Patent application number | Description | Published |
20080263536 | Controlling A GUI Display For A Plug-In - Methods, systems, and computer program products are provided for controlling a GUI display for a plug-in in an application supporting plug-ins. Embodiments include receiving, at run time, in the application from the plug-in a request to display a GUI object; responsive to the request, retrieving an XML representation of the GUI object; and displaying the GUI object in dependence upon the retrieved XML representation of the GUI object. Typical embodiments also include receiving from the plug-in a request to retrieve user input responsive to the GUI object; and returning to the plug-in responsive user input. | 10-23-2008 |
20080271121 | EXTERNAL USER LIFECYCLE MANAGEMENT FOR FEDERATED ENVIRONMENTS - The present invention provides a generic technique that externalizes the management of a user session, particularly in the context of a federated environment. The invention obviates any requirement to design and implement special software (or any requirement to modify a previously installed plug-in) to enable third party SSOp-aware applications to manage the lifecycle of a user session. In an illustrative embodiment, the user session lifecycle is managed externally through an external authentication interface (EAI) that has been extended to enable any POC (or SSOp-aware application) to interface to a federated identity provider component using a simple HTTP transport mechanism. In the inventive approach, HTTP request and response headers carry the information that is used by the POC to initiate and later destroy a user session, and such information is provided by a federated entity without requiring use of a special authentication API. | 10-30-2008 |
20080289023 | Method and System for Peer-to-Peer Authorization - An authorization mechanism within a peer-to-peer network is presented. A central server that operates a centralized data repository search engine within a peer-to-peer network performs authentication and authorization operations with respect to users that access its services. A user at a peer node reviews peer-to-peer search results that have been gathered and returned by the centralized search engine. When the user desires to retrieve a file from another peer node, the user's peer node must obtain an authorization token from the central server, which authenticates the user or has previously authenticated the user. The user's peer node then presents the authorization token along with a request to retrieve the file from the other peer node. After verifying the authorization token, the other peer node responds with the requested file. If the other peer node cannot verify the authorization token, then the other peer node denies access to the file. | 11-20-2008 |
20090125972 | FEDERATED SINGLE SIGN-ON (F-SSO) REQUEST PROCESSING USING A TRUST CHAIN HAVING A CUSTOM MODULE - Federated single sign on (F-SSO) uses a token service that fulfills requests by executing a module chain comprising a set of modules. F-SSO runtime processing is enhanced by enabling a federated entity user to define a custom module to include in the chain. The custom module includes one or more name-value pairs, wherein a given name-value pair has a value that may be validated against an entity-defined rule. The rule is determined during the processing of the custom module based on one or more invocation parameters of the module chain. In a runtime operation, F-SSO begins in response to receipt of a token. In response, the processing of the module chain that includes the custom module is initiated. During processing of the custom module, an attempt is made to validate the value of a name-value pair based on the rule. If the value of the name-value pair based on the rule can be validated, processing of the module chain continues. This approach enables finer granularity on the information that can be asserted or required as part of an F-SSO flow. | 05-14-2009 |
20090129596 | System and Method for Controlling Comments in a Collaborative Document - A system, method, and program product is provided that operates when opening a word processing document that includes document content inserted at various insertion points within the document. The document is opened by a user that corresponds to a particular user identifier. The comments included in the document include recipient identifiers. A first set of comments are selected where the user's identifier is included in the recipient identifiers of the corresponding comments, and a second set of comments are selected where the user's identifier is not included in the recipient identifiers of the corresponding comments. The word processor displays the first set of comments at their respective insertion points within the document content and does not present the second set of comments. | 05-21-2009 |
20090259753 | Specializing Support For A Federation Relationship - The invention provides federated functionality within a data processing system by means of a set of specialized runtimes, which are instances of an application for providing federation services to requesters. Each of the plurality of specialized runtimes provides requested federation services for selected ones of the requestors according to configuration data of respective federation relationships of the requestors with the identity provider. The configuration data is dynamically retrieved during initialization of the runtimes which allows the respective_runtime to be specialized for a given federation relationship. Requests are routed to the appropriate specialized runtime using the first requestor identity and the given federation relationship. The data, which describes each federation relationship between the identity provider and each of the plurality of requestors, is configured prior to initialization of the runtimes. | 10-15-2009 |
