Abstract: A message processor accesses an electronic message. The message processor identifies from within the electronic message any schema-based time markers including time related message data associated with the message processor. The message processor determines if a schema-based time marker within the electronic message should be modified. This can include signing a portion of time related message data to indicate to a subsequent message processor that the time related message data can be trusted. The message processor routes the message (either directly or through one or more intermediary message processors) to a destination message processor. The destination message process receives the message and processes the electronic message according to time related message data included in the message. This can include trusting the portion time related data that was singed by the message processor.

Abstract: A flexible way of expressing trust policies using, for example, XML. Multiple statement types may be expressed for a single authority type. Statement types may include less than all of the statements made by an authority type. Authority types may be defined using any manner interpretable by the computing system using the trust policy. In addition, trust policies may be updated as trust levels change. Even multiple trust policies may be used with reconciliation between the multiple trust policies being accomplished by using the more restrictive trust policy with respect to an assertion.

Abstract: A first application layer at a first message processor identifies a first portion of context information. A second message processor receives the first portion of context information. A second application layer at the second message processor identifiers a second portion of context information. The second message processor sends the second portion of context information along with a first digital signature created from both the first and second portions of context information. The first message processor receives the second portion of context information and first digital signature. The first message processor sends a second digital signature created from the first and second portions of context information to the second message processor. If both the first and second digital signatures are authenticated, a secure context can be established between the first and second application layers.

Abstract: Multiple different credentials and/or signatures based on different credentials may be included in a header portion of a single electronic message. Different recipients of intermediary computing systems may use the different credentials/signatures to identify the signer. The electronic message may include an encoding algorithm and a type identification of a credential included in the electronic message, allowing the recipient to decode and process the credential as appropriate given the type of credential. Also, the electronic message may include a pointer that references a credential associated with a signature included in the electronic message. That referenced credential may be accessed from the same electronic message, or from some other location. The recipient may then compare the references credential from the credentials used to generate the signature. If a match occurs, the integrity of the electronic message has more likely been preserved.

Abstract: An environment for developing clientside/serverside code is disclosed. The environment allows the treatment of pages as objects as well as the access of objects contained within pages by other pages. Pages may be accessed through the use of a page object control stored in each page where the page object control specifies how other pages may use the page as an object.

Abstract: Methods and systems for providing a virtual network are disclosed. At least one layer of abstraction is created between network service applications and conventional network protocols by inserting an adaptive dispatcher between applications and network transport services on each machine in a network. The message protocol in the virtual network is extensible, allowing application programs to create new headers within any message as needed. The adaptive dispatcher contains handlers that route and dispatch messages within the virtual network based on arbitrary content within each message, including any combination of headers and/or data content. Each device on the virtual network has a virtual address to which messages are directed, allowing devices to move within the network without reconfiguring routing tables.

Abstract: A requesting message processor identifies client security input data of a first format and encapsulates the client security input data within a client security token. A requesting token processing interface sends the client security token to a validating message processor. A validating token processing interface at the validating message processor receives the client security token. Based on the encapsulated client security input data, the validating message processor selects client security output data of a second format. The validating message processor encapsulates the security output data within a response security token. The validating token processing interface sends the response security token to the requesting message processor. The token processing interfaces can be configured to similarly abstract security input data and security output data so as to increase the possibility of compatible communication between the requesting and validating message processor.

Abstract: An apparatus and method is provided for resolving virtual network names using one or more name routers. A conventional Uniform Resource Locator (URL) naming scheme is extended by allowing any component to be mapped to an address. The resolution process occurs recursively through a plurality of name routers. Resolution can be contextual, such that the same virtual network name may be resolved differently depending on the identity of the client or other parameters.

Abstract: A network-based distributed application system is provided in accordance with the present invention for enabling services to be established locally on a client system. The system may include an application and presentation logic, at least a portion of which is interchangeably processed by a server or a client without modification to the portion. The core functionality provided by the application may be preserved between the client and the server wherein improved network performance may provided along with improved offline service capabilities.

Abstract: An environment for developing clientside/serverside code is disclosed. The environment supports programming in an event-driven paradigm while the execution of the resultant programs are executed in a serial execution paradigm. Through shielding the developer from complex scripting segments, the environment provides the developer with the suggestion that that resultant execution model is event-driven.

Abstract: An environment for developing clientside/serverside code is disclosed. The environment supports the perception that the server space and client space are seamlessly joined into a single program execution space. An outgrowth of the single execution space includes effective event handing on the server through enabling created objects to migrate effectively between the server and client.

