Abstract: A user engages in a transaction with a relying party. The relying party requests identity information from the user in a security policy and identifies transaction elements for an on-line business transaction. Typically, the security policy and transaction elements are transmitted together; the security policy can be as little as a request to conduct the on-line business transaction. The user identifies an information card that satisfies the security policy. The computer system requests a security token from the identity provider managing the information card, which can include requesting a transaction receipt for the transaction elements. The computer system then returns the security token (and the transaction receipt) to the relying party, to complete the transaction.

Abstract: A user engages in a transaction with a relying party. The relying party requests identity information from the user in a security policy and identifies transaction elements for an on-line business transaction. Typically, the security policy and transaction elements are transmitted together; the security policy can be as little as a request to conduct the on-line business transaction. The user identifies an information card that satisfies the security policy. The computer system requests a security token from the identity provider managing the information card, which can include requesting a transaction receipt for the transaction elements. The computer system then returns the security token (and the transaction receipt) to the relying party, to complete the transaction.

Abstract: A user engages in a transaction with a relying party. The relying party requests identity information from the user in a security policy and identifies transaction elements for an on-line business transaction. Typically, the security policy and transaction elements are transmitted together; the security policy can be as little as a request to conduct the on-line business transaction. The user identifies an information card that satisfies the security policy. The computer system requests a security token from the identity provider managing the information card, which can include requesting a transaction receipt for the transaction elements. The computer system then returns the security token (and the transaction receipt) to the relying party, to complete the transaction.

Abstract: A relying party can have a security policy. The security policy can include claims that are categorized other than “required” and “optional”. The user can specify, in a user policy, whether or not to include in a request for a security token from an identity provider claims that are not “required”.

Abstract: A computer system accesses metadata about an information card. The metadata can be stored locally or remotely (for example, at an identity provider). A metadata engine can be used to generate data to be provided to the user from the metadata: this data can take any desired form, such as an advertisement, a state of the user's account, or a policy update, among other possibilities.

Abstract: A user engages in a transaction with a relying party. The relying party requests identity information from the user in a security policy and identifies transaction elements for an on-line business transaction. Typically, the security policy and transaction elements are transmitted together; the security policy can be as little as a request to conduct the on-line business transaction. The user identifies an information card that satisfies the security policy. The computer system requests a security token from the identity provider managing the information card, which can include requesting a transaction receipt for the transaction elements. The computer system then returns the security token (and the transaction receipt) to the relying party, to complete the transaction.

Abstract: A system and method for synchronizing database information over a communications network distributed among a plurality of servers. The system allows each server to track the state of a replica on each of the servers, and changes to the servers are communicated between the servers along with their states. The states may be stored as an array of timestamps, the timestamps each indicating a time at which the replica on each server was updated. In a network wherein two servers (a first and third server) cannot communicate directly, a first network server transmits a change to an intermediate (a second) server including its state information. The second server transmits the change to the third server, and the third server updates its replica. The third server transmits its state information to the second server, and the timestamp information is conveyed to the first server. The state information of the third server may be transmitted to the second server during later updates of the third server's replica.

Abstract: Methods and systems are provided for controlling access to objects in a hierarchical database. The database may include a directory services repository, and/or synchronized partitions. An access constraint propagator reads an access control property of an ancestor of a target object. The access control property designates an inheritable access constraint such as an object class filter or an "inheritable" flag. The object class filter restricts a grant of rights to objects of an identified class. The "inheritable" flag allows inheritance of an access constraint on a specific object property. The propagator enforces the inheritable access constraint by applying it to at least the target object.

Abstract: The present invention provides a method and apparatus for dynamically updating computer programs that are providing X.500 directory services without interruption of service. Upon receiving a call to update a computer program providing directory services, a process or thread is executed that authenticates the user making the reload request, loads a program loader, renames the then currently running directory services program, and calls another process or thread, while it awaits completion of the second process or thread. The second process or thread loads and initializes the new directory services computer program and then interacts with the program loader and the new directory services computer program to determine if the old and new directory services programs are compatible. If the old and new directory services computer programs are not compatible, the second process or thread aborts the load and transmits an abort signal to the first process or thread.

Abstract: Methods and systems for managing replicated objects in a partitioned hierarchical database are disclosed. One method combines partition-wide object identifiers in order according to ancestry to form a database-wide object identifier that identifies a target object relative to all other objects in the database. Each partition-wide object identifier includes a replica identifier and at least one integer value. Suitable integer values include timestamp values, event counter values, random values, and GUID values. Other methods use the identifiers to access objects after a single object or a subtree of objects has been renamed or moved.

Abstract: A method and apparatus for providing access control to objects in a distributed network directory employing static resolution to resolve object attributes. A first object has a Security Equals attribute and a second object has an Equivalent To Me attribute. Upon receiving a request for the first object to access the second object, authorization of such access is verified by checking if the two attributes are synchronized. The attributes are synchronized when the Security Equals attribute of the first object includes the second object, and the Equivalent To Me attribute of the second object includes the first object. A method of synchronizing the two attributes is also disclosed.

Abstract: A method of moving leaf objects and subtrees in computer networks that employ a distributed network directory is disclosed. The method employs the existing directories and an authentication procedure for each server. A first object that is under the physical control of the administrator of one partition of the distributed network directory requests access to a second object that is under the physical control of the administrator of another partition of the distributed network directory. The directory verifies that the access control list of the first object includes the second object. The access control list of the second object is then checked to verify that it includes a reference to the first object as an object that is permitted access to the second object. As a result, access is only granted in response to requests from objects that appear in the access control list of the second object. a method of synchronizing the access control lists based upon an authoritative access control list is also disclosed.

Abstract: A method of providing authoritative access control to computer networks that employs a distributed network directory using a static means of resolving object attributes is disclosed. The method employs the existing directories and an authentication procedure for each server. A first object that is under the physical control of the administrator of one partition of the distributed network directory requests access to a second object that is under the physical control of the administrator of another partition of the distributed network directory. The directory verifies that the access control list of the first object includes the second object. The access control list of the second object is then checked to verify that it includes a reference to the first object as an object that is permitted access to the second object. As a result, access is only granted in response to requests from objects that appear in the access control list of the second object.

Abstract: A method of moving leaf objects and subtrees in computer networks that employ a distributed network directory is disclosed. The method employs the existing directories and an authentication procedure for each server. A first object that is under the physical control of the administrator of one partition of the distributed network directory requests access to a second object that is under the physical control of the administrator of another partition of the distributed network directory. The directory verifies that the access control list of the first object includes the second object. The access control list of the second object is then checked to verify that it includes a reference to the first object as an object that is permitted access to the second object. As a result, access is only granted in response to requests from objects that appear in the access control list of the second object. a method of synchronizing the access control lists based upon an authoritative access control list is also disclosed.