Abstract: A method and system is presented to parse a WSDL description and build a hierarchical protected object namespace for authorization of access to the resource, wherein the protected object namespace is based on the abstract part of a WSDL but can be used to assist in authorization decisions for multiple different concrete bindings of this WSDL, wherein the concrete binding/request is based on the WS-Addressing endpoint reference.

Abstract: The invention provides federated functionality within a data processing system by means of a set of specialized runtimes. Each of the plurality of specialized runtimes provides requested federation services for selected ones of the requestors according to configuration data of respective federation relationships of the requestors with the identity provider. The configuration data is dynamically retrieved during initialization of the runtimes which allows the respective runtime to be specialized for a given federation relationship. Requests are routed to the appropriate specialized runtime using the first requestor identity and the given federation relationship. The data which describes each federation relationship between the identity provider and each of the plurality of requesters is configured prior to initialization of the runtimes.

Abstract: A method and a system are presented in which federated service providers interact within a federated environment to initiate federated operations. A point-of-contact component that provides session management capabilities at a first service provider receives a request from a client. The request is then sent, possibly using redirection through a client, to a federated user lifecycle management functional component of the first service provider, which may interact with a point-of-contact component at a second service provider to initiate a federated user lifecycle management function at the second service provider, which enlists the assistance of a federated user lifecycle management functional component at the second service provider.

Abstract: A method and a system are presented in which computing environments of different enterprises interact within a federated computing environment. Federated operations can be initiated at the computing environments of federation partners on behalf of a user at a different federated computing environment. A point-of-contact service relies upon a trust service to manage trust relationships between a computing environment and computing environments of federation partners. The trust service employs a key management service, an identity/attribute service, and a security token service. A federated user lifecycle management service implements federated user lifecycle functions and interacts with the point-of-contact service and the trust service.

Abstract: A method and a system are presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. The point-of-contact server receives incoming requests directed to the domain and interfaces with a first application server and a second application server, wherein the first application server responds to requests for access to controlled resources and the second application server responds to requests for access to federated user lifecycle management functions, which are implemented using one or more pluggable modules that interface with the second application server.

Abstract: Methods, systems, and computer program products are provided for controlling a GUI display for a plug-in in an application supporting plug-ins. Embodiments include receiving, at run time, in the application from the plug-in a request to display a GUI object; responsive to the request, retrieving an XML representation of the GUI object; and displaying the GUI object in dependence upon the retrieved XML representation of the GUI object. Typical embodiments also include receiving from the plug-in a request to retrieve user input responsive to the GUI object; and returning to the plug-in responsive user input.

Abstract: Methods, systems, and computer program products are provided for cross domain security information conversion. Embodiments include receiving from a system entity, in a security service, security information in a native format of a first security domain regarding a system entity having an identity in at least one security domain; translating the security information to a canonical format for security information; transforming the security information in the canonical format using a predefined mapping from the first security domain to a second security domain; translating the transformed security information in the canonical format to a native format of the second security domain; and returning to the system entity the security information in the native format of the second security domain.