Abstract: Embodiments of the invention provide a trust framework for governing service-to-service interactions. This trust framework can provide enhanced security and/or manageability over prior systems. Merely by way of example, in some cases, an information store can be used to store information security information (such as trust information, credentials, etc.) for a variety of services across an enterprise. In other cases, the trust framework can provide authentication policies to define and/or control authentication between services (such as, for example, types of authentication credentials and/or protocols are required to access a particular service—either as a user and/or as another service—and/or types of authentication credentials and/or protocols a service may be enabled to use to access another service). Alternatively and/or additionally, the trust framework can provide authorization policies to define and/or control authorization between services.

Abstract: One embodiment of the present invention provides a system that allows secure deployment delegation and management of applications in a distributed-computing infrastructure. During operation, the system assigns a deployment-role to a user, which enables the user to deploy an application in the distributed-computing infrastructure. Moreover, by assigning the deployment-role to the user, the system also delegates the privilege to assign a run-time-role to the application. Note that the set of run-time roles a user is allowed to assign (or grant) can depend on the deployment role that has been assigned to the user. Furthermore, assigning the run-time-role to the application grants permission to the application to access a resource in the shared infrastructure, which allows the application to operate properly. Furthermore, note that by delegating to users the privilege of assigning roles to applications simplifies the secure deployment and management of applications in the distributed-computing infrastructure.

Abstract: A computer receives a schema that lacks information required by a directory access protocol (e.g. LDAP) and automatically generates information that conforms to the directory access protocol and supplies the generated information as output in a new schema. Such automatic schema transformation allows a human who is creating the schema, to enable usage of the directory access protocol to interface with a directory implementing the schema, without knowing the directory access protocol. The computer of some embodiments receives the schema being input, in a predetermined human-readable language (e.g. XML). Hence, an XML developer who lacks knowledge of LDAP can use traditional XML tools to prepare an LDAP-incompatible schema, for use in implementing a directory (e.g. address book) that is accessed by an LDAP client (e.g. cell phone) via an LDAP server. The new schema can be output in any form (e.g. text/binary) and in any language.

Abstract: Embodiments of the invention provide a trust framework for governing service-to-service interactions. This trust framework can provide enhanced security and/or manageability over prior systems. Merely by way of example, in some cases, an information store can be used to store information security information (such as trust information, credentials, etc.) for a variety of services across an enterprise. In other cases, the trust framework can provide authentication policies to define and/or control authentication between services (such as, for example, types of authentication credentials and/or protocols are required to access a particular service—either as a user and/or as another service—and/or types of authentication credentials and/or protocols a service may be enabled to use to access another service). Alternatively and/or additionally, the trust framework can provide authorization policies to define and/or control authorization between services.

Abstract: Systems and methods are provided for determining data center cooling and power requirements and for monitoring performance of cooling and power systems in data centers. At least one aspect provides a system and method that enables a data center operator to determine available power and cooling at specific areas and enclosures in a data center to assist in locating new equipment in the data center.

Abstract: A system, method, computer program and article of manufacture for membership list management is described. A rules-based membership list is built and cached. Any modifications to the member objects are incrementally added to the cache, and are submitted to a change log. Queries access the membership in the cache instead of having to execute the rules to build the list. The change log entries allow membership modification notifications to be sent to any subscribing application.

Abstract: One embodiment of the present invention provides a system that allows secure deployment delegation and management of applications in a distributed-computing infrastructure. During operation, the system assigns a deployment-role to a user, which enables the user to deploy an application in the distributed-computing infrastructure. Moreover, by assigning the deployment-role to the user, the system also delegates the privilege to assign a run-time-role to the application. Note that the set of run-time roles a user is allowed to assign (or grant) can depend on the deployment role that has been assigned to the user. Furthermore, assigning the run-time-role to the application grants permission to the application to access a resource in the shared infrastructure, which allows the application to operate properly. Furthermore, note that by delegating to users the privilege of assigning roles to applications simplifies the secure deployment and management of applications in the distributed-computing infrastructure.

Abstract: A method, system, and article of manufacture for querying an implicit hierarchy is disclosed. According to one approach, implicit hierarchies can be queried by accessing the relevant catalog tables for the attribute relevant to the query. Each identified entry in the relevant catalog table is followed through its implied hierarchical chains until all relevant entries have been identified. The catalog table containing the normalized form of the DN for each user can be consulted to identify the entry identifier for each entry corresponding to implicit hierarchy being queried, which can be searched in the appropriate catalog table to search the chain of entries for the implied hierarchy. In an approach, one or more templates may be used to generate a query language statement to perform the query upon the implicit hierarchy.