Abstract: A tool for providing a user configured one-time password. Responsive to receiving a request for a one-time password, the tool sends the one-time password, based at least in part, on a user configured one time password rule. The tool receives a user configured one-time password return value for the one time password. The tool determines whether the user configured one-time password return value satisfies the user configured one-time password rule when applied to the one-time password. Responsive to a determination that the user configured one-time password return value satisfies the user configured one time password rule, the tool accepts the user configured one-time password return value and granting access to the application.

Abstract: A tool for providing a user configured one-time password. Responsive to receiving a request for a one-time password, the tool sends the one-time password, based at least in part, on a user configured one time password rule. The tool receives a user configured one-time password return value for the one time password. The tool determines whether the user configured one-time password return value satisfies the user configured one-time password rule when applied to the one-time password. Responsive to a determination that the user configured one-time password return value satisfies the user configured one time password rule, the tool accepts the user configured one-time password return value and granting access to the application.

Abstract: Access is controlled to managed resources in a stateless web server architecture including a stateless web server computing platform; a resource locator map portion of the stateless web server computing platform providing a unique resource locator code representing each managed resource in a stateless web server architecture, wherein the managed resource is assigned to a plurality of application program components; a set of servlet filters disposed in a portion of the stateless web server computing platform, each servlet filter associated with one of the application program components; a resource locator matcher portion of the stateless web server computing platform, responsive to a user request to a unique resource locator, matching a pattern in the user request to one or more of the application program components using a corresponding servlet filter; and a request dispatcher portion of the stateless web server computing platform sending the user request to the matched application program component, wherein

Abstract: Cross-Site Request Forgery attacks are mitigated by a CSRF mechanism executing at a computing entity. The CSRF mechanism is operative to analyze information associated with an HTTP request for a resource. The HTTP request typically originates as an HTTP redirect from another computing entity, such as an enterprise Web portal. Depending on the nature of the information associated with the HTTP request, the HTTP request may be rejected because the CSRF mechanism determines that the request is or is likely associated with a CSRF attack. To facilitate this determination, the approach leverages a new type of “referer” attribute, a trustedReferer, which indicates that the request originates from a server that has previously established a trust relationship with the site at which the CSRF mechanism executes. The trustedReferer attribute typically is set by the redirecting entity, and in an HTTP request header field dedicated for that attribute.

Abstract: Access is controlled to managed resources in a stateless web server architecture including a stateless web server computing platform; a resource locator map portion of the stateless web server computing platform providing a unique resource locator code representing each managed resource in a stateless web server architecture, wherein the managed resource is assigned to a plurality of application program components; a set of servlet filters disposed in a portion of the stateless web server computing platform, each servlet filter associated with one of the application program components; a resource locator matcher portion of the stateless web server computing platform, responsive to a user request to a unique resource locator, matching a pattern in the user request to one or more of the application program components using a corresponding servlet filter; and a request dispatcher portion of the stateless web server computing platform sending the user request to the matched application program component, wherein

Abstract: Access is controlled to managed resources in a stateless web server architecture including a stateless web server computing platform; a resource locator map portion of the stateless web server computing platform providing a unique resource locator code representing each managed resource in a stateless web server architecture, wherein the managed resource is assigned to a plurality of application program components; a set of servlet filters disposed in a portion of the stateless web server computing platform, each servlet filter associated with one of the application program components; a resource locator matcher portion of the stateless web server computing platform, responsive to a user request to a unique resource locator, matching a pattern in the user request to one or more of the application program components using a corresponding servlet filter; and a request dispatcher portion of the stateless web server computing platform sending the user request to the matched application program component, wherein

Abstract: A new management node associated with a new rack sends at least a public key of the new management node to a first management node associated with a first rack and a plurality of autonomous management nodes. The first management node sends the new management node an access token trusted by at least a portion of the plurality of autonomous management nodes and a set of public keys corresponding to at least a portion of the plurality of autonomous management nodes. The new management node can send its public key and the access token to at least a portion of the plurality of autonomous management nodes. In response, the new management node can establish a mutual trust relationship with at least a portion of the plurality of autonomous management nodes.

