Abstract: The present invention may comprise a system and method for a Virtual Attribute Federation System (VAFS) and may be composed of a Virtual Attribute Federation Manager (VAFM) and a system of Virtual Attribute Enabled Directories (VAED) modified to accept federation of virtual attributes. The VAFM produces signed and trusted calculation methods and coordinates a synchronized dispersal of these methods to the VAEDs. The VAEDs may have local mappings which allow for federation-time configuration of the calculation methods.

Abstract: The present invention may comprise a system and method for a Virtual Attribute Federation System (VAFS) and may be composed of a Virtual Attribute Federation Manager (VAFM) and a system of Virtual Attribute Enabled Directories (VAED) modified to accept federation of virtual attributes. The VAFM produces signed and trusted calculation methods and coordinates a synchronized dispersal of these methods to the VAEDs. The VAEDs may have local mappings which allow for federation-time configuration of the calculation methods.

Abstract: The present invention may comprise a system and method for a Virtual Attribute Federation System (VAFS) and may be composed of a Virtual Attribute Federation Manager (VAFM) and a system of Virtual Attribute Enabled Directories (VAED) modified to accept federation of virtual attributes. The VAFM produces signed and trusted calculation methods and coordinates a synchronized dispersal of these methods to the VAEDs. The VAEDs may have local mappings which allow for federation-time configuration of the calculation methods.

Abstract: Approaches for using the historical party reputation data to calculate an access decision rating are provided. Specifically, one or more approaches provide a method, including: collecting reputation information of a first user that is requesting access to one or more assets, the reputation information based on at least an association of the first user with an organization and an association of the first user with one or more other users associated with one or more other organizations; storing the requester's reputation information; determining a change in the requester's reputation information, wherein the change comprises at least one of: the first user forming a new association with another organization, and the first user forming a new association with a second user, wherein the second user is affiliated with another organization; and causing an access decision rating to be calculated based upon the determined change in the requester's reputation information.

Abstract: Approaches for providing reputation based access control are provided. Specifically, at least one approach includes: identifying a requesting subject requesting access to a controlled resource; retrieving a reputation of the subject stored as a virtual attribute in a reputation-based access control database, the reputation comprising a value for skill for operating with the requested controlled resource; determining whether the subject is a known security risk; modifying a reputation of the subject and an associate in the case that a security risk of the subject meets a threshold; modifying the reputation of the subject based on at least one of: peer feedback and expert opinion, in the case that the subject is not a known security risk; retrieving a policy of the requested controlled resource; determining if the reputation of the subject meets the policy, and if so, allowing the subject access to the resource, and if not, denying the access.

Abstract: Approaches for providing reputation based access control are provided. Specifically, at least one approach includes: identifying a requesting subject requesting access to a controlled resource; retrieving a reputation of the subject stored as a virtual attribute in a reputation-based access control database, the reputation comprising a value for skill for operating with the requested controlled resource; determining whether the subject is a known security risk; modifying a reputation of the subject and an associate in the case that a security risk of the subject meets a threshold; modifying the reputation of the subject based on at least one of: peer feedback and expert opinion, in the case that the subject is not a known security risk; retrieving a policy of the requested controlled resource; determining if the reputation of the subject meets the policy, and if so, allowing the subject access to the resource, and if not, denying the access.

Abstract: An approach for connecting the inputs and the outputs of multiple services in such a way that the entire transaction can be tracked from beginning to end and from service to service is provided. The pipeline architecture of the present invention passes information through a sequence of nodes, each node providing some processing or filtering before passing information to the next node in the pipe. A transaction's token passes down a pipe of services. The pipe can have forks and branches, so a transaction's token is passed from node to node carrying messages from one node to another. The overall transactional information is not lost from service to service; instead it is carried up and down the length of the pipeline. As the transaction's token is passed up and down the pipeline, its history passes with it. The pipe links a chain of nodes connected end-to-end.

Abstract: Approaches for providing reputation based access control are provided.

Abstract: A system and method for creates, maintains and monitors individuals, organizations and artifacts relating to the same over time with respect to pedigree and reputation, security and reliability. One aspect of the present invention provides for a method and a system for collecting and maintaining historical party reputation data. Another aspect of the present invention provides for a method and a system for assessing an access decision to the historical party reputation data to a person after the person's reputation has changed.

Abstract: Approaches for using the historical party reputation data to calculate an access decision rating are provided. Specifically, one or more approaches provide a method, including: collecting reputation information of a first user that is requesting access to one or more assets, the reputation information based on at least an association of the first user with an organization and an association of the first user with one or more other users associated with one or more other organizations; storing the requester's reputation information; determining a change in the requester's reputation information, wherein the change comprises at least one of: the first user forming a new association with another organization, and the first user forming a new association with a second user, wherein the second user is affiliated with another organization; and causing an access decision rating to be calculated based upon the determined change in the requester's reputation information.

