Abstract: A method, computer program product, and computer system are provided for user access group discovery. The method includes: generating a matrix that depicts the respective resources of a set of resources accessed by each of a plurality of users; obtaining, for each user, a similarity measurement using the matrix, wherein the similarity measurement is based on a comparison of the resources accessed by the user to the resources accessed by the other users; generating, for each user, a feature vector for clustering the users into user access groups, wherein the feature vector represents the resources accessed by the user; applying the feature vectors and the similarity measurements to a centroid-based clustering algorithm to obtain the user access groups; and outputting the user access groups for application in a security environment.

Abstract: A method and system are provided for code coverage for test systems for testing source code. The method obtains a trace with trace records written at entry and exit to one or more test modules for function calls to the test modules. The method compares response codes for the functions extracted from the trace with a finite list of response codes retrieved from metadata for the source code for the functions and analyzes a code coverage based on the comparison.

Abstract: Concepts for acquiring information for identifying a security configuration for an application are proposed. In particular, the information is obtained by running the application in a development environment, detecting security requests made on behalf of the application, and then storing security information associated with the security requests in a security log. Using this concept, a security log may be obtained from which an appropriate security configuration may be determined.

Abstract: A method and system are provided for code coverage for test systems for testing source code. The method obtains a trace with trace records written at entry and exit to one or more test modules for function calls to the test modules. The method compares response codes for the functions extracted from the trace with a finite list of response codes retrieved from metadata for the source code for the functions and analyzes a code coverage based on the comparison.

Abstract: Concepts for acquiring information for identifying a security configuration for an application are proposed. In particular, the information is obtained by running the application in a development environment, detecting security requests made on behalf of the application, and then storing security information associated with the security requests in a security log. Using this concept, a security log may be obtained from which an appropriate security configuration may be determined.

Abstract: Method and system are provided for capturing task traces for multiple tasks. The method includes capturing in a task trace structure recent trace data entries for a task of multiple tasks segmented into a predefined number of available blocks, wherein a task trace structure is provided for each of multiple tasks in parallel, wherein trace data entries are written to a block with a timestamp of the trace data entries. The method also includes storing in a global trace structure pushed blocks from the multiple task trace structures of older data that exceed the predefined number of blocks of the task trace structures, wherein the blocks are ordered in the global trace structure by the pushed order of the blocks from the multiple task trace structures.

Abstract: A method, computer system, and a computer program product for instructing the use of application programming interface (API) commands in a runtime environment is provided. The present invention may include receiving, by a computer processor, a source code with a high level language API command. The present invention may include accessing, by a computer processor, metadata for the source code and determining whether the metadata includes an instruction to be applied to the high level language API command, and applying, by a computer processor, the instruction to the high level language API command. The present invention may include processing, by a computer processor, the high level language API command to a low level code using a command translator, wherein the processing occurs after the applying the instruction.

Abstract: A single sign-on is implemented in an online transaction processing system. A security token extracted from a transaction request is received. The security token is validated and, in response to a positive validation, security information is extracted. The security information is processed to validate the transaction request and a set of validation attributes is generated. The set of validation attributes is stored in a read-only data object. A transaction server is notified of the read-only data object to authorize processing of the transaction request by the transaction server.

Abstract: Method and system are provided for capturing task traces for multiple tasks. The method includes capturing in a task trace structure recent trace data entries for a task of multiple tasks segmented into a predefined number of available blocks, wherein a task trace structure is provided for each of multiple tasks in parallel, wherein trace data entries are written to a block with a timestamp of the trace data entries. The method also includes storing in a global trace structure pushed blocks from the multiple task trace structures of older data that exceed the predefined number of blocks of the task trace structures, wherein the blocks are ordered in the global trace structure by the pushed order of the blocks from the multiple task trace structures.

Abstract: Method and system are provided for capturing task traces for multiple tasks. The method includes capturing in a task trace structure recent trace data entries for a task segmented into a predefined number of available blocks, wherein a task trace structure is provided for each of multiple tasks in parallel, wherein trace data entries are written to a block with a timestamp of the trace data entries. The method also includes storing in a global trace structure pushed blocks from the multiple task trace structures of older data that exceed the predefined number of blocks of the task trace structures, wherein the blocks are ordered in the global trace structure by the pushed order of the blocks from the multiple task trace structures.

