摘要:
A challenge based authentication mechanism that does not require that the authenticating computing entities be aware of the secret data used for the initial authentication. An authenticator computing entity is to authenticate to the authenticatee computing entity. First, the authenticatee computing entity acquires a challenge from a supplemental authenticatee computing entity. The authenticatee computing entity provides the challenge to the authenticator computing entity, which has a supplemental authenticator computing entity solve the challenge. The authenticator computing entity sends the answer to the authenticatee computing entity, which uses the answer to authenticate the authenticator computing entity.
摘要:
A configuration management system creates (602) each configuration by assigning a configuration identifier to each configuration. In addition, relational information is computed (706) that indicates the relationships between the configuration and any configurations upon which it is based. The system then tracks (604) changes to files of the configuration by storing information associating each new file version with the configuration identifier. The system also tracks (1210) changes to file properties. A configuration is then reconstructed (608) as of a desired date, by identifying (2104, 2106) the file versions and properties associated with that configuration as of the desired date. A determination is made (2110) whether a user that has requested the file versions has access privileges by first checking a security cache (2600) for the user privileges information. If the information is not on the cache, it is computed from a security table (2800) and stored on the cache. The system automatically compresses (3118) and reconstitutes (3006) file versions that are stored in the version store.
摘要:
Methods, systems, and data structures for communicating object metadata are provided. A generic metadata container is presented that allows object metadata to be described in an extensible manner using protocol-neutral and platform-independent methodologies. A metadata scope refers to a dynamic universe of targets to which the included metadata statements correspond. Metadata properties provide a mechanism to describe the metadata itself, and metadata security can be used to ensure authentic metadata is sent and received. Mechanisms are also provided to allow refinement and replacement of metadata statements. Communication of metadata is expedited using hash digests to confirm metadata versions, and by piggybacking policy metadata requests and responses on other substantive data communication messages, thereby dynamically altering future communications.
摘要:
A network site often provides multiple offerings, each having their own context. The complete context for one of the offerings is stored. That complete context represents a root node in a hierarchical tree of context nodes, each node representing the context information for one or more of the offerings. Each node in the tree includes a reference to its parent node, and then a description of incremental changes to the context information as compared to the context information from the parent node. Accordingly, the context information for a particular node in the tree may be obtained by combining the complete context for the root node offering with incremental changes described in other nodes in the ancestral chain that leads from the particular offering to the root offering.
摘要:
A system and method for performing client-server transactions includes an application interface, located at a client, which manages connections between the client and a server. The application interface receives a request from an application program, opens a connection with the server, sends a message that includes the request over the connection, and holds the connection open for at least a timeout period. If the application interface receives another request destined for the server during the timeout period, it sends another message with the new request over the open connection. If the application interface receives one or more requests that are part of a transaction, the application interface assigns a transaction identifier to the transaction. The transaction identifier and a sequence indicator are included in each message with each request. At the server, a transaction manager receives the messages, sequences the requests based on the sequence indicators, and processes the requests in the indicated sequence. If the application interface receives a redirect request from the server in response to a message, the application interface sends the message to another server identified in the redirect request without involving the client application.
摘要:
Communicating and requesting specialized policy information. A message is sent by a client to a service which provides the services requested by the message or a specialized processor that evaluates messages. The message is evaluated for compliance with a policy particular to the message. If the message does not comply with a policy particular to the message, policy information is sent, where the policy information indicates the correct policy particular to the message. In one embodiment, if the message complies with a policy particular to the message, policy information is sent, where the policy information indicates that the message complies with a policy particular to the message.
摘要:
Providing reference tokens. A method includes receiving a request for a token. In response to the request for a token and in place of a token, one or more rich pointers are sent referencing one or more tokens. The rich pointers point to locations where one or more actual tokens can be retrieved. When only a single pointer is sent, the pointer is a reference other than an HTTP URL.
摘要:
Multiple peer groups for performing computing, communication, and/or storage tasks. A method may be performed for example, in a computing environment including one or more agents networked together. The method includes providing data to the agents using two or more distinct peer groups. The peer groups include members from among the agents. The method further includes performing at each of the peer groups operations on the data. Each peer group is configured to perform a specific operation. The method also includes coordinating the operations at each of the peer groups such that a common computing, communication and/or storage task is accomplished by aggregating the operations at each of the peer groups.
摘要:
A first application layer at a first message processor identifies a first portion of context information. A second message processor receives the first portion of context information. A second application layer at the second message processor identifiers a second portion of context information. The second message processor sends the second portion of context information along with a first digital signature created from both the first and second portions of context information. The first message processor receives the second portion of context information and first digital signature. The first message processor sends a second digital signature created from the first and second portions of context information to the second message processor. If both the first and second digital signatures are authenticated, a secure context can be established between the first and second application layers.
摘要:
The present invention extends to methods, systems, and computer program products for selecting policy for compatible communication. Hierarchical policy document data structures represent communication (e.g., security) aspects and options such that lower aspects and options are accessed in the context of corresponding higher aspects and options to define applicable scope. Use of a hierarchical description also facilitates separation of what is being protected from how it is being protected thereby allowing security policy to be considered at different locations of a description document.