Abstract: Embodiments described herein are directed to methods, and systems for generating event processing language code in a development environment using an event processing compiler. A query in event processing language is received in a development environment. The query can be associated with sample data from input files or an input data source. An event processing compiler compiles the query, where the compiler transforms the query from event processing language code to a development environment script language code. In particular, the event processing language code transforms the code based on event processing attributes that are intricately aligned in syntax and semantic between the event processing language and the development environment script language. The query as a development environment script is executed using sample data.

Abstract: Embodiments described herein are directed to methods and systems for enhanced event processing. An enhanced event processing request is received, the enhanced processing request comprising an indication of input data from a database data source. The input data indicated in the enhanced event processing request is accessed using a constructed data stream. The constructed data stream provides access to a collection of snapshots over time of database data of the database data source. The data from constructed data stream source may be accessed as a function of a selected value and a selected time. The constructed data stream data includes the temporal element, which is unavailable with the database data, the temporal element facilitates performing enhanced event processing for the database data using the constructed data stream data. An output for the enhanced event processing request is generated based on the input data accessed using the constructed data stream data.

Abstract: A complex event processor is described which has a communications interface configured to retrieve event data by pulling it from one or more sources and to receive at least one live event stream pushed to the interface. An event processing pipeline connected to the communications interface comprises a plurality of operator nodes connected between the communications interface and a combiner node which is a node configured to combine event data from the source and from the live event stream. The communications interface is configured to retrieve events from the source and to push the events retrieved from the source along the event processing pipeline towards the combiner node. The communications interface is configured to retrieve and push the retrieved events only in response to request messages passed in an upstream direction from the combiner node to the communications interface along the pipeline.

Abstract: A complex event processor is described which has a communications interface configured to retrieve event data by pulling it from one or more sources and to receive at least one live event stream pushed to the interface. An event processing pipeline connected to the communications interface comprises a plurality of operator nodes connected between the communications interface and a combiner node which is a node configured to combine event data from the source and from the live event stream. The communications interface is configured to retrieve events from the source and to push the events retrieved from the source along the event processing pipeline towards the combiner node. The communications interface is configured to retrieve and push the retrieved events only in response to request messages passed in an upstream direction from the combiner node to the communications interface along the pipeline.

Abstract: Embodiments described herein are directed to methods, and systems for generating event processing language code in a development environment using an event processing compiler. A query in event processing language is received in a development environment. The query can be associated with sample data from input files or an input data source. An event processing compiler compiles the query, where the compiler transforms the query from event processing language code to a development environment script language code. In particular, the event processing language code transforms the code based on event processing attributes that are intricately aligned in syntax and semantic between the event processing language and the development environment script language. The query as a development environment script is executed using sample data.

Abstract: Embodiments described herein are directed to methods and systems for enhanced event processing. An enhanced event processing request is received, the enhanced processing request comprising an indication of input data from a database data source. The input data indicated in the enhanced event processing request is accessed using a constructed data stream. The constructed data stream provides access to a collection of snapshots over time of database data of the database data source. The data from constructed data stream source may be accessed as a function of a selected value and a selected time. The constructed data stream data includes the temporal element, which is unavailable with the database data, the temporal element facilitates performing enhanced event processing for the database data using the constructed data stream data. An output for the enhanced event processing request is generated based on the input data accessed using the constructed data stream data.

Abstract: Methods for ad-hoc trust establishment using visual verification are described. In a first embodiment, a visual representation of a shared data is generated on two or more devices and the visual representations generated can be visually compared by a user. This method can be used to verify that the correct devices are involved in a negotiation, when pre-existing trust relationships do not exist between the devices. The visual representation may, for example, comprise a picture with a number of different elements, each representing a part of the shared data. In another embodiment, a method of secure key exchange is described in which, before sharing the keys, the parties exchange information which encapsulates the key. This information can be used subsequently to check that a party has not changed the key that they are using and prevents a man in the middle attack.

