Abstract: Services of a multi-tier application can authorize (e.g., including authenticating) each other with one or more service access tokens provided by a security token service. In one implementation, an end-user can authenticate with the security token service to obtain one or more security tokens for communicating with an upstream application service. Requests that involve further processing from downstream services of the application can also involve service authorization/authentication measures. Thus, the upstream application service can also authenticate with the security token service to obtain one or more security tokens, such as a session token, and a service access token. The service access token for the upstream service can also include one or more signed policy settings. The upstream service can then use the one or more security tokens to prove authority to communicate with a downstream service in accordance with the policy settings.

Abstract: The present invention extends to trusted third party authentication for Web services. Web services trust and delegate user authentication responsibility to a trusted third party that acts as an identity provider for the trusting Web services. The trusted third party authenticates users through common authentication mechanisms, such as, for example, username/password and X.509 certificates and uses initial user authentication to bootstrap subsequent secure sessions with Web services. Web services construct user identity context using a service session token issued by the trusted third party and reconstruct security states without having to use a service-side distributed cache.

Abstract: Methods and apparatus for managing business interactions between opposing parties. Business interactions are mapped to service contracts. The service contracts are mapped to machine readable code. The machine readable code is defined by business transaction patterns and service interaction patterns. The machine readable code is consumed by an IT system. Management tasks associated with fulfilling obligations required by the business interactions are generated.