13, Eicken teaches:
The system of claim 6, wherein the one or more services are further configured to: receive requests of the second request type (Eicken: [0050]: the manager passes the authenticated authorized request to the cloud host or cloud-based service instance. The manager may convert the request from a first request language or format into a second request language or format tailored to the destination cloud-based service instance or cloud host); and fulfill the requests of the second request type (Eicken: [0048] At step 370, the manager 110 enables the requestor to complete the request using an access credential associated with an access entity. A request to retrieve data does not necessarily require an access entity with administrative rights and the manager 110 may therefore use a non-administrative access entity. The access entity may be created to narrowly enable the requestor to perform the request while not providing the requestor any access not necessary to the request. The new access entity may be disabled or deleted upon completion of the request (fulfilling the request)).

As per claim 15, Eicken teaches:
 A non-transitory computer-readable storage medium having stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to at least: 
obtain a first representation of an operation to perform with respect to a resource (Eicken: [0044] At step 330, the manager 110 receives a request for the cloud-based service instance. [0047] A request received by the manager 110 may be a request to collect monitoring data, configure or modify settings, read data, write data, perform a query, etc.); 
determine, based at least in part on application of a set of authorization rules to a first set of attributes of the first representation, whether performance of the operation is authorized (Eicken: [0046] At step 350, the manager 110 consults a set of access controls associated with the cloud-based service instance and determines if the request is allowable by the requestor. The access controls indicate if the requestor of an authenticated request is authorized to make the request. The manager 110 determines if the request is authorized); and 
if it is determined that performance of the operation is authorized by the authorization rules, use a second representation of the operation to cause the operation to be performed, the second representation of the operation having a second set of attributes usable for authorization that is different from the first set of attributes (Eicken: [0050] The manager 110 only enables a request that originated with a verified requestor authorized to make the request. In some embodiments, the manager passes the authenticated authorized request to the cloud host or cloud-based service instance. The manager may convert the request from a first request language or format into a second request language or format tailored to the destination cloud-based service instance or cloud host. [0006]: The method may include, prior to forwarding the request, converting the request from a first request structure, format, or language, into a second request structure, format, or language).

As per claim 16, Eicken teaches:
The non-transitory computer-readable storage medium of claim 15, wherein the instructions that cause the computer system to use the second representation of the operation to cause the operation to be performed, when executed by the one or more processors, cause the computer system to access the resource using an identifier of the resource in the second representation of the operation (Eicken: [0047] A request received by the manager 110 may be a request to collect monitoring data, configure or modify settings, read data, write data, perform a query, etc. [0006]: The method may include, prior to forwarding the request, converting the request from a first request structure, format, or language, into a second request structure, format, or language. [0048] At step 370, the manager 110 enables the requestor to complete the request using an access credential associated with an access entity. A request to retrieve data does not necessarily require an access entity with administrative rights and the manager 110 may therefore use a non-administrative access entity. The access entity may be created to narrowly enable the requestor to perform the request while not providing the requestor any access not necessary to the request. The new access entity may be disabled or deleted upon completion of the request (fulfilling the request using the second representation).

As per claim 17, Eicken teaches:
The non-transitory computer-readable storage medium of claim 15, wherein the instructions that cause the computer system to obtain the first representation of the operation to be performed, when executed by the one or more processors, cause the computer system to determine the first representation from the second representation of the operation to be performed using a mapping (Eicken: [0047] A request received by the manager 110 may be a request to collect monitoring data, configure or modify settings, read data, write data, perform a query, etc. [0050]: The manager may convert the request from a first request language or format into a second request language or format tailored to the destination cloud-based service instance or cloud host).

As per claim 18, Eicken teaches:
The non-transitory computer-readable storage medium of claim 15, wherein the instructions that cause the computer system to obtain the first representation of the operation to be performed, when executed by the one or more processors, cause the computer system to determine the second representation from the first representation of the operation to be performed using a mapping (Eicken: [0047] A request received by the manager 110 may be a request to collect monitoring data, configure or modify settings, read data, write data, perform a query, etc. [0050]: The manager may convert the request from a first request language or format into a second request language or format tailored to the destination cloud-based service instance or cloud host).

