Abstract: A method, operative at a web server, for generating an HTML table having dynamic data, wherein the table can be oriented in any horizontal or vertical orientation. The method preferably utilizes a table format page object to format the table. To facilitate selective rotation of the dynamic table, the method begins by associating together given attribute characteristics of each individual cell in the table. The page developer then sets a table style rotation property on the table format page object. In response to a client request, the table format page object is then instantiated with the dynamic data. The table style rotation property is applied to the table to control the table's orientation. The resulting table is then served back to the requesting client browser.

Abstract: A method is provided for determining an identity of a browser in an Java environment in which an intermediary program masks the browser's identity. The method begins by querying an operating system process table for information identifying the browser. Thereafter, a Java properties table including the information from the process table is set. In response to a request from a calling program (e.g., an applet class) for the browser identity, a getProperty method is then called to retrieve the browser identity from the properties table. The browser identity is then returned to the calling program.

Abstract: A method of managing a set of clients in a distributed computer network having a management server. A given client preferably includes a dataless management framework. According to the method, a proxy object is associated to each application instance on a given client. The proxy object preferably includes a data set including information representing a context of the application instance. The application instance is then managed through the proxy object directly.

Abstract: A method and system of certifying that a copy of a Web page was made at a particular time by a user of a Web client. A client piece preferably includes a one-way hashing function that, when applied to a Web page copy, generates a unique string. The string is concatenated with a URL for the Web page, a timestamp and other identifying information, to generate a signature. Using a public key cryptosystem, the signature is provided to a certification server. Upon receipt, the server first determines whether the signature represents the Web page copy. If so, a confirmation is sent to the client, and the signature is stored in a database. Preferably, the Web page copy itself is not stored in the database. Signatures from other Web page copies received during a given period (e.g., the same day) are then summed and the sum is published.

Abstract: Different scripting languages may reside side-by-side or nested within each other on the same web page. Thus, a new author may add code to the page, and he or she is not tied to any given subset of languages supported by the web server. Multiple scripting languages are supported by identifying a start and an end of each scripting language code block authored into the web page markup language. When the web page is later compiled into an XML Document Object Model (DOM) tree, the routine examines the DOM to identify any nodes that identify a given code block. Upon encountering a node that identifies a given code block, the DOM is adjusted to account for the script code within the given code block.

Abstract: A trusted process for use with a hierarchical directory service such as LDAP for enabling different security systems to store and retrieve unique identifiers that are shared or common to the entire directory. The trusted process allows LDAP users to store and to retrieve unique identifiers on LDAP using standard LDAP interfaces. It also allows security systems to share unique identifier information. The trusted process generates or verifies a unique identifier, guarantees the uniqueness of a unique identifier within the entire directory (rather than just within a single security system), and guarantees that any unique identifier returned to an LDAP user is a trusted unique identifier.

Abstract: A method of determining Internet delays associated with requests from a Web client connectable to a Web server. The method begins at the Web server in response to a first HTTP request. In particular, the Web server serves a response to the first HTTP request and logs a server processing time associated with serving that response. After the response is delivered back to the Web client that initiated the request, an end user response time associated with the first HTTP request is calculated at the Web client. Upon a new HTTP request (typically the next one), the end user response time associated with the first HTTP request is then passed from the Web client to the Web server in a cookie. The Internet delay associated with the first HTTP request is then calculated by subtracting the server processing time from the end user response time.

Abstract: A method for deploying an application to client computers across a computer network is operative in a server environment in which given conditions, such as network load and actual or relative time-of-day, are being monitored. The method begins by establishing at least one rule for determining which of a given set of application versions are to be served to a client computer, and by establishing at least one user profile for determining which of a given set of users have a given priority. In response to a request from a client computer to serve the application, the rule is resolved against the monitored conditions and the user profile to select an application version to serve to the client computer. The application version is then served to the client computer.

Abstract: A method of enabling a Web browser user to interact with a given application running on a Web server begins by constructing and returning a cookie to the Web browser upon a given occurrence, e.g., user login to the application. Without additional user input, the routine then forces the Web browser to check with the Web server that the cookie was set on the Web browser. Preferably, this is accomplished by sending the cookie from the Web server in a refresh page that redirects the HTTP flow back to itself with a parameter to check if the cookie was set. At the Web server, a test is then done to determine whether the cookie is valid. If so, the user is allowed to interact with the given server application (e.g., to take a given action or to log off from the application without closing the Web browser). A novel cookie construction and validation mechanism is also described.

Abstract: A DCE RPC mechanism normally uses a TCP/IP-based transport service to enable client machines to make remote procedure calls to server machines in a distributed computing environment. NETBIOS protocol support for the RPC mechanism is provided by using NETBIOS application names similar to TCP/IP conventions and through use of connection-oriented or connection-less NETBIOS protocol sequences. In particular, NETBIOS names are used as though they include a fixed portion representing a machine, and a dynamic portion representing an application on that machine. New functions are provided to use NETBIOS names in place of TCP/IP addresses and these NETBIOS names are then used via the sockets API, leaving RPC's use of the sockets API unchanged.

