Abstract: An actor is associated with a role, a policy type is associated with the role, and a role scope is associated with the role. One or more values are received for one or more corresponding context parameters associated with the actor. A request for access to a resource is received from the actor. A policy instance is determined based on the policy type and the one or more values for the one or more corresponding context parameters associated with the actor. One or more actor-role scope values are determined based on the role scope and the one or more values for the one or more corresponding context parameters associated with the actor. A response to the request is determined based on the policy instance and the actor-role scope values.

Abstract: A method for selecting among taxable accounts, non-deductible tax-deferred accounts, deductible tax-deferred accounts, and tax-exempt accounts from which to withdraw funds to minimize tax consequences prioritizes withdrawal from taxable accounts and non-deductible tax-deferred accounts over withdrawal from deductible tax-deferred accounts and tax-exempt accounts. The method also prioritizes between taxable accounts and non-deductible tax-deferred accounts by comparing (i) a future after-tax liquidation value of assets held in taxable and non-deductible tax-deferred accounts assuming withdrawals are made from the taxable accounts prior to a withdrawal from the non-deductible tax-deferred accounts and (ii) a future after-tax liquidation value of assets held in taxable and non-deductible tax-deferred accounts assuming withdrawals are made from the non-deductible tax-deferred accounts prior to a withdrawal from the taxable accounts.

Abstract: A computer-readable medium has encoded thereon software for maintaining a steady-state worth of an inhomogenous renewable resource pool. The software includes instructions for causing a data-processing system to evaluate an indicator of a historical worth of the resource pool, to determine a draw amount at least in part on the basis of this indicator, and to output data representative of that draw amount.

Abstract: A securities trading simulation method and system that is capable of performing a series of simulated securities trades of a security using actual or potential market data to obtain distribution of simulated trade prices of the security. The distribution of simulated trade prices may then be used in a number of ways, including to measure the quality of an actual trade, to estimate the opportunity available for a security, to estimate the fair value of a derivative security, or to otherwise characterize the volatility and momentum behavior of securities.

Abstract: Described are computer-based methods and apparatuses, including computer program products, for mapping data on a network. Input files including information files and schema files are utilized to generate platform independent runtime files. The processing of the runtime files generates one or more business service applications. The runtime files map data between a standard format and an internal format.

Abstract: Described are computer-based methods and apparatuses, including computer program products, for generating code on a network. Input files including information files and schema files are utilized to generate platform independent runtime files. The processing of the runtime files generates one or more business service applications. The runtime files map data between a standard format and an internal format.

Abstract: Methods, systems, and apparatus, including computer program products, implementing techniques for receiving a first information related to a first transaction associated with a first user session with a multi-tier enterprise application, the first information including performance data that is representative of how well components in at least two tiers of the enterprise application perform in executing the first transaction; and determining based on the first information whether the first transaction is associated with a prioritized aspect of the enterprise application, and if so, taking an action based on the determining.

Abstract: Described are methods and apparatus, including computer program products, for overriding configuration for web application involving multiple customers. A user of one of the customers requests a Web page. A dynamic Web page is generated using default values associated with the user. At least one of the default values is overridden by an override value associated with a context. A plurality of contexts are defined for use in the dynamic generation of the Web page. The plurality of contexts include an organization context, a role context, and/or a point of claim context.

Abstract: Described are computer-based methods and apparatuses, including computer program products, for reconstructing data on a network. An user utilizes a transmitting device to transmit data packets that are split between a plurality of data centers for processing. The data packets are captured at the data centers. The data packets are recombined. The recombined data can be analyzed for fraud detection, marketing analysis, network intrusion detection, customer service analysis, and/or performance analysis. If fraudulent activity is detected, then the user can be interdicted to prevent further fraudulent activity.

Abstract: Described are computer-based methods and apparatuses, including computer program products, for detecting fraudulent activity on a network using stored information. An user utilizes a transmitting device to transmit user requests that are split between a plurality of data centers for processing. The user requests are captured at the data centers. The user requests are unified into an user session. The user session can be analyzed for fraud detection, marketing analysis, network intrusion detection, customer service analysis, and/or performance analysis. If fraudulent activity is detected, then the user can be interdicted to prevent further fraudulent activity.

