Abstract: A method for facilitating the management of a test process is proposed. For this purpose, the different test scenarios included in the process and their execution dependencies are represented by means of a customized UML activity diagram (300a). An execution weight is also associated with each test scenario (for example, defined by the man-hours required for its execution). In this way, it is possible to identify critical test scenarios (315g), which may impair the execution of the whole test process when they fail (because many other test scenarios depend on their successful completion). The order of execution of the test scenarios is then arranged into a test plan, so as to minimize the time required to reach the critical test scenarios. Preferably, the same process is repeated whenever any runtime condition changes (such when a test scenario fails).

Abstract: When a user makes a request to access a protected resource identified by a URL, client-side code in a web browser is used to generate an authentication token, which is then sent to the server along with an identity cookie that was set by that server. The authenticated token is then used by the server to authenticate that the request is properly tied to a given identity contained in the identity cookie. If the authentication token can be validated at the server, an access control decision is then executed to determine whether to invoke the request for the protected resource. If the authentication token cannot be validated, an access denied request is returned to the requesting client.

Abstract: A method, system, apparatus, or computer program product is presented for morphing a honeypot system on a dynamic and configurable basis. The morphing honeypot emulates a variety of services while falsely presenting information about potential vulnerabilities within the system that supports the honeypot. The morphing honeypot has the ability to dynamically change its personality or displayed characteristics using a variety of algorithms and a database of known operating system and service vulnerabilities. The morphing honeypot's personality can be changed on a timed or scheduled basis, on the basis of activity that is generated by the presented honeypot personality, or on some other basis. The morphing honeypot can also be integrated with intrusion detection systems and other types of computer security incident recognition systems to correlate its personality with detected nefarious activities.

Abstract: A method, system, apparatus, or computer program product is presented for morphing a honeypot system on a dynamic and configurable basis. The morphing honeypot emulates a variety of services while falsely presenting information about potential vulnerabilities within the system that supports the honeypot. The morphing honeypot has the ability to dynamically change its personality or displayed characteristics using a variety of algorithms and a database of known operating system and service vulnerabilities. The morphing honeypot's personality can be changed on a timed or scheduled basis, on the basis of activity that is generated by the presented honeypot personality, or on some other basis.

Abstract: A method and system is presented for configuring a group of OCSP (Online Certificate Status Protocol) responders so that they are highly available. Each of the grouped OCSP responders share a common public key. When responding to an OCSP request, an OCSP responder generates an OCSP response that is signed with a group digital signature; the certificate for the common or group public key can be attached to the OCSP response. An OCSP client uses the group public key to verify the group digital signature on an OCSP response from any of the OCSP responders. For an OCSP client, the availability of this group of responders is greater than the availability of any one member of the group.

Abstract: A method, system, apparatus, or computer program product is presented for routing event messages between data processing systems based on privacy policies associated with the data processing systems and based on event policies associated with event types for the event messages. When a system attempts to publish an event message for a particular type of event or to subscribe to those event messages, an event policy is checked to determine whether the system may publish messages for that type of event or may subscribe to those messages. Moreover, if a publishing system publishes an event message that contains personally identifiable information for a user of a data processing system, and a subscribing system has subscribed to event messages having the same event type, then the privacy policies associated with the systems are compared to determine compatibility or incompatibility between the privacy policies before routing a message between the systems.

Abstract: The method of the invention assumes there is a security manager and mechanism present for defining, attaching, and evaluating external authorization policy to file resources based on the file's path name. In this invention, protected symbolic links and the resources that the link points to are stored in a protected object database. When a system access attempt occurs, the file attribute is extracted from the file used in the access. The file attribute is then used to search the protected object database. If a matching system resource is found, and that resource is protected but does not have independent security policy on it, then the resource will have the security policy of a symbolic link that points to it. In this case, the security of each protected symbolic link pointing to the system resource has to grant access in order for allowance of the access attempt. This approach insures that the most restrictive outcome prevails.

Abstract: A system and method for programming applications to respond to slow links. The programming may be done during configuration of a system, or it may be implemented dynamically in response to a recently-detected change in network performance. The method includes the steps of continually monitoring links in a network, periodically calculating runtime link speeds for the links, and identifying slow links based on the monitoring and calculating. The method may additionally include the preliminary step of predefining so-called original link speed factors for the links. Runtime determination of runtime link speed factors for the respective links and comparison of the original link speed factors to the real-time link speed factors will then be used for the identification of slow links. A variety of application responses may be programmed as slow link responses.

Abstract: This invention is a method and system for reserving a facility or service after the cancellation of an initial reservation for the facility of service. The system for this invention comprises a reservation center that contains reservation information about multiple facilities and services that available for use. This information includes times, quantity and quality of the facilities and services that are available. Also included in this reservation center is information about the users that are interested in reserving and using the currently reserved facility or service. The system of the present invention also includes remote devices that the potential users possess. The reservation center will use a particular remote device for a corresponding use to alert the user there has been a cancellation and that the facility or services is available for use by the alerted user. The primary user and all backup users can use the Internet capabilities to communicate with the reservation center.

Abstract: A system and method for implementing tracking of computing system activities wherein the tracking can be dynamically adjusted. The system provides a multiple level logging system having a first level for detecting message level errors and a second trace level for obtaining trace information and for filtering same to provide more details to be used for implementing corrective action. A set of filters is provide to further refine the data which is provided to a user/system administrator. The system also provides for selective activation of tracking and logging for selected subsystems, as well as the ability to vary the frequency at which the tracking is performed. The frequency of logging can be adjusted upward in response to detection of a error and can then be decreased, or the tracking selectively disabled or entirely stopped upon detection of a stop event.

