Abstract: Multiple peer groups for performing computing, communication, and/or storage tasks. A method may be performed for example, in a computing environment including one or more agents networked together. The method includes providing data to the agents using two or more distinct peer groups. The peer groups include members from among the agents. The method further includes performing at each of the peer groups operations on the data. Each peer group is configured to perform a specific operation. The method also includes coordinating the operations at each of the peer groups such that a common computing, communication and/or storage task is accomplished by aggregating the operations at each of the peer groups.

Abstract: Multiple peer groups for performing computing, communication, and/or storage tasks. A method may be performed for example, in a computing environment including one or more agents networked together. The method includes providing data to the agents using two or more distinct peer groups. The peer groups include members from among the agents. The method further includes performing at each of the peer groups operations on the data. Each peer group is configured to perform a specific operation. The method also includes coordinating the operations at each of the peer groups such that a common computing, communication and/or storage task is accomplished by aggregating the operations at each of the peer groups.

Abstract: Requesting security tokens with typed information. A method includes accessing at a client, information to allow the client to request a token for accessing functionality of a service. The method further includes sending a client request from the client to a token issuer in a token request. The client request includes the information and at least one of information defining the source of the information, proof of the source of the information; or usage information specifying how the information should be used.

Abstract: Multiple peer groups for performing computing, communication, and/or storage tasks. A method may be performed for example, in a computing environment including one or more agents networked together. The method includes providing data to the agents using two or more distinct peer groups. The peer groups include members from among the agents. The method further includes performing at each of the peer groups operations on the data. Each peer group is configured to perform a specific operation. The method also includes coordinating the operations at each of the peer groups such that a common computing, communication and/or storage task is accomplished by aggregating the operations at each of the peer groups.

Abstract: A flexible way of expressing trust policies using, for example, XML. Multiple statement types may be expressed for a single authority type. Statement types may include less than all of the statements made by an authority type. Authority types may be defined using any manner interpretable by the computing system using the trust policy. In addition, trust policies may be updated as trust levels change. Even multiple trust policies may be used with reconciliation between the multiple trust policies being accomplished by using the more restrictive trust policy with respect to an assertion.

Abstract: A first application layer at a first message processor identifies a first portion of context information. A second message processor receives the first portion of context information. A second application layer at the second message processor identifiers a second portion of context information. The second message processor sends the second portion of context information along with a first digital signature created from both the first and second portions of context information. The first message processor receives the second portion of context information and first digital signature. The first message processor sends a second digital signature created from the first and second portions of context information to the second message processor. If both the first and second digital signatures are authenticated, a secure context can be established between the first and second application layers.

Abstract: The present invention extends to methods, systems, and computer program products for selecting policy for compatible communication. Hierarchical policy document data structures represent communication (e.g., security) aspects and options such that lower aspects and options are accessed in the context of corresponding higher aspects and options to define applicable scope. Use of a hierarchical description also facilitates separation of what is being protected from how it is being protected thereby allowing security policy to be considered at different locations of a description document.

Abstract: Multiple different credentials and/or signatures based on different credentials may be included in a header portion of a single electronic message. Different recipients of intermediary computing systems may use the different credentials/signatures to identify the signer. The electronic message may include an encoding algorithm and a type identification of a credential included in the electronic message, allowing the recipient to decode and process the credential as appropriate given the type of credential. Also, the electronic message may include a pointer that references a credential associated with a signature included in the electronic message. That referenced credential may be accessed from the same electronic message, or from some other location. The recipient may then compare the references credential from the credentials used to generate the signature. If a match occurs, the integrity of the electronic message has more likely been preserved.

Abstract: A plurality of message processors exchange public and secret information. Based on the exchanged information, each message processor computes a key sequence such that any one of a plurality of keys may be derived from the key sequence depending on key derivation data. A first message processor generates key derivation data that can be used to derive a particular key from among the plurality of keys. The first message processor sends a security token that includes the generated key derivation data to express to at least one other message processor how to derive the particular key from the computed key sequence. At least a second message processor receives the security token expressing how to derive the particular key from the computed key sequence. The first and/or second message processors apply the key derivation data to the computed key sequence to derive the particular key.

Abstract: Methods and systems for providing a virtual network are disclosed. At least one layer of abstraction is created between network service applications and conventional network protocols by inserting an adaptive dispatcher between applications and network transport services on each machine in a network. The message protocol in the virtual network is extensible, allowing application programs to create new headers within any message as needed. The adaptive dispatcher contains handlers that route and dispatch messages within the virtual network based on arbitrary content within each message, including any combination of headers and/or data content. Each device on the virtual network has a virtual address to which messages are directed, allowing devices to move within the network without reconfiguring routing tables.

Abstract: A configuration management system creates (602) each configuration by assigning a configuration identifier to each configuration. In addition, relational information is computed (706) that indicates the relationships between the configuration and any configurations upon which it is based. The system then tracks (604) changes to files of the configuration by storing information associating each new file version with the configuration identifier. The system also tracks (1210) changes to file properties. A configuration is then reconstructed (608) as of a desired date, by identifying (2104, 2106) the file versions and properties associated with that configuration as of the desired date. A determination is made (2110) whether a user that has requested the file versions has access privileges by first checking a security cache (2600) for the user privileges information. If the information is not on the cache, it is computed from a security table (2800) and stored on the cache.

