Abstract: Authentication operations are performed within a CORBA-compliant environment with client applications using the JAAS programming model. A client application obtains an interoperable object reference (IOR) for a target object on a remote server that is protected within a security domain. After the client application invokes the target object, an object request is generated, and a request-level interceptor obtains the IOR for the target object and extracts an identifier for the security domain from the IOR. If a credential for the security domain is not in the current execution context of the client application, i.e., the current JAAS subject in the JAAS programming model, then the request-level interceptor performs an authentication operation with the security domain on behalf of the client application, receives an authentication credential, and places the authentication credential into the execution context of the client application.

Abstract: A Web browser provides a customized display of phone and fax numbers within a Web page according to user settings. A special phone or fax tag within the Web page file identifies an alphanumeric telephone number within the display (for example, 1-888-IBM-HELP). The telephone number data within the tagged field is converted into a preferred format, as specified at the customization settings page of the Web browser (for example, all numeric 1-888-426-4357). The conversion is preferably displayed upon user indication or activation such as placement of a cursor in proximity to the area occupied by the telephone number within the Web page. A mouse click or keyboard command causes an action within the computer system, as specified within the customization page for the Web browser. For example, by clicking on the telephone number, it is loaded into another software application to connect a telephone call or to send a fax to the telephone number.

Abstract: A method, apparatus, and computer instructions for processing an e-mail message. A determination is made as to whether a number of addresses in the e-mail message exceed a threshold prior to receiving a request to send the e-mail message to an output device. The number of addresses in the e-mail message are abbreviated to form a modified e-mail message if the number of addresses exceed the threshold. The modified e-mail message is sent to the output device in response to receiving the request to send the e-mail message to the output device.

Abstract: A method, apparatus, and computer instructions for processing an e-mail message. A determination is made as to whether a number of addresses in the e-mail message exceed a threshold. A distribution list is created from the number of addresses if the number of addresses in the e-mail message exceeds the threshold.

Abstract: Integrating Java and CORBA security, including executing Java authentication of a client, including creating a Java credential object associated with a Java subject object, executing CORBA authentication of the client, including creating a CORBA credential object, and associating the CORBA credential object with the Java subject object.

Abstract: A system and method for run-as credentials delegation using identity assertion is presented. A server receives a request from a client that includes the client's user identifier and password. The server authenticates the client and stores the client's user identifier without the corresponding password in a client credential storage area. The server determines if a run-as command is specified to communicate with a downstream server. If a run-as command is specified, the server retrieves a corresponding run-as identity which identifies whether a client credential type, a server credential type, or a specific identifier credential type should be used in the run-as command. The server retrieves an identified credential corresponding to the identified credential type, and sends the identified credential in an identity assertion token to a downstream server.

Abstract: Objects on application servers may be defined into classes which receive different levels of security protection, such as definition of user objects and administrative objects. Domain-wide security may be enforced on administrative objects, which user object security may be configured separately for each application server in a domain. In a CORBA architecture, IOR's for shared objects which are to be secured on a domain-wide basis, such as administrative objects, are provided with tagged components during IOR creation and exporting to a name server. Later, when the IOR is used by a client, the client invokes necessary security measures such as authentication, authorization and transport protection according to the tagged components.

Abstract: A security policy process which provides role-based permissions for hierarchically organized system resources such as domains, clusters, application servers, and resources, as well as topic structures for messaging services. Groups of permissions are assigned to roles, and each user is assigned a role and a level of access within the hierarchy of system resources or topics. Forward or reverse inheritance is applied to each user level-role assignment such that each user is allowed all permissions for ancestors to the assigned level or descendants to the assigned level. This allows simplified security policy definition and maintenance of user permissions as each user's permission list must only be configured and managed at one hierarchical level with one role.

Abstract: The present invention provides a method and system to secure the storage and retrieval of user and resource passwords in a distributed computing network environment. The system incorporates a password server. This server can be a stand-alone device or can be implemented in a server on a network. The password server contains software programs that store and distribute the passwords securely to proper applications (users).

Abstract: A single-sign-on process and mechanism for a client who wishes to access multiple servers in an environment, where the servers employ the Kerberos authentification process. During an initial log in process to a first server by the client, the first server performs a Kerberos authentification on the client and stores the ticket-granting ticket (TGT) for that client in server memory. The first server then provides the client with a token corresponding to that stored TGT, but does not transmit the TGT itself to the client. When the client requests service from subsequent server, the client provides the token with the request. The subsequent server then requests the client's TGT from the first server using the client-supplied token. The first server retrieves the TGT from memory, and transmits it to the subsequent server. The subsequent server then may use the TGT to determine if the client is authorized to access the service or resource requested.

Abstract: A method and system for providing security protection to Common Object Request Broker Architecture (CORBA) objects located on a server. An EJB shadow object is created for the CORBA object. The EJB shadow object invokes an EJB security mechanism on behalf of the CORBA object, thus protecting the CORBA object from unauthorized object requesters. In a preferred embodiment, requesters are categorized and identified by their roles in the enterprise. Only those requesters having a proper role are authorized to access the requested object.

Abstract: A system and method for compressing portions of the operating system in a ROM image and for executing the system from the compressed image. Compression is used to reduce the size of the ROM image to reduce component cost. Low use segments are compressed. The operating system is initialized into a virtual address space with entries only for the uncompressed segments. Attempts to execute a compressed segment result in a page fault. The page fault handler determines that the segment is compressed, allocates a new page and decompresses the page into RAM for execution. The RAM copy of the segment is used for execution until the page is reused for another purpose. Later execution causes a new page fault and reallocation.

Abstract: A system and method for loading dynamic data stored in read-only memory (ROM) is loaded into random access memory (RAM) only when it is being modified. Unmodified dynamic data is used from ROM saving valuable RAM space. Virtual memory page table entries are created for all dynamic data with the physical reference pointing to the dynamic data in ROM. Page table entries in a translation table for dynamic data in ROM include a virtual address to physical address mapping and are marked read-only causing a write-access exception if an attempt is made to write to or update the dynamic data. Write-access exceptions are intercepted, and a write-access exception caused by an attempt to write to dynamic data in ROM causes the system to allocate a dynamic data page in RAM, copy the ROM data to the RAM, update the page table entry to point to the RAM page rather than the ROM page, and finally to update the dynamic data now present in read-write RAM.