Abstract: A system and method for using an opaque group within a federated identity management environment, to prevent disclosure of identities of the group. An opaque group is constructed at an identity provider within the system and has a group identity that references primary system identities of its members (e.g., electronic mail addresses, public key certificates, network addresses). Services to the group (e.g., distribution of an object such as a document or electronic mail message, invitation to an online meeting, authentication as a member of the group) can be requested from service providers, but because service providers do not have access to members' primary identities, the service providers forward the requests to an identity provider that has access to the group identity. That identity provider retrieves the members' identities and completes the action.

Abstract: XACML (eXtensible Access Control Markup Language) documents, PolicySets and Policies can become long, complex and difficult to completely comprehend. A method is provided for facilitating analysis of such code to make it easier to answer questions such as: Given a particular set of Attribute values (and/or others unknown as of now), what is permitted or denied; are any of the rules redundant; are any of the rules inconsistent; for any pair of policies in the code, what set of Attributes will they both return Permit; how can a policy be refactored into an equivalent set of policies in which each branch of the policy tree pertains to specific values of specified Attributes? To facilitate such analysis and refactoring, every Rule in the collection of policies being analyzed is reduced to an equivalent expression in DNF (Disjunctive Normal Form). Some terms, predicates and other elements may be eliminated.

Abstract: XACML (eXtensible Access Control Markup Language) documents, PolicySets and Policies can become long, complex and difficult to completely comprehend. A method is provided for facilitating analysis of such code to make it easier to answer questions such as: Given a particular set of Attribute values (and/or others unknown as of now), what is permitted or denied; are any of the rules redundant; are any of the rules inconsistent; for any pair of policies in the code, what set of Attributes will they both return Permit; how can a policy be refactored into an equivalent set of policies in which each branch of the policy tree pertains to specific values of specified Attributes? To facilitate such analysis and refactoring, every Rule in the collection of policies being analyzed is reduced to an equivalent expression in DNF (Disjunctive Normal Form). Some terms, predicates and other elements may be eliminated.

Abstract: A system and method for using an opaque group within a federated identity management environment, to prevent disclosure of identities of the group. An opaque group is constructed at an identity provider within the system and has a group identity that references primary system identities of its members (e.g., electronic mail addresses, public key certificates, network addresses). Services to the group (e.g., distribution of an object such as a document or electronic mail message, invitation to an online meeting, authentication as a member of the group) can be requested from service providers, but because service providers do not have access to members' primary identities, the service providers forward the requests to an identity provider that has access to the group identity. That identity provider retrieves the members' identities and completes the action.

Abstract: Web services interface policy constraints may be specified in a policy constraints language and policy processing, such as generating an intersection policy of two policies may be automated by a policy-processing engine. A policy constraint may be a specification of a value, range of values, or set of values that a particular requirement or offering is allowed to have. Hierarchies of requirements and/or offerings may also be expressed and matched such that a more specific case of a requirement or offering may be matched against a more general case of the same requirement or offering. Also, preferences among vocabulary items, vocabulary item values, policy constraints, and other elements of a policy may be specified and automatically determined by a policy-processing engine. Automated matching of consumer requirements against provider offerings may allow a policy-processing engine to process policies with specifications of requirements or offerings from any domain-specific schema.

Abstract: In accordance with the invention, a presenter of credentials presents to a recipient of credentials one or more chains of group credentials to prove entity membership or non-membership in a nested group in a computer network. The ability to present a chain of credentials is particularly important when a client is attempting the prove membership or non-membership in a nested group and one or more of the group servers in the family tree are off-line. A chain of group credentials includes two or more proofs of group membership and/or proofs of group non-membership Furthermore, the proofs of group membership may include one or more group membership certificates and/or one or more group membership lists; and proofs of group non-membership may include one or more group non-membership certificates and/or one or more group membership lists.

Abstract: A method and system for evaluating a set of credentials that includes at least one group credential and that may include one or more additional credentials. A trust rating is provided in association with the at least one group credential within the set of credentials and trust ratings may also be provided in other credentials within the set of credentials. Each trust rating provides an indication of the level of confidence in the information being certified in the respective credential. In response to a request for access to a resource or service, an evaluation of the group credentials is performed by an access control program to determine whether access to the requested resource or service should be provided. In one embodiment, within any given certification path a composite trust rating for the respective path is determined. An overall trust rating for the set of credentials is determined based upon the composite trust ratings.

Abstract: The basic concept is that before a resource is accessed, the entity that has the burden of gathering the credentials, pro-actively refreshes the credentials and keeps them current. In one instance, a presenter of credentials, for example, a client, pro-actively refreshes the credentials such that at the time of presentation, the credentials meet the resource-specific constraints of a recipient of credentials, for example, a resource server. For each resource that it protects, a resource server typically establishes various constraints such as a recency requirement, which specifies how recently a credential has to have been issued to be accepted as an adequate credential. Other constraints may include maximum certificate chain length, trust level and so forth. In another instance, a recipient of credentials pro-actively gathers and refreshes credentials to prevent un-authorized access to the various resources it is protecting.