Abstract: A requesting message processor identifies client security input data of a first format and encapsulates the client security input data within a client security token. A requesting token processing interface sends the client security token to a validating message processor. A validating token processing interface at the validating message processor receives the client security token. Based on the encapsulated client security input data, the validating message processor selects client security output data of a second format. The validating message processor encapsulates the security output data within a response security token. The validating token processing interface sends the response security token to the requesting message processor. The token processing interfaces can be configured to similarly abstract security input data and security output data so as to increase the possibility of compatible communication between the requesting and validating message processor.

Abstract: A method includes advertising a policy characterizing communication properties supported by a node. The policy may be distributed to another node in response to a request for the policy. Policy expressions in the policy include one or more assertions that may be grouped and related to each other in a plurality of ways. A system includes a policy generator for generating at least one policy characterizing properties of a node. A policy retriever retrieves a policy from another node and a message generator generates a message to the other node, wherein the message conforms to the policy from the other node.

Abstract: Debug controls for debugging a distributed application are included in messages that are also used by the distributed application to transport data. A debug initiator causes debug controls to be inserted in the header portion of a message that is being transported across a distributed system. The debug initiator may insert debug controls directly or may cause a message router that receives the message to merge debug controls into the message. The message router may receive debug controls from the debug initiator or from configuration files that are maintained at the message router. The message, which now includes distributed application data and debug controls, is routed to a message recipient. The message recipient accesses the message to identify debug functions that are to be performed at the message recipient. The message recipient performs at least one of the identified debug functions.

Abstract: Reliable end-to-end messaging in which tracking and acknowledgement information are contained in the electronic message that is visible to layers above the transport layer, thereby being independent of what transport protocols, and whether different transport protocols, are used to communicate between the two end points. Furthermore, acknowledgment messages may identify multiple ranges of sequence numbers corresponding to received electronic messages, thereby permitting further flexibility and completeness in acknowledging received messages.

Abstract: Systems, clients, servers, methods, and computer-readable media of varying scope are described that maintain versions of associations between project management objects such as source cod files, bug data, development issue data, and software specifications. One aspect of the system is that the project association data is stored in a relational database. A link set data structure provides a link to objects that are to be associated together. A link content data structure describes an individual project management object that is linked with other objects in the link set. As a software development project progresses through its life cycle, changes to the associations occur. The changes are captured and stored in the database. Previous versions of the associations are maintained in the project database, thereby allowing a user to query for the state of the project associations as they existed at any particular point in time.

Abstract: Development of multiple-version software employs versioned documents in a store. The documents are compared (differenced) at both line and character levels. Potential conflicts in merged documents are marked by detecting possible alternative histories from a common parent document. Changes from an earlier version are removed from a later version of the same document even when the document has intervening versions. A build lab allows developers to work in parallel on a new software build while another build is being run and patched on a different set of documents; the developers each have private copies from which changes pertaining to a build have been added, and then backed out when the file is returned to a common area.

Abstract: Testing information for testing a distributed application is included in messages that are also used by the distributed application to transport data. A test initiator causes test information to be inserted in the header portion or a header element of a message that is being transported across a distributed system. The test initiator may insert test information directly or may cause a message router that receives the message to merge test information into the message. The message, which now includes distributed application data and test information, is routed to a message recipient. The message recipient accesses the message to identify tests that are to be performed at the message recipient. The message recipient performs at least one of the identified tests. Inserting and routing test information, as well as, performing tests may be done in a transport-independent manner.

Abstract: A generic application server is capable of simultaneously receiving requests, processing requested work, and returning results using multiple, conceptual thread pools. In addition, functions are programmable as state machines. While executing such a function, when a worker thread encounters a potentially blocking condition, the thread issues an asynchronous request for data, a state transition is performed, and the thread is released to do other work. After the blocking condition is relieved, another worker thread is scheduled to advance to the next function state and continue the function. Multiple priority work queues are used to facilitate completion of functions already in progress. In addition, lower-priority complex logic threads can be invoked to process computationally intense logic that may be necessitated by a request. Throttling functions are also implemented, which control the quantity of work accepted into the server and server response time.

Abstract: A group identifier represents an association between each of a number of different abbreviated namespace identifiers with a corresponding hierarchical namespace (e.g., an XML namespace). A hierarchically-structured document (e.g., an XML document) is accessed by a computing system that determines that the group identifier is associated with the hierarchically-structured document. Hence, when using the abbreviated namespace identifiers in the hierarchically-structured document, the computing system knows that the corresponding namespace is associated with the designated portions of the hierarchically-structured document. Also, a schema description language document (e.g., an XSD document) may specify multiple target namespaces for a single element. Accordingly, groupings of elements may be included in different namespaces to creating overlapping or even nested namespaces.