Abstract: A method of routing in a computer network having a pool of servers capable of servicing requests for access to a set of server resource objects. The set of server resource objects are distributed in a non-homogeneous manner across the server pool. According to the method, each incoming client request for access to a specified server resource object is targeted to a router having an associated port space identifying a plurality of ports. Based on the port on which an incoming client request is received, the request is mapped to one of the server resource objects. The router then selects the “best provider” and redirects or forwards the request to that server. The routing and redirection is based upon the port for the incoming request.

Abstract: A method for changing a user password is preferably operative as a Web server impersonates a Web client to obtain access to files stored in a distributed file system space of a distributed computing environment. The method begins in response to receipt of a Web transaction request from the Web client to determine whether the user's password has expired. If so, the method suspends processing of the Web transaction request and then enters a password change subprogram to enable the user to define a new password. Typically, the password change subprogram displays a password change dialog that interacts with the user. Upon definition of the new password by the user, the mechanism resumes processing of the original Web transaction request. Alternatively, the user may be prompted to terminate the original transaction request and select a new URL and/or document.

Abstract: The lightweight directory access protocol (LDAP) is extended to include client- and server-based controls for securing sensitive data in the directory service. The set of controls include a client control implemented on a client machine, and/or a server control implemented on a server machine. It is not required that both controls be implemented together, and a client machine may implement the client control irrespective of whether a server involved in the directory operation is running the server control.

Abstract: A method of authenticating a Web client to a Web server connectable to a distributed file system of a distributed computing environment. The distributed computing environment includes a security service for returning a credential to a user authenticated to access the distributed file system. The method preferably operates within the context of a native operating system environment such as “Windows NT”. Upon initialization of the Web server, a session manager creates a pool of temporary Windows NT user identities. In response to a Web client browser request, a temporary NT user identity is associated with proper DCE credentials. A server process then impersonates the returned NT user identity on a thread which is attempting to access the requested resource.

Abstract: A method for replicating data in a distributed computer environment wherein a plurality of servers are configured about one or more central hubs in a hub and spoke arrangement. In each of a plurality of originating nodes, updates and associated origination sequence numbers are sent to the central hub. The hub sends updates and associated distribution sequence numbers to the plurality of originating nodes. The hub tracks acknowledgments sent by nodes for a destination sequence number acknowledged by all nodes. Thereafter, a highest origination sequence number is sent from the central hub back to each originating node.

Abstract: A routing apparatus is located at an outbound “edge” of an administrative domain or at an inbound “edge” of an ISP or other network facility. The apparatus, which is preferably implemented in software, includes a “dispatcher.” The dispatcher has a database associated therewith in which information about a “current state” of the network or some resource therein is collected and maintained. The “current state” information is generally of two types: quality-of-service (Q-o-S) information associated with transactions involving a particular Web server, or more general network resource availability information. According to the invention, a routing “policy” is defined at the dispatcher using at least one routing rule having a condition and an action. As service requests arrive at the dispatcher, each of the requests is routed to a destination by testing the current state information against the condition.

Abstract: A single sign-on (SSO) mechanism to enable a given user to access a target application on a target resource in a distributed computer enterprise. One or more configuration directives each identifying a given logon process and any associated methods required to access the target application on the target resource are stored in a locally accessible database (CIM). For each of a set of users, a globally-accessible database (PKM) stores user-specific and application-specific information enabling the user to access and logon to one or more target resources. During a particular session, a logon coordinator (LC) mechanism coordinates given user information with the configuration directive to enable the given user to perform a given action with respect to the target application without specifying the given logon process and the application-specific information.

Abstract: A method for searching a non-tokenized text string for matches against a keyword data structure organized as a set of one or more keyword objects. The method begins by (a) indexing into the keyword data structure using a character in the non-tokenized text string. Preferably, the character is a Unicode value. The routine then continues by (b) comparing a portion of the non-tokenized text string to a keyword object. If the portion of the non-tokenized text string matches the keyword object, the routine saves the keyword object in a match list. If, however, the portion of the non-tokenized text string does not match the keyword object and there are no other keyword objects that share a root with the non-matched keyword object, the routine repeats step (a) with a new character. These steps are then repeated until all characters in the non-tokenized text string have been analyzed against the keyword data structure.

Abstract: A method of managing passwords of users desiring access to multiple target resources in a computer enterprise environment. For each given user, each of a set of id/password pairs is associated to each of a set of one or more respective targets. Each id/password pair is normally required to access a respective target resource. The targets of each given user are stored in a globally-accessible database. In response to entry by a given user at a client machine of a single-sign on (SSO) id/password, the globally-accessible database is accessed from a personal key manager (PKM) server to retrieve the targets of the given user. The targets are returned to the PKM server, which then uses data therein to access the respective target resources on behalf of the given user at the client machine.

Abstract: A method of sharing a master key across a set of servers operating a single sign-on (SSO) mechanism in a distributed computer network. The master key is useful for encrypting user passwords for storage in a globally-accessible registry. The method begins by establishing in the registry a group identifying which of the servers in the set, if any, have a copy of the master key. At a given server, the method continues by determining whether a copy of the master key is stored at the given server and whether the group has at least one member. The master key is then generated at the given server if a copy of the key is not stored at the given server and the group does not have at least one member. Other servers in the set pull the master key as needed.