Abstract: A method for rendering a graphical user interface (GUI), comprising providing for the representation of the GUI as a set of controls wherein the controls are organized in a logical hierarchy, traversing the representation, wherein the traversing comprises associating a theme with a first control in the set of controls, rendering the first control according to the theme, rendering any descendents of the first control according to the theme wherein any descendents of the first control can override the theme; and wherein one of the set of controls can communicate with another of the set of controls.

Abstract: A method for delegating enterprise security capabilities, comprising, providing a capability for a first user, wherein the capability can be expressed as a policy, delegating the capability from the first user to a second user, wherein the second user is allowed to have the capability only at times when the first user is allowed to have the capability, and wherein the delegated capability is propagated in a distributed enterprise security system.

Abstract: A system and method distributed enterprise security, comprising, a security control module (SCM) operable to accept information, wherein the information include one or more of: a policy and configuration information at least one security service module (SSM) operable to accept the information from SCM at least one security service providers coupled to the at least one SSM, wherein the at least one security service providers is cable of at least one of, authentication of a user, determining if access to a resource is permitted based on the information, auditing of a security decision, and mapping an authenticated identity to a set of credentials to be used to authenticate a target resource, and wherein the information accepted by the SCM is relevant to one or more of the at least one SSMs.

Abstract: A system and method for a distributed system for controlling access to a first resource in a hierarchy of resources, comprising, a distributor located on a first server and capable of distributing to a second server a first policy for the first resource, a security service module (SSM) located on the second server and capable of managing based on the first policy conditions for access to at least one of: the first resource and a second resource that is hierarchically inferior to the first resource, and wherein the first policy can be overridden by a second policy wherein the second policy specifies conditions for access for a resource that is hierarchically inferior to the first resource.

Abstract: A system and method for a configurable distributed security system, comprising, a security service module capable of dynamically instantiating one or more plugin security provider modules, the one or more security provider modules are coupled to the security service module wherein the one or more security provider modules are capable of responding to one or more changes in configuration information, a first process capable of modifying the configuration information, wherein the security service module is capable of accepting at least one of, security information and the configuration information, and wherein the security service module is capable of controlling access to one or more resources based on the security information.

Abstract: A method for searching a first set of policies, comprising, accessing the first set of policies wherein each policy in the first set of policies includes the following policy components, a resource, a subject, and one of an action and a role name, and wherein the subject includes at least one of, a user and a group, specifying one or more search criteria wherein the one or more search criteria includes one or more values for policy components and wherein the one or more values can include one or more wild cards, finding in the first set of policies a second set of policies that satisfy the one or more search criteria, and wherein a policy can be used to control access to a resource.

Abstract: A system and method for distributing information from a first process to one or more security service modules, said system comprising the steps of, a remote interface capable of accepting first information from the first process, a provisioning service provider coupled to the remote interface and capable of obtaining the first information from the remote interface, and further capable of providing second information to a local interface, wherein the second information is based on the first information and is tailored for the one or more security service modules, the local interface capable of providing the second information to the one or more security service modules and wherein the one or more security service modules are capable of accepting the second information and performing at least one of the following: adjusting a configuration of the one or more security service modules to reflect the second information, and protecting access to at least one resource based on the second information.

Abstract: A system and method for a dynamically configurable security system, comprising, a process having one or more resources to be protected, and a security service module coupled to the process, one or more plugin security provider modules that are compatible with and extend the security service module, wherein the security service module is capable of receiving security information updates, and wherein the security service module is capable of controlling access to the one or more resources based on the security information updates through the use of the one or more plugin security provider modules.

Abstract: A method for providing a security provider for a client, said method comprising, providing a service provider interface that is compatible with a security framework layer providing one or more services wherein the one or more services include at least one of, authentication, authorization, auditing, role mapping and credential mapping exposing the one or more services through the service provider interface and wherein the framework layer exposes the one or more services to an application program interface.

Abstract: A computer-implemented system and method for policy inheritance, comprising, defining a first group wherein the first group refers to at least one of: a user and a group different from the first group, defining a second group wherein the second group is nested within the first group, defining a first policy wherein the first policy includes a resource, a subject and one of, an action and a role, and wherein the subject includes the first group, inheriting the first policy by the second group, wherein the resource is part of a resource hierarchy, and wherein the first policy can be used to control access to the resource.

Abstract: A system and method for distributed enterprise security, comprising, a server operable to update information, wherein the information can include one or more of a policy and configuration information, a security control module (SCM) operable to accept the information, at least one security service module (SSM) operable to accept the information from the SCM, and herein the information accepted by the SCM is relevant to one or more of the at least one SSMs.

Abstract: A system and method for a dynamically configurable security system, comprising, a security service module capable of dynamically instantiating one or more plugin security provider modules, the one or more security provider modules are coupled to the security service module wherein the one or more security provider modules are capable of responding dynamically to changes in configuration information, wherein the security service module is capable of receiving one or more security information updates, and wherein the security service module is capable of controlling access to one or more resources based on the one or more security information updates.

Abstract: A system and method comprising the steps of, delegating a capability from a first user to a second user, propagating information that includes evidence of the delegation to a plurality of security service modules, wherein each one of the plurality of security service modules is capable of protecting one or more resources, providing the evidence to a first security service module belonging to the plurality of security service modules, enforcing the delegation when the second user attempts to access a resource in the one or more resources wherein the resource is protected by the first security service module, and wherein the enforcement is carried out by the first security service module.

Abstract: A system and method for a software framework for implementing business processes in a web application, comprising a workflow, a control operable to invoke the workflow, and a page group operable to invoke the control.

Abstract: A method for rendering a graphical user interface (GUI), comprising providing for the representation of the GUI as a set of objects wherein the objects are organized in a logical hierarchy, associating a theme with a first object in the set of objects, rendering the first object according to the theme, rendering any descendents of the first object according to the theme, wherein any descendents of the first object can override the theme, and wherein one of the set of objects can communicate with another of the set of objects.

Abstract: A method for navigating a graphical user interface (GUI) having at least one page, comprising providing a first booklet, wherein user interaction with the first booklet can cause the GUI to navigate to a new page; providing a request based on user interaction with the first booklet; mapping the request to a control tree factory; generating a control tree from the factory based on the request wherein the control tree includes a booklet control corresponding to the first booklet; advancing the control tree through at least one lifecycle stage based on the request; and generating a response wherein the response can be used to render the new page.

Abstract: A system and a method for providing application flow integration in a portal framework. In accordance with one embodiment, the invention comprises a portal servlet, which handles all incoming servlet requests and determines whether the incoming request represents a request either for a portal page or for a non-portal page; and, a portal processor which handles all portal page requests passed by the portal servlet, and executes an appropriate webflow to update the current state of the portal page, depending on a current set of events. Each of a plurality of portlets may have an individual webflow associated with it.

Abstract: A system and method of authorization comprising associating at least one role with a resource, associating at least one capability with the at least one role, and determining whether to permit a resource operation based on the at least one capability.