Abstract: In some embodiments, a method receives a context for a user account and selects a plurality of collections for an interface. A collection includes one or more instances of content. The method analyzes a context for a user account to select a theme from a plurality of themes for a collection in the plurality of collections. The themes in the plurality of themes apply different display formats to the collection. The method sends an identifier for the theme and information for the collection to a client device being used by the user account to indicate to the interface the theme to use to display the collection with the plurality of collections.

Abstract: A computer program product, apparatus, and system, are disclosed for user authentication based on authentication credentials and location information. A computer program product performs operations for such authentication. These operations of the computer program product include referencing past user location information in response to an authentication validation request and referencing current user location information. These operations also include determining a maximum allowable distance between an authentication attempt location associated with the authentication attempt location identifier and a past location associated with the past user interaction location identifier, and managing the authentication attempt, in response to determining that the physical authentication attempt location is outside the maximum allowable distance. The computer program product, apparatus, and system thereby reduce the possibility of identity theft by adding an element of location awareness to the authentication process.

Abstract: The present invention is in the fields of medicine, public health, immunology, molecular biology and virology. The invention provides composition comprising a virus-like particle (VLP) linked to at least one antigen of the invention, wherein said antigen of the invention is CCR5 of the invention, gastrin of the invention, CXCR4 of the invention, CETP of the invention or C5a of the invention. The invention also provides a process for producing the composition. The compositions of this invention are useful in the production of vaccines, in particular, for the treatment of diseases in which the antigen of the invention mediates, or contributes to the condition, particularly for the treatment of AIDS, gastrointestinal cancers, coronary heart diseases or inflammatory diseases. Moreover, the compositions of the invention induce efficient immune responses, in particular antibody responses.

Abstract: A computer program product, apparatus, and system, are disclosed for user authentication based on authentication credentials and location information. A computer program product performs operations for such authentication. These operations of the computer program product include referencing past user location information in response to an authentication validation request and referencing current user location information. These operations also include determining a maximum allowable distance between an authentication attempt location associated with the authentication attempt location identifier and a past location associated with the past user interaction location identifier, and managing the authentication attempt, in response to determining that the physical authentication attempt location is outside the maximum allowable distance. The computer program product, apparatus, and system thereby reduce the possibility of identity theft by adding an element of location awareness to the authentication process.

Abstract: A method is presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions.

Abstract: Methods, systems, and computer program products are disclosed that give entities flexibility to implement custom authentication methods of other entities for authentication of a principal in a federation by authenticating the principal by an identity provider according to a service provider's authentication policy and recording in session data of the identity provider an authentication credential satisfying the service provider's authentication policy. Authentication of a principal in a federation is also carried out by authenticating the principal by the identity provider according to an identity provider's authentication policy. Authentication of a principal in a federation is further carried out by receiving in the identity provider an authentication request from the service provider, the authentication request specifying the service provider's authentication policy.

Abstract: A method and system is presented to parse a WSDL description and build a hierarchical protected object namespace for authorization of access to the resource, wherein the protected object namespace is based on the abstract part of a WSDL but can be used to assist in authorization decisions for multiple different concrete bindings of this WSDL, wherein the concrete binding/request is based on the WS-Addressing endpoint reference.

Abstract: A method, system, apparatus, and computer program product are presented to support computing systems of different enterprises that interact within a federated computing environment. Federated single-sign-on operations can be initiated at the computing systems of federation partners on behalf of a user even though the user has not established a user account at a federation partner prior to the initiation of the single-sign-on operation. For example, an identity provider can initiate a single-sign-on operation at a service provider while attempting to obtain access to a controlled resource on behalf of a user. When the service provider recognizes that it does not have a linked user account for the user that allows for a single-sign-on operation with the identity provider, the service provider creates a local user account. The service provider can also pull user attributes from the identity provider as necessary to perform the user account creation operation.

Abstract: A method is presented in which computing environments of different enterprises interact within a federated computing environment. Federated operations can be initiated at the computing environments of federation partners on behalf of a user at a different federated computing environment. A first domain and a second domain, which are federated entities within the federated environment, can initiate a logout operation at the other domain on behalf of a user as part of a federated single-sign-off operation. In a generalized single-sign-off operation, a first domain generates a list of domains with which the first domain has participated in a single-sign-on operation on behalf of the user and sends to those domains a logoff request message in order to logoff the user at each domain. A logoff response message contains at least one error code that indicates information about a reason for a failure to logoff the user at the respective domain.

