Abstract: A method and system for authorizing a user. The method comprises the steps of assigning a first role to a user in a first domain, assigning a second role in a second domain to the first role, and assigning access to a resource in the second domain to the second role. The method comprises the further steps of receiving a request from the user for the resource; and providing access to the resource, to the user. The invention may be employed by users and services to manage their interaction with those services, including configuring which they trust for what types of information, in what applications, and which subsets of information they can be trusted to provide.

Abstract: A method and system for scheduling a meeting. The method comprises the steps of receiving a request from a participant in an instant message session to schedule a meeting; and running a natural language processing tool to determine meeting participants and available times, from a record of the message session. A calendaring and scheduling application is run to accept the meeting participants and available times, consult calendars of the meeting participants, and schedule the meeting. A notification is sent to the participants in the instant message session of the meeting schedule, and the meeting schedule is added to the calendars of the meeting participants.

Abstract: These and other objectives are attained with a method and system for evaluating an access policy change. The method comprises the step of providing an access control mechanism having a first policy, and an audit log having entries of accesses made under that first policy. The method comprises the further steps of submitting a second policy to the access control mechanism, comparing the log entries to the second policy, and based on the results of the comparing step, taking one of a predetermined number of actions.

Abstract: A method for executing trusted commands, in which a trusted command is first received from a user at a user terminal and parsed by untrusted code; then passed to a trusted computing base for execution. The trusted computing base displays to the user for confirmation indication of what is to be done. Confirmation of the commands prevents unauthorized modification of the commands and increases system confidence. A randomly (or pseudo-randomly) generated process identifier is employed to verify the existence of a trusted path.