摘要:
Structuring a data structure that is of a particular type that has a particular schema used for validation, in a manner that permits selected components of the data structure to be optionally transformed while retaining the ability to validate the data structure. The data structure includes information that is sufficient to identify one or more transformations that may occur on at least one component of the data structure while still being valid.
摘要:
Transferring data using peer-to-peer protocols. A method may be practiced, for example, at a computer system in a computer network. The computer network may include one or more networked agents formed into a peer group of peers using at least one peer-to-peer connection. The method includes an act of receiving a computer readable message from a peer-to-peer network. The computer readable message is a centric message enveloped in a peer-to-peer message. The centric message is extracted. The centric message is delivered to an agent configured for centric type communications.
摘要:
Compression of a portion of a message at above a transport layer in a protocol stack. In the transmission direction, the message is accessed in a form that includes a number of initially parseable components, at least one of which being in compressed form. The message also includes a marker that identifies the component(s) that are compressed. The message is then passed to the transport layer in further preparation for transmission. In the receiving direction, the message is received from the transport layer. The message is initially parsed, and then the compressed component(s) are identified based on the marker.
摘要:
A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.
摘要:
Systems and methods for automatically generating security policy for a web service are described. In one aspect, one or more links between one or more endpoints are described with an abstract link description. The abstract link description describes, for each link of the one or more links, one or more security goals associated with exchange of message(s) between the one or more endpoints associated with the link. The one or more endpoints host respective principals networked in a distributed operating environment. Detailed security policies for enforcement during exchange of messages between the one or more endpoints are automatically generated from the abstract link description.
摘要:
Some large software development projects need more than one versioning system to accommodate not only a diversity of document formats and data types, but also the geographic diversity of its programmers. However, having more than one versioning systems is generally very expensive. A major factor in this expense is the requirement for a separate application program interface (API) for each separate versioning system. Accordingly, the inventors devised an exemplary API architecture which can be extended with “plug-in” protocol providers to include virtually any number of separate version stores or versioning systems. The exemplary architecture includes a generic command parser and a command dispatcher. The command dispatcher operatively couples to one or more protocol providers, each coupled to at least one version store. Inclusion of the OLE DB-compliant interface and the command parser in the exemplary embodiment saves the protocol providers the effort and expense of replicating these features, thereby reducing the cost of adding version stores.
摘要:
A method and system are provided for managing a security threat in a distributed system. A distributed element of the system detects and reports suspicious activity to a threat management agent. The threat management agent determines whether an attack is taking place and deploys a countermeasure to the attack when the attack is determined to be taking place. Another method and system are also provided for managing a security threat in a distributed system. A threat management agent reviews reported suspicious activity including suspicious activity reported from at least one distributed element of the system, determines, based on the reports, whether a pattern characteristic of an attack occurred, and predicts when a next attack is likely to occur. Deployment of a countermeasure to the predicted next attack is directed in a time window based on when the next attack is predicted to occur.
摘要:
A method of securing communications between an application that includes a macro and a Web Service. The method includes an act of, at the macro, generating a request for data. The request for data comprises generating commands for retrieving data, generating security information, and embedding the commands for retrieving data and the security information in a request. The request for data is sent to the Web Service. The requested data is received from the Web Service if the security information provides appropriate authorization to receive the requested data.
摘要:
Providing access to devices based on peer membership. A method is described including an act of providing access to a device, such as a hardware peripheral or a software service, to networked agents, such as host computers, operating systems, frameworks, and application code. The method includes an act of forming a peer-to-peer network of one or more members from among the networked agents. The one or more members form a peer group. The peer group does not require a central authority defining peer group membership. Access to a device is provided to the one or more members forming the peer group based on their being included in the peer group.
摘要:
An adaptively configurable user interface to facilitate a common user experience across two or more databases and an extensible common query structure to allow expansion of a query language to meet the demands of new file types. An exemplary embodiment includes a discovery mechanism for determining query properties of search providers, thereby facilitating adaptive configuring of a user interface to expose the determined query properties. An exemplary embodiment of the user interface includes a portion which remains relatively constant across two or more search providers to reduce user disorientation.