Abstract: Technology is shown for establishing a chain of trust for an unknown root certificate in an isolated network that is verified using a chain of trust external to the network. A bootstrap executable and a leaf certificate rooted in the external chain of trust are configured with an OID. The leaf certificate is received in the isolated network and used to sign a new root certificate created in the isolated network to create a blob that is stored in a pre-determined location. The bootstrap executable is executed to instantiate a client machine, which retrieves the blob and verifies its signature using the leaf certificate. The client machine verifies that the OID values from the blob and bootstrap executable match. If the signature and OID checks are successful, then the new root certificate is distributed within the isolated network and installed in a PKI certificate chain of trust.

Abstract: Technology is shown for verifying a leaf certificate in a PKI chain of trust involving receiving a leaf certificate signed by an intermediate certificate embedded in the leaf certificate. The intermediate certificate is extracted from the received leaf certificate and its public key used to calculate a signature for the received leaf certificate. The calculated signature is compared to a signature included in the received leaf certificate. The received leaf certificate is verified when the calculated signature matches the signature included in the received leaf certificate. The intermediate certificate can be included as a X.509 property of the leaf certificate.

Abstract: Technology is shown for verifying a leaf certificate in a PM chain of trust involving receiving a leaf certificate signed by an intermediate certificate embedded in the leaf certificate. The intermediate certificate is extracted from the received leaf certificate and its public key used to calculate a signature for the received leaf certificate. The calculated signature is compared to a signature included in the received leaf certificate. The received leaf certificate is verified when the calculated signature matches the signature included in the received leaf certificate. The intermediate certificate can be included as a X.509 property of the leaf certificate.

Abstract: Technology is shown for establishing a chain of trust for an unknown root certificate in an isolated network that is verified using a chain of trust external to the network. A bootstrap executable and a leaf certificate rooted in the external chain of trust are configured with an OID. The leaf certificate is received in the isolated network and used to sign a new root certificate created in the isolated network to create a blob that is stored in a pre-determined location. The bootstrap executable is executed to instantiate a client machine, which retrieves the blob and verifies its signature using the leaf certificate. The client machine verifies that the OID values from the blob and bootstrap executable match. If the signature and OID checks are successful, then the new root certificate is distributed within the isolated network and installed in a PKI certificate chain of trust.

Abstract: Technology is shown for dynamically attaching secure properties to an identity certificate. Claims determining secure properties for an identity are signed and embedded in an identity certificate. Both the identity certificate and the signed claims in the certificate are verified. When a service request is received from the identity, the signed claims from the identity certificate are checked to determine if the request is permitted. If the request is permitted, then the service request is processed. Some examples involve creating claims determining the secure properties for the remote machine, signing the claims to create the signed claims, distributing the signed claims to a certificate authority, embedding the signed claims in the remote machine identity certificate, and distributing the remote machine identity certificate. The claims can be embedded in the certificate as X.509 properties.

Abstract: Technology is shown for verifying a leaf certificate in a PM chain of trust involving receiving a leaf certificate signed by an intermediate certificate embedded in the leaf certificate. The intermediate certificate is extracted from the received leaf certificate and its public key used to calculate a signature for the received leaf certificate. The calculated signature is compared to a signature included in the received leaf certificate. The received leaf certificate is verified when the calculated signature matches the signature included in the received leaf certificate. The intermediate certificate can be included as a X.509 property of the leaf certificate.

Abstract: Technology is shown for establishing a chain of trust for an unknown root certificate in an isolated network that is verified using a chain of trust external to the network. A bootstrap executable and a leaf certificate rooted in the external chain of trust are configured with an OID. The leaf certificate is received in the isolated network and used to sign a new root certificate created in the isolated network to create a blob that is stored in a pre-determined location. The bootstrap executable is executed to instantiate a client machine, which retrieves the blob and verifies its signature using the leaf certificate. The client machine verifies that the OID values from the blob and bootstrap executable match. If the signature and OID checks are successful, then the new root certificate is distributed within the isolated network and installed in a PM certificate chain of trust.

Abstract: Embodiments include methods, systems and computer program products for performing a two-phase commit conformance test for a cloud based online transaction processing system (OLTP). Aspects include receiving, by a test case manager of the OLTP from a transaction manager of the OLTP, a transaction event including metadata regarding a transaction and determining a state of the transaction. Aspects also include identifying a test case based on the metadata and the state of the transaction and issuing state events to the transaction manager, wherein the state events are determined based on the test case. Aspects further include obtaining log information from the transaction manager and determining compliance by the transaction manager with the two-phase commit conformance test based at least in part on the log information.

Abstract: A method, computer program product, and a system to globally serialize transactions where a processor(s) establishes a communications connection a (serialization) resource and a resource manager for a distributed computing system. The processor(s) obtains a first request from an application executing on the resource for access to a global resource managed by the resource manager, for executing a transaction. The processor(s) implements a lock for the global resource in an object store of the resource manager over the communications connection. The processor(s) communicates the lock to the application, which executes the transaction and the processor(s) updates a memory with a record comprising attributes of the lock. The processor(s) obtains a second request from the application to terminate the lock, obtains, identifies the lock for the transaction, in the object store, and updates the object store to delete the lock.

Abstract: A method, computer program product, and a system to globally serialize transactions where a processor(s) establishes a communications connection a (serialization) resource and a resource manager for a distributed computing system. The processor(s) obtains a first request from an application executing on the resource for access to a global resource managed by the resource manager, for executing a transaction. The processor(s) implements a lock for the global resource in an object store of the resource manager over the communications connection. The processor(s) communicates the lock to the application, which executes the transaction and the processor(s) updates a memory with a record comprising attributes of the lock. The processor(s) obtains a second request from the application to terminate the lock, obtains, identifies the lock for the transaction, in the object store, and updates the object store to delete the lock.

Abstract: Existing network-based services can be reused by a new network service providing an updated interface to the existing services. A client request directed to the new network service triggers a back-end request from the new network service to the existing network service. The back-end request comprises aspects of the client's request and additional formatting rules and other information to override specific aspects of the existing network service. The existing network service generates a back-end response with its existing functionality that is being reused, and applies the specified overrides. Additional information to be utilized by the new network service in responding to the client can be added to the back-end response. The new network service can then form and transmit a response to the client by utilizing the central portion of the back-end response and appending additional information to it, including the information specified by the existing network-service.

Abstract: Existing network-based services can be reused by a new network service providing an updated interface to the existing services. A client request directed to the new network service triggers a back-end request from the new network service to the existing network service. The back-end request comprises aspects of the client's request and additional formatting rules and other information to override specific aspects of the existing network service. The existing network service generates a back-end response with its existing functionality that is being reused, and applies the specified overrides. Additional information to be utilized by the new network service in responding to the client can be added to the back-end response. The new network service can then form and transmit a response to the client by utilizing the central portion of the back-end response and appending additional information to it, including the information specified by the existing network-service.