Abstract: An application server may provide an execution environment and a process execution engine that executes a process model within the execution environment. The process execution engine may include an operational component configured to perform an operation that is associated with the execution of the process model and based on a security policy, as well as a security provider configured to determine, based on the operation and on the security policy, at least one security service from among a plurality of security services executing within the process execution engine, and configured to provide the operational component with the at least one security service for use in securing the operation.

Abstract: A method and system to control an interaction of a plurality of participants in a workflow process. The method classifies the plurality of activities as (1) first activity of the workflow process, (2) first activity of a participant in an on-going workflow process, and (3) interaction activity. A set of access control policies is generated for each type of activity. The policies include workflow initialization policy, participation policy and interaction policies. The policies determine if a requesting participant is permitted to interact with a responding participant. In addition, the system includes a policy enforcement point for receiving a request from a requesting participant, wherein the request is for activating an activity of a responding participant. The policy enforcement point forwards the request to a policy decision point where the request is evaluated based on the set of access control policies.

Abstract: A method and system to automatically monitor business collaborations. Collaboration participants can formally express obligations about their expected behavior during the collaboration in business terms, then automatically monitor processes carrying out the collaboration using the formulated obligations. The method and system extends existing service oriented monitoring standards and architecture, specifically, with additional business oriented metrics and plug-in components that allow the monitoring system to calculate business parameters from measurements of multiple services.

Abstract: A trust look-up protocol is described that allows a meta-trusted third party, or trust directory, to mediate between parties of potential business collaborations and trusted third parties that are counted on to authorize or otherwise validate the business collaborations. The trust directory receives a trust request for a collaboration from one or more parties, and, based on the request, determines a specialty of a trusted third party that is suited to the request and the collaboration. The trust directory then obtains interface information for the trusted third party for forwarding to the requesting party. In this way, the trusted third party may make a determination as to whether the requesting party should proceed in the business collaboration. Afterwards, the trust directory may monitor communications that take place as part of the collaboration, for use in evaluating future requests and collaborations.

Abstract: A comprehensive security architecture for a virtual organization (VO) is disclosed. The comprehensive security architecture uses the same security mechanism or substantially similar security mechanisms to control access to VO infrastructure services as it uses to control access to resource services. Infrastructure services are services used to change the state of the VO and to change membership in the VO. Resource services (e.g. processing a purchase order) are services used in furtherance of achieving the objectives of the VO (e.g. build an aircraft). A security mechanism prevents a service call from accessing the service called until the security mechanism has decided to authorize or deny the service call. A security mechanism may decide to authorize or deny the service call based on details of the service call, a set of role-based access policies, and attributes from the caller's credentials including the caller's role in the VO.

Abstract: A system and method to collaborate participants of different administrative domains in a workflow process is provided. The system includes a membership module for managing the participants, an event module for correlating activities of the workflow process, the membership module and the event module exchanging information relating to changes in the participants and the activities of the workflow process. The membership module for managing the participants includes registering, identifying, adding, querying and modifying the participants. On the other hand, the event module for correlating activities of the workflow process further includes specifying, executing and terminating the activities.

Abstract: A method and system to automatically translate a definition of a choreography workflow process to an executable process are provided. The method includes processing a collaboration element from the definition, mapping the collaboration element to an executable element based on a knowledge database system that contains the collaboration element and the corresponding executable element and mapping the collaboration element to the executable element statically if the corresponding executable element is unavailable in the knowledge database system.

Abstract: A method and system to select one or more participants in an online collaborative process are provided. The method includes receiving selection information and identifying a potential list of the participants from an information system based on the selection information, the information system containing transaction data relating to prior collaboration processes with the participants. In particular, the method establishes trust parameters for each of the participants, the trust parameters representing at least qualifications, credentials or trustworthiness properties of the participants. The establishing of trust parameters includes identifying the trust parameters and quantifying the trust parameters. The trust parameters are identified by performing a search for relevant ones of the transaction data that matches the selection information, the selection information relates to trustworthiness properties of the participants.

Abstract: A method and system to manage security in an online collaborative process are provided. The method includes receiving a requirement containing trustworthiness properties of a participant and establishing one or more trust parameters relating to the trustworthiness properties. In addition, the method applies the trust parameters with a statistics and probability function, such as stochastic process, to derive a trust parameter value. The trust parameter value indicates future development of the trustworthiness properties of the participants. Furthermore, the trust parameters are classified under one or more trust domains. The trust parameters of each trust domain are aggregated to derive a trust domain value. The trust domain value provides a high-level indication of the future development of the trustworthiness properties of the participant. The aggregation may be performed using statistics and probability function.

