Abstract: Methods, systems, and computer-readable storage media for receiving, by an AMS, a policy definition file defining policies to be enforced during execution of an instance of an application within the cloud platform, providing, by the AMS, an enhanced policy definition file indicating authorizations for roles for a policy of the policy definition file, providing an authentication bundle for execution of policy decisions at the instance, the authentication bundle provided based on the enhanced policy definition file, the authentication bundle distributed to application containers within the cloud platform, and during execution of the instance: transmitting, by the instance, an authorization request from the instance to an ADC, the ADC including an OPA and being executed within the container and executing policy decisions based on the authentication bundle, receiving, by the instance, a policy decision from the ADC and enforcing the policy based on the policy decision.

Abstract: Methods, systems, and computer-readable storage media for receiving, by an AMS, a policy definition file defining policies to be enforced during execution of an instance of an application within the cloud platform, providing, by the AMS, an enhanced policy definition file indicating authorizations for roles for a policy of the policy definition file, providing an authentication bundle for execution of policy decisions at the instance, the authentication bundle provided based on the enhanced policy definition file, the authentication bundle distributed to application containers within the cloud platform, and during execution of the instance: transmitting, by the instance, an authorization request from the instance to an ADC, the ADC including an OPA and being executed within the container and executing policy decisions based on the authentication bundle, receiving, by the instance, a policy decision from the ADC and enforcing the policy based on the policy decision.

Abstract: A system, method, and computer-readable medium, to receive a query specifying a result set of data from at least one database table; determine whether at least one column of the at least one database table is subject to a column-based authorization restriction; modify the query, in an instance it is determined that at least one column of the at least one database table is subject to a column-based authorization restriction, to restrict the result set of data in accordance with the column-based authorization restriction; and execute, in response to the modifying of the query, the modified query.

Abstract: A system, method, and computer-readable medium, to receive a query specifying a result set of data from at least one database table; determine whether at least one column of the at least one database table is subject to a column-based authorization restriction; modify the query, in an instance it is determined that at least one column of the at least one database table is subject to a column-based authorization restriction, to restrict the result set of data in accordance with the column-based authorization restriction; and execute, in response to the modifying of the query, the modified query.

Abstract: The present disclosure describes methods, systems, and computer program products for providing services for efficient use of existing resources. One computer-implemented method includes building a data model enhanced for efficient storage of a material, the enhancements permitting generation of optimization problem solutions related to storage of the material, wherein the enhancements include technical specifications and customizing data, enhancing one or more attributes of the enhanced data model with regulatory attributes or rules, performing, using the enhanced data model, demand planning related to the material, performing, using a dynamic optimization algorithm, material transfer planning to determine where to most effectively store the material, performing a simulation of various storage possibilities of the material, and balancing amounts of the material using results of the performed simulation by shifting quantities of the material to, from, or within a particular storage medium.

Abstract: The present disclosure describes methods, systems, and computer program products for providing declarative authorizations for SQL data manipulation. One computer-implemented method includes defining a data access model by: defining at least one aspect to be used as an authorization-relevant attribute for a resource entity, defining a path definition from the resource entity to the at least one aspect to relate the at least one aspect to the resource entity the authorization is restricted on, defining at least one restriction for the at least one aspect as part of the path definition, wherein defining the at least one restriction includes determining which constraint condition are to be used and how the constraint conditions are to be combined, and defining/assigning a role to a user, the role defining authorization to the resource entity using, at least in part, the at least one aspect, and deploying a data control language document.

Abstract: A system and method for encryption in a cloud computing platform with customer controlled keys is disclosed. A cloud-based encryption key is uploaded from a customer computing platform to a key store of the cloud computing platform, based on a customer-based encryption key. The cloud-based encryption key and customer-based encryption key is able to encrypt or decrypt customer data used by an application server running on the cloud computing platform. Next, the cloud-based encryption key is unlocked from the key store, and then stored in a secure store of a main memory associated with the customer computing platform. Then, according to encryption or decryption mechanism, the unlocked cloud-based encryption key is accessed to encrypt or decrypt customer data stored on a database of the main memory and used by the application server.

Abstract: Techniques of organizing meetings are disclosed. Time boundary information and a plurality of participant parameters for a meeting may be received. A priority indication for each participant parameter may also be received. The priority indication may indicate a level of priority of the corresponding participant parameter for the meeting. Different priority indications may indicate different levels of priority. For each participant parameter, at least one potential participant for the meeting may be identified based on the corresponding participant parameter. The priority indication for each participant parameter may be associated with the at least one potential participant corresponding to that participant parameter. For each potential participant, a measure of availability may be determined based on the time boundary information of the meeting. At least one proposed meeting time for the meeting may be determined based on the priority indications and the measures of availability of the potential participants.

Abstract: Various embodiments of systems and methods for pattern recognition of a distribution function are described herein. An influenced distribution function corresponding to an influenced attribute is compared with other distribution functions corresponding to other attributes. Based on the comparison, a correlation is determined between the influenced distribution function and an influencing distribution function from the other distribution functions. Based on the determination, a raw distribution function corresponding to an influenced attribute is extracted using the influenced distribution function and the influencing distribution function. The extracted raw distribution function and the influencing distribution function may be classified.

Abstract: A method relates to access control of shared resources on computer systems that have diverse system policies for access rights to resources. The method includes, on a source computer system with which a target computer system shares a resource, preparing user-authorization data for the shared resource in a flat file format as data tuples, line records or tables. This format makes the user-authorization data usable in computer systems with diverse system policies for access rights to resources. The method further includes authorizing user access to the shared resource on the target computer system based on the user-authorization data prepared in flat file format by the source computer system.

Abstract: A system and method for encryption in a cloud computing platform with customer controlled keys is disclosed. A cloud-based encryption key is uploaded from a customer computing platform to a key store of the cloud computing platform, based on a customer-based encryption key. The cloud-based encryption key and customer-based encryption key is able to encrypt or decrypt customer data used by an application server running on the cloud computing platform. Next, the cloud-based encryption key is unlocked from the key store, and then stored in a secure store of a main memory associated with the customer computing platform. Then, according to encryption or decryption mechanism, the unlocked cloud-based encryption key is accessed to encrypt or decrypt customer data stored on a database of the main memory and used by the application server.

Abstract: A method relates to access control of shared resources on computer systems that have diverse system policies for access rights to resources. The method includes, on a source computer system with which a target computer system shares a resource, preparing user-authorization data for the shared resource in a flat file format as data tuples, line records or tables. This format makes the user-authorization data usable in computer systems with diverse system policies for access rights to resources. The method further includes authorizing user access to the shared resource on the target computer system based on the user-authorization data prepared in flat file format by the source computer system.

Abstract: Various embodiments of systems and methods for pattern recognition of a distribution function are described herein. An influenced distribution function corresponding to an influenced attribute is compared with other distribution functions corresponding to other attributes. Based on the comparison, a correlation is determined between the influenced distribution function and an influencing distribution function from the other distribution functions. Based on the determination, a raw distribution function corresponding to an influenced attribute is extracted using the influenced distribution function and the influencing distribution function. The extracted raw distribution function and the influencing distribution function may be classified.