Abstract: The invention provides federated functionality within a data processing system by means of a set of specialized runtimes. Each of the plurality of specialized runtimes provides requested federation services for selected ones of the requestors according to configuration data of respective federation relationships of the requestors with the identity provider. The configuration data is dynamically retrieved during initialization of the runtimes which allows the respective runtime to be specialized for a given federation relationship. Requests are routed to the appropriate specialized runtime using the first requestor identity and the given federation relationship. The data which describes each federation relationship between the identity provider and each of the plurality of requesters is configured prior to initialization of the runtimes.

Abstract: A method, a system, an apparatus, and a computer program product are presented for improving a register name identifier profile within a federated computing environment such that the register name identifier profile is enhanced to be more securely binding between two federated entities within the federated computing environment, such as an identity provider and a service provider. After the first federated entity sends a register name identifier request for a principal to the second federated entity, the second federated entity performs an authentication operation for the principal. In response to successfully completing the authentication operation, the second federated entity registers or modifies a name identifier for the principal that has been extracted from the received register name identifier request.

Abstract: A method and a system are presented in which federated service providers interact within a federated environment to initiate federated operations. A point-of-contact component that provides session management capabilities at a first service provider receives a request from a client. The request is then sent, possibly using redirection through a client, to a federated user lifecycle management functional component of the first service provider, which may interact with a point-of-contact component at a second service provider to initiate a federated user lifecycle management function at the second service provider, which enlists the assistance of a federated user lifecycle management functional component at the second service provider.

Abstract: An Internet user transfers directly to a domain within an e-community without returning to a home domain or re-authenticating. The user's home domain server prepares and forwards a home domain identity cookie (DIDC) with an enrollment request to a user's browser, with the enrollment request being redirected to an affiliated domain server in the e-community. The affiliated domain server prepares and sends an affiliated DIDC with an enrollment confirmation to the user's browser, redirecting the enrollment confirmation to the home domain server. The home domain server modifies the home DIDC to include a symbol which indicates successful enrollment at the affiliated site. The process may be repeated for a plurality of affiliated domains to achieve automatic enrollment a portion of or an entire e-community.

Abstract: A method and a system are presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions. When a user is provisioned at a particular federated domain, the federated domain can provision the user to other federated domains within the federated environment. A provision operation may include creating or deleting an account for a user, pushing updated user account information including attributes, and requesting updates on account information including attributes.

Abstract: A method is presented in which federated domains interact to complete transactions within a federated environment. A point-of-contact server within a domain relies upon a trust service to manage trust relationships. An administrative user can build a federation relationship between a first service provider and a second service provider, which includes a trust relationship between the first service provider and the second service provider and a selection of federation-related operations, i.e. federation functionality. During configuration of the federation relationship, a file is dynamically generated based on the selection of federation functionality for the federation relationship. The file is exported to the second service provider, which provides additional configuration information by inserting it into the file.

Abstract: A method and a system are presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. The point-of-contact server receives incoming requests directed to the domain and interfaces with a first application server and a second application server, wherein the first application server responds to requests for access to controlled resources and the second application server responds to requests for access to federated user lifecycle management functions, which are implemented using one or more pluggable modules that interface with the second application server.

Abstract: A method is presented for providing an HTTP-based authentication mechanism. A request for a controlled resource is received from a client at a first server, which sends a request for an uncontrolled resource to a second server, which may be an HTTP-based authentication server, e.g., by redirecting a request via the client to the second server or by forwarding a request directly to the second server. The second server then obtains authentication information from the client. The second server returns the authentication credential or the authenticated identify to the first server within a response message, e.g., by storing the authentication credential within one or more HTTP headers. In response to receiving the authentication information, the first server builds a session for the client and processes the original request for the controlled resource, e.g., by sending a redirection for the controlled resource through the client.

Abstract: A method and a system are presented in which computing environments of different enterprises interact within a federated computing environment. Federated operations can be initiated at the computing environments of federation partners on behalf of a user at a different federated computing environment. A point-of-contact service relies upon a trust service to manage trust relationships between a computing environment and computing environments of federation partners. The trust service employs a key management service, an identity/attribute service, and a security token service. A federated user lifecycle management service implements federated user lifecycle functions and interacts with the point-of-contact service and the trust service.