Abstract: Techniques for an Application Programming Interface (API) gateway to workload placement and load balancing in a distributed system. The API gateway may route API requests, responses, and so forth, via a plurality of paths between the API gateway, API endpoint devices and API client devices. The API gateway may collect the path properties for the plurality of paths between itself, and the client devices and API endpoints. Additionally, or alternatively, the API gateway may collect process properties indicating the statistics of specific processes. Using this data, the API gateway may determine that a particular path, a particular process, etc., has experienced performance degradation. The API gateway may further determine, and perform, a remedial action to take to remedy the performance degradation of the path or processes.

Abstract: The present invention relates to the application of Distributed Ledger Technology (DLT) to the field of software defined networking in a system and method for providing an end-to-end network comprising a plurality of software defined networks (SDNs) wherein each of the plurality of software defined networks is controlled by a software defined network controller (SDNC), the system comprising: a distributed ledger, wherein the distributed ledger is associated with a Smart Contract, wherein the Smart Contract comprises software code configured to control access by SDNCs to the distributed ledger by assessing whether a business entity and an SDNC operated by the business entity, requesting access to the distributed ledger, meet predefined trust criteria.

Abstract: A Software-as-a-Service (SaaS) access control application on a client device is configured with a certificate that identifies a user, and with configuration information for one or more SaaS applications to access, and including an IDP identifier for the SaaS application. The SaaS access control application includes software to be inserted into a network software stack of the client device and software configured to serve as an identity provider for assertions. A request, made by an application on the client device to a SaaS service provider identified by a Universal Resource Locator (URL) provided during configuration of the SaaS access control application, is intercepted within the network software stack of the client device. The SaaS access control application generates an assertion based on the certificate and configuration information. The requesting application is caused to make a request to the SaaS service provider with the assertion embedded in the request.

Abstract: Techniques are provided for authenticating a subject of a client device to access a software-as-a-service (SaaS) server. A network access device receives a request from a client device to establish a network session and transfers identity information of the subject, the client device and the network session to a session directory database. A request is sent to access an application on a SaaS server. If it does not contain an identity assertion that identifies the subject, the request is redirected to an identity provider device, to provide identity assertion services to the subject. A network session identifier is inserted into the request by a network access device and the request is forwarded to the identity provider device. The identity provider device uses the network session identifier to query the session directory database for the identity information to be used for a security assertion of the subject to the SaaS server.

Abstract: A Software-as-a-Service (SaaS) access control application on a client device is configured with a certificate that identifies a user, and with configuration information for one or more SaaS applications to access, and including an IDP identifier for the SaaS application. The SaaS access control application includes software to be inserted into a network software stack of the client device and software configured to serve as an identity provider for assertions. A request, made by an application on the client device to a SaaS service provider identified by a Universal Resource Locator (URL) provided during configuration of the SaaS access control application, is intercepted within the network software stack of the client device. The SaaS access control application generates an assertion based on the certificate and configuration information. The requesting application is caused to make a request to the SaaS service provider with the assertion embedded in the request.

Abstract: A Software-as-a-Service (SaaS) access control application on a client device is configured with a certificate that identifies a user, and with configuration information for one or more SaaS applications to access, and including an IDP identifier for the SaaS application. The SaaS access control application includes software to be inserted into a network software stack of the client device and software configured to serve as an identity provider for assertions. A request, made by an application on the client device to a SaaS service provider identified by a Universal Resource Locator (URL) provided during configuration of the SaaS access control application, is intercepted within the network software stack of the client device. The SaaS access control application generates an assertion based on the certificate and configuration information. The requesting application is caused to make a request to the SaaS service provider with the assertion embedded in the request.

Abstract: Techniques are provided for authenticating a subject of a client device to access a software-as-a-service (SaaS) server. A network access device receives a request from a client device to establish a network session and transfers identity information of the subject, the client device and the network session to a session directory database. A request is sent to access an application on a SaaS server. If it does not contain an identity assertion that identifies the subject, the request is redirected to an identity provider device, to provide identity assertion services to the subject. A network session identifier is inserted into the request by a network access device and the request is forwarded to the identity provider device. The identity provider device uses the network session identifier to query the session directory database for the identity information to be used for a security assertion of the subject to the SaaS server.

Abstract: Techniques are provided for authenticating a subject of a client device to access a software-as-a-service (SaaS) server. A network access device receives a request from a client device to establish a network session and transfers identity information of the subject, the client device and the network session to a session directory database. A request is sent to access an application on a SaaS server. If it does not contain an identity assertion that identifies the subject, the request is redirected to an identity provider device (IdP), to provide identity assertion services to the subject. A network session identifier is inserted into the request by a network access device and the request is forwarded to the IdP. The IdP uses the network session identifier to query the session directory database for the identity information to be used for a security assertion of the subject to the SaaS server.

