Abstract: Multiple peer groups for performing computing, communication, and/or storage tasks. A method may be performed for example, in a computing environment including one or more agents networked together. The method includes providing data to the agents using two or more distinct peer groups. The peer groups include members from among the agents. The method further includes performing at each of the peer groups operations on the data. Each peer group is configured to perform a specific operation. The method also includes coordinating the operations at each of the peer groups such that a common computing, communication and/or storage task is accomplished by aggregating the operations at each of the peer groups.

Abstract: A method of securing communications between an application that includes a macro and a Web Service. The method includes an act of, at the macro, generating a request for data. The request for data comprises generating commands for retrieving data, generating security information, and embedding the commands for retrieving data and the security information in a request. The request for data is sent to the Web Service. The requested data is received from the Web Service if the security information provides appropriate authorization to receive the requested data.

Abstract: Mechanisms for securely allowing a participant computing entity to engage in a transaction initiated by an initiator computing entity and managed by a coordinator computing entity. The initiator provides a transaction initiation request to the coordinator. Upon receipt, the coordinator accessing a transaction coordination context that includes information such as a secure key that may be used by a participant to register in the transaction. The coordinator then provides the coordination context to the initiator, which provides the coordination context to the participant(s) that are also to engage in the transaction. Each participant then generates a registration request that is based on the coordination context, and that is secured using the secure key provided in the coordination context.

Abstract: A message processor accesses an electronic message. The accessing message processor identifies, from within the electronic message, any communication session information associated with the accessing message processor. This can include identifying expressive XML instructions or XML data structures representing communication sessions or message sequences. The accessing message processor determines if any session information within the electronic message is to be modified. This can include inserting session information for new sessions or message sequences, updating existing session information, or removing session information for terminated or expired communication sessions or message sequences. The accessing message processor then routes the electronic message to another message processor. In some embodiments, an initiating message processor identifies cached session information that is used to initially establish a communication session.

Abstract: The present invention extends to methods, systems, and computer program products for selecting policy for compatible communication. Hierarchical policy document data structures represent communication (e.g., security) aspects and options such that lower aspects and options are accessed in the context of corresponding higher aspects and options to define applicable scope. Use of a hierarchical description also facilitates separation of what is being protected from how it is being protected thereby allowing security policy to be considered at different locations of a description document.

Abstract: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.

Abstract: A software architecture that permits for a unified mechanism for interfacing with multiple peer groups is disclosed. The architecture includes multiple peer group interfaces, each facilitating communication between computing systems in a corresponding peer group. In addition, a perhaps configurable number and type of service modules are configured to use the peer group interfaces to facilitate communication between peer groups in a manner that facilitates the service. A peer community application program interface is configured to allow one or more peer applications to enlist the services of the plurality of services by interfacing with the peer community application program interface.

Abstract: A software architecture that permits for a unified mechanism for interfacing with multiple peer groups. The architecture includes multiple peer group interfaces, each facilitating communication between computing systems in a corresponding peer group. In addition, a perhaps configurable number and type of service modules are configured to use the peer group interfaces to facilitate communication between peer groups in a manner that facilitates the service. A peer community application program interface is configured to allow one or more peer applications to enlist the services of the plurality of services by interfacing with the peer community application program interface.

Abstract: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.

Abstract: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.

Abstract: Communication of a compressed message over a communication channel between message processors. The compressed message may be expressed in terms of an expressed or implicit template identification, and values of one or more parameters. Based on the template identification, the meaning of the one or more parameters may be understood, whereas the meaning of the parameter(s) may not be understood without a knowledge of the template. The template provides semantic context for the one or more parameters. The transmitting message processor may have compressed the message using the identified template. Alternatively or in addition, the receiving message processor may decompress the message using the identified template. The template itself need not be part of the compressed message as transmitted.

Abstract: The present invention extends to validating measurable aspects of computing system. A provider causes a challenge to be issued to the requester, the challenge requesting proof that the requester is appropriately configured to access the resource. The requester accesses information that indicates how the requester is to prove an appropriate configuration for accessing the resource. The requester formulates and sends proof that one or more measurable aspects of the requester's configuration are appropriate. The provider receives proof that one or more measurable aspects of the requester's configuration are appropriate and authorizes the requester to access the resource. Proof of one more measurable aspects of a requester can be used along with other types of authentication to authorize a requester to access a resource of a provider. Solutions to challenges can be pre-computed and stored in a location accessible to a provider.

