Abstract: A method, program product and apparatus for controlling access to profile information, multi-media resources or social network functions of a first user by a second user not listed on a friend or group listing of the first user. An application retrieves a threshold criteria for access control and social network statistics in response to an attempted access by an entity without an appropriate privilege. The application compares the statistics to the threshold. Then, if the statistics meet the threshold criteria, the application allows access.

Abstract: Performance impacting operations (e.g., maintenance operations) performed on a system can, depending on a current state of the system, heavily impact the performance of the system, thus affecting a customer's experience with the system. Functionality can be implemented to control execution of the performance impacting operations based on simulating the impact of executing the operation. Depending on the current state of the system, execution of the maintenance operations can be allowed, deferred, and even blocked. This can ensure that the performance of the system is not compromised.

Abstract: An abstraction layer associates a party-focused object, a security-focused object, or both, with an abstraction object. The party-focused or security focused object has one or more properties. The properties are presented in the abstraction object defined by the mapping schema. The abstraction layer converts a set of repository objects to at least one abstraction object.

Abstract: A method, program product and apparatus for controlling access to profile information, multi-media resources or social network functions of a first user by a second user not listed on a friend or group listing of the first user. An application retrieves a threshold criteria for access control and social network statistics in response to an attempted access by an entity without an appropriate privilege. The application compares the statistics to the threshold. Then, if the statistics meet the threshold criteria, the application allows access.

Abstract: A method of controlling password changes in a system having a plurality of data processing systems having separate password registries. Contents of passwords in the password registries of the data processing systems are controlled using password content policies that are centrally shared between the plurality of data processing systems.

Abstract: A mechanism is provided for rapid integration of directory based applications. A directory proxy lies between applications and the back end repositories. A filtering mechanism detects application specific operations using a set of rules. Notification of a detected operation is sent to interested application-specific synchronization elements. A notified synchronization element requests the parent application to perform a semantically equivalent operation.

Abstract: A method and apparatus for establishing a secure communication connection between a Java application or applet and a secure server is provided. An HTTPS handler is provided that may be used by Java applications or applets to establish secure communication connections with secure Web servers.

Abstract: A method of controlling password changes in a system having a plurality of data processing systems having separate password registries. Contents of passwords in the password registries of the data processing systems are controlled using password content policies that are centrally shared between the plurality of data processing systems.

Abstract: Methods, systems and computer program products are provided which provide cryptographic services to an application by incorporating in the application an indication of at least one authorized cryptographic function for the application. The indication of at least one authorized cryptographic function for the application is communicated to a cryptographic library that supports a plurality of cryptographic functions. The at least one authorized cryptographic function corresponding to the indication of at least one authorized cryptographic function is then identified as a valid cryptographic function for the application.

Abstract: Methods, systems and computer program products are provided which communicate between client applications and a transaction server by establishing a persistent secure connection between the transaction server and a Secure Socket Layer (SSL) proxy server. A first session specific SSL connection, different from the persistent secure connection, is also established between a first client application and the SSL proxy server. Communications between the first client application and the SSL proxy server transmitted over the first session specific SSL connection are then forwarded with the client's identity preserved to the transaction server over the persistent secure connection.

Abstract: Methods, systems and computer program products authenticate client requests to access server resources. A server receives a certificate containing multiple data fields associated with the client making a request. The server selects data from at least one of the certificate data fields and filters the selected data using at least one predefined filter rule associated with the requested server resources to authenticate the client request. Combinations of filter rules may be utilized and the server may select data from various combinations of data fields.

Abstract: Systems, methods and computer program products for two-party key authentication provide additional security against intruders that might gain access to the password database of a server. The client verifies his clear password over an encrypted channel, rather than merely verifying the encrypted password, prior to receiving secure traffic.