Abstract: Computer implemented methods are presented. The methods include, for instance: obtaining a user credential for login to a mobile device from a user. By use of a multi-layered authentication, based on the user credential, and a discreet user identity verification, the user determined to be unauthorized would operate the mobile device in a precaution mode, which discreetly creates secure records of activities of the user.

Abstract: An event/object reporting system is provided using data from sensors of a smart vehicle, which events/objects are observed by the smart vehicle but do not involve the smart vehicle. For this purpose, a computer-implemented method includes collecting, by the computer device, sensor data from at least one sensor on the smart vehicle regarding events/objects external to the smart vehicle, analyzing, by the computer device, the sensor data to detect whether a predetermined event and/or object external to the smart vehicle is found in the sensor data, and transmitting, by the computer device, portions of the sensor data pertaining to the predetermined event and/or object to an external server based on the detecting.

Abstract: An event/object reporting system is provided using data from sensors of a smart vehicle, which events/objects are observed by the smart vehicle but do not involve the smart vehicle. For this purpose, a computer-implemented method includes collecting, by the computer device, sensor data from at least one sensor on the smart vehicle regarding events/objects external to the smart vehicle, analyzing, by the computer device, the sensor data to detect whether a predetermined event and/or object external to the smart vehicle is found in the sensor data, and transmitting, by the computer device, portions of the sensor data pertaining to the predetermined event and/or object to an external server based on the detecting.

Abstract: Computer implemented methods are presented. The methods include, for instance: obtaining a user credential for login to a mobile device from a user. By use of a multi-layered authentication, based on the user credential, and a discreet user identity verification, the user determined to be unauthorized would operate the mobile device in a precaution mode, which discreetly creates secure records of activities of the user.

Abstract: Mechanisms are provided for performing security role definition testing. An application is received in a container of a runtime environment of the data processing system. The application has methods and security role definitions associated with the methods. A properties object, which specifies a user identifier to security role mapping, is received in the container. A test application is executed, in the container, by the processor, on an execution of the methods of the application based on the user identifier to security role mapping and the security role definitions. The test application tests an operation of the application with regard to the security role definitions. A result of the execution of the test application on the execution of the methods of the application is then output.

Abstract: A cloud deployment appliance (or other platform-as-a-service (IPAS) infrastructure software) includes a mechanism to deploy a product as a “shared service” to the cloud, as well as to enable the product to establish a trust relationship between itself and the appliance or IPAS. The mechanism further enables multiple products deployed to the cloud to form trust relationships with each other (despite the fact that each deployment and each product typically, by the nature of the cloud deployment, are intended to be isolated from one another). In addition, once deployed and provisioned into the cloud, a shared service can become part of a single sign-on (SSO) domain automatically. SSO is facilitated using a token-based exchange. Once a product registers with a token service, it can participate in SSO. This approach enables enforcement of consistent access control policy across product boundaries, and without requiring a user to perform any configuration.

Abstract: Disclosed is a computer implemented method, computer program product, and apparatus to switch security configurations. A data processing system accesses a first security configuration via a thread of execution, wherein a security configuration comprises at least one security parameter. The thread receives an incoming request. The thread switches to a second security configuration that specifies a resource, based on the incoming request, responsive to receiving the incoming request. The thread stores the second security configuration or a reference to the second security configuration to a stack. The thread authenticates the incoming request based on the second security configuration. The thread grants or denies access to the resource. The thread executes a method referenced in the incoming request. The thread restores to a first security configuration, responsive to completing the method.

Abstract: A method, data processing system, and computer program product for managing user identification information. A determination is made whether an instance of security information in use on the first application server and referenced by a token that has expired was generated by an application server compatible with a first application server in response to receiving the token. A determination is made whether the instance of the security information is managed by a set of rules for a group of users of the first application server. A determination is made whether a user identifier from the token is authorized to access the first application server. The token is renewed in response to determining that the user identifier is authorized to access the first application server.

Abstract: A method, system and computer-usable medium are disclosed for managing identity authorizations to access information processing system resources. An application thread requiring access to target resources is initiated and associated with an authenticated client identity and a server identity. The resource authorization attribute of a resource required for execution of the application thread designates the use of a client identity, a server identity, or a client identity and server identity when attempting authorized access of the resource. The client identity, the server identity, or the client identity and server identity is then respectively used to access the target resource and the application thread is executed.

Abstract: A cloud deployment appliance (or other platform-as-a-service (IPAS) infrastructure software) includes a mechanism to deploy a product as a “shared service” to the cloud, as well as to enable the product to establish a trust relationship between itself and the appliance or IPAS. The mechanism further enables multiple products deployed to the cloud to form trust relationships with each other (despite the fact that each deployment and each product typically, by the nature of the cloud deployment, are intended to be isolated from one another). In addition, once deployed and provisioned into the cloud, a shared service can become part of a single sign-on (SSO) domain automatically. SSO is facilitated using a token-based exchange. Once a product registers with a token service, it can participate in SSO. This approach enables enforcement of consistent access control policy across product boundaries, and without requiring a user to perform any configuration.

