Abstract: A system for preserving causality of audits may include an upstream service, a downstream service, and an audit service. The upstream service receives a first request including a trace ID and a first span ID, generates a first audit concerning a resource owned by the upstream service and having the trace ID and the first span ID as metadata, persists the first audit to a first database, and generates a second request including the trace ID, a parent span ID, and a second span ID. The downstream service receives the second request from the upstream service, generates a second audit concerning a resource owned by the downstream service and having the trace ID, second span ID, and parent span ID as metadata, and persists the second audit to a second database. The audit service receives and asynchronously centralizes the first and second audits. The metadata can be used to infer causality of the audits. A method for preserving causality of audits is also disclosed and claimed.

Abstract: An apparatus for executing a task includes an authenticator to identify a user, a controller that can receive data from the user, and an authorizer to ensure that the user has access to applications used to execute the task. The controller is able to register or de-register the applications and then determine which if the registered applications should be used to execute the task. The controller then converts the data from the user so that it can be used by the application to execute the task. If the user selects a second task to be executed, the controller can determine which of the registered applications is to be used to execute the second task. Methods for executing multiple tasks are also described.

Abstract: A method for controlling access to a software application includes generating a policy machine template based on at least one role and at least one permission for an operator, generating a policy machine based on the operator and at least one object associated with the operator, and maintaining at least one logical link between the policy machine template and the policy machine. The policy machine is an access control framework permitting directed acyclic graph relationships between objects, and the policy machine controls access to the software application.

Abstract: A system for preserving causality of audits may include an upstream service, a downstream service, and an audit service. The upstream service receives a first request including a trace ID and a first span ID, generates a first audit concerning a resource owned by the upstream service and having the trace ID and the first span ID as metadata, persists the first audit to a first database, and generates a second request including the trace ID, a parent span ID, and a second span ID. The downstream service receives the second request from the upstream service, generates a second audit concerning a resource owned by the downstream service and having the trace ID, second span ID, and parent span ID as metadata, and persists the second audit to a second database. The audit service receives and asynchronously centralizes the first and second audits. The metadata can be used to infer causality of the audits. A method for preserving causality of audits is also disclosed and claimed.

Abstract: A method for controlling access to a software application includes generating a policy machine template based on at least one role and at least one permission for an operator, generating a policy machine based on the operator and at least one object associated with the operator, and maintaining at least one logical link between the policy machine template and the policy machine. The policy machine is an access control framework permitting directed acyclic graph relationships between objects, and the policy machine controls access to the software application.

Abstract: A method for substantiating a data message for use in a system includes adding discovery information to the data message related to the origin of the data message, validating the data message to comply with an industry standard, authenticating the data message to determine who transmitted the data message, and authorizing the transmission of the data message based on access rights. A method for generating a substantiated system is also described.

Abstract: A method for maintaining data in a substantiated state includes executing one or more services on the data message at a first node, annotating the message header with the services executed at the first node, transmitting the data message over a data network, and receiving the annotated data message at a second node. The annotation corresponds to the services executed at the first node, and the annotated data is extractable from the header for the execution of services at the second node. A system for maintaining data in a substantiated state is also described.

Abstract: A method for maintaining data in a substantiated state includes executing one or more services on the data message at a first node, annotating the message header with the services executed at the first node, transmitting the data message over a data network, and receiving the annotated data message at a second node. The annotation corresponds to the services executed at the first node, and the annotated data is extractable from the header for the execution of services at the second node. A system for maintaining data in a substantiated state is also described.

Abstract: A system for controlling access to a software application includes a policy machine template generator and a policy machine generator. The policy machine template generator may generate a policy machine template based on roles and permissions. The policy machine generator is coupled to the policy machine template generator and may generate a policy machine based on users and objects. The combination of the policy machine template and the policy machine is also claimed, as is a method for controlling access to a software application.

Abstract: An apparatus for executing a task includes an authenticator to identify a user, a controller that can receive data from the user, and an authorizer to ensure that the user has access to applications used to execute the task. The controller is able to register or de-register the applications and then determine which if the registered applications should be used to execute the task. The controller then converts the data from the user so that it can be used by the application to execute the task. If the user selects a second task to be executed, the controller can determine which of the registered applications is to be used to execute the second task. Methods for executing multiple tasks are also described.

Abstract: An apparatus for executing a task includes an authenticator to identify a user, a controller that can receive data from the user, and an authorizer to ensure that the user has access to applications used to execute the task. The controller is able to register or de-register the applications and then determine which if the registered applications should be used to execute the task. The controller then converts the data from the user so that it can be used by the application to execute the task. If the user selects a second task to be executed, the controller can determine which of the registered applications is to be used to execute the second task. Methods for executing multiple tasks are also described.