Abstract: This disclosure relates to the ability to use multiple claim transformation modules in a trust relationship. Claim transformation modules transform a claim or claim set into a transformed claim or claim set for use by a trusted partner and/or application. Multiple claim transformation modules may be given the opportunity to act on a claim or claim set in a pipelined fashion. In another embodiment, multiple claim transformation modules may exist, but only the proper claim transformation module(s) is(are) given the opportunity to act on a claim or claim set. In an embodiment, the claims involved are security claims used for authentication purposes between trust partners in a federated authentication system.

Abstract: An information processing system is provided which includes a plurality of system resources, and an event queue having a predetermined number of entries. An event recording mechanism of the information processing system is operable to make entries regarding events in the event queue, wherein the entries are limited to a predetermined number of active entries in the event queue per each type of event per each of the system resources. In a particular embodiment, the number of entries per each type of event for each of the system resources is limited to one.

Abstract: A communication port of a communications interface of an information handling system comprises a plurality of virtual ports. A first command is issued to obtain information indicating a number of images of virtual ports supportable by the communications interface. A second command is then issued requesting the communications interface to virtualize the communication port. In response to the second command, one or more virtual switches are then configured to connect to the communication port, each virtual switch including a plurality of virtual ports, such that the one or more virtual switches are configured in a manner sufficient to support the number of images of virtual ports indicated by the obtained information. Thereafter, upon request via issuance of a third command, a logical link is established between one of the virtual ports of one of the virtual switches and a communicating element of the information handling system.

Abstract: Performance counters are provided for virtualized network interfaces of communications networks, while minimizing the use of hardware resources. A virtualized network interface includes physical resources, as well as logical resources. Dedicated performance counters are provided for the physical resources of the virtualized network interface, as well as for logical partitions coupled to that interface, while non-dedicated performance counters are provided for the logical resources. This enables the provision of performance counters for virtualized network interfaces, while minimizing hardware resources consumed by those interfaces.

Abstract: Systems and methods directed at enhancing the capability of a federated authentication system by configuring the system with extensibility points for adding new account stores and customizing claim transformations. The federated authentication system includes accounts stores, a security token service (STS), and custom claim transformation modules. The account stores are configured to maintain data associated with accounts and to provide security claims in an intermediate format. The STS is configured to retrieve the security claims provided by the account stores and includes built-in transformations for transforming each security claim from the intermediate format to formats associated with resource providers. The STS is further configured to provide extensibility points for custom claim transformations that are not available from the built-in transformations. The custom claim transformation modules are configured to perform at least one custom claim transformation.

Abstract: Systems and methods directed at transforming security claims in a federated authentication system using an intermediate format. The systems and methods described herein are directed at transforming security claims in a federated authentication system using an intermediate format. The federated authentication system includes an identity provider and a resource provider. The identity provider receives a request for information from the resource provider to authenticate an account by an application associated with the resource provider. A security claim associated with the account is retrieved where the security claim is provided by an account store in a format specific to the account store. The security claim is transformed from the account store specific format to an intermediate format. The security claim is then transformed from the intermediate format to a federated format recognized by the resource provider. The transformed security claim is provided in a security token to the resource provider.

Abstract: A method is provided for configuring a communication port of a communications interface of an information handling system into a plurality of virtual ports. A first command is issued to obtain information indicating a number of images of virtual ports supportable by the communications interface. A second command is then issued requesting the communications interface to virtualize the communication port. In response to the second command, one or more virtual switches are then configured to connect to the communication port, each virtual switch including a plurality of virtual ports, such that the one or more virtual switches are configured in a manner sufficient to support the number of images of virtual ports indicated by the obtained information. Thereafter, upon request via issuance of a third command, a logical link is established between one of the virtual ports of one of the virtual switches and a communicating element of the information handling system.

Abstract: An information processing system is provided which includes a plurality of system resources, and an event queue having a maximum number of entries. An event recording mechanism of the information processing system is operable to make entries regarding events in the event queue, wherein the entries are limited to a predetermined number of active entries in the event queue per each type of event per each of the system resources. In a particular embodiment, the number of entries per each type of event for each of the system resources is limited to one.

Abstract: A processor node of a network is provided which includes one or more processors and a virtualized channel adapter. The virtualized channel adapter is operable to reference a table to determine whether a destination of the communication is supported by the virtualized channel adapter. When the destination is supported for routing via hardware, the virtualized channel adapter is operable to route the communication via hardware to at least one of a physical port and a logical port of the virtualized channel adapter. Otherwise, when the destination is not supported for routing via hardware, the virtualized channel adapter is operable to route the communication via firmware to a virtual port of the virtualized channel adapter. A corresponding method and a recording medium having information recorded thereon for performing such method are also provided herein.