Abstract: Methods, systems, and data structures for communicating object metadata are provided. A generic metadata container is presented that allows object metadata to be described in an extensible manner using protocol-neutral and platform-independent methodologies. A metadata scope refers to a dynamic universe of targets to which the included metadata statements correspond. Metadata properties provide a mechanism to describe the metadata itself, and metadata security can be used to ensure authentic metadata is sent and received. Mechanisms are also provided to allow refinement and replacement of metadata statements. The generic metadata container can be adapted to dynamically define access control rights to a range of objects by a range of users, including granted and denied access rights.

Abstract: A method and system are provided for managing a security threat in a distributed system. A distributed element of the system detects and reports suspicious activity to a threat management agent. The threat management agent determines whether an attack is taking place and deploys a countermeasure to the attack when the attack is determined to be taking place. Another method and system are also provided for managing a security threat in a distributed system. A threat management agent reviews reported suspicious activity including suspicious activity reported from at least one distributed element of the system, determines, based on the reports, whether a pattern characteristic of an attack occurred, and predicts when a next attack is likely to occur. Deployment of a countermeasure to the predicted next attack is directed in a time window based on when the next attack is predicted to occur.

Abstract: Reliable end-to-end messaging in which tracking and acknowledgement information are contained in the electronic message that is visible to layers above the transport layer, thereby being independent of what transport protocols, and whether different transport protocols, are used to communicate between the two end points. Furthermore, acknowledgment messages may identify multiple ranges of sequence numbers corresponding to received electronic messages, thereby permitting further flexibility and completeness in acknowledging received messages.

Abstract: Providing reference tokens. A method includes receiving a request for a token. In response to the request for a token and in place of a token, one or more rich pointers are sent referencing one or more tokens. The rich pointers point to locations where one or more actual tokens can be retrieved. When only a single pointer is sent, the pointer is a reference other than an HTTP URL.

Abstract: The present invention extends to methods, systems, and computer program products for mapping between anonymous modules in an event environment. Through the use of one or more event type to executable module bindings, a binding/dispatch manager maps events, for example, peer-to-peer, grid, or parallel processing computing events, to appropriate methods for processing the events. When an event is received from an event infrastructure, the binding/dispatch manager refers to annotations (e.g., based on the shape of the parameters) to identify an appropriate method for processing the event. Parameters are transferred to the appropriate method, which processes the parameters and returns any results to the binding/dispatch manager. In some embodiments, the binding/dispatch manager then forwards a response to the event infrastructure.

Abstract: Shared Federation Metadata. A data structures may be implemented in a networked computing environment including federation. A federation includes two or more organizations coupled in a fashion such that authentication and authorization statements span the organizations in accordance with a pre-defined policy. A computer readable medium may include a data structure. The data structure includes fields including at least one or more grouping of metadata about a first federation or about an organization within the first federation. At least one of the one or more groupings of metadata about the first federation or about an organization within the first federation are included in the data structure by a reference to a block of federation metadata, the block of federation metadata is used for at least one other federation or organization.

Abstract: Methods, systems, and data structures for communicating object metadata are provided. A generic metadata container is presented that allows object metadata to be described in an extensible manner using protocol-neutral and platform-independent methodologies. A metadata scope refers to a dynamic universe of targets to which the included metadata statements correspond. Metadata properties provide a mechanism to describe the metadata itself, and metadata security can be used to ensure authentic metadata is sent and received. Mechanisms are also provided to allow refinement and replacement of metadata statements. The metadata container may be used to convey referral data to update routing tables in network nodes, and may also be used register referral statements and query a node for referral information.

Abstract: A method includes advertising a policy characterizing communication properties supported by a node. The policy may be distributed to another node in response to a request for the policy. Policy expressions in the policy include one or more assertions that may be grouped and related to each other in a plurality of ways. A system includes a policy generator for generating at least one policy characterizing properties of a node. A policy retriever retrieves a policy from another node and a message generator generates a message to the other node, wherein the message conforms to the policy from the other node.