Abstract: The present invention creates a method, apparatus and system by which a telephone unit volume control provides instantaneous coupling to and controlling of a connected telephone unit's microphone gain and noise cancellation circuitry. With this invention, an increase in the volume control on the first unit, will result in an automatic adjustment of the second unit's microphone gain control. This microphone gain adjustment is an amount corresponding to the adjustment of the volume of the first unit. The noise cancellation circuitry on the second unit is adjusted to filter more of the background noise before transmission instead of after the receipt of the signal at the destination telephone.

Abstract: In response to initiating a call from a first class to a second class, an instantiation of the second class is initiated. While performing the instantiation of the second class, a class constructor for the second class is called, which determines a codebase for the first class and attempts to verify a digital signature on it. In response to a successful verification, the instantiation of the second class is successfully completed. In response to successfully completing the instantiation of the second class, a codebase for the second class is determined by the first class, and an attempt is made by the first class to verify a digital signature on the codebase for the second class. In response to a successful verification of the digital signature on the codebase for the second class, the call from the instance of the first class to the instance of the second class is performed.

Abstract: A data processing system and method archive, retrieve, and store electronic messages in a communication system, such as the Internet. The data processing system and methodology convert electronic mail messages to HTML documents, or web pages to provide greater flexibility for users of the communication system. By storing electronic mail messages as web pages, each of the mail messages may become a page or a group of pages in a “web” using the HTML format. Alternatively, only a portion of the mail messages could be converted to an alternate format. During operation of the data processing system and methodology, individual pieces of electronic mail are assigned to a corresponding URL. The mail messages are then organized into categories of web pages, that may be accessed using the full capabilities of currently available and evolving network tools, such as browsers.

Abstract: An enterprise computing environment such as a corporate web portal includes an intermediary server, a sign on service, and one or more backend enterprise systems managed by resource managers. Before or after user primary logon, which establishes a user primary account identity, the intermediary server uses its own identity to authenticate to the sign on service its right to retrieve user secondary account identities with respect to the backend enterprise systems. Retrieved secondary account identities are then used by the intermediary server to perform user secondary logons to respective resource managers in the environment. The intermediary server also manages the passing of resource requests and associated replies between the user and the resource managers.

Abstract: A method of managing a set of clients in a distributed computer network having a management server. A given client preferably includes a dataless management framework. According to the method, a manager object is associated to each application to be managed on a given client. The manager object preferably includes a registry composed of a set of elements, with each element corresponding to an instance of the application. The element comprises a data set of information representing a context of the application instance. All application instances are then managed through the manager object.

Abstract: A frames-based Web browser is used with existing distributed computing environment (DCE) interfaces to facilitate and simplify management of DCE cells. In the preferred embodiment, administration may be performed from any secure Web browser acting as a client. Management data is typically supported on a target Web server. At the browser, CGI scripts are used to dynamically generate HTML (hypertext markup language) pages based on the network administrator's selections and the current state and defined objects in the DCE cell. The result is a robust and efficient Web-based DCE management scheme.

Abstract: Metadata is obtained from a database and provided to an object model that uses the database for persisting the state of its objects. The metadata provides the object model with constraints, size limits, or other limiting information about a database so that the object model can anticipate and handle potential errors that could occur at the database level. Rather than keeping the metadata embedded within the database, the object model obtains access to the metadata and can adopt policies for dealing with those constraints and limits. In addition, the object model is also provided with heuristics that can be applied to storage processing of attributes. In this manner, the object model becomes metadata-aware and can handle database operations more intelligently and thus propagate fewer errors to the client.

Abstract: The invention relates to the recovery of data in a database of database records, following a failure of a media containing said database. The data recovery uses a backup of the database and a log of log records detailing any changes in the database which are not captured in the backup. The log is replayed starting with the most recent log record. It is the determined for each successive log record, that relates to an operation on a database record, whether processing the log record will result in the most recent state of the corresponding database record, and if so, the log record is processed. Subsequently additional data is restored from the backup.

Abstract: A method for serving a web page uses eXtensible Markup Language (XML) server pages. The first time a page is accessed, a given flat file is parsed into an XML Document Object Model (DOM), and required tag libraries are loaded. The DOM tree is then traversed, preferably in a depth-first, inside-out manner to locate custom tags. Upon locating a custom tag, if the tag is registered as a Java object, the object is loaded. A process method is then called on the object, passing the custom tag's tree node. The Java object then examines the custom tag and replaces it with an object, e.g., script code. Alternatively, if the tag is registered as an XSL stylesheet, the stylesheet is loaded and passed, together with the DOM, to an XSL processor. The processor applies the template to the custom tag and replaces it with given script code. Once all custom tags are reduced to HTML and script code, the DOM is compiled into a Java servlet to service the client request.

Abstract: A method of processing a document object model (DOM) tree having at least one tag located at a given node in the tree. The tag serves as a marker that initiates the invocation of a tag handler that, in turn, performs a simple macro substitution or a more complex algorithmic reorganization and manipulation of the tree. Upon encountering the tag, given information is passed to a method. In a first embodiment, the given information is a text representation of XML in the DOM tree at the given node and any child nodes of the given node. In an alternate embodiment, the given information is the given node of the DOM tree itself. The method generates an XML string, which is then parsed into a new DOM tree having a root node. The given node and any child nodes are then replaced by the new DOM tree, with the root node of the new DOM tree being positioned at the given node in the original DOM tree. The process may then be repeated for any additional tags.