Abstract: A Software-as-a-Service (SaaS) access control application on a client device is configured with a certificate that identifies a user, and with configuration information for one or more SaaS applications to access, and including an IDP identifier for the SaaS application. The SaaS access control application includes software to be inserted into a network software stack of the client device and software configured to serve as an identity provider for assertions. A request, made by an application on the client device to a SaaS service provider identified by a Universal Resource Locator (URL) provided during configuration of the SaaS access control application, is intercepted within the network software stack of the client device. The SaaS access control application generates an assertion based on the certificate and configuration information. The requesting application is caused to make a request to the SaaS service provider with the assertion embedded in the request.

Abstract: Techniques are provided for authenticating a subject of a client device to access a software-as-a-service (SaaS) server. A network access device receives a request from a client device to establish a network session and transfers identity information of the subject, the client device and the network session to a session directory database. A request is sent to access an application on a SaaS server. If it does not contain an identity assertion that identifies the subject, the request is redirected to an identity provider device (IdP), to provide identity assertion services to the subject. A network session identifier is inserted into the request by a network access device and the request is forwarded to the IdP. The IdP uses the network session identifier to query the session directory database for the identity information to be used for a security assertion of the subject to the SaaS server.

Abstract: Techniques are provided for asserting an identity of a client device with a server. A request is received from a client device to access processes hosted by the server. Network identifier information associated with the client device is obtained from the request. Confirmation of authentication of the client device is requested from an identity authentication server using the network identifier information. Access is provided to the client device for the processes hosted by the server when authentication of the client device is confirmed by the identity authentication server.

Abstract: A method for managing contents of a web site. A request to access a web site is received from a requestor, wherein the web site comprises a sparse tree directory comprising elements used to build the web site. The sparse tree directory comprises a web site page hierarchy located at the root directory of a shape hierarchy, wherein the web site page hierarchy comprises a directory structure of the web application and the shape hierarchy defines user shapes accommodated by the web application. The sparse tree directory also comprises a first subdirectory corresponding to a first value of a dimension and a second subdirectory corresponding to a second value of the dimension, wherein the first subdirectory comprises a first element and the second subdirectory comprises a second element. A shape of the requestor is generated, wherein the shape defines elements that can be accommodated by the requestor. The sparse tree directory is cached. The sparse tree directory is searched for elements defined by the shape.

Abstract: A method for managing contents of a web site. A request to access a web site is received from a requester, wherein the web site comprises a sparse tree directory comprising elements used to build the web site. The sparse tree directory comprises a web site page hierarchy located at the root directory of a shape hierarchy, wherein the web site page hierarchy comprises a directory structure of the web application and the shape hierarchy defines user shapes accommodated by the web application. The sparse tree directory also comprises a first subdirectory corresponding to a first value of a dimension and a second subdirectory corresponding to a second value of the dimension, wherein the first subdirectory comprises a first element and the second subdirectory comprises a second element. A shape of the requestor is generated, wherein the shape defines elements that can be accommodated by the requester. The sparse tree directory is cached. The sparse tree directory is searched for elements defined by the shape.

Abstract: A method for managing contents of a web site. A request to access a web site is received from a requestor, wherein the web site comprises a sparse tree directory comprising elements used to build the web site. The sparse tree directory comprises a web site page hierarchy located at the root directory of a shape hierarchy, wherein the web site page hierarchy comprises a directory structure of the web application and the shape hierarchy defines user shapes accommodated by the web application. The sparse tree directory also comprises a first subdirectory corresponding to a first value of a dimension and a second subdirectory corresponding to a second value of the dimension, wherein the first subdirectory comprises a first element and the second subdirectory comprises a second element. A shape of the requestor is generated, wherein the shape defines elements that can be accommodated by the requestor. The sparse tree directory is cached. The sparse tree directory is searched for elements defined by the shape.

Abstract: A method is disclosed for determining whether access to a host requested by a client session connection is permitted. After determining attributes of the client session connection, a list of hosts is selected based on the determined attributes of the client session connection. The list of hosts is then used to determine whether access to the requested host is permitted. The disclosed method can be used to allow for location-specific white lists of free URLs for a user at a wireless network hotspot that the user can access before being authenticated.

Abstract: A method is disclosed for determining a location of a client session in a telecommunications network by comparing attributes of the client session connection to location definition information stored in a configuration file. A method of handling requests from proxy and non-proxy client connections in a telecommunications network by redirecting requests from unauthenticated proxy clients to a transparent proxy port on a captive portal such that the captive portal proxies the requests is also disclosed. The request may be directed to a service, such as a destination IP address and optional port number. A method for a proxy server to identify an edge session through an out-of-band request containing proxy metadata to a web portal for secure (HTTPS) requests is also disclosed. The edge session is identified for the web portal through a hostkey determined by the proxy server.