Abstract: Described are computer-based methods and apparatuses, including computer program products, for unifying user sessions on a network. An user utilizes a transmitting device to transmit user requests that are split between a plurality of data centers for processing. The user requests are captured at the data centers. The user requests are unified into an user session. The user session can be analyzed for fraud detection, marketing analysis, network intrusion detection, customer service analysis, and/or performance analysis. If fraudulent activity is detected, then the user can be interdicted to prevent further fraudulent activity.

Abstract: Described are computer-based methods and apparatuses, including computer program products, for detecting and interdicting fraudulent activity on a network. An user utilizes a transmitting device to transmit user requests that are split between a plurality of data centers for processing. The user requests are captured at the data centers. The user requests are unified into an user session. The user session can be analyzed for fraud detection, marketing analysis, network intrusion detection, customer service analysis, and/or performance analysis. If fraudulent activity is detected, then the user can be interdicted to prevent further fraudulent activity.

Abstract: Described are computer-based methods and apparatuses, including computer program products, for detecting fraudulent activity on a network. An user utilizes a transmitting device to transmit user requests that are split between a plurality of data centers for processing. The user requests are captured at the data centers. The user requests are unified into an user session. The user session can be analyzed for fraud detection, marketing analysis, network intrusion detection, customer service analysis, and/or performance analysis. If fraudulent activity is detected, then the user can be interdicted to prevent further fraudulent activity.

Abstract: Described are computer-based methods and apparatuses, including computer program products, for subscribing to data feeds on a network. An user utilizes a transmitting device to transmit data packets that are split between a plurality of data centers for processing. The data packets are captured at the data centers. The data packets are recombined. The recombined data can be analyzed for fraud detection, marketing analysis, network intrusion detection, customer service analysis, and/or performance analysis. If fraudulent activity is detected, then the user can be interdicted to prevent further fraudulent activity.

Abstract: Described are methods, systems, and apparatus, including computer program products for providing authentication for service provisioning. One or more executable authentication rules are provided for determining access by a user to one or more services. A request is received from the user. The request is for a first service from the one or more services at an enforcement point. It is determined, at the enforcement point, if at least a first executable authentication rule from the one or more executable authentication rules applies to the user. The first executable authentication rule is for determining access by the user to the first service, wherein determining if the first executable authentication rule applies includes determining if one or more triggers specified by the first executable authentication rule are triggered.

Abstract: Described are methods, systems, and apparatus, including computer program products for providing customizable authentication for service provisioning. A first user is enabled to customize an authentication system associated with a service. Customizing the authentication system includes defining a first executable authentication rule for a second user and a second executable authentication rule for a third user. The second executable authentication rule is different from the first executable authentication rule. The second user is different from the third user. The first executable authentication rule is employed for determining access by the second user to the service. The second executable authentication rule is employed for determining access by the third user to the service.

Abstract: Described are methods, systems, and apparatus, including computer program products for providing authentication for service provisioning. At least a first and a second executable authentication rule are provided. One or both of the first and second executable authentications are for determining access by a user to a service. The first executable authentication rule is selected when a lifecycle state associated with the user is in a first state. The second executable authentication rule is selected when the lifecycle state is in a second state. A rules credential is generated. The rules credential includes the selected executable authentication rule.

Abstract: Described are methods, systems, and apparatus, including computer program products for providing authentication for service provisioning. An executable authentication rule is provided for determining access by a user to a service. A request for the service is received at an enforcement point from the user. It is determined if the user satisfies the executable authentication rule. Access is provided by the user to the service if the user does not satisfy the executable authentication rule.

Abstract: Described are methods, systems, and apparatus, including computer program products for providing authentication for service provisioning. One or more executable authentication rules are provided for determining access by a user to one or more services. At least a first executable authentication rule is selected from the one or more executable authentication rules. The first executable authentication rule is for determining access by the user to at least a first service from the one or more services, wherein selecting the first executable authentication rule is based on: a characteristic of the user, a characteristic of a request, a characteristic of an acquisition point, or any combination thereof. A rules credential is generated. The rules credential includes the first executable authentication rule.

Abstract: A predictive call routing system that includes a real-time decision engine to receive information about a customer and identify a skill that is useful for providing service to the caller. The decision engine identifies the skill by generating scores for a plurality of statistical models using the statistical models and parameters associated with the caller, each statistical model representing a correlation between a subset of parameters arid an action that may be performed or requested to be performed by the caller, the score for each statistical model being generated using the statistical model and the subset of parameters associated with the statistical model, and identifies a skill based on the scores. The system includes a call router to route a call from the customer to a representative who has the skill.