Abstract: A system and method for controlling access to web services resources. A system may include a storage medium configured to store instructions and one or more processors configured to access the storage medium. The instructions may be executable by at least one of the processors to implement a web services access control system (ACS) configured to receive requests. Each request specifies an access operation to be performed with respect to a corresponding resource. Each of the requests is associated with a corresponding principal. For each received request, the ACS may be further configured to determine whether an access control entry exists that is associated with both the resource and principal associated with the request and that specifies an access type sufficient to perform the access operation. If no such entry exists, the ACS may deny the request.

Abstract: Techniques are described for facilitating use of invocable services by applications in a configurable manner. In at least some situations, the invocable services are Web services or other network-accessible services that are made available by providers of the services for use by others in exchange for fees defined by the service providers. The described techniques facilitate use of such invocable services by applications in a manner configured by the application providers and the service providers, including to track use of third-party invocable services by applications on behalf of end users and to allocate fees that are charged end users between the applications and the services as configured by the providers of the applications and services. In some situations, the configured pricing terms for a service specify fees for end users that differ in one or more ways from the defined fees charged by the provider of that service.

Abstract: A system and method for controlling access to web services resources. A system may include a storage medium configured to store instructions and one or more processors configured to access the storage medium. The instructions may be executable by at least one of the processors to implement a web services access control system (ACS) configured to receive requests. Each request specifies an access operation to be performed with respect to a corresponding resource. Each of the requests is associated with a corresponding principal. For each received request, the ACS may be further configured to determine whether an access control entry exists that is associated with both the resource and principal associated with the request and that specifies an access type sufficient to perform the access operation. If no such entry exists, the ACS may deny the request.

Abstract: A system and method for controlling access to web services resources. A system may include a storage medium configured to store instructions and one or more processors configured to access the storage medium. The instructions may be executable by at least one of the processors to implement a web services access control system (ACS) configured to receive requests. Each request specifies an access operation to be performed with respect to a corresponding resource. Each of the requests is associated with a corresponding principal. For each received request, the ACS may be further configured to determine whether an access control entry exists that is associated with both the resource and principal associated with the request and that specifies an access type sufficient to perform the access operation. If no such entry exists, the ACS may deny the request.

Abstract: Techniques are described for providing enhanced security for electronic communications, such as by including in a message sent between two services a digital signature that is generated by using secret information known to the services, so that the recipient receives assurance regarding the sender's identity if the recipient can replicate the received digital signature using the secret information known to the recipient. In some situations, the enhanced security is used in communications to and/or from an access manager system that provides single sign-on functionality and other functionality to other services for use with those services' users, such as to prevent malicious phishers from inappropriately gaining access to user information. Various services may use the enhanced security techniques when interacting with the access manager system at various times, such as to initiate sign-on for a user and/or to take subsequent action on behalf of a signed-on user.

Abstract: The subject disclosure is directed towards virtual components, e.g., comprising software components such as virtual components of a distributed computing system. Virtual components are available for use by distributed computing system applications, yet managed by the distributed computing system runtime transparent to the application with respect to automatic activation and deactivation on runtime-selected distributed computing system servers. Virtualization of virtual components is based upon mapping virtual components to their physical instantiations that are currently running, such as maintained in a global data store.

Abstract: A system and method for controlling access to web services resources. A system may include a storage medium configured to store instructions and one or more processors configured to access the storage medium. The instructions may be executable by at least one of the processors to implement a web services access control system (ACS) configured to receive requests. Each request specifies an access operation to be performed with respect to a corresponding resource. Each of the requests is associated with a corresponding principal. For each received request, the ACS may be further configured to determine whether an access control entry exists that is associated with both the resource and principal associated with the request and that specifies an access type sufficient to perform the access operation. If no such entry exists, the ACS may deny the request.

Abstract: A system and method for controlling access to web services resources. A system may include a storage medium configured to store instructions and one or more processors configured to access the storage medium. The instructions may be executable by at least one of the processors to implement a web services access control system (ACS) configured to receive requests. Each request specifies an access operation to be performed with respect to a corresponding resource. Each of the requests is associated with a corresponding principal. For each received request, the ACS may be further configured to determine whether an access control entry exists that is associated with both the resource and principal associated with the request and that specifies an access type sufficient to perform the access operation. If no such entry exists, the ACS may deny the request.

Abstract: Techniques are described for providing enhanced security for electronic communications, such as by including in a message sent between two services a digital signature that is generated by using secret information known to the services, so that the recipient receives assurance regarding the sender's identity if the recipient can replicate the received digital signature using the secret information known to the recipient. In some situations, the enhanced security is used in communications to and/or from an access manager system that provides single sign-on functionality and other functionality to other services for use with those services' users, such as to prevent malicious phishers from inappropriately gaining access to user information. Various services may use the enhanced security techniques when interacting with the access manager system at various times, such as to initiate sign-on for a user and/or to take subsequent action on behalf of a signed-on user.

Abstract: Techniques are described for providing enhanced security for electronic communications, such as by including in a message sent between two services a digital signature that is generated by using secret information known to the services, so that the recipient receives assurance regarding the sender's identity if the recipient can replicate the received digital signature using the secret information known to the recipient. In some situations, the enhanced security is used in communications to and/or from an access manager system that provides single sign-on functionality and other functionality to other services for use with those services' users, such as to prevent malicious phishers from inappropriately gaining access to user information. Various services may use the enhanced security techniques when interacting with the access manager system at various times, such as to initiate sign-on for a user and/or to take subsequent action on behalf of a signed-on user.

