Abstract: In one embodiment, a device may determine a compliance status of a communication of a type of data between a first workload and a second workload based on a data compliancy policy and a verified node location of at least one of the first workload and the second workload. The device may send, based on the compliance status of the communication, an instruction for handling the communication to at least one of a node executing the first workload and a node executing the second workload.

Abstract: In one embodiment, a device obtains an ontology derived from a data usage restriction document and indicative of a category of protected data. The device obtains metadata indicative of a type of data handled by an application. The device creates a mapping between the type of data handled by the application and the category of protected indicated by the ontology. The device generates, based on the mapping, a data compliance manifest used by a workload engine to constrain use of the type of data during execution of the application or used to constrain use of the type of data during deployment of the application.

Abstract: In one embodiment, a device may extract, from one or more bodies of text, a data usage restriction for a particular type of data. The device may send, to a user interface, the data usage restriction extracted from the one or more bodies of text for presentation for a user. The device may receive, via the user interface, feedback from the user regarding the data usage restriction. The device may generate a data compliance constraint that controls how an application service handles the particular type of data, based on the data usage restriction and the feedback from the user.

Abstract: In one embodiment, a device may obtain an identifier of a proof of location process (PLP) and an identifier of a node where the PLP is executed. The device may receive a query from a compliance engine for a proof of location of the node where the PLP is executed. The device may identify, based on the identifier of the PLP and the identifier of the node, a physical location of the node. The device may provide, to the compliance engine, a response to the query that is indicative of the physical location of the node, wherein the compliance engine enforces one or more data compliance policies with respect to a workload executed by the node and based on the physical location of the node.

Abstract: In one embodiment, a device determines a category of sensitive data processed by an application, based on annotations embedded into programming code of the application and protection bindings, which associate the category of sensitive data with one or more data types used by the application. The device computes, based on one or more data compliance constraints for the category of sensitive data, a set of one or more execution constraints for the application. The device identifies target infrastructure to execute a workload of the application that satisfies the set of one or more execution constraints. The device causes a deployment of the workload of the application for execution by the target infrastructure.

Abstract: In one embodiment, a device may obtain a location of an endpoint that communicates with an application service. The device may match the location of the endpoint to a data compliance policy. The device may identify sensitive data within the application service to which the data compliance policy applies. The device may configure the application service to permit the endpoint to at least one of access or send the sensitive data when permitted by the data compliance policy.

Abstract: In one embodiment, an observability and assurance service, associated with various clusters of application services for an application that are executed in a data mesh, may configure a data compliance filter for a particular application service in one of the clusters of application services according to a data compliance policy. The observability and assurance service may monitor the data and traffic associated with the particular application service, wherein the data compliance filter is applied to the traffic to restrict sensitive data in the traffic from being processed by the particular application service. The observability and assurance service may make a determination that the data compliance policy has been violated by the particular application service. The observability and assurance service may modify, based on the determination, the data compliance filter for the particular application service.

Abstract: In one embodiment, a device obtains program code of an application that defines annotations denoting a plurality of data types handled by the application. The device determines, for each of the plurality of data types, an association between that data type and a category of sensitive data. The device creates, based on the association for each of the plurality of data types, a protection binding that defines a data handling scope bonded to the association between that data type and its associated category of sensitive data. The device causes data compliance policies to be applied to the application according to its corresponding associations and protection bindings.

Abstract: A method includes receiving, at an access node, a connection request from a device and in response to the connection request, establishing a connection with an identity provider. The device, the access node, the local network, and the identity provider are members of an identity federation. The method also includes, after the device is authenticated with the identity provider, sending or receiving, to or from the identity provider and by the access node, data linking the device to an item and an owner of the device.

Abstract: In one embodiment, a brokering service receives, from a requesting device, a request to verify an online claim associated with an online resource. The brokering service identifies, based upon the request, a proving entity for the online claim. The brokering service obtains, from the proving entity, digitally verifiable proof that indicates that the online claim has been securely verified by the proving entity. The brokering service provides the digitally verifiable proof to the requesting device, wherein the digitally verifiable proof causes the requesting device to display an indication that the online claim has been securely verified.

