Abstract: A data structure with endpoint address and security information. The data structure includes an address field that includes one or more endpoint addresses for an entity. The data structure further includes a security field that includes one or more keys for facilitating secure communications with the entity. The data structure may also be such that the contents of the address field and the security field are serialized in the data structure. The data structure may be extensible such that new address fields and security fields may be added.

Abstract: Implementations of the present invention relate in part to optimizations to peer-to-peer communication systems. For example, one implementation relates to use of a smart transceiver that creates, caches, and manages communication channels dynamically between peers. Another implementation relates to use of a central tracking object that can be used to efficiently register and distribute peer messages among the various peers. In one implementation, the central tracking object is shared amongst peers in the group. Still another implementation relates to associating peer groups with namespaces, and for including peer groups of one namespace within still other peer groups of different namespaces. These and other aspects of the invention can also be used to ensure delivery intent of a given peer message is preserved, and to ensure that optimal numbers of messages are communicated to any given peer at any given time.

Abstract: Implementations of the present invention relate in part to optimizations to peer-to-peer communication systems. For example, one implementation relates to use of a smart transceiver that creates, caches, and manages communication channels dynamically between peers. Another implementation relates to use of a central tracking object that can be used to efficiently register and distribute peer messages among the various peers. In one implementation, the central tracking object is shared amongst peers in the group. Still another implementation relates to associating peer groups with namespaces, and for including peer groups of one namespace within still other peer groups of different namespaces. These and other aspects of the invention can also be used to ensure delivery intent of a given peer message is preserved, and to ensure that optimal numbers of messages are communicated to any given peer at any given time.

Abstract: Implementations of the present invention relate in part to optimizations to peer-to-peer communication systems. For example, one implementation relates to use of a smart transceiver that creates, caches, and manages communication channels dynamically between peers. Another implementation relates to use of a central tracking object that can be used to efficiently register and distribute peer messages among the various peers. In one implementation, the central tracking object is shared amongst peers in the group. Still another implementation relates to associating peer groups with namespaces, and for including peer groups of one namespace within still other peer groups of different namespaces. These and other aspects of the invention can also be used to ensure delivery intent of a given peer message is preserved, and to ensure that optimal numbers of messages are communicated to any given peer at any given time.

Abstract: A group identifier represents an association between each of a number of different abbreviated namespace identifiers with a corresponding hierarchical namespace (e.g., an XML namespace). A hierarchically-structured document (e.g., an XML document) is accessed by a computing system that determines that the group identifier is associated with the hierarchically-structured document. Hence, when using the abbreviated namespace identifiers in the hierarchically-structured document, the computing system knows that the corresponding namespace is associated with the designated portions of the hierarchically-structured document. Also, a schema description language document (e.g., an XSD document) may specify multiple target namespaces for a single element. Accordingly, groupings of elements may be included in different namespaces to creating overlapping or even nested namespaces.

Abstract: Reliable end-to-end messaging in which tracking and acknowledgement information are contained in the electronic message that is visible to layers above the transport layer, thereby being independent of what transport protocols, and whether different transport protocols, are used to communicate between the two end points. Furthermore, acknowledgment messages may identify multiple ranges of sequence numbers corresponding to received electronic messages, thereby permitting further flexibility and completeness in acknowledging received messages.

Abstract: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.

Abstract: Mechanisms for securely allowing a participant computing entity to engage in a transaction initiated by an initiator computing entity and managed by a coordinator computing entity. The initiator provides a transaction initiation request to the coordinator. Upon receipt, the coordinator accessing a transaction coordination context that includes information such as a secure key that may be used by a participant to register in the transaction. The coordinator then provides the coordination context to the initiator, which provides the coordination context to the participant(s) that are also to engage in the transaction. Each participant then generates a registration request that is based on the coordination context, and that is secured using the secure key provided in the coordination context.

Abstract: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.

Abstract: A group identifier represents an association between each of a number of different abbreviated namespace identifiers with a corresponding hierarchical namespace (e.g., an XML namespace). A hierarchically-structured document (e.g., an XML document) is accessed by a computing system that determines that the group identifier is associated with the hierarchically-structured document. Hence, when using the abbreviated namespace identifiers in the hierarchically-structured document, the computing system knows that the corresponding namespace is associated with the designated portions of the hierarchically-structured document. Also, a schema description language document (e.g., an XSD document) may specify multiple target namespaces for a single element. Accordingly, groupings of elements may be included in different namespaces to creating overlapping or even nested namespaces.

