Abstract: A sending computer system generates a message and creates one or more security tokens to encrypt portions of the message. The computer system includes in the message a markup language identifier for the one or more security tokens used for encryption, and includes identification of the value type used to create the tokens. The computer system then serializes at least the portion of the message that identifies the one or more security tokens, without serializing other portions of the message that aid relaying of the message to a receiving computer system. A receiving computer system deserializes at least the portion of the message that identifies the one or more security tokens, and then uses deserialized token data to decrypt encrypted portions of the message. Each created security token can be made with customized data and fields, and can be made with a customized value type.

Abstract: An application program interface (API) provides a set of functions for application developers who build Web applications on Microsoft Corporation's .NET™ platform.

Abstract: Integrated management of local and remote media files. A playlist of media files adapted for rendering by a media player application are located in either a local media library stored at the computer or a remote media library accessible by the computer via a data communication network or both. Media player operations may be performed on the playlist. A first identifier identifies each of the media files in the playlist and a second identifier represents a source of each of the media files in the playlist. A streaming locator defined by the first and second identifiers locates each of the media files in the playlist in the local media library and then in the remote library.

Abstract: Integrated management of local media files stored at a computer and remote media files accessible via a data communication network. A compressed catalog of the remote media files is stored locally on the computer. A user interface of a media player application displays the contents of a library of local media files and the contents of the compressed catalog. The user interface is configured to receive user input and the media player application is responsive to the user input for performing the media player operations on media files from either the local media library or the compressed catalog or both.

Abstract: Integrated management of local media files stored at a computer and remote media files accessible via a data communication network. A hierarchical structure displayed in a user interface of a media player application represents local and remote media libraries and permits media player operations on the media files from either the local media library or the remote media library or both. The user interface is configured to receive user input and the media player application is responsive to the user input for performing the media player operations.

Abstract: Example embodiments provide for keeping an HTTP reply flow for a communication open such that portions of an overall response corresponding to a single request may be sent across the HTTP reply flow. As the various portions of the overall response become available at a corresponding service endpoint, the service appropriately encapsulates the messages and sends them to the requesting endpoint. The recipient or requesting endpoint of the response is then capable of reading the available portions of the response and appropriately decodes the embedded portions and is free to process these as appropriate. Accordingly, because only one request is made for several portions of a response valuable system resource are reserved for only requiring one authentication and/or validation of a requesting endpoint.

Abstract: Example embodiments provide for a rule-based wizard type tool for generating secure policy documents. Wizard pages present a user with general Web Service security options or questions at a user interface, which abstracts the user from any specific code, e.g., XML code, used for creating a Web Service policy document. Based on user input selecting general criteria, security rules are accessed and evaluated for automatically making choices on behalf of the user for creating a secure policy document. Other embodiments also provide for presenting the user with an easily understandable visual representation of selected criteria of a policy document in, e.g., a tree like structure that shows relationships between various elements of the criteria.

Abstract: Example embodiments provide for a rule-based wizard type tool for generating secure policy documents. Wizard pages present a user with general Web Service security options or questions at a user interface, which abstracts the user from any specific code, e.g., XML code, used for creating a Web Service policy document. Based on user input selecting general criteria, security rules are accessed and evaluated for automatically making choices on behalf of the user for creating a secure policy document. Other embodiments also provide for presenting the user with an easily understandable visual representation of selected criteria of a policy document in, e.g., a tree like structure that shows relationships between various elements of the criteria.

Abstract: Example embodiments provide for processing policies that include policy assertions associated with incoming or outgoing messages of an application in a distributed system, without having to have code within the application for executing the policy assertions. When a message is received by a Web service engine, a policy document associated with an application may be accessed for identifying objects corresponding to policy assertions within the policy document. The objects identified can then be used to generate assertion handlers, which are software entities that include executable code configured to determine if messages can satisfy requirements described by the policy assertions.

