摘要:
Directly operating on data structures in a generic manner regardless of the type of data structure being operated upon and without requiring dedicated executable code for manipulating data structures of the particular data type. A common set of commands (e.g., insert, delete, replace, update, query) are recognized that may be used to operate on data structures of a number of different data types. A navigation module accesses a request to execute one of the common command methods on at least an identified portion of an identified data structure. Then, the navigation module accesses a navigation assistance module to access a set of rules associated with the particular data type, the set of rules allowing the navigation module to find the portion of the data structure that is to be operated on. If appropriate, the command operation is then executed on the identified portion of the data structure.
摘要:
A messaging data structure for accessing data in an identity-centric manner. An identity may be a user, a group of users, or an organization. Instead of data being maintained on an application-by-application basis, the data associated with a particular identity is stored by one or more data services accessible by many applications. The data is stored in accordance with a schema that is recognized by a number of different applications and the data service. The messaging data structure includes fields that identify the target data object to be operated upon using an identity field, a schema field, and an instance identifier field. In addition, the desired operation is specified. Thus, the target data object is operated on in an identity-centric manner.
摘要:
Authorizing a requesting entity to have a service perform a particular action in a manner that is at least partially independent of the underlying target data structure. An authorization station maintains a number of role templates that each define basic access permissions with respect to a number of command methods. The authorization station also maintains a number of role definitions that each define access permissions for specific requesting entities by using one or more of the role templates. When the authorization station receives a request from the requesting entity, the authorization station then identifies the appropriate role definition. Using this role definition, the authorization station determines access permissions for the requesting entity with respect to the requested action.
摘要:
A schema-based device service that provides centralized access to per-user device data, wherein access to the device data is based on each user's identity. The device service includes a schema that defines rules and a structure for each user's data, and also includes methods that provide access to the data in a defined way. The device schema thus corresponds to a logical document containing the data for each user. A service such as a notification/alerts service accesses data in the logical document by data access requests through defined methods, such as in order to customize or modify a notification for a device based on the device characteristics. In one implementation, the device schemas are arranged as XML documents, and the services provide methods that control access to the data based on the requesting user's identification, defined role and scope for that role.
摘要:
In scenarios involving a data set accessible through a protocol, operations sets may be formulated for performing various operations on the data set, and may be expressed as resource scripts according to a scripting language. However, such resource scripts may be difficult to design due to the complicated aspects of the interaction, such as asynchrony, network transport, the syntax of the scripting language, and the details of the protocol. A design environment may be devised to facilitate designers in generating resource scripts, e.g., through the manipulation of visual elements. The design environment may abstract the lower-level working details of the resource scripts, and may allow designers to focus on the logical designing of the operations set. The design environment may then automatically generate the resource script from the operations set in accordance with the constraints of the script language and the protocol.
摘要:
Embodiments are directed to providing an identity risk score as part of an authentication assertion, applying operating heuristics to determine an operating application's validity and to providing identity risk scores to requesting third parties. In one scenario, an authentication server receives from a cloud service portal various user credentials from a user. The user credentials identify a user to the authentication server. The authentication server verifies the user's identity using the received credentials and generates an identity risk score based on one or more identity factors. The identity factors indicate a likelihood that the user is a valid user. The authentication server encapsulates the generated identity risk score in an authentication assertion and sends the authentication assertion that includes the generated identity risk score to the cloud service portal.
摘要:
Systems and methods for distributed, decentralized storage and retrieval of data in an extensible SOAP environment are disclosed. Such systems and methods decentralize not only the bandwidth required for data storage and retrieval, but also the computational requirements. Accordingly, such systems and methods alleviate the need for one node to do all the storage and retrieval processing, and no single node is required to send or receive all the data.
摘要:
An invention is described for securely deploying a provable identity for virtual machines (VMs) in a dynamic environment. In an embodiment, a fabric controller instructs a VM host to create a VM and sends that VM a secret. The fabric controller sends that same secret (or a second secret, such as the private key of a public/private key pair) to the security token service along with an instruction to make an account for the VM. The VM presents proof that it possesses the secret to the security token service and in return receives a full token. When a client connects to the deployment, it receives the public key from the security token service, which it trusts, and the full token from the VM. It validates the full token with the public key to determine that the VM has the identity that it purports to have.
摘要:
Methods and systems for providing unified analytics across a distributed computing services infrastructure are disclosed. Embodiments include providing an application identifier for an application created by a developer and, during an execution of the application, collecting and storing analytic data with an association with the application identifier and an authenticated developer identifier. Other embodiments may include collecting and storing analytic data with the association further including an authenticated user identifier and/or a device identifier for a device of a user-defined group or mesh. Access mechanisms, report generation, and billing based on the analytic data and associated application identifier are also disclosed. The disclosed methods and systems allow for unified reporting and correlation of analytic data across multiple services of a distributed computing services infrastructure.
摘要:
Multiple copies of web services reside on associated computing devices, each having an associated reputation. A client may desire to access the web service having the highest or best reputation to be ensured of a greater degree of accuracy and confidence. The client does a search, and attaches to whichever web service has the highest reputation. By running multiple copies of the web services, they may vote amongst themselves on the results in the event that one or more of the services starts giving incorrect or otherwise inconsistent results. Combining the voting with reputation data associated with each copy of the web service allows a service's reputation to be dynamically adjusted based upon how faithfully it computes the results of work items sent to it.