Abstract: Federated management framework for credential data. The framework permits credential-using applications to provide user interface panels and associated semantics to manage the credentials that are relevant to each application. This framework is suitable for use in a multi-application environment where credentials are shared among each the applications. With this framework, each management user interface associated with one of the applications can have the credentials appear in the interface. Furthermore, the framework can detect when one application's management user interface attempts a modification to a credential that will affect another application that has an interest that credential.

Abstract: A personal credential store that aggregates a number of physical credential stores beneath an application programming interface (API) and offers tag-based credential look-up. The API of the disclosed system runs on the user's client system, and effectively hides the underlying credential store types from applications using it. The tags used to look up credentials through the API may advantageously include or consist of unique identifiers indicating the functional purpose of the desired credential. The types of physical credential store aggregated together under the disclosed API may include a local credential store, a network-resident private credential store that may be shared across multiple client systems operated by a single user, and a network-resident shareable credential store, that may be used by processes acting on behalf of the user, and/or shared by multiple users.

Abstract: Methods, systems, and computer readable media for reporting conformance violations in web-services messages are described. A web message is received, and a location tag is assigned to at least a portion of the elements contained therein. The web message is analyzed to determine if any conformance violations are contained therein. When the web message contains at least one conformance violation, a descriptive entry is generated in a partial nonconformance report for each conformance violation, wherein the descriptive entry includes the location tag assigned to the element containing the conformance violation. The web message is annotated with the location tag for each conformance violation and merging the annotated web message with the partial nonconformance report to thereby produce a full nonconformance report, and an analyzed web message is output.

Abstract: Embodiments of the invention address deficiencies of the art in respect to electronic messaging security through replicated certificate stores and provide a method, system and computer program product user-specific certificate repository replication. In one embodiment of the invention, a method of replicating with multiple different messaging systems disposed in correspondingly different computing clients, retrieving a local repository of untrusted certificates from each of the different messaging systems during replication, and associating each retrieved local repository with a particular end user can be provided. Moreover, the method can include updating a global repository of untrusted certificates with the untrusted certificates of each local repository while eliminating redundant instances of an untrusted certificate present in different retrieved local repositories.

Abstract: A solution for replicating protected data is provided. A manifest is managed along with the protected data at each computing device as well as at a server. The manifest is also protected and includes an entry for each protected data item in the protected data. The protected data at each computing device is replicated using both the local version of the manifest and the server version of the manifest. In an embodiment, each entry in the manifest includes an update identifier that can be compared with an update identifier stored with the protected data item as well as the update identifier in a local version of the manifest. In another embodiment, the manifest includes an entry for each computing device that includes a replication identifier. These entries can be used to perform additional checks to ensure that the manifest and/or protected data has not been compromised.

Abstract: Methods, systems, and computer readable media for reporting conformance violations in web-services messages are described. A web message is received, and a location tag is assigned to at least a portion of the elements contained therein. The web message is analyzed to determine if any conformance violations are contained therein. When the web message contains at least one conformance violation, a descriptive entry is generated in a partial nonconformance report for each conformance violation, wherein the descriptive entry includes the location tag assigned to the element containing the conformance violation. The web message is annotated with the location tag for each conformance violation and merging the annotated web message with the partial nonconformance report to thereby produce a full nonconformance report, and an analyzed web message is output.

Abstract: Under the present invention, when a request for a certificate is made, a set of (mapping) rules are used to identify an appropriate directory and any other information sources, and to retrieve information for the certificate therefrom. The directory name is then transformed using the set of rules for use in the certificate. Thereafter, a template for the certificate is developed using the set of rules. The template and the request are then communicated to the PKI, which will generate and return the certificate. Upon receipt, the present invention can verify that the certificate actually includes the transformed name.

Abstract: The present invention provides a method, system, and computer program product for transparent on-demand certificate provisioning for secure email. The method comprises: generating a keypair and a self-signed certificate; requesting a certificate from a certification authority; temporarily securing email using the self-signed certificate; and securing email using the requested certificate, after receipt of the requested certificate from the certification authority. The present inventions uses self-signed certificates as an initial, interim security mechanism, provides automatic submission of certificate requests and renewal requests, provides an administrative policy to specify when keypairs and self-signed certificates are generated by a user's client system, and when certificate requests are submitted, and provides automatic transition from end-user defined trust to delegated trust based upon CA-issued certificates.

Abstract: Embodiments of the invention address deficiencies of the art in respect to electronic messaging security through replicated certificate stores and provide a method, system and computer program product user-specific certificate repository replication. In one embodiment of the invention, a method of replicating with multiple different messaging systems disposed in correspondingly different computing clients, retrieving a local repository of untrusted certificates from each of the different messaging systems during replication, and associating each retrieved local repository with a particular end user can be provided. Moreover, the method can include updating a global repository of untrusted certificates with the untrusted certificates of each local repository while eliminating redundant instances of an untrusted certificate present in different retrieved local repositories.

Abstract: Federated management framework for credential data. The framework permits credential-using applications to provide user interface panels and associated semantics to manage the credentials that are relevant to each application. This framework is suitable for use in a multi-application environment where credentials are shared among each the applications. With this framework, each management user interface associated with one of the applications can have the credentials appear in the interface. Furthermore, the framework can detect when one application's management user interface attempts a modification to a credential that will affect another application that has an interest that credential.