Abstract: A construct having a plurality of distributed resources can include a portion of a second rack having a plurality of computing devices controlled by a second management node. The second management node can determine it contains insufficient construct data such as user data, group data, resource data, or authorization policy data to execute an operation associated with the construct. The second management node can synchronize at least a portion of construct data with a first management node. The first management node can be associated with the construct and a mutual trust relationship can exist between the first management node and the second management node. The first management node and the second management node can comprise autonomous management nodes capable of functioning independent of the network.

Abstract: A new management node associated with a new rack sends at least a public key of the new management node to a first management node associated with a first rack and a plurality of autonomous management nodes. The first management node sends the new management node an access token trusted by at least a portion of the plurality of autonomous management nodes and a set of public keys corresponding to at least a portion of the plurality of autonomous management nodes. The new management node can send its public key and the access token to at least a portion of the plurality of autonomous management nodes. In response, the new management node can establish a mutual trust relationship with at least a portion of the plurality of autonomous management nodes.

Abstract: A new management node associated with a new rack sends at least a public key of the new management node to a first management node associated with a first rack and a plurality of autonomous management nodes. The first management node sends the new management node an access token trusted by at least a portion of the plurality of autonomous management nodes and a set of public keys corresponding to at least a portion of the plurality of autonomous management nodes. The new management node can send its public key and the access token to at least a portion of the plurality of autonomous management nodes. In response, the new management node can establish a mutual trust relationship with at least a portion of the plurality of autonomous management nodes.

Abstract: A first management node of a first rack can be registered to a shared file storage system by establishing a mutual trust relationship between the first management node and the shared file storage system. The first management node can access a plurality of respective public keys and a plurality of respective certificates of authority that are stored in the shared file storage system and associated with a plurality of respective registered management nodes. The first management node can store a public key and a certificate of authority in the shared file storage system. The first management node can form mutual trust relationships with other registered management nodes. The first management node can validate authenticity of messages received from registered management nodes of the plurality of registered management nodes using a respective public key and a respective certificate of authority associated with a respective registered management node sending a message.

Abstract: Access is controlled to managed resources in a stateless web server architecture including a stateless web server computing platform; a resource locator map portion of the stateless web server computing platform providing a unique resource locator code representing each managed resource in a stateless web server architecture, wherein the managed resource is assigned to a plurality of application program components; a set of servlet filters disposed in a portion of the stateless web server computing platform, each servlet filter associated with one of the application program components; a resource locator matcher portion of the stateless web server computing platform, responsive to a user request to a unique resource locator, matching a pattern in the user request to one or more of the application program components using a corresponding servlet filter; and a request dispatcher portion of the stateless web server computing platform sending the user request to the matched application program component, wherein

Abstract: Access is controlled to managed resources in a stateless web server architecture including a stateless web server computing platform; a resource locator map portion of the stateless web server computing platform providing a unique resource locator code representing each managed resource in a stateless web server architecture, wherein the managed resource is assigned to a plurality of application program components; a set of servlet filters disposed in a portion of the stateless web server computing platform, each servlet filter associated with one of the application program components; a resource locator matcher portion of the stateless web server computing platform, responsive to a user request to a unique resource locator, matching a pattern in the user request to one or more of the application program components using a corresponding servlet filter; and a request dispatcher portion of the stateless web server computing platform sending the user request to the matched application program component, wherein

Abstract: A new management node associated with a new rack sends at least a public key of the new management node to a first management node associated with a first rack and a plurality of autonomous management nodes. The first management node sends the new management node an access token trusted by at least a portion of the plurality of autonomous management nodes and a set of public keys corresponding to at least a portion of the plurality of autonomous management nodes. The new management node can send its public key and the access token to at least a portion of the plurality of autonomous management nodes. In response, the new management node can establish a mutual trust relationship with at least a portion of the plurality of autonomous management nodes.

