Abstract: Up front authorization of a workflow and a security context for workflow execution are disclosed. All possible authorizations that may be required by a workflow definition are identified up front. A requestor is allowed to execute the workflow only when the authorizations of the user include the authorizations that may be required by the workflow. An immutable security context is generated and associated with the workflow or an instance thereof. The immutable security context can prevent or reduce failures associated with changes to a requestor's authorizations and may also scope or limit the workflow to at least the type or capacity of work requested and/or work uniquely identified in the security context. The immutable security context is managed in a security context that is separate and independent of the workflow execution context.

Abstract: Up front authorization of a workflow and a security context for workflow execution are disclosed. All possible authorizations that may be required by a workflow are identified up front. A requestor is allowed to execute the workflow only when the authorizations of the user include the authorizations that may be required by the workflow. A security context is generated and associated with the workflow or an instance thereof. The security context scopes or limits the workflow to at least the type or capacity of work requested, work uniquely identified in the security context, and/or service/workflow/call paths that the request is allowed to be processed through.

Abstract: Systems and methods are provided that may be implemented to orchestrate trusted enrollment of an endpoint client information handling system by deploying a signed payload of an enrollment package to the endpoint client system, and by using a client software agent executing on the endpoint client system to first verify the distribution chain and/or signature of the deployed enrollment package before proceeding to use other information contained in the enrollment package to contact a registration server to enroll the endpoint client system.

Abstract: Systems and methods are provided that may be implemented to orchestrate trusted enrollment of an endpoint client information handling system by deploying a signed payload of an enrollment package to the endpoint client system, and by using a client software agent executing on the endpoint client system to first verify the distribution chain and/or signature of the deployed enrollment package before proceeding to use other information contained in the enrollment package to contact a registration server to enroll the endpoint client system.

Abstract: A system includes a purchase portal configured to receive a purchase order from a customer, wherein the purchase order includes a service from each of a plurality of service providers. When receipt of the purchase order is detected, a processor determines first and second ones of the service providers associated with the purchase order; and establishes a trust relationship between the first service provider and the second service provider in a context of the customer. The processor also sends a first request for a first trust artifact to the first service provider and a second request for a second trust artifact to the second service provider; receives the first trust artifact from the first service provider, receives the second trust artifact from the second service provider, sends the first trust artifact to the second service provider, and sends the second trust artifact to the first service provider.

Abstract: In one or more embodiments, a first information handling system (IHS) may: encrypt a document utilizing a symmetric encryption key to produce an encrypted document; and encrypt a metadata file, which includes the symmetric encryption key, utilizing a session encryption key to produce a first encrypted metadata file. In one or more embodiments, a second IHS may: decrypt the first encrypted metadata file utilizing the session encryption key to produce the metadata file; and encrypt the metadata file utilizing a public encryption key associated with a second TPM associated with a third IHS to produce a second encrypted metadata file. In one or more embodiments, the third information handling system may: decrypt the second encrypted metadata file utilizing a private encryption key associated with the second TPM to produce the metadata file; and decrypt the encrypted document utilizing the symmetric encryption key, from the metadata file, to produce the document.

Abstract: Systems and methods are provided that may be implemented to orchestrate trusted enrollment of an endpoint client information handling system by deploying a signed payload of an enrollment package to the endpoint client system, and by using a client software agent executing on the endpoint client system to first verify the distribution chain and/or signature of the deployed enrollment package before proceeding to use other information contained in the enrollment package to contact a registration server to enroll the endpoint client system.

Abstract: A system includes a purchase portal configured to receive a purchase order from a customer, wherein the purchase order includes a service from each of a plurality of service providers. When receipt of the purchase order is detected, a processor determines first and second ones of the service providers associated with the purchase order; and establishes a trust relationship between the first service provider and the second service provider in a context of the customer. The processor also sends a first request for a first trust artifact to the first service provider and a second request for a second trust artifact to the second service provider; receives the first trust artifact from the first service provider, receives the second trust artifact from the second service provider, sends the first trust artifact to the second service provider, and sends the second trust artifact to the first service provider.

Abstract: In one or more embodiments, a first information handling system (IHS) may: encrypt a document utilizing a symmetric encryption key to produce an encrypted document; and encrypt a metadata file, which includes the symmetric encryption key, utilizing a session encryption key to produce a first encrypted metadata file. In one or more embodiments, a second IHS may: decrypt the first encrypted metadata file utilizing the session encryption key to produce the metadata file; and encrypt the metadata file utilizing a public encryption key associated with a second TPM associated with a third IHS to produce a second encrypted metadata file. In one or more embodiments, the third information handling system may: decrypt the second encrypted metadata file utilizing a private encryption key associated with the second TPM to produce the metadata file; and decrypt the encrypted document utilizing the symmetric encryption key, from the metadata file, to produce the document.

Abstract: A system includes a purchase portal configured to receive a purchase order from a customer, wherein the purchase order includes a service from each of a plurality of service providers. When receipt of the purchase order is detected, a processor determines first and second ones of the service providers associated with the purchase order; and establishes a trust relationship between the first service provider and the second service provider in a context of the customer. The processor also sends a first request for a first trust artifact to the first service provider and a second request for a second trust artifact to the second service provider; receives the first trust artifact from the first service provider, receives the second trust artifact from the second service provider, sends the first trust artifact to the second service provider, and sends the second trust artifact to the first service provider.

Abstract: A system includes a purchase portal configured to receive a purchase order from a customer, wherein the purchase order includes a service from each of a plurality of service providers. When receipt of the purchase order is detected, a processor determines first and second ones of the service providers associated with the purchase order; and establishes a trust relationship between the first service provider and the second service provider in a context of the customer. The processor also sends a first request for a first trust artifact to the first service provider and a second request for a second trust artifact to the second service provider; receives the first trust artifact from the first service provider, receives the second trust artifact from the second service provider, sends the first trust artifact to the second service provider, and sends the second trust artifact to the first service provider.

Abstract: Systems and methods for a client-server system including a client and a runtime server to provide extended management services utilizing declarative service management plugins. The client may transmit client service data associated with a set of extension declarations of a service plugin package using a client service plugin. The runtime server may add the set of extension declarations to the first set of the management services. The runtime server may receive the client service data from the client. The runtime server may provide a management service of a set of management services for the client that may be based on the client service data and a subset of the set of extension declarations corresponding to the first management service. The first subset of the set of extension declarations may specify how the first management service is provided to the client.

Abstract: Systems and methods for a client-server system including a client and a runtime server to provide extended management services utilizing declarative service management plugins. The client may transmit client service data associated with a set of extension declarations of a service plugin package using a client service plugin. The runtime server may add the set of extension declarations to the first set of the management services. The runtime server may receive the client service data from the client. The runtime server may provide a management service of a set of management services for the client that may be based on the client service data and a subset of the set of extension declarations corresponding to the first management service. The first subset of the set of extension declarations may specify how the first management service is provided to the client.