Abstract: Techniques are described for facilitating use of invocable services by applications in a configurable manner. In at least some situations, the invocable services are Web services or other network-accessible services that are made available by providers of the services for use by others in exchange for fees defined by the service providers. The described techniques facilitate use of such invocable services by applications in a manner configured by the application providers and the service providers, including to track use of third-party invocable services by applications on behalf of end users and to allocate fees that are charged end users between the applications and the services as configured by the providers of the applications and services. In some situations, the configured pricing terms for a service specify fees for end users that differ in one or more ways from the defined fees charged by the provider of that service.

Abstract: Techniques are described for facilitating use of invocable services by applications in a configurable manner. In at least some situations, the invocable services are Web services or other network-accessible services that are made available by providers of the services for use by others in exchange for fees defined by the service providers. The described techniques facilitate use of such invocable services by applications in a manner configured by the application providers and the service providers, including to track use of third-party invocable services by applications on behalf of end users and to allocate fees that are charged end users between the applications and the services as configured by the providers of the applications and services. In some situations, the configured pricing terms for a service specify fees for end users that differ in one or more ways from the defined fees charged by the provider of that service.

Abstract: A distributed system and method for replicated storage of structure data records. According to one embodiment, a system may include storage hosts each configured to store and retrieve structured data records, and a data store manager configured to receive a request from a client to store a structured data record within a table. In response to receiving the request, the data store manager may be further configured to map the structured data record to a block according to a partition key value of the structured data record and an identifier of the table and to map the block to a subset comprising at least two of the plurality of storage hosts. Upon successfully storing the structured data record to the block within at least two storage hosts within the subset, the data store manager may be further configured to return to the client an indication that said request is complete.

Abstract: The subject disclosure is directed towards virtual components, e.g., comprising software components such as virtual components of a distributed computing system. Virtual components are available for use by distributed computing system applications, yet managed by the distributed computing system runtime transparent to the application with respect to automatic activation and deactivation on runtime-selected distributed computing system servers. Virtualization of virtual components is based upon mapping virtual components to their physical instantiations that are currently running, such as maintained in a global data store.

Abstract: A system and method for estimating available payload inventory are provided. An advertisement delivery system generates a set of atomic market segment arrays from target market criteria for one or more advertisement campaigns to be served. The set of arrays is incremented corresponding to advertisement requests matching the target market criteria. The atomic market segment is processed to select an advertisement and to predict future capacity and manage inventory.

Abstract: A system and method for controlling access to web services resources. A system may include a storage medium configured to store instructions and one or more processors configured to access the storage medium. The instructions may be executable by at least one of the processors to implement a web services access control system (ACS) configured to receive requests. Each request specifies an access operation to be performed with respect to a corresponding resource. Each of the requests is associated with a corresponding principal. For each received request, the ACS may be further configured to determine whether an access control entry exists that is associated with both the resource and principal associated with the request and that specifies an access type sufficient to perform the access operation. If no such entry exists, the ACS may deny the request.

Abstract: Techniques are described for providing enhanced security for electronic communications, such as by including in a message sent between two services a digital signature that is generated by using secret information known to the services, so that the recipient receives assurance regarding the sender's identity if the recipient can replicate the received digital signature using the secret information known to the recipient. In some situations, the enhanced security is used in communications to and/or from an access manager system that provides single sign-on functionality and other functionality to other services for use with those services' users, such as to prevent malicious phishers from inappropriately gaining access to user information. Various services may use the enhanced security techniques when interacting with the access manager system at various times, such as to initiate sign-on for a user and/or to take subsequent action on behalf of a signed-on user.

Abstract: Techniques are described for providing enhanced security for electronic communications, such as by including in a message sent between two services a digital signature that is generated by using secret information known to the services, so that the recipient receives assurance regarding the sender's identity if the recipient can replicate the received digital signature using the secret information known to the recipient. In some situations, the enhanced security is used in communications to and/or from an access manager system that provides single sign-on functionality and other functionality to other services for use with those services' users, such as to prevent malicious phishers from inappropriately gaining access to user information. Various services may use the enhanced security techniques when interacting with the access manager system at various times, such as to initiate sign-on for a user and/or to take subsequent action on behalf of a signed-on user.

Abstract: Method and apparatus for metering network services, for example Web services. In embodiments, a network services metering system may collect network service usage information via an add usage interface and store the usage information in a database. In one embodiment, the usage information may be partitioned into two or more partitions. Once the usage information has been aggregated and stored, the metering system may be queried to obtain usage statistics such as aggregate usage over specific time intervals. In one embodiment, a pipeline mechanism that generates and processes batches of usage information may be implemented for adding usage information to the database. The pipeline mechanism may help to reduce or eliminate redundancy and loss of usage information, and may make the metering system linearly scalable in multiple dimensions.

Abstract: Techniques are described for facilitating use of invocable services by applications in a configurable manner. In at least some situations, the invocable services are Web services or other network-accessible services that are made available by providers of the services for use by others in exchange for fees defined by the service providers. The described techniques facilitate use of such invocable services by applications in a manner configured by the application providers and the service providers, including to track use of third-party invocable services by applications on behalf of end users and to allocate fees that are charged end users between the applications and the services as configured by the providers of the applications and services. In some situations, the configured pricing terms for a service specify fees for end users that differ in one or more ways from the defined fees charged by the provider of that service.