Abstract: Cross-Site Request Forgery attacks are mitigated by a CSRF mechanism executing at a computing entity. The CSRF mechanism is operative to analyze information associated with an HTTP request for a resource. The HTTP request typically originates as an HTTP redirect from another computing entity, such as an enterprise Web portal. Depending on the nature of the information associated with the HTTP request, the HTTP request may be rejected because the CSRF mechanism determines that the request is or is likely associated with a CSRF attack. To facilitate this determination, the approach leverages a new type of “referer” attribute, a trustedReferer, which indicates that the request originates from a server that has previously established a trust relationship with the site at which the CSRF mechanism executes. The trustedReferer attribute typically is set by the redirecting entity, and in an HTTP request header field dedicated for that attribute.

Abstract: A first management node of a first rack can be registered to a shared file storage system by establishing a mutual trust relationship between the first management node and the shared file storage system. The first management node can access a plurality of respective public keys and a plurality of respective certificates of authority that are stored in the shared file storage system and associated with a plurality of respective registered management nodes. The first management node can store a public key and a certificate of authority in the shared file storage system. The first management node can form mutual trust relationships with other registered management nodes. The first management node can validate authenticity of messages received from registered management nodes of the plurality of registered management nodes using a respective public key and a respective certificate of authority associated with a respective registered management node sending a message.

Abstract: A construct having a plurality of distributed resources can include a portion of a second rack having a plurality of computing devices controlled by a second management node. The second management node can determine it contains insufficient construct data such as user data, group data, resource data, or authorization policy data to execute an operation associated with the construct. The second management node can synchronize at least a portion of construct data with a first management node. The first management node can be associated with the construct and a mutual trust relationship can exist between the first management node and the second management node. The first management node and the second management node can comprise autonomous management nodes capable of functioning independent of the network.

Abstract: A cloud deployment appliance (or other platform-as-a-service (IPAS) infrastructure software) includes a mechanism to deploy a product as a “shared service” to the cloud, as well as to enable the product to establish a trust relationship between itself and the appliance or IPAS. The mechanism further enables multiple products deployed to the cloud to form trust relationships with each other (despite the fact that each deployment and each product typically, by the nature of the cloud deployment, are intended to be isolated from one another). In addition, once deployed and provisioned into the cloud, a shared service can become part of a single sign-on (SSO) domain automatically. SSO is facilitated using a token-based exchange. Once a product registers with a token service, it can participate in SSO. This approach enables enforcement of consistent access control policy across product boundaries, and without requiring a user to perform any configuration.

Abstract: An authentication and authorization plug-in model for a cloud computing environment enables cloud customers to retain control over their enterprise information when their applications are deployed in the cloud. The cloud service provider provides a pluggable interface for customer security modules. When a customer deploys an application, the cloud environment administrator allocates a resource group for the customer's application and data. The customer registers its own authentication and authorization security module with the cloud security service, and that security module is then used to control what persons or entities can access information associated with the deployed application. To further balance the rights of the various parties, a third party notary service protects the privacy and the access right of the customer when its application and information are deployed in the cloud.

Abstract: Access is controlled to managed resources in a stateless web server architecture including a stateless web server computing platform; a resource locator map portion of the stateless web server computing platform providing a unique resource locator code representing each managed resource in a stateless web server architecture, wherein the managed resource is assigned to a plurality of application program components; a set of servlet filters disposed in a portion of the stateless web server computing platform, each servlet filter associated with one of the application program components; a resource locator matcher portion of the stateless web server computing platform, responsive to a user request to a unique resource locator, matching a pattern in the user request to one or more of the application program components using a corresponding servlet filter; and a request dispatcher portion of the stateless web server computing platform sending the user request to the matched application program component, wherein