As per claim 19, Eicken teaches:
The non-transitory computer-readable storage medium of claim 15, wherein the second representation of the operation to be performed is a web service application programming interface request (Eicken: [0019] Multi-tenant cloud computing service host providers generally also enable a customer to launch various services related to the virtual servers and other services in the cloud. For example, Amazon Elastic MapReduce (Amazon EMR) is a web service that enables Amazon's customers to process large amounts of data. [0047] A request received by the manager 110 may be a request to collect monitoring data, configure or modify settings, read data, write data, perform a query, etc. [0050]: The manager may convert the request from a first request language or format into a second request language or format tailored to the destination cloud-based service instance or cloud host).

As per claim 20, Eicken teaches:
The non-transitory computer-readable storage medium of claim 15, wherein the instructions that cause the computer system to determine whether performance of the operation is authorized, when executed by the one or more processors, cause the computer system to apply the set of authorization rules to a set of parameters in the first representation (Eicken: [0044] At step 330, the manager 110 receives a request for the cloud-based service instance, the request authenticated as originating from a requestor. [0046] At step 350, the manager 110 consults a set of access controls associated with the cloud-based service instance and determines if the request is allowable by the requestor. The access controls indicate if the requestor of an authenticated request is authorized to make the request. The manager 110 determines if the request is authorized).

As per claim 21, Eicken teaches:
The non-transitory computer-readable storage medium of claim 15, wherein the instructions that cause the computer system to use the second representation of the operation to cause the operation to be performed, when executed by the one or more processors, cause the computer system to transmit the second representation to a service operable to perform the operation (Eicken: [0050]: In some embodiments, the manager passes the authenticated authorized request to the cloud host or cloud-based service instance. The manager may convert the request from a first request language or format into a second request language or format tailored to the destination cloud-based service instance or cloud host. [0006]: The method may include, prior to forwarding the request, converting the request from a first request structure, format, or language, into a second request structure, format, or language).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 7, 22 and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Eicken and applicant provided prior art US 20030154401 to Hartman et al (hereinafter Hartman).
As per claim 7, Eicken does not teach the limitations of claim 7. However, Hartman teaches:
wherein: the one or more services are further configured to receive the request of the second type (Hartman: [0109]: the mapper 104 may then translate the data received in the communication received from the manager 102 into a security request that can be used, understood or otherwise accepted by the security service determined during the step 206); and apply the mapping to the request of the second type to determine the request of the first type (Hartman: [0109]: the mapper 104 may then translate the data received in the communication received from the manager 102 into a security request that can be used, understood or otherwise accepted by the security service determined during the step 206).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Hartman in the invention of Eicken to include the above limitations. The motivation to do so would be to enhance the overall security for the system (Hartman: [0096]).

As per claim 22, Eicken teaches:
The non-transitory computer-readable storage medium of claim 15, wherein: the instructions that cause the computer system to determine whether performance of the operation is authorized, when executed by the one or more processors, cause the computer system to apply the determined set of authorization rules to the first representation of the operation (Eicken: [0044] At step 330, the manager 110 receives a request for the cloud-based service instance, the request authenticated as originating from a requestor. [0046] At step 350, the manager 110 consults a set of access controls associated with the cloud-based service instance and determines if the request is allowable by the requestor. [0047] A request received by the manager 110 may be a request to collect monitoring data, configure or modify settings, read data, write data, perform a query, etc.).
Eicken does not teach: the instructions further include instructions that, when executed by the one or more processors, cause the computer system to determine a set of authorization rules based at least in part on information in the second representation of the operation. However, Hartman teaches:
the instructions further include instructions that, when executed by the one or more processors, cause the computer system to determine a set of authorization rules based at least in part on information in the second representation of the operation (Hartman: [0141] During a step 270, the security service processes the security request received from the mapper 104 and generates or otherwise initiates a response. For example, the security service may need to access a security policy stored on the storage/resource 122 to determine how to respond to a security request. More specifically, the security policy may govern if the application 110 can be authorized to access a database).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Hartman in the invention of Eicken to include the above limitations. The motivation to do so would be to enhance the overall security for the system (Hartman: [0096]).

