Abstract: Virtualization platforms and management clients therefor are communicatively coupled to one another via a control layer logically disposed therebetween. The control layer is configured to proxy virtualization management commands from the management clients to the virtualization platforms, but only after successful authentication of users (which may include automated agents and processes) issuing those commands and privileges of those users as defined by access control information accessible to the control layer. The control layer may be instantiated as an application running on a physical appliance logically interposed between the virtualization platforms and management clients, or a software package running on dedicated hardware logically interposed between the virtualization platforms and management clients, or as an application encapsulated in a virtual machine running on a compatible virtualization platform logically interposed between the virtualization platforms and management clients.

Abstract: Resources of a virtualized ecosystem are intelligently secured by defining and analyzing object handling security control information for one or more logical resources in the virtualized ecosystem and deriving therefrom object properties for each of the logical resources involved in the execution of a virtual machine in any given context within the virtualized ecosystem.

Abstract: An automated configuration management system (ACMS) oversees resources of a virtualized ecosystem by establishing a baseline configuration (including, e.g., security controls) for the resources; and, repeatedly, monitoring and collecting data from the resources, analyzing the data collected, making recommendations concerning configuration changes for the resources of the virtualized ecosystem based on the analysis, and either adopting and implementing the recommendations or not, wherein new states of the virtualized ecosystem and reactions to recommended changes are observed and applied in the form of new recommendations, and/or as adjustments to the baseline. The recommendations may be implemented automatically or only upon review by an administrator before being implemented or not.

Abstract: Virtualization platforms and management clients therefor are communicatively coupled to one another via a control layer logically disposed therebetween. The control layer is configured to proxy virtualization management commands from the management clients to the virtualization platforms, but only after successful authentication of users (which may include automated agents and processes) issuing those commands and privileges of those users as defined by access control information accessible to the control layer. The control layer may be instantiated as an application running on a physical appliance logically interposed between the virtualization platforms and management clients, or a software package running on dedicated hardware logically interposed between the virtualization platforms and management clients, or as an application encapsulated in a virtual machine running on a compatible virtualization platform logically interposed between the virtualization platforms and management clients.

Abstract: A secure content service available through a network comprising a user profile stored in a user profile store and a profile access controller to enforce access rights to the user profile, wherein the user profile is used to provide access rights to other content.

Abstract: A method and apparatus to provide identity management deployment interoperability and compliance verification. In one embodiment, the system also provides on-demand services including automated certification, monitoring, alerting, routing, and translation of tokens for federated identity related interactions between multi-domain identity management systems is provided.

Abstract: A secure content service available through a network comprising a user profile stored in a user profile store and a profile access controller to enforce access rights to the user profile, wherein the user profile is used to provide access rights to other content.

Abstract: A method and apparatus to provide an authoring tool enabling a user to create content and to selectively encrypt content is described. The encryption is designed to associate an entitlement with the content, the entitlement restricting access to the content. The system in one embodiment further includes a reading tool to access various content, the reading tool to enable an integrated reading of clear-text content and encrypted content. The system, in one embodiment, is designed to interact with a secure content service to provide a decryption key when an authorized user wishes to access the encrypted content.

Abstract: A system to provide selective encryption controls for content is described. The system comprises a secure content service to verify entitlement of a content consumer to the encrypted content based on the entitlement associated with the content and a user profile associated with the content consumer.