Abstract: A delegation metasystem for composite services is described, where a composite service is a service which calls other services during its operation. In an embodiment, the composite service is defined using generic descriptions for any services (and their access control models) which may be called by the composite service during operation. At run time, these generic descriptions and potentially other factors, such as the user of the composite service, are used to select actual available services which may be called by the composite service and access rights for the selected services are delegated to the composite service. These access rights may subsequently be revoked when the composite service terminates.

Abstract: A logic language model for handling of personal data by specifying users' preferences on how their personal data should be treated by data-collecting services and the services' policies on how they will treat collected data is provided. Preferences and policies are specified in terms of granted rights and required obligations, expressed as declarative assertions and queries. Query evaluation is formalized by a proof system for verifying whether a policy satisfies a preference is defined.

Abstract: A scoped federation is described which is referenced by a unique identifier and messages relating to the federation include this unique identifier. The federation is scoped by rules which are stored associated with the unique identifier and upon receipt of a request containing the unique identifier, the related rules are checked to determine if the request is valid.

Abstract: Whether user-side privacy preferences and service-side privacy policies are matched is determined utilizing an extended security policy assertion language. Both privacy policies, i.e. how data recipients promise to treat data, and privacy preferences, i.e. how data providers expect their data to be treated, are expressed with the same language. Decisions are made through evaluation of queries based on preference and policy assertions.

Abstract: A method of storing a composite service on an untrusted host without enabling the untrusted host to access resources called by the composite service is described. In an embodiment, the delegator provides a delegatee with credentials to enable verification of the composite service and to enable access to the resources. The credential which is provided to enable access to the resources may be a credential which can be used to decrypt access credentials for each of the resources. These access credentials are stored in encrypted form in a credential store. The delegatee downloads the composite service and the encrypted access credentials and executes the composite service once it has been verified.

Abstract: Provided is ad-hoc creation of groups based on contextual information comprising. Two mechanisms are used to restrict valid members of a group. First, to make sure that devices are somehow related, devices provide contextual information that is compared to the contextual information provided by other devices willing to join the group. Only devices providing “similar” contextual information are accepted as possible candidates in the group. Second, to scope the group, a time window is used to limit the duration of the group creation. In other words, access to the group is reserved to the devices that can provide similar context information to existing member of the group in a defined time window. Security properties are ensured by enabling a visual check of the list of group participants. For instance, a member can verify that the displayed pictures indeed represent the attendees of an ongoing meeting.

Abstract: Methods for ad-hoc trust establishment using visual verification are described. In a first embodiment, a visual representation of a shared data is generated on two or more devices and the visual representations generated can be visually compared by a user. This method can be used to verify that the correct devices are involved in a negotiation, when pre-existing trust relationships do not exist between the devices. The visual representation may, for example, comprise a picture with a number of different elements, each representing a part of the shared data. In another embodiment, a method of secure key exchange is described in which, before sharing the keys, the parties exchange information which encapsulates the key. This information can be used subsequently to check that a party has not changed the key that they are using and prevents a man in the middle attack.

Abstract: A delegation metasystem for composite services is described, where a composite service is a service which calls other services during its operation. In an embodiment, the composite service is defined using generic descriptions for any services (and their access control models) which may be called by the composite service during operation. At run time, these generic descriptions and potentially other factors, such as the user of the composite service, are used to select actual available services which may be called by the composite service and access rights for the selected services are delegated to the composite service. These access rights may subsequently be revoked when the composite service terminates.

Abstract: A scoped federation is described which is referenced by a unique identifier and messages relating to the federation include this unique identifier. The federation is scoped by rules which are stored associated with the unique identifier and upon receipt of a request containing the unique identifier, the related rules are checked to determine if the request is valid.

Abstract: Provided is ad-hoc creation of groups based on contextual information comprising. Two mechanisms are used to restrict valid members of a group. First, to make sure that devices are somehow related, devices provide contextual information that is compared to the contextual information provided by other devices willing to join the group. Only devices providing “similar” contextual information are accepted as possible candidates in the group. Second, to scope the group, a time window is used to limit the duration of the group creation. In other words, access to the group is reserved to the devices that can provide similar context information to existing member of the group in a defined time window. Security properties are ensured by enabling a visual check of the list of group participants. For instance, a member can verify that the displayed pictures indeed represent the attendees of an ongoing meeting.