As per claim 23, Eicken teaches:
The non-transitory computer-readable storage medium of claim 15, wherein the first set of attributes includes values for an operation name and a service name (Eicken: [0044] At step 330, the manager 110 receives a request for the cloud-based service instance (service name). [0047] A request received by the manager 110 may be a request to collect (operation name) monitoring data, configure or modify (operation name) settings, read (operation name) data, write (operation name) data, etc.).
Eicken does not teach: the values being absent from the second set of attributes. However, Hartman teaches:
the values being absent from the second set of attributes (Hartman: [0046]: The security request may include an identification of a resource (e.g., database, document) sought to be accessed. The security request may include an identification or description of actions desired to perform on or with the resource. [0123]-[0125]: For example, the American Medical Association may develop a set of generic attributes that are specific to the medical community, i.e., the values represented in the first format are different in the second format, i.e., the values represented in the first format are absent in the second format).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Hartman in the invention of Eicken to include the above limitations. The motivation to do so would be to enhance the overall security for the system (Hartman: [0096]).

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Eicken and applicant provided prior art US 20100205475 to Ebrahimi et al (hereinafter Ebrahimi).
As per claim 14, Eicken does not teach the limitations of claim 14. However, Ebrahimi teaches:
wherein the one or more services are further configured to: provide an application programming interface through which mappings between request types and authorization rules are definable; receive, through the provided application programming interface, a definition of a mapping between the first request type and the second request type and the set of authorization rules applicable to requests of the first request type (Ebrahimi: [0036], [0057]-[0058], [0064]: rule master table 710 may specify …, a rule type (e.g., translation, transformation, edits/validations, etc.). [0080]: Portal 320 may provide one or more graphical user interfaces to user device 210 to allow the user to specify, for example, a name for the new interface, provide parameters relating to the new interface (e.g., a description of the new interface, a type of the new interface, a group to be notified of events relating to execution of the new interface, and/or other parameters); identify rules for the interface and the order in which the rules are to be executed etc. In one implementation, portal 320 may obtain, via one or more graphical user interfaces, information from the user to populate one or more of interface table 705, rule master table 710, etc.); 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Ebrahimi in the invention of Eicken to include the above limitations. The motivation to do so would be to provide service integration among multiple, heterogeneous systems (Ebrahimi: [0018]).