Abstract: A method, system, and computer usable program product for flexibly assigning security configurations to applications are provided in the illustrative embodiments. An embodiment determines, forming a first determination, whether a first identifier identifying the application is mapped to the security configuration. The embodiment determines, forming a second determination, whether the application participates in a group by determining whether a second identifier identifying the group is mapped to the security configuration. The embodiment assigns, forming a first assignment, the security configuration to the application if either of the first and the second determinations is true. The embodiment assigns, forming a second assignment, the security configuration to the application using a determination by a first policy if the first and the second determinations are false.

Abstract: A method, data processing system, and computer program product for managing user identification information. A determination is made whether an instance of security information in use on the first application server and referenced by a token that has expired was generated by an application server compatible with a first application server in response to receiving the token. A determination is made whether the instance of the security information is managed by a set of rules for a group of users of the first application server. A determination is made whether a user identifier from the token is authorized to access the first application server. The token is renewed in response to determining that the user identifier is authorized to access the first application server.

Abstract: Mechanisms are provided for performing security role definition testing. An application is received in a container of a runtime environment of the data processing system. The application has methods and security role definitions associated with the methods. A properties object, which specifies a user identifier to security role mapping, is received in the container. A test application is executed, in the container, by the processor, on an execution of the methods of the application based on the user identifier to security role mapping and the security role definitions. The test application tests an operation of the application with regard to the security role definitions. A result of the execution of the test application on the execution of the methods of the application is then output.

Abstract: A method, system, and computer usable program product for flexibly assigning security configurations to applications are provided in the illustrative embodiments. An embodiment determines, forming a first determination, whether a first identifier identifying the application is mapped to the security configuration. The embodiment determines, forming a second determination, whether the application participates in a group by determining whether a second identifier identifying the group is mapped to the security configuration. The embodiment assigns, forming a first assignment, the security configuration to the application if either of the first and the second determinations is true. The embodiment assigns, forming a second assignment, the security configuration to the application using a determination by a first policy if the first and the second determinations are false.

Abstract: A method, system, and computer usable program product for flexibly assigning security configurations to applications are provided in the illustrative embodiments. An embodiment determines, forming a first determination, whether a first identifier identifying the application is mapped to the security configuration. The embodiment determines, forming a second determination, whether the application participates in a group by determining whether a second identifier identifying the group is mapped to the security configuration. The embodiment assigns, forming a first assignment, the security configuration to the application if either of the first and the second determinations is true. The embodiment assigns, forming a second assignment, the security configuration to the application using a determination by a first policy if the first and the second determinations are false.

Abstract: A method, system and computer-usable medium are disclosed for managing identity authorizations to access information processing system resources. An application thread requiring access to target resources is initiated and associated with an authenticated client identity and a server identity. The resource authorization attribute of a resource required for execution of the application thread designates the use of a client identity, a server identity, or a client identity and server identity when attempting authorized access of the resource. The client identity, the server identity, or the client identity and server identity is then respectively used to access the target resource and the application thread is executed.

Abstract: A method, system, and computer usable program product for flexibly assigning security configurations to applications are provided in the illustrative embodiments. An embodiment determines, forming a first determination, whether a first identifier identifying the application is mapped to the security configuration. The embodiment determines, forming a second determination, whether the application participates in a group by determining whether a second identifier identifying the group is mapped to the security configuration. The embodiment assigns, forming a first assignment, the security configuration to the application if either of the first and the second determinations is true. The embodiment assigns, forming a second assignment, the security configuration to the application using a determination by a first policy if the first and the second determinations are false.

Abstract: Disclosed is a computer implemented method, computer program product, and apparatus to switch security configurations. A data processing system accesses a first security configuration via a thread of execution, wherein a security configuration comprises at least one security parameter. The thread receives an incoming request. The thread switches to a second security configuration that specifies a resource, based on the incoming request, responsive to receiving the incoming request. The thread stores the second security configuration or a reference to the second security configuration to a stack. The thread authenticates the incoming request based on the second security configuration. The thread grants or denies access to the resource. The thread executes a method referenced in the incoming request. The thread restores to a first security configuration, responsive to completing the method.

Abstract: Systems and methods for computer-based numerical calculation using a calcsheet are provided. A calcsheet may provide one or more columns for vertical calculation, each column having a plurality of fields including operation fields, number fields, and optional comment fields. The calcsheet may include multiple columns of vertical calculations. A user may type in calculations in a manner similar to the entry of calculations on a hand held calculator, and the calculations may be displayed in a vertical format in substantially any column. Number fields in a calcsheet may include mathematical formulas or references to other fields. A set of fields (such as all operation fields in a column, for example) may be hidden. The display order of fields may be altered. Parentheses spanning multiple rows may be used to alter the order of operations. Spreadsheet lines and vertical calculations may be used in a single document or display screen.

Abstract: Systems and methods for computer-based numerical calculation using a calcsheet are provided. A calcsheet may provide one or more columns for vertical calculation, each column having a plurality of fields including operation fields, number fields, and optional comment fields. The calcsheet may include multiple columns of vertical calculations. A user may type in calculations in a manner similar to the entry of calculations on a hand held calculator, and the calculations may be displayed in a vertical format in substantially any column. Number fields in a calcsheet may include mathematical formulas or references to other fields. A set of fields (such as all operation fields in a column, for example) may be hidden. The display order of fields may be altered. Parentheses spanning multiple rows may be used to alter the order of operations. Spreadsheet lines and vertical calculations may be used in a single document or display screen.