Abstract: A method of building a dataset in a computing system includes extracting data meeting a predetermined criteria from at least a first database, filling the dataset with data items, extracting from the first database relationships between the data items meeting the predetermined criteria, and filling the dataset with the relationships. A system for building a dataset in a computing system includes a data extraction module, a data populating module, a relationship extraction module, and a relationship populating module. The data extraction module extracts data meeting a predetermined criteria from at least a first database. The data populating module fills the dataset with data items. The relationship extraction module extracts from the first database relationships between the data items meeting the predetermined criteria. The relationship populating module fills the dataset with the relationships.

Abstract: Reliable end-to-end messaging in which tracking and acknowledgement information are contained in the electronic message that is visible to layers above the transport layer, thereby being independent of what transport protocols, and whether different transport protocols, are used to communicate between the two end points. Furthermore, acknowledgment messages may identify multiple ranges of sequence numbers corresponding to received electronic messages, thereby permitting further flexibility and completeness in acknowledging received messages.

Abstract: A message processor accesses an electronic message. The accessing message processor identifies, from within the electronic message, any communication session information associated with the accessing message processor. This can include identifying expressive XML instructions or XML data structures representing communication sessions or message sequences. The accessing message processor determines if any session information within the electronic message is to be modified. This can include inserting session information for new sessions or message sequences, updating existing session information, or removing session information for terminated or expired communication sessions or message sequences. The accessing message processor then routes the electronic message to another message processor. In some embodiments, an initiating message processor identifies cached session information that is used to initially establish a communication session.

Abstract: A network site often provides multiple offerings, each having their own context. The complete context for one of the offerings is stored. That complete context represents a root node in a hierarchical tree of context nodes, each node representing the context information for one or more of the offerings. Each node in the tree includes a reference to its parent node, and then a description of incremental changes to the context information as compared to the context information from the parent node. Accordingly, the context information for a particular node in the tree may be obtained by combining the complete context for the root node offering with incremental changes described in other nodes in the ancestral chain that leads from the particular offering to the root offering.

Abstract: A flexible way of expressing trust policies using, for example, XML. Multiple statement types may be expressed for a single authority type. Statement types may include less than all of the statements made by an authority type. Authority types may be defined using any manner interpretable by the computing system using the trust policy. In addition, trust policies may be updated as trust levels change. Even multiple trust policies may be used with reconciliation between the multiple trust policies being accomplished by using the more restrictive trust policy with respect to an assertion.

Abstract: A requesting message processor identifies client security input data of a first format and encapsulates the client security input data within a client security token. A requesting token processing interface sends the client security token to a validating message processor. A validating token processing interface at the validating message processor receives the client security token. Based on the encapsulated client security input data, the validating message processor selects client security output data of a second format. The validating message processor encapsulates the security output data within a response security token. The validating token processing interface sends the response security token to the requesting message processor. The token processing interfaces can be configured to similarly abstract security input data and security output data so as to increase the possibility of compatible communication between the requesting and validating message processor.

Abstract: A first application layer at a first message processor identifies a first portion of context information. A second message processor receives the first portion of context information. A second application layer at the second message processor identifiers a second portion of context information. The second message processor sends the second portion of context information along with a first digital signature created from both the first and second portions of context information. The first message processor receives the second portion of context information and first digital signature. The first message processor sends a second digital signature created from the first and second portions of context information to the second message processor. If both the first and second digital signatures are authenticated, a secure context can be established between the first and second application layers.

Abstract: A message processor accesses an electronic message. The message processor identifies from within the electronic message any schema-based time markers including time related message data associated with the message processor. The message processor determines if a schema-based time marker within the electronic message should be modified. This can include signing a portion of time related message data to indicate to a subsequent message processor that the time related message data can be trusted. The message processor routes the message (either directly or through one or more intermediary message processors) to a destination message processor. The destination message process receives the message and processes the electronic message according to time related message data included in the message. This can include trusting the portion time related data that was singed by the message processor.

Abstract: Multiple different credentials and/or signatures based on different credentials may be included in a header portion of a single electronic message. Different recipients of intermediary computing systems may use the different credentials/signatures to identify the signer. The electronic message may include an encoding algorithm and a type identification of a credential included in the electronic message, allowing the recipient to decode and process the credential as appropriate given the type of credential. Also, the electronic message may include a pointer that references a credential associated with a signature included in the electronic message. That referenced credential may be accessed from the same electronic message, or from some other location. The recipient may then compare the references credential from the credentials used to generate the signature. If a match occurs, the integrity of the electronic message has more likely been preserved.