Claims 1 and 3 are rejected under 35 U.S.C. 103 as being unpatentable over US 20120197963 to Bouw et al (hereinafter Bouw) and Hartman.
As per claim 1, Bouw teaches:
A computer-implemented method, comprising: 
under the control of one or more computer systems of a service provider, the one or more computer systems configured with executable instructions, receiving an application programming interface request (Bouw: [0042]: The method may be practiced, for example at a middleware system in communication with a user and a content provider. The method includes receiving a request for data from a user, the request formatted in a first request format and requesting data from a content provider (act 202). Uniform data request 112a might be formatted in accordance with a uniform API defined by middleware system 104) that specifies: 
a first identifier of a resource hosted by a service of the service provider for a first customer of the service provider (Bouw: [0042]: The method includes receiving a request for data from a user, the request formatted in a first request format and requesting data (first identifier of a resource) from a content provider (act 202). [0028] Uniform data requests can include user-supplied parameters and corresponding values. [0029]-[0030]); and 
a first representation of an operation to perform with respect to the resource (Bouw: [0036] Custom SOAP-based response 114b might, in one embodiment, represent a hierarchically-structured weather forecast for a given day, i.e., since the response from the content provider to a user request is weather forecast for a given day, it is inherent the operation specified in the user request is to read/retrieve weather forecast for a given day. [0040]: In some cases, based on paging requirements and restrictions of particular content providers, users might need to send a plurality of uniform data requests to receive a requested amount of data (resource), i.e., the operation with respect to the resource is to read/retrieve the resource); 
selecting a set of request-mapping rules from a plurality of sets of mapping rules stored by the service provider for multiple customers of the service provider (Bouw: [0023]: middleware system 104 may include a mapping and transformation component 106 and configuration data 108. Mapping and transformation component 106 can be used by middleware system 104 to transform uniform requests from users 102 to custom requests that can be sent to content providers 110. [0025] Referring to configuration data 108, middleware system 104 can include configuration data for each content provider 110. Configuration data 108 can define, among other things, provider information that is used to transform uniform messages to custom messages for a given content provider. [0026]); 
applying the selected set of request-mapping rules to the received application programming interface request to determine: a second identifier of the resource; and a second representation of the operation (Bouw: [0043] Method 200 further includes translating the request to a second request format that is compatible with the content provider (act 204). For example, middleware system 104 may consult configuration data 108 to determine how to translate uniform data request 112a to custom data request 114a, and/or use a runtime module or generated code to translate uniform data request 112a to custom data request 114a. [0026]: Provider information defines basic information for communicating with each content provider 110, including information defining how use data from a uniform data request to create a custom data request using a particular content provider's custom API. The provider information can define, among other things, a base Uniform Resource Identifier (URI) that identifies how and/or where to access the particular content provider, and a request body that defines the format and structure of a custom message for that provider. An exemplary base URI definition might define a URI path to the content provider and possibly parameters. Parameters might take the form of name/value pairs comprising statically-defined values, or placeholders for user-supplied values (provided in the user's request)); 
and 
performing the operation with respect to the resource (Bouw: [0046] Method 200 also includes receiving a response from the content provider that comprises hierarchically-structured content (act 208). For example, middleware system 104 may receive custom response 114b from content provider 110a).
Bouw teaches receiving a response from the content provider, i.e., performing the operation with respect to the resource but does not teach: applying a set of authorization rules to at least the determined second identifier and the second representation of the operation to determine that fulfillment of the received application programming interface request is authorized; and as a result of determining that fulfillment of the received application programming interface request is authorized, performing the operation with respect to the resource. However, Hartman teaches:
applying a set of authorization rules to at least the determined second identifier and the second representation of the operation to determine that fulfillment of the received application programming interface request is authorized (Hartman: [0136]-[0138]. [0140]: During a step 268, the mapper 104 may call or invoke the selected security service and pass the security request prepared by the mapper 104 during the step 266 to the security service. For example, the security service may need to access a security policy stored on the storage/resource 122 to determine how to respond to a security request. More specifically, the security policy may govern if the application 110 can be authorized to access a database. Also, [0103]); and 
as a result of determining that fulfillment of the received application programming interface request is authorized, performing the operation with respect to the resource (Hartman: [0079]: An instance of the action factory interface may respond to a request by performing some operation on, or dictated by, a target object. [0142] During a step 272, the security service provides the response to the mapper 104).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Hartman in the invention of Bouw to include the above limitations. The motivation to do so would be to enhance the overall security for the system (Hartman: [0096]).

As per claim 3, Bouw in view of Hartman teaches:
The computer-implemented method of claim 1,wherein: the application programming interface request is associated with a first identity managed by a second customer of the plurality of customers (Bouw: [0042]: The method includes receiving a request for data from a user, the request formatted in a first request format and requesting data (first identifier of a resource) from a content provider (act 202). [0028] Uniform data requests can include user-supplied parameters and corresponding values. Hartman: [0046]: The security request may include a description or definition of the type of assertion (e.g., authorization) requested, an identification of the subject of the request); the first identity lacks permission independent of the authorization rules to access the resource (Hartman: [0046]: A response to such a security request may grant or deny the requested authorization. [0128]: As a result, the security service may deny the authorization request).

Claims 2, 4 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over Bouw in view of Hartman as applied to claim 1 above, and further in view of Ebrahimi.
As per claim 2, Bouw in view of Hartman teaches:
The computer-implemented method of claim 1, further comprising: fulfilling the received set of application programming interface requests that specifies the set of mapping rules and the set of authorization rules by storing the set authorization rules in association with the resource (Bouw: [0025]: [0025] Referring to configuration data 108, middleware system 104 can include configuration data for each content provider 110. Configuration data 108 can define, among other things, provider information that is used to transform uniform messages to custom messages for a given content provider. Also, [0026]. Hartman: [0111]: Thus, the mapper 104 or the attribute mapper 120 may access or use the storage/resource 122 or some other electronic resource, software and/or hardware device, etc. to access the attribute or attribute mapping information, invoke attribute mapping functions or algorithms, etc.).
Bouw in view of Hartman does not explicitly teach: receiving a set of application programming interface requests that specifies the set of request-mapping rules and the set of authorization rules. However, Ebrahimi teaches:
receiving a set of application programming interface requests that specifies the set of request-mapping rules and the set of authorization rules (Ebrahimi: [0036], [0057]-[0058], [0064]: rule master table 710 may specify …, a rule type (e.g., translation, transformation, edits/validations, etc.). [0080]: Portal 320 may provide one or more graphical user interfaces to user device 210 to allow the user to specify, for example, a name for the new interface, provide parameters relating to the new interface (e.g., a description of the new interface, a type of the new interface, a group to be notified of events relating to execution of the new interface, and/or other parameters); identify rules for the interface and the order in which the rules are to be executed etc. In one implementation, portal 320 may obtain, via one or more graphical user interfaces, information from the user to populate one or more of interface table 705, rule master table 710, etc.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Ebrahimi in the invention of Bouw in view of Hartman to include the above limitations. The motivation to do so would be to provide service integration among multiple, heterogeneous systems (Ebrahimi: [0018)).