Abstract: Approaches for providing reputation based access control are provided.

Abstract: The reputation based access control system of the present invention allows or denies access to a requested controlled resource to a requesting subject based upon predetermined associations between the resource and security contexts to determine the subject's reputation in those contexts. The reputation based access control system utilizes an authentication system (biometric, challenge/response, etc.) to identify a subject. Once the identity is determined, a resource to be accessed is determined by a reputation based access control unit. The system interfaces with a reputation assessment system to gauge the subject's reputation in these contexts. If the subject's reputation meets the predetermined limits for reputation in those contexts for that resource, the subject is allowed access to the resource. Otherwise access is denied and the proper agents are notified.

Abstract: A method and a system for collecting and maintaining historical party reputation data and for using the historical party reputation data to calculate an access decision rating and recalculating the access decision rating when the historical party reputation data has changed has a reputation updater for updating a reputation when a party's reputation has changed, a reputation storer for storing the party's reputation, an access decision rating maker for making a rating on a party's access abilities based upon the party's reputation and reputation history storage for storing a party's reputation having access decision rating storage for storing previous and present access decision storage ratings.

Abstract: An approach for connecting the inputs and the outputs of multiple services in such a way that the entire transaction can be tracked from beginning to end and from service to service is provided. The pipeline architecture of the present invention passes information through a sequence of nodes, each node providing some processing or filtering before passing information to the next node in the pipe. A transaction's token passes down a pipe of services. The pipe can have forks and branches, so a transaction's token is passed from node to node carrying messages from one node to another. The overall transactional information is not lost from service to service; instead it is carried up and down the length of the pipeline. As the transaction's token is passed up and down the pipeline, its history passes with it. The pipe links a chain of nodes connected end-to-end.

Abstract: An approach for connecting the inputs and the outputs of multiple services in such a way that the entire transaction can be tracked from beginning to end and from service to service is provided. The pipeline architecture of the present invention passes information through a sequence of nodes, each node providing some processing or filtering before passing information to the next node in the pipe. A transaction's token passes down a pipe of services. The pipe can have forks and branches, so a transaction's token is passed from node to node carrying messages from one node to another. The overall transactional information is not lost from service to service; instead it is carried up and down the length of the pipeline. As the transaction's token is passed up and down the pipeline, its history passes with it. The pipe links a chain of nodes connected end-to-end.

Abstract: A party reputation aggregation unit determines and collects the reputation of a party from various sources. Further, the party reputation aggregation unit provides for the weighing and aggregation of such data, including reputation data of the party, reputation data of the party's relationships, reputation data of the party's social networks and reputation data of the members of the party's social network so that a complete picture of an individual or organization may be provided to a qualified requestor for his/her use/assessment.

Abstract: An approach for connecting the inputs and the outputs of multiple services in such a way that the entire transaction can be tracked from beginning to end and from service to service is provided. The pipeline architecture of the present invention passes information through a sequence of nodes, each node providing some processing or filtering before passing information to the next node in the pipe. A transaction's token passes down a pipe of services. The pipe can have forks and branches, so a transaction's token is passed from node to node carrying messages from one node to another. The overall transactional information is not lost from service to service; instead it is carried up and down the length of the pipeline. As the transaction's token is passed up and down the pipeline, its history passes with it. The pipe links a chain of nodes connected end-to-end.

Abstract: The present invention involves creating an attribute in a directory and having a system provide attribute values for data that changes rapidly with a speed high enough to satisfy real-time requirements. The present invention calculates values rather than storing them for each attribute of an object class instance. It provides “virtual attributes” and using them in Attribute Based Access Control (ABAC). The resulting Virtual Attribute Based Access Control (VABAC) system allows a Policy Decision Point (PDP) to make better informed decisions based on information that results from metrics, statistics, or data from some outside system. Given virtual attributes, the PDPs can make access decisions based on things like reputation, skill level, trust level, organizational structure, etc.

Abstract: The present invention may comprise a system and method for a Virtual Attribute Federation System (VAFS) and may be composed of a Virtual Attribute Federation Manager (VAFM) and a system of Virtual Attribute Enabled Directories (VAED) modified to accept federation of virtual attributes. The VAFM produces signed and trusted calculation methods and coordinates a synchronized dispersal of these methods to the VAEDs. The VAEDs may have local mappings which allow for federation-time configuration of the calculation methods.

Abstract: A method and a system for collecting and maintaining historical party reputation data and for using the historical party reputation data to calculate an access decision rating and recalculating the access decision rating when the historical party reputation data has changed has a reputation updater for updating a reputation when a party's reputation has changed, a reputation storer for storing the party's reputation, an access decision rating maker for making a rating on a party's access abilities based upon the party's reputation and reputation history storage for storing a party's reputation having access decision rating storage for storing previous and present access decision storage ratings.