Abstract: Methods and systems for sensor fusion as a service include receiving a sensor fusion intent descriptive of desired data from a specified environment; determining candidate sensors present in the specified environment that may be used to obtain at least a portion of the desired data; and transforming the sensor fusion intent into a sensor fusion manifest by selecting a plurality of the candidate sensors to obtain respective output data, and by defining at least one action to fuse the respective output data into the desired data, wherein the sensor fusion manifest includes an identification of the selected candidate sensors and the at least one action to fuse the respective output data from the selected candidate sensors into the desired data.

Abstract: A method includes receiving, at an access node, a connection request from a device and in response to the connection request, establishing a connection with an identity provider. The device, the access node, the local network, and the identity provider are members of an identity federation. The method also includes, after the device is authenticated with the identity provider, sending or receiving, to or from the identity provider and by the access node, data linking the device to an item and an owner of the device.

Abstract: Embodiments herein registers Asset Owners (AOs) and AO applications to a location, aggregation, and insight (LAI) service that are part of the same identity federation. When registering the AO with the LAI service, the AO selects which of a plurality of Identity Providers (IDPs) it has a relationship with, and the LAI service can then bind those IDPs to the AO application. This binding associates respective realms (e.g., domains) corresponding to the selected IDPs to the AO application. Later, when a device owned by the AO roams to a visited network (VN), the LAI service can then use a realm identified from a device ID provided by the device to identify the ID of the AO application. The LAI service then enables the VN to transmit a location of the device to the AO application. In one embodiment, the VN obtains consent from the AO before sharing location data.

Abstract: The present technology discloses non-transitory computer-readable media, systems, and methods for receiving a notification that an identified physical object has attached to a roaming network, wherein the identified physical object is roaming when on the roaming network; translating at least one policy intent that was defined at a home network for the identified physical object into a policy suitable to be applied by the roaming network; and sending, to the roaming network, the at least one translated policy intent to be applied to the identified physical object on the roaming network.

Abstract: The present technology discloses non-transitory computer-readable media, systems, and methods for receiving a notification that an identified physical object has attached to a roaming network, wherein the identified physical object is roaming when on the roaming network; translating at least one policy intent that was defined at a home network for the identified physical object into a policy suitable to be applied by the roaming network; and sending, to the roaming network, the at least one translated policy intent to be applied to the identified physical object on the roaming network.

Abstract: Methods and systems for sensor fusion as a service include receiving a sensor fusion intent descriptive of desired data from a specified environment; determining candidate sensors present in the specified environment that may be used to obtain at least a portion of the desired data; and transforming the sensor fusion intent into a sensor fusion manifest by selecting a plurality of the candidate sensors to obtain respective output data, and by defining at least one action to fuse the respective output data into the desired data, wherein the sensor fusion manifest includes an identification of the selected candidate sensors and the at least one action to fuse the respective output data from the selected candidate sensors into the desired data.

Abstract: A management system performs a focused search to find uniform resource identifiers (URIs) of potentially counterfeit products and/or fake assets online, performs a search for adjacencies of blacklist URIs of counterfeit products and/or fake assets online to find additional URIs of potentially counterfeit products and/or fake assets online that are related to the blacklist URIs, and adds the URIs and the additional URIs to a URI list. The management system classifies, by a machine learning classifier, each URI on the URI list as one of a blacklist URI of counterfeit products and/or fake assets online, and a whitelist URI of authentic products and/or assets online, and repeats the performing the search for adjacencies using blacklist URIs resulting from the classifying, the adding, and the classifying operations, and removes access to counterfeit and/or fake assets online revealed by the focused search, the search for adjacencies, or the classifying.

Abstract: The subject matter discloses a method of composing a video file, comprising receiving a video file having speech from an electronic device used to capture the video file, extracting the speech from the video file and converting the speech to text, analyzing the text to identify breathing points in the text, assigning a start time code and end time code to sections of the text, said sections of the text are defined between two breathing points in the text, and displaying the video file while each section of the sections of the text is displayed between the start time code and end time code associated with the identified breathing points.

Abstract: The subject matter discloses a method of composing a video file, comprising receiving a video file from a mobile electronic device, the video is captured in response to a command from a presenter shown in the video, automatically identifying at least two video scenes in the video according to properties of the video file, determining video properties for the two or more scenes, at least one video property is different among the two or more scenes and composing one video file out of said at least two video scenes