Abstract: A secure electronic transfer mechanism that does not require that the computing entities that are parties to the transaction be aware of the secret data used to secure the transfer. Instead, supplemental computing entities that do have access to such secret data are enlisted to assist in performing challenge-based authentication and authorization.

Abstract: Methods, systems, and data structures for communicating object metadata are provided. A generic metadata container is presented that allows object metadata to be described in an extensible manner using protocol-neutral and platform-independent methodologies. A metadata scope refers to a dynamic universe of targets to which the included metadata statements correspond. Metadata properties provide a mechanism to describe the metadata itself, and metadata security can be used to ensure authentic metadata is sent and received. Mechanisms are also provided to allow refinement and replacement of metadata statements. The generic metadata container can be adapted to dynamically define access control rights to a range of objects by a range of users, including granted and denied access rights.

Abstract: Systems and methods for checking security goals of a distributed system are described. In one aspect, detailed security policies are converted into a model. The detailed security policies are enforced during exchange of messages between one or more endpoints. The one or more endpoints host respective principals networked in a distributed operating environment. The model is evaluated to determine if the detailed security policies enforce one or more security goals of at least one of the one or more endpoints.

Abstract: Systems and methods for automatically generating security policy for a web service are described. In one aspect, one or more links between one or more endpoints are described with an abstract link description. The abstract link description describes, for each link of the one or more links, one or more security goals associated with exchange of message(s) between the one or more endpoints associated with the link. The one or more endpoints host respective principals networked in a distributed operating environment. Detailed security policies for enforcement during exchange of messages between the one or more endpoints are automatically generated from the abstract link description.

Abstract: The present invention extends to validating measurable aspects of computing system. A provider causes a challenge to be issued to the requester, the challenge requesting proof that the requester is appropriately configured to access the resource. The requester accesses information that indicates how the requester is to prove an appropriate configuration for accessing the resource. The requester formulates and sends proof that one or more measurable aspects of the requester's configuration are appropriate. The provider receives proof that one or more measurable aspects of the requester's configuration are appropriate and authorizes the requester to access the resource. Proof of one more measurable aspects of a requester can be used along with other types of authentication to authorize a requester to access a resource of a provider. Solutions to challenges can be pre-computed and stored in a location accessible to a provider.

Abstract: A software-development system or versioning system has a collection of modules for performing individual development functions such as document editing, keyword processing, and private-copy management. Each module has an interface compatible with that of the others, so that modules can be added to or substituted for the original modules, if the new modules conform to the interface. The architecture of this system supports the performance of development actions such as document merging and keyword expansion at any location within the system. The system operates upon documents and files as objects in an object space, rather than in name spaces.

Abstract: The present invention extends to validating measurable aspects of computing system. A provider causes a challenge to be issued to the requester, the challenge requesting proof that the requester is appropriately configured to access the resource. The requester accesses information that indicates how the requester is to prove an appropriate configuration for accessing the resource. The requester formulates and sends proof that one or more measurable aspects of the requester's configuration are appropriate. The provider receives proof that one or more measurable aspects of the requester's configuration are appropriate and authorizes the requester to access the resource. Proof of one more measurable aspects of a requester can be used along with other types of authentication to authorize a requester to access a resource of a provider. Solutions to challenges can be pre-computed and stored in a location accessible to a provider.

Abstract: Systems and methods for open content model Web service messaging in a networked computing environment are described. In one aspect, a transport neutral message is generated that includes message recipient, endpoint addressing information, and one or more reference properties. The reference properties include selectively opaque message context. The transport neutral message is bound to a transport protocol for communication to the message recipient. At least a portion of the selectively opaque message context is. not directed to the message recipient.

Abstract: A method includes advertising a policy characterizing communication properties supported by a node. The policy may be distributed to another node in response to a request for the policy. Policy expressions in the policy include one or more assertions that may be grouped and related to each other in a plurality of ways. A system includes a policy generator for generating at least one policy characterizing properties of a node. A policy retriever retrieves a policy from another node and a message generator generates a message to the other node, wherein the message conforms to the policy from the other node.

Abstract: A secure electronic transfer mechanism that does not require that the computing entities that are parties to the transaction be aware of the secret data used to secure the transfer. A transferring computing entity provides a request from a billing agent computing entity to transfer the electronically transferable item to a computing entity. The billing agent computing entity responds to the request by providing approval data to the second computing entity, the approval data being encrypted using secret data known to the billing agent computing entity and a supplemental computing entity associated with the transferee computing entity, but not to the transferring and transferee computing entity. The approval is provided to the supplemental computing entity, which then credits the transferee account.