Abstract: Mechanisms are provided for computing resource access security in which a credential of a user agent is authenticated to determine if the user agent is associated with an entity for which an attribute based encryption (ABE) key is to be generated. If so, an ABE key is generated and provided which corresponds to a set of attributes of the entity. Token issuance logic receives a token request and the ABE key from a relying party computing device and executes a decryption operation on locking metadata associated with at least one attribute value based on the ABE key. The token issuance logic, in response to the decryption operation successfully decrypting the locking metadata, issues a generated token to the relying party computing device based on the at least one attribute value. The relying party computing device accesses the computing resources using the generated token.

Abstract: An approach is provided for token-based authorization for a remote login using attribute-based encryption (ABE). A request from a Secure Shell Protocol (SSH) client is received for establishing a session between the SSH client and a SSH server. A message is sent from the SSH server indicating the SSH client is required to obtain an ABE token. Responsive to sending a request for creating the ABE token, creating the ABE token by a token service (TS), receiving the ABE token from the TS, and sending the ABE token to the SSH server, the ABE token is received by the SSH server from the SSH client. The SSH server determines that the ABE token can be used to successfully decrypt an encrypted blob associated with a set of attributes of the SSH server. In response, the SSH server authorizes the session and an establishment of the session is completed.

Abstract: A computer-implemented method, in accordance with one embodiment, includes receiving, by a token service, an Attribute Based Encryption (ABE) authorization code having environmental attributes encoded therein. At least one test is performed, by the token service, on the ABE authorization code using ABE decryption for determining whether the ABE authorization code satisfies a predefined policy that is based on the environmental attributes. In response to determining that the ABE authorization code satisfies the predefined policy, a token is issued by the token service.

Abstract: A method to facilitate a permitted access to a protected resource associated with a service provider (SP). The method begins by the SP establishing a root of trust to a third party via an attribute-based encryption (ABE) master secret key, and a set of one or more public parameters. Once vetted by the entity, the SP receives a binary object from the third party that encodes the policy as a cryptographic payload. When a client application desires to enroll with and interoperate with the service provider, the SP receives a request for a credential. The request has an associated (ABE) user key generated by the third party according to the policy. The service provider determines whether the binary object obtained during the initial vetting process can be decrypted using the ABE user key and the public parameters and the ABE user key. If so, and provided it has obtained any other necessary permission, the service provider issues the credential to the client application.

Abstract: Mechanisms are provided for computing resource access security in which a credential of a user agent is authenticated to determine if the user agent is associated with an entity for which an attribute based encryption (ABE) key is to be generated. If so, an ABE key is generated and provided which corresponds to a set of attributes of the entity. Token issuance logic receives a token request and the ABE key from a relying party computing device and executes a decryption operation on locking metadata associated with at least one attribute value based on the ABE key. The token issuance logic, in response to the decryption operation successfully decrypting the locking metadata, issues a generated token to the relying party computing device based on the at least one attribute value. The relying party computing device accesses the computing resources using the generated token.

Abstract: A failure detection and correction module (FDCM) uses statistical measurement to detect failures in a distributed computing system caused by hardware, software, workflow, deployment, environmental factors, etc. in a component of the computing system, the computing system, or multiple computing systems and produces corrective actions. The FDCM identifies issues from various components, correlates the estimated failures in each level of components and rolls up failures and estimated failures from each level of components to system level estimations of failures, reevaluates the system reliability factors, readjusts the system reliability and system functions from the adjusted reliability factors, and produces intelligent corrective actions to improve both system reliability and the system efficiency. Corrective action includes changing slice storing parameters and rebuild priorities on a dispersed storage system.

Abstract: A failure detection and correction module (FDCM) uses statistical measurement to detect failures in a distributed computing system caused by hardware, software, workflow, deployment, environmental factors, etc. in a component of the computing system, the computing system, or multiple computing systems and produces corrective actions. The FDCM identifies issues from various components, correlates the estimated failures in each level of components and rolls up failures and estimated failures from each level of components to system level estimations of failures, reevaluates the system reliability factors, readjusts the system reliability and system functions from the adjusted reliability factors, and produces intelligent corrective actions to improve both system reliability and the system efficiency. Corrective action includes changing slice storing parameters and rebuild priorities on a dispersed storage system.