Abstract: Techniques for described for generating and using rule-enhanced access tokens in connection with authorization for access to resources. An access token is generated in response to determining that a user is authorized to access a protected resource. The access token contains rule information including one or more constraints, each constraint corresponding to a condition for granting or denying access to the protected resource. Upon receiving the access token, a client application can present the access token for accessing the protected resource. The client application can be configured to enforce one or more rules represented in the rule information. The client application can, for example, determine based on the one or more constraints that a condition for granting access is unmet and, in response, cancel a pending access request for the protected resource.

Abstract: Techniques for described for generating and using rule-enhanced access tokens in connection with authorization for access to resources. An access token is generated in response to determining that a user is authorized to access a protected resource. The access token contains rule information including one or more constraints, each constraint corresponding to a condition for granting or denying access to the protected resource. Upon receiving the access token, a client application can present the access token for accessing the protected resource. The client application can be configured to enforce one or more rules represented in the rule information. The client application can, for example, determine based on the one or more constraints that a condition for granting access is unmet and, in response, cancel a pending access request for the protected resource.

Abstract: Methods and systems are described for state driven orchestration of authentication components to access a resource protected by an access manager framework. In response to a client request for a protected resource, relevant authentication components and their respective order are determined. Upon successful authentication of the first authentication component, proper state information of the authentication process is stored by the client indicating the next authentication component. In response to a request for additional credential information for the authentication process from the next authentication component, the client provides the stored state information so that the authentication process continues with the second authentication component according to the determined order of the authentication components within an authentication process.

Abstract: Techniques for orchestrating workflows are disclosed herein. In an embodiment, a method of orchestrating a workflow is disclosed. In an embodiment, data is stored in a policy file which associates attributes with processes. User input is received. A process associated with an attribute is selected, where the attribute is based on the user input. The selected process is performed as part of the workflow. Also, processes may be added dynamically as part of any category inside the policy file without having to recompile or redesign the logic of the BPEL project.

Abstract: Embodiments of the present invention enable policy-based management of a user contacts list. Applications of the present invention are its use in embodiments of Instant Messaging (IM) systems. During an IM session, a session owner may temporarily add a contact to an active contacts list for a duration determined by evaluating constraints from one or more policies associated with the contact. At IM session initialization, a session owner's persistently stored contacts and their associated policies are retrieved, and the policies are evaluated. An active contacts list for use during the IM session is generated from a subset of stored contacts for which all associated policy constraints are satisfied. In embodiments, the active contacts list may be updated during a session by re-evaluating the stored contacts and associated policies. In embodiments, an active contacts list is updated after addition of a new contact determined to have an associated enabled policy satisfied.

Abstract: Techniques for orchestrating workflows are disclosed herein. In an embodiment, a method of orchestrating a workflow is disclosed. In an embodiment, data is stored in a policy file which associates attributes with processes. User input is received. A process associated with an attribute is selected, where the attribute is based on the user input. The selected process is performed as part of the workflow. Also, processes may be added dynamically as part of any category inside the policy file without having to recompile or redesign the logic of the BPEL project.

Abstract: Methods and systems are described for state driven orchestration of authentication components to access a resource protected by an access manager framework. In response to a client request for a protected resource, relevant authentication components and their respective order are determined. Upon successful authentication of the first authentication component, proper state information of the authentication process is stored by the client indicating the next authentication component. In response to a request for additional credential information for the authentication process from the next authentication component, the client provides the stored state information so that the authentication process continues with the second authentication component according to the determined order of the authentication components within an authentication process.

Abstract: Techniques for orchestrating workflows are disclosed herein. In an embodiment, a method of orchestrating a workflow is disclosed. In an embodiment, data is stored in a policy file which associates attributes with processes. User input is received. A process associated with an attribute is selected, where the attribute is based on the user input. The selected process is performed as part of the workflow. Also, processes may be added dynamically as part of any category inside the policy file without having to recompile or redesign the logic of the BPEL project.

Abstract: Methods and systems are described for state driven orchestration of authentication components to access a resource protected by an access manager framework. In response to a client request for a protected resource, relevant authentication components and their respective order are determined. Upon successful authentication of the first authentication component, proper state information of the authentication process is stored by the client indicating the next authentication component. In response to a request for additional credential information for the authentication process from the next authentication component, the client provides the stored state information so that the authentication process continues with the second authentication component according to the determined order of the authentication components within an authentication process.

Abstract: Methods and systems are described for state driven orchestration of authentication components to access a resource protected by an access manager framework. In response to a client request for a protected resource, relevant authentication components and their respective order are determined. Upon successful authentication of the first authentication component, proper state information of the authentication process is stored by the client indicating the next authentication component. In response to a request for additional credential information for the authentication process from the next authentication component, the client provides the stored state information so that the authentication process continues with the second authentication component according to the determined order of the authentication components within an authentication process.

Abstract: Techniques for managing teleconferences. A plurality of people are associated with a plurality of identifiers such that each person is associated with at least one identifier. For each caller to a teleconference associated with a different identifier, authentication information is solicited from the caller. Authentication information is received from the caller in response to the solicitation and a determination, based on the received authentication information, is made whether the caller is associated with one of the identifiers.

Abstract: Techniques for managing teleconferences. A plurality of people are associated with a plurality of identifiers such that each person is associated with at least one identifier. For each caller to a teleconference associated with a different identifier, authentication information is solicited from the caller. Authentication information is received from the caller in response to the solicitation and a determination, based on the received authentication information, is made whether the caller is associated with one of the identifiers.

Abstract: In one embodiment, a rule is received that specifies an action to perform based on text of any instant messages received. An input is received to change from a first mode to a second mode. The second mode may be a virtual offline mode in which rules may be applied to incoming instant messages. When an instant message is received, text of the instant message is recognized. For example, text in the body of the instant message or metadata is determined. The rule is applied to the recognized text to determine if an action for the rule should be performed. For example, if a certain phrase is detected, then an action may be performed. The actions may include pre-configured auto-responses, allowing display of the instant message for certain senders even if the user has indicated he/she is busy, or storing of the message for later delivery.

Abstract: Techniques for orchestrating workflows are disclosed herein. In an embodiment, a method of orchestrating a workflow is disclosed. In an embodiment, data is stored in a policy file which associates attributes with processes. User input is received. A process associated with an attribute is selected, where the attribute is based on the user input. The selected process is performed as part of the workflow. Also, processes may be added dynamically as part of any category inside the policy file without having to recompile or redesign the logic of the BPEL project.

Abstract: Embodiments of the present invention enable policy-based management of a user contacts list. Applications of the present invention are its use in embodiments of Instant Messaging (IM) systems. During an IM session, a session owner may temporarily add a contact to an active contacts list for a duration determined by evaluating constraints from one or more policies associated with the contact. At IM session initialization, a session owner's persistently stored contacts and their associated policies are retrieved, and the policies are evaluated. An active contacts list for use during the IM session is generated from a subset of stored contacts for which all associated policy constraints are satisfied. In embodiments, the active contacts list may be updated during a session by re-evaluating the stored contacts and associated policies. In embodiments, an active contacts list is updated after addition of a new contact determined to have an associated enabled policy satisfied.