20090327397 | MANAGING USER PERSONAL INFORMATION ACROSS WEB SITES - A method of managing user personal information across a set of service provider sites is implemented, preferably as a web browser plug-in function. As a user navigates to a service provider web site and performs an interaction involving user identity attribute data, the interaction is recorded for later replay. Typically, the interaction is a graphical user interface (GUI) interaction. At a later time, previously-recorded interactions at service provider sites are replayed automatically, i.e., without requiring the user to navigate back to the individual sites and perform the interactions, and (during the replay operation) the user's previously-entered identity attribute data is located and retrieved. A display of the identity attribute data collected from the service provider sites then can be examined, e.g., for any inconsistency among the data. If the user then updates identity attribute data for a given service provider site, the identity attribute data for the site is automatically updated, once again without requiring the user to navigate to the site and re-enter the update directly. The method enables the user to ensure that his or her personal data stored at the service provider sites is up-to-date and synchronized. | 12-31-2009 |
20100146290 | TOKEN CACHING IN TRUST CHAIN PROCESSING - A method, system, and computer usable program product for token caching in a trust chain processing are provided in the illustrative embodiments. An information in a token associated with a first request is mapped. A determination is made whether a requester of the first request has provided a constraint in the first request, the constraint concerning the token, the constraint forming a client constraint. The client constraint is stored. The information and the mapped information is stored, forming stored information. The token is received in a second request. The stored information is reused if the client constraint allows reusing the stored information. A further determination may be made whether a target system receiving the mapped information has provided a server constraint, the second constraint concerning the mapped information, the second constraint forming a server constraint. The stored information may be reused if the server constraint allows reusing the stored information. | 06-10-2010 |
20100185862 | Method and System for Encrypting JavaScript Object Notation (JSON) Messages - The confidentiality of JavaScript Object Notation (JSON) message data is secured using an encryption scheme. The encryption scheme implements a JSON encryption syntax, together with a set of processing rules for creating encrypting arbitrary data in JSON messages in a platform/language independent manner. A method for encrypting a data item in a JSON message begins by applying an encryption method and a key to the data item to generate a cipher value. A data object is then constructed that represents an encryption of the data item. The data item in the JSON message is then replaced with the data object, and the resulting modified JSON message is then output from a sending entity. At a receiving entity, information in the data object is used to re-generate the data item, which is then placed back in the original message. | 07-22-2010 |
20100185869 | METHOD AND SYSTEM FOR SIGNING JAVASCRIPT OBJECT NOTATION (JSON) MESSAGES - JSON (JavaScript Object Notation) message integrity is provided using a digital signature scheme. The digital signature scheme implements a set of processing rules for creating and representing digital signatures using a JSON signature syntax. The syntax preferably comprises a set of named elements, including a reference element, a signature information element, and a signature element. In one embodiment, a machine-implemented method for signing a JSON message begins by constructing a reference element for each data object in the JSON message to be signed. The data object is identified by a reference identifier. The reference element includes the reference identifier, a pointer (such as a URI) to a digest method, and a digest generated by applying the digest method to the data object or a given function of the data object. Then, a signature information element is constructed for one or more of the reference elements corresponding to the one or more data objects in the message that are being signed. The signature information element includes a pointer to a signature method, as well as one or more reference elements, or a canonical form of the one or more reference elements. Then, a signature element is constructed. The signature element includes the signature information element, and a signature value generated by applying the signature method (identified in the signature information element) to the signature information element. The signature element is the JSON message signature. The signature enables a sending entity (such as a Web browser or Web server) to generate a digest on all or parts of a JSON message and then to secure the digests using a signing key. | 07-22-2010 |
20110131643 | Token Mediation Service in a Data Management System - A method and system for mediating security tokens to authorization data transactions in a data management system. The methods and systems intercept a data request between two applications or services, and validate and translate a security token sent with the data request from a format compatible with the first application or service to a format compatible with the second application or service. | 06-02-2011 |