Abstract: Systems and methods for populating attribute value fields in an entity object employ in a ranked list of transfer options to determine which of a plurality of transfer options will be used to populate the attribute value fields in the entity object.

Abstract: A computer system is configured to verify a connection to a web site. The computer system includes a user interface programmed to receive a uniform resource locator and a call sign associated with the web site. The computer system also includes a validator module programmed to calculate a hash value based on the uniform resource locator, a public key associated with the web site, and a salt, and the validator being programmed to compare the hash value to the call sign to verify the connection to the web site.

Abstract: A computer system includes a security module programmed to generate a first privacy key for use with secure communications with a first web site, and a second privacy key for use with secure communications with a second web site, the first and second keys being different. The computer system also includes an identity module programmed to receive a request from the first web site for linking a first user account associated with the first web site with a second user account associated with the second web site, and the identity module being programmed to present a user with an option to link the first and second user accounts.

Abstract: A digital identity system includes a principal including an identity selector programmed to receive a security policy from a relying party, review a plurality of digital identities associated with the principal, and request one or more claims related to an identity of the principal from an identity provider. The principal is further programmed to receive one or more security tokens including the claims from the identity provider, and to forward the security tokens to the relying party.

Abstract: A system for endpoint verification includes a computer system programmed to access one web site of a plurality of web sites associated with an organization. The computer system is programmed to receive a digital certificate of the web site and to display an attribute from the digital certificate to the user for endpoint verification. The attribute is common across two or more of the web sites of the organization.

Abstract: A system for providing reputation information includes a relying party programmed to receive a security token including a claim with reputation information associated with a party, and the relying party is further programmed to utilize the reputation information when deciding whether to transact with the party. A method of providing reputation information includes receiving a request for information from a party, requiring the party to provide reputation information, receiving the reputation information in a claim of a security token, and using the reputation information to decide whether to transact with the party. Another method of providing reputation information includes requesting reputation information associated with a online service from a claims authority, receiving the reputation information in a claim of a security token, and using the reputation information to decide whether to transact with the online service.

Abstract: A digital identity system includes a principal including an identity selector programmed to receive a security policy from a relying party, review a plurality of digital identities associated with the principal, and request one or more claims related to an identity of the principal from an identity provider. The principal is further programmed to receive one or more security tokens including the claims from the identity provider, and to forward the security tokens to the relying party.

Abstract: Various exemplary metadirectories, systems and/or methods include or allow for executing a software module on an execution engine, emitting semantic information based on the executing, and analyzing the executing using the semantic information. An exemplary execution engine includes an input for receiving software modules, an output for emitting semantic information, and an output for outputting generated output information. Upon execution, an exemplary software module may cause processing of information in a metadirectory and emitting of semantic information pertaining to the processing. Various exemplary metadirectories, systems and/or methods emit and/or store semantic information in a self-defining language, an extensible language, and/or a markup language. Other exemplary metadirectories, systems, and/or methods are also disclosed.

Abstract: Systems and methods for dynamically generating a schema representing multiple hierarchies of inter-object relationships are described. In one aspect, a polyarchical query language data structure includes first, second, and third data fields. The first data field is used to specify a particular schema for presenting or managing a plurality of objects in a data polyarchy based on values of attributes in the objects. The second data field is to indicate an attribute of interest. The third data field indicates how one or more objects that include the attribute of interest are to be presented or managed with respect to one or more participating dimensions of inter-object relationships based on the schema.

Abstract: Subject matter includes exemplary flexible rules for defining an information management process, for example a process that manages information being transferred between databases or with respect to an exemplary metadirectory. The flexible rules have inherent logic to define part of an information management action or a database structure and perform a call out for custom logic. The custom logic performs or defines another part of the information management action or database structure. Besides the exemplary flexible rules, the subject matter describes exemplary identity information management processes, engines, and related methods.

Abstract: A system for providing a digital identity includes a claims transformer programmed to generate a security token including a computational token and a display token, the computational token including one or more claims associated with an identity of a principal, and the display token including display information about the claims in the computational token. The display information is configured to allow the principal to view the display token.