Abstract: One embodiment of the present invention provides a system that replaces an attachment to an email message with a reference to a location where the attachment is stored. Upon receiving the email message, the system examines the email message to determine if the email message includes an attachment. If the email message includes the attachment, the system stores the attachment at a location on a communication network from which the attachment can be retrieved. The system also modifies the email message by replacing the attachment with a reference specifying the location of the attachment, and sends the modified email message to a recipient of the email message. In one embodiment of the present invention, the recipient receives the modified email message and uses the reference specifying the location of the attachment to retrieve the attachment across the communication network.

Abstract: A method and apparatus for authenticating and authorizing a user of a device connected to a network. In one embodiment, a set of credential descriptors is generated that describes credentials that must be built for authenticating the user. The set of credential descriptors is provided to a first device, which includes a first master credential builder for building credentials corresponding to at least one of the credential descriptors. In the event that the first master credential builder does not build all of the credentials corresponding to the set of credential descriptors, another set of credential descriptors is provided to a second device, which includes a second master credential builder for building at least one credential remaining to be built. This process continues until all credentials have been built or a determination is made that they cannot be built.

Abstract: A certification authority generates certificates in response to respective certification requests. The certification authority generally includes a computer that is bootable from a removable medium and a removable medium. The removable medium includes a machine readable medium having encoded thereon an operating system module configured to enable the computer to boot from the removable medium and a certificate generation module configured to, after the computer has been booted, control the computer to facilitate the generation of at least one certificate in response to an associated certificate request, the certification authority module being configured to provide that the computer not be remotely controlled during a certificate generation session.

Abstract: In accordance with the invention, on-line group servers issue group membership or group non-membership certificates upon request. Furthermore, when a requester requests a group certificate for a particular entity, the associated group server makes a dynamic decision regarding the entity's membership in the group rather than simply referring to a membership list. These capabilities provide for, among other things, the implementation of “nested” groups, wherein an entity may indirectly prove membership in a first, or nested, group by proving membership in a second group which is a member of the first group. In the nested group situation, the dynamic decision may involve the group server of the nested group obtaining proof of the entity's membership or non-membership in the second group. Proof of membership or non-membership may include a group certificate and/or a group membership list.

Abstract: A method and system for granting an applicant associated with a client computer in a client-server system access to a requested service without providing the applicant with intelligible information regarding group membership. The applicant transmits a request for service to an application server over a computer network. In response, the application server prepares an encrypted message which includes the identification of the group or groups having access privileges and transmits the encrypted message to the client along with a request that the client prove membership in at least one of the groups. The message is encrypted with an encryption key which can be decrypted by a group membership server.

Abstract: A system includes at least one resource, such as a computer, and a high-security authentication device, the at least one resource being selectively utilizable by an operator. The high-security authentication device is configured to perform an authentication operation in connection with a prospective operator and generate a credential for the prospective operator if it authenticates the prospective operator. The at least one resource is configured to, in response to the prospective operator attempting to utilize the resource, initiate an operator authentication verification operation using the credential to attempt to verify the authentication of the operator, and allow the prospective operator to utilize the at least one resource in response to the operator authentication verification operation.

Abstract: A method and system for evaluating a set of credentials that includes at least one group credential and that may include one or more additional credentials. A trust rating is provided in association with the at least one group credential within the set of credentials and trust ratings may also be provided in other credentials within the set of credentials. Each trust rating provides an indication of the level of confidence in the information being certified in the respective credential. In response to a request for access to a resource or service, an evaluation of the group credentials is performed by an access control program to determine whether access to the requested resource or service should be provided. In one embodiment, within any given certification path a composite trust rating for the respective path is determined. An overall trust rating for the set of credentials is determined based upon the composite trust ratings.

Abstract: A method and apparatus for identifying an applicant as a member of a group without explicitly listing all possible applicants. A test is defined which specifies the criteria for group membership. The test definition and an optional group identifier code are supplied to a criterion generator. The criterion generator generates an authenticated message based, at least in part, upon said test definition. The authenticated message is delivered to one or more criterion evaluators that verify the authenticated message. In one embodiment, once the authenticated message has been verified, the applicant for access to a resource presents a credential to the criterion evaluator. If the credential satisfies the test definition, the applicant is granted access to the specified resource and denied access if the credential does not satisfy the test definition.

Abstract: An object oriented tool monitors the step-by-step progress of security administration within an electronic work flow to implement access control measures, and security administration policies that may include additional checks and balances, such as second party review, escalated authorization requirements, and trusted audit facilities. A security administration architecture for distributed electronic data processing systems preferably includes a checkpoint object that provides uniform characterization of milestone or transition states in administration activity, and which may be inherited by or refined to an administration activity object. A checkpoint object manager that is instantiated as a trusted third party object manages the state progression of checkpoint objects. As a result of checkpointing, checkpoint objects are resumed with their state advanced, reversed, or unchanged by the checkpoint object manager as appropriate.