Abstract: A computer-implemented system and method for policy inheritance, comprising, defining a first group wherein the first group refers to at least one of: a user and a group different from the first group, defining a second group wherein the second group is nested within the first group, defining a first policy wherein the first policy includes a resource, a subject and one of, an action and a role, and wherein the subject includes the first group, inheriting the first policy by the second group, wherein the resource is part of a resource hierarchy, and wherein the first policy can be used to control access to the resource.

Abstract: A system for distributing information from a first process to one or more security service modules. The system comprises a remote interface, capable of accepting first information from the first process, and a provisioning service provider (PSP) coupled to the remote interface. The PSP can obtain the first information from the remote interface, and also can provide second information to a local interface. The second information is based on the first information and is tailored for the one or more security service modules. The local interface can provide the second information to the one or more security service modules and the one or more security service modules can accept the second information and perform at least one of the following: adjust a configuration of the one or more security service modules to reflect the second information, and protect access to at least one resource based on the second information.

Abstract: A method for providing a security provider for a client comprises providing a service provider interface, that is compatible with a security framework layer, and one or more services. The one or more services include at least one of, authentication, authorization, auditing, role mapping and credential mapping. The one or more services can be exposed through the service provider interface and the framework layer can expose the one or more services to an application program interface.

Abstract: A system and method for distributed enterprise security, comprising, a server operable to update information, wherein the information can include one or more of a policy and configuration information, a security control module (SCM) operable to accept the information, at least one security service module (SSM) operable to accept the information from the SCM, and herein the information accepted by the SCM is relevant to one or more of the at least one SSMs.

Abstract: A system and method comprising the steps of, delegating a capability from a first user to a second user, propagating information that includes evidence of the delegation to a plurality of security service modules, wherein each one of the plurality of security service modules is capable of protecting one or more resources, providing the evidence to a first security service module belonging to the plurality of security service modules, enforcing the delegation when the second user attempts to access a resource in the one or more resources wherein the resource is protected by the first security service module, and wherein the enforcement is carried out by the first security service module.