Abstract: Methods, systems, and computer program products for processing network messages in a manner that simplifies messaging application logic. Processing layers of a messaging system architecture that may include a transport layer, a channel layer, a send/receive layer, a service/client layer, and potentially others, are aware of an End Point Reference (“EPR”) within a network message The transport layer retrieves message data from a message transport. The channel layer de-serializing the network message consistent with an underlying type system. The send/receive layer filters and dispatches the network message to messaging logic (other layers or application logic) based on the EPRs. The service/client message layer dispatches the network message to messaging application logic based on the EPRs.

Abstract: A mechanism for performing role-based authorization of the one or more services using security tokens associated with received service request messages. This role-based authentication is performed regardless of the type of security token associated with the received service request messages. Upon receiving a service request message over the network for a particular service offered by the service providing computing system, the service providing computing system accesses a security token associated with the received service request message. Then, the computing system identifies one or more roles that include the identity associated with the security token, and correlates the roles with the security token. These correlated roles are then used to authorize the requested service. This mechanism is performed regardless of the type of the security token.

Abstract: The present invention provides for maintaining security context during a communication session between applications, without having to have executable code in either application for obtaining or generating a security context token (SCT) used to secure the communication. On a service side, a configuration file is provided that can be configured to indicate that automatic issuance of a SCT is enabled, thereby allowing a Web service engine to generate the SCT upon request. On the client side, when a message is sent from the client application to the service application, a policy engine accesses a policy that includes assertions indicating that a SCT is required for messages destined for the Web service application. As such, the policy engine requests and receives the SCT, which it uses to secure the message.

Abstract: Within a distributed system, e.g., Web service environment, the present invention provides a way for identifying policies mapped to messages associated with an application, without having to have code within the application for determining what policies should apply to the messages. A centralized Web service engine is provided that receives incoming and outgoing messages associated with an application. The messages have associated with them destination endpoint identifiers and request-reply properties, which the Web service engine can access. The Web service engine can then use at least the identifiers and properties for scanning policy message files corresponding to the applications in order to identify what policies, if any, should be applied to the messages.

Abstract: A message handling computing system that provides security across even transport-independent communication mechanisms, and which allows for convenient extension of security to different security token types, and may provide end-to-end security across different transport protocols. The message handling computing system includes a message handling component configured to send and receive network messages having security tokens. The message handling component interfaces with an expandable and contractible set of security token managers through a standardized application program interface. Each security manager is capable of providing security services for messages that correspond to security tokens of a particular type. A security token plug-in component registers new security token managers with the message handling component.

Abstract: A data structure includes means for representing a programming type and means for representing an attribute. The specified attribute indicates that an instance of the programming type is to be serialized with XML.

Abstract: An object instance is serialized to a serial format, such as an extensible Markup Language (XML) document, based on a mapping between an arbitrary annotated source code file and a schema. The arbitrary annotated source code contains at least one programming type that describes a shape of an object instance and the schema describes a format of a document having a serial format. The mapping defines a correspondence between the shape of the object instance and the format of the document having the serial format. Subsequently, an object instance is converted to the serial format by converting public properties, public fields and method parameters of the object instance to a document having the serial format based on the mapping. Once the mapping is defined, an XML document can also be converted to an object instance based on the mapping.

Abstract: A sending computer system relays a message or a processing request through one or more configurable routers prior to the message or request reaching an ultimate destination. A client at the sending computer system can indicate a routing preference for the message or request, and a module can supplement or override the routing preference by adding or deleting a router from a router list contained within the message or request. This change can be done based on router data, as well as based on content within the message. One or more intermediate routers along the routing path can perform a similar function as the module. The ultimate destination, or receiving computer system, verifies that it is the appropriate recipient of the message or request, and then accepts the data associated with the message or request. This has application to many types of messaging systems, including simple object access protocols.

Abstract: A sending computer system generates a message and creates one or more security tokens to encrypt portions of the message. The computer system includes in the message a markup language identifier for the one or more security tokens used for encryption, and includes identification of the value type used to create the tokens. The computer system then serializes at least the portion of the message that identifies the one or more security tokens, without serializing other portions of the message that aid relaying of the message to a receiving computer system. A receiving computer system deserializes at least the portion of the message that identifies the one or more security tokens, and then uses deserialized token data to decrypt encrypted portions of the message. Each created security token can be made with customized data and fields, and can be made with a customized value type.