Abstract: I/O adapters, such as InfiniBand™ host channel adapters (HCAs) or iWarp remote network interface cards (RNICs) use work requests to pass information to a queue pair and work completions to determine when a work request has completed. Timing information in various stages of processing of these work requests allow a workload manager to identify sources of delay that impacts transaction processing. Work requests request processing that can be marked with a timestamp. Processing stages include: (1) the time when the work request is posted to the send queue, (2) the time when the first packet is sent on the link for that work request, (3) the time at which the work request has completed its processing, and (4) the time when the work completion is retrieved by the software. By comparing the timestamps, the workload manager determines the processing and transaction times.

Abstract: An enterprise network architecture has a trust link established between two autonomous network systems that enables transitive resource access between network domains of the two network systems. The trust link is defined by data structures maintained by each of the respective network systems. The first network system maintains namespaces that correspond to the second network system and a domain controller in the first network system, or a first network system administrator, indicates whether to trust individual namespaces. An account managed by a domain in the second network system can request authentication via a domain controller in the first network system. The first network system determines from the trust link to communicate the authentication request to the second network system. The first network system also determines from the trust link where to communicate authorization requests when administrators manage group memberships and access control lists.

Abstract: A method, apparatus, and computer program product are disclosed in a data processing system for migrating data pages subject to DMA access by temporarily disabling selected DMA operations within a physical I/O adapter. A determination is made as to whether to disable data access DMA capabilities of the physical I/O adapter. An operating mode of the physical I/O adapter is set to a particular mode utilizing a mode bit according to the determination of whether to disable data access DMA capabilities. Only data access DMA capabilities of the physical I/O adapter are disabled when the mode bit is set. Administrative services operations continue to be performed by the physical I/O adapter when the data access DMA capabilities of the physical I/O adapter are disabled.

Abstract: A system for authenticating computer users comprising a single active directory disposed in an intranet, a web server disposed in a DMZ associated with the intranet, and a web client coupled to the web server through an internet connection that is capable of signing on to the web server.

Abstract: A system for authenticating computer users comprising, a single active directory disposed in a federated partner, a web server disposed in a DMZ associated with the intranet; and a client disposed in the federated partner coupled to the web server through an internet connection that is capable of signing on to the web server.

Abstract: The described systems, methods, and data structures are directed at data transfer using Hyper-Text Transfer Protocol (HTTP) query strings. A block of data is partitioned into sections. Each section is encoded in a query string of a HTTP message. Each HTTP message is sent to a server by redirecting through a client. Multiple redirected messages are sent until the entire block of data is transferred to the server. The data block may be stored as a cookie on the client so that the data block does not have to persist on any server. Data transfer using HTTP query strings may be implemented to transfer a security token from a security token service (STS) server to an application server.

Abstract: Disclosed are methods of purifying glycopeptides that are substituted with one or more substituents each comprising one or more phosphono groups that are useful as antibacterial agents. The methods include contacting a solution of the glycopeptide derivatives with a polystyrene-containing resin, eluting the resin with an aqueous solution, and isolating the purified glycopeptide derivative.

Abstract: In a logical partitioning (LPAR) environment with InfiniBand™ host channel adapters (HCAs), multiple operating systems share the resources of a physical HCA. A mechanism for efficiently allocating memory regions (or memory windows) to different LPARs is provided, while ensuring that a memory region assigned to one LPAR is not accessible from another LPAR.

Abstract: A method, system, and storage medium for the InfiniBand™ Poll verb to support a multi-threaded environment without the use of kernel services to provide serialization for mainline Poll logic. Poll is the verb, which allows a consumer to determine which of its work requests have completed, and provides ending status. In addition to multiple concurrent threads using Poll against a single Completion Queue, Poll is serialized with Destroy Queue Pair and Destroy Completion Queue. Completion Queues are used to maintain completion status for work requests. Queue Pairs are used to submit work requests and are related to a Completion Queue at the time they are created.

Abstract: Exemplary embodiments include a method, system, and storage medium for managing computer processing functions in a multi-processor computer environment that includes a standard logical processor and an assist logical processor, each of which share the same operating system instance within a logical partition. The method includes invoking a switch-to service by standard code. The standard code is running on a standard logical processor and is executing a task. The switch-to service checks to see if an assist logical processor is online, and it if finds one, the switch-to service updates an integrated assist field of a work element block associated with the task and assigns a queue to the work element block. The task is dispatched, in accordance with business rules identified in a system control block, on either of said assist logical processor or said standard logical processor.

Abstract: A method, computer program product, and data processing system for providing system-area network (SAN) multicasting functionality in a logically partitioned (LPAR) data processing system in which a channel adapter is shared among a plurality of logical partitions is disclosed. A preferred embodiment of the present invention allows LPAR “hypervisor” firmware to assume the responsibility for multicast protocol handling and distribution of packets among logical partitions.