Abstract: Certificate remoting and recovery may be provided. A computer may identify required security certificates and determine whether at least one required security certificate is not available. If the certificate is not available, the computer may identify a peer server and request the missing certificate from the peer server. The computer may also be operative to receive certificate management instructions from other computers.

Abstract: Calendar repair using a standard message may be provided. Calendar events, such as appointments and meetings, may be created and copied to a plurality of attendee calendars. A first copy of the event may be compared to a second copy of the event to determine whether properties between the events are out-of-sync. If so, a standard meeting request message comprising the correct value may be sent to update the out-of-sync property.

Abstract: A web extension authenticates a user using a token based authentication scheme. A token is retrieved from a client application to authenticate the user. The web extension transmits the token to a server component to have the server component authenticate the user. The server component validates the token using a validation library. The user is mapped to the token and authenticated upon validating the token.

Abstract: Online and on-premise applications identify trusted authentication providers. The applications are configured with a list of trusted issuers of authentication credentials. When an application receives a request requiring authentication, the application returns a 401 response that includes the trusted issuer list. The requesting application compares the trusted issuer list from the 401 response to its own list of authentication providers. If there is a match between the two lists, then the requesting application creates a self-issued token for the authentication provider. The authentication provider uses the self-issued token to generate an authentication token for the requesting application. The requesting application may also directly create a token for a target partner application, without an authentication provider, if there is a direct trust between the two applications.

Abstract: Calendar repair may be provided. Calendar events, such as appointments and meetings, may be created and copied to a plurality of attendee calendars. A first copy of the event may be compared to a second copy of the event, and an event property of the second event may be updated to match a corresponding event property of the first event.

Abstract: Dynamic time rebasing may be provided. After receiving a request to view a calendar item, a base time associated with the calendar item may be retrieved. A local bias associated with the request to view the calendar item may be identified. The base time may be converted to a local time according to the local bias. The calendar item may then be displayed according to the converted local time.

Abstract: Certificate remoting and recovery may be provided. A computer may identify required security certificates and determine whether at least one required security certificate is not available. If the certificate is not available, the computer may identify a peer server and request the missing certificate from the peer server. The computer may also be operative to receive certificate management instructions from other computers.

Abstract: Calendar repair using a standard message may be provided. Calendar events, such as appointments and meetings, may be created and copied to a plurality of attendee calendars. A first copy of the event may be compared to a second copy of the event to determine whether properties between the events are out-of-sync. If so, a standard meeting request message comprising the correct value may be sent to update the out-of-sync property.

Abstract: Calendar repair may be provided. Calendar events, such as appointments and meetings, may be created and copied to a plurality of attendee calendars. A first copy of the event may be compared to a second copy of the event, and an event property of the second event may be updated to match a corresponding event property of the first event.

Abstract: Enterprise Identity Management systems control access to information derived from identity-related data stored in various data repositories. An identity-based management system can automatically and dynamically compute derived data when the source data changes. Rule-base tools can be used to compute derived data from arbitrary attribute-based datasets. Dynamic computation of identity-based attributes within information system servers allows data to be aggregated and normalized from multiple data sources deployed across an organization so that updated related information can be persisted and pushed to various servers in the organization.

Abstract: A method for managing changes to policies in an enterprise includes receiving a systems policy change request to change a systems policy that implements a published enterprise policy, determining whether the requested systems policy change complies with the published enterprise policy, and updating the systems policy according to the requested systems policy change if the requested systems policy change complies with the published enterprise policy. A system for managing policies in an enterprise includes a policy management module configured for receiving published policies and generating corresponding systems policies having data for implementing the published policies, and a policy library storing the published policies and the systems policies.

Abstract: A method and system for managing and applying entitlements is described herein. An identity integration server centrally manages data associated with entitlements for a plurality of identities. The integration server may select one of a plurality of workflows. One or more of a plurality of entitlements to be used in the workflow are selected, and a set of identities for which the workflow is applicable is selected. A determination is made as to whether the workflow should be run on the identities. If so, then the workflow is initiated. The one or more entitlements are then added to a granted entitlements list. Then, a separate process may be initiated to apply the one or more entitlements to the one or more identities.

Abstract: Exemplary techniques are described for configuring a metadirectory system used to interact with a collection of connected directory sources via a respective collection of management agents. The techniques can involve importing new management agents to the metadirectory system, updating existing management agents, or configuring the entire metadirectory system (which can involve adding or updating plural management agents). Techniques are provided for ensuring that the configuration of the metadirectory system provides partitions which conform to expected partitions associated with existing management agents and/or connected directory sources.

Abstract: A method for managing changes to policies in an enterprise includes receiving a systems policy change request to change a systems policy that implements a published enterprise policy, determining whether the requested systems policy change complies with the published enterprise policy, and updating the systems policy according to the requested systems policy change if the requested systems policy change complies with the published enterprise policy. A system for managing policies in an enterprise includes a policy management module configured for receiving published policies and generating corresponding systems policies having data for implementing the published policies, and a policy library storing the published policies and the systems policies.

Abstract: A distributed enterprise includes a policy management module and policy library for automating policy change alerting. The policy management module and policy library are configured to list associations between published policies, published policy exceptions, and one or more systems policies, and to determine if changes to published (written) enterprise policies, published policy exceptions, or systems policies have occurred. The policy management module and policy library are also configured to notify personnel of the distributed enterprise so that appropriate actions may be implemented.

Abstract: A method includes associating a task with one or more elevated rights, wherein the task is associated with a user's job responsibility and granting an elevated right account to the user based on a principle of least privilege, wherein the elevated right account provides the one or more elevated rights necessary to perform only the task associated with the elevated rights.

Abstract: Exemplary methods and systems provide a relational directory of organizational information. Organizational data objects and their associated attributes are maintained in a relational directory. An organizational hierarchy is converted to a relational directory using projection, joining, and import attribute flow rules. Attributes in a relational directory may be exported out of the relational directory to a hierarchical directory.

Abstract: Enterprise Identity Management systems control access to information derived from identity-related data stored in various data repositories. An identity-based management system can automatically and dynamically compute derived data when the source data changes. Rule-base tools can be used to compute derived data from arbitrary attribute-based datasets. Dynamic computation of identity-based attributes within information system servers allows data to be aggregated and normalized from multiple data sources deployed across an organization so that updated related information can be persisted and pushed to various servers in the organization.

Abstract: Systems and methods for populating attribute value fields in an entity object employ in a ranked list of transfer options to determine which of a plurality of transfer options will be used to populate the attribute value fields in the entity object.

Abstract: A method and system for managing and applying entitlements is described herein. An identity integration server centrally manages data associated with entitlements for a plurality of identities. The integration server may select one of a plurality of workflows. One or more of a plurality of entitlements to be used in the workflow are selected, and a set of identities for which the workflow is applicable is selected. A determination is made as to whether the workflow should be run on the identities. If so, then the workflow is initiated. The one or more entitlements are then added to a granted entitlements list. Then, a separate process may be initiated to apply the one or more entitlements to the one or more identities.