摘要:
Techniques for the remote authorization of secure operations are provided. A secure security system restricts access to a secure operation via an access key. An authorization acquisition service obtains the access key on request from the secure security system when an attempt is made to initiate the secure operation. The authorization acquisition service gains access the access key from a secure store via a secret. That is, the secret store is accessible via the secret. The secret is obtained directly or indirectly from a remote authorization principal over a network.
摘要:
Techniques for federating and for attesting to online reputations are provided. A variety of reputation sources supply portions of reputation information about a principal. The portions are aggregated and optionally weighted to form a summary of reputation information. The summary is then represented as an attestation and optionally signed by the service providing the attestation.
摘要:
Policy enforcement via attestations is provided. A principal operates within an environment and assumes roles having certain access rights to resources and the principal takes actions while assuming those roles. The roles and actions are monitored and attestations are raised under the proper set of circumstances. The attestations trigger policy restrictions that are enforced against the principal. The policy restrictions circumscribe the access rights to the resources.
摘要:
Techniques are provided for secure synchronization and sharing of secrets. A first principal acquires an encrypted access key to a secret store of a second principal. The first principal contacts an identity manager and supplies a decrypted version of the access key. One or more secrets of the second principal may be acquired or modified by the first principal while accessing the secret store.
摘要:
Codifying the “most prominent measurement points” of a document can be used to measure semantic distances given an area of study (e.g., white papers on some subject area). A semantic abstract is created for each document. The semantic abstract is a semantic measure of the subject or theme of the document providing a new and unique mechanism for characterizing content. The semantic abstract includes state vectors in the topological vector space, each state vector representing one lexeme or lexeme phrase about the document. The state vectors can be dominant phrase vectors in the topological vector space mapped from dominant phrases extracted from the document. The state vectors can also correspond to words in the document that are most significant to the document's meaning (the state vectors are called dominant vectors in this case). One semantic abstract can be directly compared with another semantic abstract, resulting in a numeric semantic distance between the semantic abstracts being compared.
摘要:
Crafted identities are provided. A statement is provided to the principal for using a crafted identity. The statement includes an identifier that provides access to a resource when presented by the principal to the resource. The statement also includes one or more roles and permissions for the crafted identity when accessing the resource.
摘要:
Techniques for debugging applications are provided. Access to an application is controlled by a wrapper. The wrapper intercepts calls to the application and records the calls. The calls are then passed to the application for processing. The recorded calls form a log which may be analyzed or mined to detect error conditions or undesirable performance characteristics associated with the application independent of source associated with the application.
摘要:
Methods and systems are provided for trusted key distribution. A key distribution or an identity service acts as an intermediary between participants to a secure network. The service provisions and manages the distribution of keys. The keys are used for encrypting communications occurring within the secure network.
摘要:
An Internet Box Office (IBO) system and technique vends digital content via a computer network, such as the Internet. The IBO system comprises a viewing system that cooperates with a Digital Rights Management system and various deployment enhancements within the Internet to provide an infrastructure that facilitates access to digital content in a manner that comports with copyright law and the control of intellectual property by the copyright owner. The IBO system enables a content copyright owner to retain control of its intellectual property while allowing a consumer to have transparent access to the copyright-protected content via the network. To that end, the IBO system operates to download and stage the copyrighted digital content on the viewing system of a consumer.
摘要:
Techniques are provided for establishing privileged paths for data packets over a network. A data packet is received with a header; the header includes a route selector. The route selector assists in resolving a privileged path for the data packet. The data packet is injected into the network over the resolved privileged path.