摘要:
Techniques are provided for preserving and managing identities within an audit log. Initial entries into a log do not include an explicit and direct reference to an agent that performs a transaction; rather, the agent acquires a temporary transaction identity for the transaction and an indirect reference to the transaction identity is written to the log while the transaction is pending. Once the transaction completes a direct reference to the transaction identity is written to the log, the identity of agent remains transparent until the identity of the agent expires, if at all.
摘要:
Techniques are presented for anonymous Internet access. Internet requests are intercepted within a firewalled environment before being routed over the Internet to destination sites. Each Internet requests is evaluated in view of policy and one or more anonymizers are selected in response to that evaluation. The Internet requests are then routed through the appropriate anonymizers for processing to the destination sites. A relationship between an Internet Protocol (IP) address associated with the firewalled environment and IP addresses of the destination sites is masked and hidden via the anonymizers from Internet observers. Moreover, a secure communication between the firewalled environment and the anonymizers is maintained.
摘要:
Techniques are provided for dynamically establishing and managing trust relationships. A first principal initially requests a community list. The community list includes identities of one or more second principals with which the first principal can establish trusted relationships with. The community list is associated with a trust specification. The trust specification defines the policies and access rights associated with interactions between the first principal and the second principals during any active trusted relationships. The first principal can dynamically subdivide, manage, and modify entries of the community list and the trust specification, assuming any such modifications are permissible according to global contracts and policies associated with the first principal.
摘要:
Techniques are provided for dynamically establishing and managing authentication and trust relationships. An identity service acquires and evaluates contracts associated with relationships between principals. The contracts permit the identity service to assemble authentication information, aggregated attributes, and aggregated policies which will drive and define the various relationships. That assembled information is consumed by the principals during interactions with one another and constrains those interactions. In some embodiments, the constraints are dynamically modified during on-going interactions between the principals.
摘要:
Techniques are provided for allocating resources over a network. A resource consumer requests access to a resource over a network. As part of that request, the resource consumer acquires information that permits it to securely communicate with a resource provider. The resource provider controls the resource and once satisfied with the security of a request from a resource consumer allocates the resource for access by the resource consumer.
摘要:
Techniques are provided for establishing and managing a distributed credential store. An identity service aggregates identity information from one or more identity stores and maintains the information as a remote credential store. Initially, the remote credential store, or portions thereof, is transmitted to a principal service as an initial configuration of a local credential store. A principal interacts with the principal service for defining or modifying a policy that identifies portions of the remote credential store which are to be synchronized with the local credential store. In some embodiments, the principal interacts with the principal service for defining a local policy that identifies portions of the local credential store which are not synchronized with the remote credential store. The interactions between the credential stores are trusted and secured.
摘要:
Techniques are provided for dynamically establishing and managing authentication and trust relationships. An identity service acquires and evaluates contracts associated with relationships between principals. The contracts permit the identity service to assemble authentication information, aggregated attributes, and aggregated policies which will drive and define the various relationships. That assembled information is consumed by the principals during interactions with one another and constrains those interactions. In some embodiments, the constraints are dynamically modified during on-going interactions between the principals.
摘要:
Techniques are presented for anonymous Internet access. Internet requests are intercepted within a firewalled environment before being routed over the Internet to destination sites. Each Internet requests is evaluated in view of policy and one or more anonymizers are selected in response to that evaluation. The Internet requests are then routed through the appropriate anonymizers for processing to the destination sites. A relationship between an Internet Protocol (IP) address associated with the firewalled environment and IP addresses of the destination sites is masked and hidden via the anonymizers from Internet observers. Moreover, a secure communication between the firewalled environment and the anonymizers is maintained.
摘要:
Techniques for using multiple security access mechanisms for a single identifier are presented. A single identifier is permitted to be associated with multiple authentication secrets. The single identifier resolves to a particular identity in response to the particular authentication secret presented with the single identifier. Moreover, in an embodiment, any resolved identity may have a variety of attributes automatically set for a particular communication session, such as role, access rights, etc.
摘要:
Crafted identities are provided. A statement is provided to the principal for using a crafted identity. The statement includes an identifier that provides access to a resource when presented by the principal to the resource. The statement also includes one or more roles and permissions for the crafted identity when accessing the resource.