Abstract: Systems and methods are presented to dynamically generate multiple hierarchies of inter-object relationships based on object attribute values. In one aspect, a data structure includes a first virtual object data field to represent a first object of multiple objects in a data store. A second virtual object data field represents a second object of the multiple objects. Attributes of the first object intersect with attributes of the second object to form multiple hierarchies of inter-object relationships.

Abstract: In the present invention, data relating to principals known to a computer system is centrally stored and objects having a standardized principal application programming interface (API) for finding, managing and accessing that data is provided to applications in lieu of having the applications independently store the principal data. The present invention eliminates the need for each application to create duplicate principal data. It also ensures that principal data are consistent throughout the applications on the computer system. In addition, the present invention allows any application with objects having the principal API to manage and change the principal data making such principal data easy to update. The principal API includes methods to find principals based on an identity reference to a principal or an identity claim that uniquely identifies the principal on computer system.

Abstract: In the present invention, data relating to principals known to a computer system is centrally stored and objects having a standardized principal application programming interface (API) for finding, managing and accessing that data is provided to applications in lieu of having the applications independently store the principal data. The present invention eliminates the need for each application to create duplicate principal data. It also ensures that principal data are consistent throughout the applications on the computer system. In addition, the present invention allows any application with objects having the principal API to manage and change the principal data making such principal data easy to update. The principal API includes methods to find principals based on an identity reference to a principal or an identity claim that uniquely identifies the principal on computer system.

Abstract: An identity system and method that stores identity information related to different principals and stores the identities on different or disparate systems such that the different systems can use the identities. A synchronization process synchronizes identity information and rules based on identity information between a primary computer system and a disparate secondary computer system. Accordingly, the secondary computer system has a representative database of identity information following receipt of the converted information, wherein the representative database is representative of a primary database of identity information stored on the primary computer system. In order to synchronize a conversion may take place. The conversion process may be performed by a dedicated process designed for the secondary system. Alternatively, the conversion is performed by a generalized process using mapping tables designed to convert identity information into multiple different formats.

Abstract: Dynamically generating a schema representing multiple hierarchies of inter-object relationships is described. In one aspect, a data polyarchy is created. Responsive to creation of the data polyarchy, a schema is automatically generated to represent multiple hierarchies of inter-object relationships between multiple objects in the data polyarchy. The schema is generated based on values of attributes of the objects.

Abstract: A user interface, system, and method are disclosed to facilitate specification of queries and displaying corresponding results. The user interface presents the user with dimensions that contain one or more headings arranged according to an information taxonomy, which can vary based on the intended implementation for the system and user interface. A corresponding filter or query is constructed based on the user selecting of one or more headings. The filter is applied to one or more databases to return results that satisfy the filter. The results are presented in the user interface and can include interactive items based on a particular query as well as can correspond to a fully specified task.

Abstract: Exemplary embodiments disclosed herein may include a method and system for creating an attendance marker and establishing consistent recognition of an ongoing digital relationship, including receiving an identity key about a server, creating an attendance marker, associating the attendance marker with the server. Other embodiments relate to systems and methods for recognizing a server, website, and/or other system for a client, such as a computer system for a user. Such authentication involves receiving an identity key about a web server or other system, creating an attendance marker, associating the attendance marker with the server, requesting an attendance marker associated with a server, and recognizing the server based at least in part on the attendance marker.

Abstract: Exemplary embodiments disclosed herein may include a method and system for providing information to a user and safely disclosing identity information over the Internet comprising receiving information from a server, analyzing the information, presenting the analyzed information to a user for validation in a finite number of configurations controlled by a client, and validating of the information by the user.

Abstract: Exemplary embodiments disclosed herein may include a method and system for creating pair-wise security keys, comprising receiving an identity key from a website, generating a master key, creating a pair-wise symmetric key or asymmetric key pair by utilizing an encryption function of the identity key and the master key, and storing the pair-wise public or symmetric key at the client and the website.