Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for risk-based data flow control in a cloud environment. Implementations include actions of intercepting first data transmitted from a first application to a second application before receipt of the first data at the second application, the first application and the second application being hosted within the cloud environment, processing the first data to provide a first risk factor, the first risk factor reflecting a degree of risk if the first data is received by the second application, generating first sanitized data based on the first data, the first risk factor and a first access control policy associated with the first data and transmitting the first sanitized data to the second application.

Abstract: A method to revoke a task includes receiving task data, the task data including information regarding a task to be performed. The method further includes receiving delegation data, the delegation data including information identifying a delegator of the task and a delegatee to perform the task. The method further includes receiving revocation task data, with the revocation task data having as its object at least aspects of the task.

Abstract: A method and a system for privacy-preserving SNA. A plurality of vertices of a first subgraph of a graph is encrypted with a first key of a commutatively encryption scheme. A plurality of vertices of a second subgraph encrypted with a second key of the commutatively encryption scheme are received and encrypted commutatively with the first key. A plurality of commutatively encrypted vertices of the first subgraph and a plurality of commutatively encrypted vertices of the second subgraph are used for computing centrality metrics preserving the privacy of the graph and its structure.

Abstract: A workflow document processing machine supports agile modeling and agile execution of a workflow that comprises tasks, one or more of which may be dynamically added, changed, or identified during execution of the workflow. The workflow document processing machine accesses a pre-process workflow document, a tactical goal data structure, and business process data resultant from execution of a task pertinent to the workflow. The workflow document processing machine modifies a document portion based on the task data structure and on the business process data. Based on the pre-process workflow document and on the modified document portion, the workflow document processing machine generates a post-process workflow document, which may be accessed as a pre-process workflow document by another machine.

Abstract: The present disclosure is directed to comparing a first structured data document to a second structured data document, including receiving the first and second structured data documents as first and second encrypted documents, respectively, comparing nodes of the first encrypted document to nodes of the second encrypted document, a content and a location of each of the nodes remaining confidential during the comparing, generating matched pairs of nodes based on the comparing, and storing the matched pairs in computer memory, each matched pair comprising a node of the first encrypted document and a corresponding node of the second encrypted document, determining one or more edit operations based on the matched pairs, and generating an edit script comprising the one or more edit operations, the edit script being executable to transform the first encrypted document to provide a transformed encrypted document that is isomorphic to the second encrypted document.

Abstract: A method for creating a review task includes receiving task data, the task data including information on a main task to be performed. Delegation data is received, the delegation data including information identifying a first delegator of the main task and a first delegatee to perform the main task. A review task is created, with the review task having as its object at least aspects of the main task. The review task is assigned to the first delegator of the main task, and review task data is stored based on the completed main task.

Abstract: Document collaboration may be implemented by executing an access interest specification phase. The access interest specification phase may include receiving access requests from collaboration participants for access to a document instance, the access requests specified using a document schema of the document instance and referencing at least one schema portion for access to a corresponding document instance portion based thereon, determining a common access interest group of the collaboration participants, based on the access requests, access credentials of the collaboration participants, and on an access control policy specified in terms of the access credentials, and providing a control data block to the participants of the common access interest group including information for generating a common secret key that is common to the participants of the common access interest group. The document collaboration may further be implemented by executing a collaboration phase.

Abstract: An access control system provides access control to at least one information resource associated with at least one application within a computer network.

Abstract: A method and a system for privacy-preserving SNA. A plurality of vertices of a first subgraph of a graph is encrypted with a first key of a commutatively encryption scheme. A plurality of vertices of a second subgraph encrypted with a second key of the commutatively encryption scheme are received and encrypted commutatively with the first key. A plurality of commutatively encrypted vertices of the first subgraph and a plurality of commutatively encrypted vertices of the second subgraph are used for computing centrality metrics preserving the privacy of the graph and its structure.

Abstract: A computer-implemented method avoids policy-based deadlocks in execution of a workflow. The method includes receiving information describing a workflow. The workflow includes tasks, roles, site of tasks and security constraints related to the tasks. A data structure, representative of relationships between the tasks and the security constraints is automatically generated. An automated, design-time evaluation is performed using the data structure to determine a minimal number of resources to be assigned to the roles in order to execute the tasks of the workflow, and to avoid deadlock in execution of the tasks of the workflow as a result of security constraints.

Abstract: A method and system for the augmentation of at least one task of a business process model are described, such augmentation including receiving a task-based authorization constraint to be applied to the at least one task. An augmented business process model is generated utilizing the business process model and the task-based authorization constraint. An authorization policy is automatically derived from the augmented business process model.

Abstract: A method to implement controls with respect to a collaborative workflow, the method including mapping a private task of a private workflow of a first entity to a public task of a public collaborative workflow, and defining a public control relating to the public task, the public task and the public control to be published to a second entity with which the first entity collaborates utilizing the public collaborative workflow.

Abstract: An access control system provides access control to at least one information resource associated with at least one application within a computer network.

Abstract: A system to manage a workflow includes a workflow model having a version, the version being executable by an execution engine as a specific workflow instance. The system includes a workflow data monitor to receive and associate audit information with an object processed by an execution engine in terms of the specific instance of the workflow model.

Abstract: A method to revoke a task includes receiving task data, the task data including information regarding a task to be performed. The method further includes receiving delegation data, the delegation data including information identifying a delegator of the task and a delegatee to perform the task. The method further includes receiving revocation task data, with the revocation task data having as its object at least aspects of the task.

Abstract: A method for creating a review task includes receiving task data, the task data including information on a main task to be performed. Delegation data is received, the delegation data including information identifying a first delegator of the main task and a first delegatee to perform the main task. A review task is created, with the review task having as its object at least aspects of the main task. The review task is assigned to the first delegator of the main task, and review task data is stored based on the completed main task.