Abstract: Techniques for providing application layer security may be facilitated by an arbitrator. In general, in one implementation, an arbitrator may receive a security tender including security requirements for an application, search for security services to fulfill the security requirements, determine whether discovered security services can satisfy the security requirements, and, if security services that can satisfy the security requirements exist, generate a security contract for the application, the security contract specifying how the application is to communicate with the security services that can satisfy the security requirements.

Abstract: An enterprise system with secure wireless messaging includes an application service to process a message. The enterprise system also includes a security service that uses a cryptographic technique to transform between the message and a secure message that is based on the message. A communication service communicates the secure message with a mobile client using a public network. The message may be secured using a cryptographic technique to provide end-to-end security. The enterprise system also may include an information service including information indicating occurrence of a triggering event. The information indicating occurrence of a triggering event may cause the enterprise system to push a secure message to the mobile client.

Abstract: A method and system for a source participant assessing trustworthiness of a destination participant through one or more neighboring participants in a collaborative environment. The method comprises modeling all of the participants as network nodes and relationships between the participants as network paths and identifying a set of the network nodes and the network paths representing the neighboring participants that connects the network node of the source participant to the network node of the destination participant. Each of the network nodes of the neighboring participants as identified has a trust rating with best result, the trust rating is a relative measurement of feedback ratings. The trust rating of a first one of the network nodes of the neighboring participants as identified is computed with the feedback ratings between the first one of the network nodes and others of the network nodes directly connected to the first one of the network nodes.

Abstract: A method and system to manage security in an online collaborative process are provided. The method includes receiving a requirement containing trustworthiness properties of a participant and establishing one or more trust parameters relating to the trustworthiness properties. In addition, the method applies the trust parameters with a statistics and probability function, such as stochastic process, to derive a trust parameter value. The trust parameter value indicates future development of the trustworthiness properties of the participants. Furthermore, the trust parameters are classified under one or more trust domains. The trust parameters of each trust domain are aggregated to derive a trust domain value. The trust domain value provides a high-level indication of the future development of the trustworthiness properties of the participant. The aggregation may be performed using statistics and probability function.

Abstract: A method and system to select one or more participants in an online collaborative process are provided. The method includes receiving selection information and identifying a potential list of the participants from an information system based on the selection information, the information system containing transaction data relating to prior collaboration processes with the participants. In particular, the method establishes trust parameters for each of the participants, the trust parameters representing at least qualifications, credentials or trustworthiness properties of the participants. The establishing of trust parameters includes identifying the trust parameters and quantifying the trust parameters. The trust parameters are identified by performing a search for relevant ones of the transaction data that matches the selection information, the selection information relates to trustworthiness properties of the participants.

Abstract: A method and system to automatically translate a definition of a choreography workflow process to an executable process are provided. The method includes processing a collaboration element from the definition, mapping the collaboration element to an executable element based on a knowledge database system that contains the collaboration element and the corresponding executable element and mapping the collaboration element to the executable element statically if the corresponding executable element is unavailable in the knowledge database system.

Abstract: A system and method to collaborate participants of different administrative domains in a workflow process is provided. The system includes a membership module for managing the participants, an event module for correlating activities of the workflow process, the membership module and the event module exchanging information relating to changes in the participants and the activities of the workflow process. The membership module for managing the participants includes registering, identifying, adding, querying and modifying the participants. On the other hand, the event module for correlating activities of the workflow process further includes specifying, executing and terminating the activities.

Abstract: A method and system to control an interaction of a plurality of participants in a workflow process. The method classifies the plurality of activities as (1) first activity of the workflow process, (2) first activity of a participant in an on-going workflow process, and (3) interaction activity. A set of access control policies is generated for each type of activity. The policies include workflow initialization policy, participation policy and interaction policies. The policies determine if a requesting participant is permitted to interact with a responding participant. In addition, the system includes a policy enforcement point for receiving a request from a requesting participant, wherein the request is for activating an activity of a responding participant. The policy enforcement point forwards the request to a policy decision point where the request is evaluated based on the set of access control policies.

Abstract: A computer system, method and computer program for controlling a workflow process. A process modelling unit is configured to define a process model with at least a first task and a second task, wherein the second task needs to comply with a control aspect and depends on the first task, and is further configured to insert into the process model a control task between the first and the second task, wherein the control task is configured to enforce the control aspect on the second task by using a control service of a subsystem. A process execution unit of the system is configured to generate a process instance from the process model and to instantiate a control context to capture the current state of the process instance, the control context being used by an instance of the control task to invoke the control service according to the control aspect.

Abstract: The present embodiments provide a system and methods for encrypting and storing data in a mobile device such as a personal digital assistant. The system includes an access controller and a cryptography manager both coupled to the software applications on the mobile device. The system employs a user specific key to encrypt the user specific data. The encrypted file along with header information is stored below the application layer within the mobile system.

Abstract: A trust look-up protocol is described that allows a meta-trusted third party, or trust directory, to mediate between parties of potential business collaborations and trusted third parties that are counted on to authorize or otherwise validate the business collaborations. The trust directory receives a trust request for a collaboration from one or more parties, and, based on the request, determines a specialty of a trusted third party that is suited to the request and the collaboration. The trust directory then obtains interface information for the trusted third party for forwarding to the requesting party. In this way, the trusted third party may make a determination as to whether the requesting party should proceed in the business collaboration. Afterwards, the trust directory may monitor communications that take place as part of the collaboration, for use in evaluating future requests and collaborations.

Abstract: A mobile exchange infrastructure provides for dynamic mediation between services and applications, particularly in a mobile environment. Such services include Web services that are designed to provide functionality to an application that is not native to that application. The mobile exchange infrastructure ensures that the services and applications may interact with one another, even when they have been constructed in different development environments, have multiple associated messaging protocols, or are running in different application frameworks. As a result, mobile users may experience increased efficiency and use of available applications and services.

Abstract: A mobile computer system hosts mobile application and a collaboration module. The collaboration module is adapted to enable the mobile application to communicate with a further mobile application, hosted on a further mobile computer system, and to access functionality of an enterprise application, hosted on an enterprise system.

Abstract: A system for providing secured access to an application service includes a challenge provider that uses a first cryptographic technique to provide a challenge to a client seeking access to an application service. The client uses a second cryptographic technique to generate a response, and provides the response to an authentication service. The authentication service grants the client access to the application service only if the challenge and response are authenticated using a first authentication technique complementary to the first cryptographic technique and a second authentication technique complementary to the second cryptographic technique, respectively.

Abstract: An enterprise system with secure wireless messaging includes an application service to process a message. The enterprise system also includes a security service that uses a cryptographic technique to transform between the message and a secure message that is based on the message. A communication service communicates the secure message with a mobile client using a public network. The message may be secured using a cryptographic technique to provide end-to-end security. The enterprise system also may include an information service including information indicating occurrence of a triggering event. The information indicating occurrence of a triggering event may cause the enterprise system to push a secure message to the mobile client.

Abstract: Techniques for providing application layer security may be facilitated by an arbitrator. In general, in one implementation, an arbitrator may receive a security tender including security requirements for an application, search for security services to fulfill the security requirements, determine whether discovered security services can satisfy the security requirements, and, if security services that can satisfy the security requirements exist, generate a security contract for the application, the security contract specifying how the application is to communicate with the security services that can satisfy the security requirements.