As per claim 4, Bouw in view of Hartman does not teach the limitations of claim 4. However, Ebrahimi teaches:
wherein selecting the set of request-mapping rules is encoded in metadata of the resource (Ebrahimi: [0021]. [0042]: metadata database 440 may store the parameters of each interface with which interface gateway 310 is associated, along with information identifying the rules to be executed for each interface, the servers that need to be called for each interface, the services to be executed for each interface, and/or other information needed for executing an interface. [0091]: For example, orchestrator component 415 (e.g., master component 610) may receive the request (including the interface identifier) from ISS component 410. In addition, master component 610 may also identify, from the tables of metadata database 440, the rules that will be executed for the request, the servers and services that will be invoked for the request, and/or other information relating to the interface that will process the request. [0092]: For example, if interface table 705 indicates that process component 650 is to be invoked, process component 650 may, based on the rules, perform a translation and/or transformation operation. Based on the data from one or more of the tables of metadata database 440, the translation/transformation process may call the following services (from services component 425): a BPEL/Java/SAP service for performing the translation or transformation operation (e.g., a BPEL service may get the canonical XML from the shared memory and call the corresponding service to translate/transform the data)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Ebrahimi in the invention of Bouw in view of Hartman to include the above limitations. The motivation to do so would be to provide service integration among multiple, heterogeneous systems (Ebrahimi: [0018)).

As per claim 5, in view of Hartman does not teach the limitations of claim 5. However, Ebrahimi teaches:
wherein at least one of the selected mapping rules and at least one of the authorization rules were supplied by the first customer (Ebrahimi: [0036], [0057]-[0058], [0064]: rule master table 710 may specify …, a rule type (e.g., translation, transformation, edits/validations, etc.). [0080]: Portal 320 may provide one or more graphical user interfaces to user device 210 to allow the user to specify, for example, a name for the new interface, provide parameters relating to the new interface (e.g., a description of the new interface, a type of the new interface, a group to be notified of events relating to execution of the new interface, and/or other parameters); identify rules for the interface and the order in which the rules are to be executed etc. In one implementation, portal 320 may obtain, via one or more graphical user interfaces, information from the user to populate one or more of interface table 705, rule master table 710, etc.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Ebrahimi in the invention of Bouw in view of Hartman to include the above limitations. The motivation to do so would be to provide service integration among multiple, heterogeneous systems (Ebrahimi: [0018)).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 
US 20130047216 to Ajitomi et al: There is provided an information processing apparatus which the communication unit receives a usage request of a resource described in a first format from a program providing apparatus, the conversion unit identifies a resource providing apparatus having the resource as indicated and converts the usage request described in the first format into the usage request described in a second format that can be interpreted by the resource providing apparatus identified, the communication unit transmits the usage request described in the second format to the resource providing apparatus and receives a processing result of the usage request described in the second format from the resource providing apparatus, the conversion unit converts the processing result described in the second format into the processing result described in the first format, and the program execution unit performs an operation according to the processing result described in the first format.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MADHURI R HERZOG whose telephone number is (571)270-3359. The examiner can normally be reached 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MADHURI R. HERZOG
Primary Examiner
Art Unit 2438



/MADHURI R HERZOG/Primary Examiner, Art Unit 2438