Abstract: A method for providing security for a business application including receiving a request from a server including a server public key and a security token, deploying a virtual node implementing the business application in response to the request, using the security token in a bootstrap process by the virtual node to provide authentication to the server, and authenticating a message from the server using a server public key.

Abstract: A system or computer usable program product for providing security for a business application including receiving a request from a server including a server public key and a security token, deploying a virtual node implementing the business application in response to the request, using the security token in a bootstrap process by the virtual node to provide authentication to the server, and authenticating a message from the server using a server public key.

Abstract: A method for providing security for a business application including receiving a request from a server including a server public key and a security token, deploying a virtual node implementing the business application in response to the request, using the security token in a bootstrap process by the virtual node to provide authentication to the server, and authenticating a message from the server using a server public key.

Abstract: A system or computer usable program product for providing security for a business application including receiving a request from a server including a server public key and a security token, deploying a virtual node implementing the business application in response to the request, using the security token in a bootstrap process by the virtual node to provide authentication to the server, and authenticating a message from the server using a server public key.

Abstract: Systems, methods and media for managing and generating encryption keys are disclosed. In one embodiment, a processor executes encryption key processing computer code to receive requests for keys from an application program. The processor determines whether the requesting application program executes on a node or server that is within the scope of machines authorized to receive the requested keys. If authorized, the processor produces a key map and sends the key map to the application program, enabling the application program to access one or more keys in the key map. The keys are updated automatically according to a specifiable schedule.

Abstract: Methods, apparatus, and products are disclosed for security policy validation for web services that include: transforming a security policy for a web service into a policy predicate logic representation; providing a profile predicate logic representation that represents one or more rules of a security policy profile; determining whether the security policy satisfies the security policy profile in dependence upon the policy predicate logic representation and the profile predicate logic representation; and notifying a user that the security policy is valid if the security policy satisfies the security policy profile

Abstract: Methods, apparatus, and products are disclosed for security policy validation for web services that include: transforming a security policy for a web service into a policy predicate logic representation; providing a profile predicate logic representation that represents one or more rules of a security policy profile; and determining whether the security policy satisfies the security policy profile in dependence upon the policy predicate logic representation and the profile predicate logic representation.

Abstract: Methods and arrangements to handle network messages containing security information are disclosed. Embodiments include transformations, code, state machines or other logic to handle network messages containing security information by configuring an application to generate and process security information of network messages. An embodiment may involve creating a data structure to store security information of network messages and storing security information in the data structure. The security information may include a specification of a cryptographic key, a format to represent information about the cryptographic key, a policy to select a security token of a requestor when multiple security tokens are contained in network messages, or a policy to select a security token to determine the degree of trust to provide a message sender. The embodiment may include the generation of security information or consumption of security information of a message utilizing security information stored in the data structure.

Abstract: Methods and arrangements to handle network messages containing security information are disclosed. Embodiments include transformations, code, state machines or other logic to handle network messages containing security information by configuring an application to generate messages containing security information. The configuring may include creating a data structure to store security information of network messages and storing security information, including a specification of a cryptographic key and a specification of a format to represent information about the cryptographic key in the data structure.

Abstract: Systems, methods and media for managing and generating encryption keys are disclosed. In one embodiment, a processor executes encryption key processing computer code to receive requests for keys from an application program. The processor determines whether the requesting application program executes on a node or server that is within the scope of machines authorized to receive the requested keys. If authorized, the processor produces a key map and sends the key map to the application program, enabling the application program to access one or more keys in the key map. The keys are updated automatically according to a specifiable schedule.