Abstract: A mobile exchange infrastructure, in which a request to invoke functionality provided by a first of two services is accessed. If the request is incompatible with the first service, the accessed request is affected. The functionality is invoked using the affected request.

Abstract: A method and system for a source participant assessing trustworthiness of a destination participant through one or more neighboring participants in a collaborative environment. The method comprises modeling all of the participants as network nodes and relationships between the participants as network paths and identifying a set of the network nodes and the network paths representing the neighboring participants that connects the network node of the source participant to the network node of the destination participant. Each of the network nodes of the neighboring participants as identified has a trust rating with best result, the trust rating is a relative measurement of feedback ratings. The trust rating of a first one of the network nodes of the neighboring participants as identified is computed with the feedback ratings between the first one of the network nodes and others of the network nodes directly connected to the first one of the network nodes.

Abstract: A system for providing secured access to an application service includes a challenge provider that uses a first cryptographic technique to provide a challenge to a client seeking access to an application service. The client uses a second cryptographic technique to generate a response, and provides the response to an authentication service. The authentication service grants the client access to the application service only if the challenge and response are authenticated using a first authentication technique complementary to the first cryptographic technique and a second authentication technique complementary to the second cryptographic technique, respectively.

Abstract: A mobile computer system hosts mobile application and a collaboration module. The collaboration module is adapted to enable the mobile application to communicate with a further mobile application, hosted on a further mobile computer system, and to access functionality of an enterprise application, hosted on an enterprise system.

Abstract: The present embodiments provide a system and methods for encrypting and storing data in a mobile device such as a personal digital assistant. The system includes an access controller and a cryptography manager both coupled to the software applications on the mobile device. The system employs a user specific key to encrypt the user specific data. The encrypted file along with header information is stored below the application layer within the mobile system.

Abstract: A computer system, method and computer program for controlling a workflow process. A process modeling unit is configured to define a process model with at least a first task and a second task, wherein the second task needs to comply with a control aspect and depends on the first task, and is further configured to insert into the process model a control task between the first and the second task, wherein the control task is configured to enforce the control aspect on the second task by using a control service of a subsystem. A process execution unit of the system is configured to generate a process instance from the process model and to instantiate a control context to capture the current state of the process instance, the control context being used by an instance of the control task to invoke the control service according to the control aspect.

Abstract: A mobile exchange infrastructure, in which a request to invoke functionality provided by a first of two services is accessed. If the request is incompatible with the first service, the accessed request is affected. The functionality is invoked using the affected request.

Abstract: A mobile exchange infrastructure provides for dynamic mediation between services and applications, particularly in a mobile environment. Such services include Web services that are designed to provide functionality to an application that is not native to that application. The mobile exchange infrastructure ensures that the services and applications may interact with one another, even when they have been constructed in different development environments, have multiple associated messaging protocols, or are running in different application frameworks. As a result, mobile users may experience increased efficiency and use of available applications and services.

Abstract: An application server may provide an execution environment and a process execution engine that executes a process model within the execution environment. The process execution engine may include an operational component configured to perform an operation that is associated with the execution of the process model and based on a security policy, as well as a security provider configured to determine, based on the operation and on the security policy, at least one security service from among a plurality of security services executing within the process execution engine, and configured to provide the operational component with the at least one security service for use in securing the operation.

Abstract: A comprehensive security architecture for a virtual organization (VO) is disclosed. The comprehensive security architecture uses the same security mechanism or substantially similar security mechanisms to control access to VO infrastructure services as it uses to control access to resource services. Infrastructure services are services used to change the state of the VO and to change membership in the VO. Resource services (e.g. processing a purchase order) are services used in furtherance of achieving the objectives of the VO (e.g. build an aircraft). A security mechanism prevents a service call from accessing the service called until the security mechanism has decided to authorize or deny the service call. A security mechanism may decide to authorize or deny the service call based on details of the service call, a set of role-based access policies, and attributes from the caller's credentials including the caller's role in the VO.

Abstract: A method and system to automatically monitor business collaborations. Collaboration participants can formally express obligations about their expected behavior during the collaboration in business terms, then automatically monitor processes carrying out the collaboration using the formulated obligations. The method and system extends existing service oriented monitoring standards and architecture, specifically, with additional business oriented metrics and plug-in components that allow the monitoring system to calculate business parameters from measurements of multiple services.