Abstract: An extensible mechanism for providing access control for logical objects in a network environment. A security broker is able to dynamically register one or more claims providers, each of which can assert one or more claims about logical objects. The claims providers may be purpose built or may be third party applications which expose data or business rules for use. Claims may be augmented by additional claims providers after the original claim is asserted. The applicability of claims may be scope limited either at the time the claims provider is registered or when the user requests that a security token be issued.

Abstract: An extensible mechanism for providing access control for logical objects in a network environment. A security broker is able to dynamically register one or more claims providers, each of which can assert one or more claims about logical objects. The claims providers may be purpose built or may be third party applications which expose data or business rules for use. Claims may be augmented by additional claims providers after the original claim is asserted. The applicability of claims may be scope limited either at the time the claims provider is registered or when the user requests that a security token be issued.

Abstract: An extensible mechanism for providing access control for logical objects in a network environment. A security broker is able to dynamically register one or more claims providers, each of which can assert one or more claims about logical objects. The claims providers may be purpose built or may be third party applications which expose data or business rules for use. Claims may be augmented by additional claims providers after the original claim is asserted. The applicability of claims may be scope limited either at the time the claims provider is registered or when the user requests that a security token be issued.

Abstract: Embodiments are described for blocking the opening of a file. Some embodiments include receiving a request to open a file. In response, a portion of the file's data is examined to determine a true file format for the file. A determination is then made as to whether the true file format of the file has been set as blocked. Based on the determination that the file format is blocked from opening, the file is prevented from being loaded into memory and from being accessed. A message is then displayed to a user indicating that the file has been blocked from opening.

Abstract: Embodiments are described for removing malicious code from a file in a first file format by converting the file into a converted file of a second file format. In embodiments, converting the file eliminates malicious code embedded within the file from being stored in the converted file. The conversion is performed within a restricted computer process that has restricted privileges limiting its access to an operating system and an underlying computer system. As a result, even if malicious code embedded within the file executes while the file is being converted into the converted file, the damage to a computer system is mitigated because of the limited privileges provided to the restricted process.

Abstract: An extensible mechanism for providing access control for logical objects in a network environment. A security broker is able to dynamically register one or more claims providers, each of which can assert one or more claims about logical objects. The claims providers may be purpose built or may be third party applications which expose data or business rules for use. Claims may be augmented by additional claims providers after the original claim is asserted. The applicability of claims may be scope limited either at the time the claims provider is registered or when the user requests that a security token be issued.

Abstract: Embodiments are described for removing malicious code from a file in a first file format by converting the file into a converted file of a second file format. In embodiments, converting the file eliminates malicious code embedded within the file from being stored in the converted file. The conversion is performed within a restricted computer process that has restricted privileges limiting its access to an operating system and an underlying computer system. As a result, even if malicious code embedded within the file executes while the file is being converted into the converted file, the damage to a computer system is mitigated because of the limited privileges provided to the restricted process.

Abstract: Embodiments are described for blocking the opening of a file. Some embodiments include receiving a request to open a file. In response, a portion of the file's data is examined to determine a true file format for the file. A determination is then made as to whether the true file format of the file has been set as blocked. Based on the determination that the file format is blocked from opening, the file is prevented from being loaded into memory and from being accessed. A message is then displayed to a user indicating that the file has been blocked from opening.