Abstract: Method and system are provided for capturing task traces for multiple tasks. The method includes capturing in a task trace structure recent trace data entries for a task segmented into a predefined number of available blocks, wherein a task trace structure is provided for each of multiple tasks in parallel, wherein trace data entries are written to a block with a timestamp of the trace data entries. The method also includes storing in a global trace structure pushed blocks from the multiple task trace structures of older data that exceed the predefined number of blocks of the task trace structures, wherein the blocks are ordered in the global trace structure by the pushed order of the blocks from the multiple task trace structures.

Abstract: A method, computer system, and a computer program product for instructing the use of application programming interface (API) commands in a runtime environment is provided. The present invention may include receiving, by a computer processor, a source code with a high level language API command. The present invention may include accessing, by a computer processor, metadata for the source code and determining whether the metadata includes an instruction to be applied to the high level language API command, and applying, by a computer processor, the instruction to the high level language API command. The present invention may include processing, by a computer processor, the high level language API command to a low level code using a command translator, wherein the processing occurs after the applying the instruction.

Abstract: A method, computer system, and a computer program product for instructing the use of application programming interface (API) commands in a runtime environment is provided. The present invention may include receiving, by a computer processor, a source code with a high level language API command. The present invention may include accessing, by a computer processor, metadata for the source code and determining whether the metadata includes an instruction to be applied to the high level language API command, and applying, by a computer processor, the instruction to the high level language API command. The present invention may include processing, by a computer processor, the high level language API command to a low level code using a command translator, wherein the processing occurs after the applying the instruction.

Abstract: A method, system, and computer program product for identifying skills for product areas includes: receiving change data from a first computing device, the change data including at least change sets, check-in history, and product areas; analyzing the change data to determine dimensions of change, the dimensions of change including at least a size of change, an age of change, and a quantity of changes; calculating a program skill level for each program of one or more programs using the dimensions of the change, the software product having one or more product areas, each product area having one or more programs; calculating a product skill level for each product area of the one or more product areas using the calculated program skill levels for each program; and providing an output having a visual representation of the skill level for each product area.

Abstract: A received security token includes first access control attributes and a signature of a first identity provider of a first security domain. Additional access control attributes provided by a second identity provider of a second security domain are added into the received security token. The received security token with the added additional access control attributes is re-signed, with a private key associated with a certificate of a second service provider in the second security domain. The re-signing is an assertion in the second security domain that the added additional access control attributes have been provided by the second identity provider of the second security domain. The re-signed received security token is issued for consuming, using the added additional access control attributes, by any service provider in the second security domain.

Abstract: A method, system and computer program product for handling a unit of work in a transaction processing system, in which the system comprises one or more production regions operating minimal or no diagnostic functions and one or more diagnostic regions operating maximal or full diagnostic functions. A unit of work is received, which is routed to a production region. After receiving a notification that the work has failed, the work is routed to a diagnostic region.

Abstract: A single sign-on is implemented in an online transaction processing system. A security token extracted from a transaction request is received. The security token is validated and, in response to a positive validation, security information is extracted. The security information is processed to validate the transaction request and a set of validation attributes is generated. The set of validation attributes is stored in a read-only data object. A transaction server is notified of the read-only data object to authorize processing of the transaction request by the transaction server.

Abstract: A single sign-on is implemented in an online transaction processing system. A security token extracted from a transaction request is received. The security token is validated and, in response to a positive validation, security information is extracted. The security information is processed to validate the transaction request and a set of validation attributes is generated. The set of validation attributes is stored in a read-only data object. A transaction server is notified of the read-only data object to authorize processing of the transaction request by the transaction server.

Abstract: A received security token includes first access control attributes and a signature of a first identity provider of a first security domain. Additional access control attributes provided by a second identity provider of a second security domain are added into the received security token. The received security token with the added additional access control attributes is re-signed, with a private key associated with a certificate of a second service provider in the second security domain. The re-signing is an assertion in the second security domain that the added additional access control attributes have been provided by the second identity provider of the second security domain. The re-signed received security token is issued for consuming, using the added additional access control attributes, by any service provider in the second security domain.

Abstract: Attribute-based access control is performed across a first and a second security domain in a federated distributed processing environment. A security token received in the second security domain from a first service provider in the first security domain includes access control attributes. Access control information associated with a request to process an online transaction in the second security domain is received from an identity provider in the second security domain. The access control information is mapped into access control attributes compatible with a format of the access control attributes of the received security token. The mapped access control attributes are appended to the received security token to create a modified security token. The modified security token is signed with a certificate of a second service provider in the second security domain, and the modified security token is issued for consuming by any service provider in the second security domain.