Abstract: A distributed component software system that includes an analysis server that: (i) receives a set of messages, where each message is sent between components of a distributed component software system (DCSS), and where each message includes an identification of a respective source component, an identification of a respective target component and respective message content; (ii) for each message of the set of received messages, resolves the respective source component; (iii) for each message of the set of received messages, resolves the respective source component; (iv) determines a sequence of the plurality of messages; and (v) generates a human-understandable abstract corresponding to the set of received messages based upon the respective message sources, the respective message targets, the respective message content and the sequence of the set of received messages.

Abstract: A solution descriptor comprises a set of component workload units, a workload unit describing a deployable application component with application binary, configuration parameters and dependency declarations. An environment descriptor specifies a set of target platforms and plugins in an execution environment. A deployer interprets the solution descriptor and the environment descriptor, and generates a list of tuples comprising compatible workload-plugin-platform combinations. The deployer determines an execution order for the list of tuples, and invokes the plugins in the list of tuples in the execution order, wherein each of the plugins executes a corresponding compatible workload on a corresponding compatible target platform specified in the list of tuples.

Abstract: A solution descriptor comprises a set of component workload units, a workload unit describing a deployable application component with application binary, configuration parameters and dependency declarations. An environment descriptor specifies a set of target platforms and plugins in an execution environment. A deployer interprets the solution descriptor and the environment descriptor, and generates a list of tuples comprising compatible workload-plugin-platform combinations. The deployer determines an execution order for the list of tuples, and invokes the plugins in the list of tuples in the execution order, wherein each of the plugins executes a corresponding compatible workload on a corresponding compatible target platform specified in the list of tuples.

Abstract: A solution descriptor comprises a set of component workload units, a workload unit describing a deployable application component with application binary, configuration parameters and dependency declarations. An environment descriptor specifies a set of target platforms and plugins in an execution environment. A deployer interprets the solution descriptor and the environment descriptor, and generates a list of tuples comprising compatible workload-plugin-platform combinations. The deployer determines an execution order for the list of tuples, and invokes the plugins in the list of tuples in the execution order, wherein each of the plugins executes a corresponding compatible workload on a corresponding compatible target platform specified in the list of tuples.

Abstract: A solution descriptor comprises a set of component workload units, a workload unit describing a deployable application component with application binary, configuration parameters and dependency declarations. An environment descriptor specifies a set of target platforms and plugins in an execution environment. A deployer interprets the solution descriptor and the environment descriptor, and generates a list of tuples comprising compatible workload-plugin-platform combinations. The deployer determines an execution order for the list of tuples, and invokes the plugins in the list of tuples in the execution order, wherein each of the plugins executes a corresponding compatible workload on a corresponding compatible target platform specified in the list of tuples.

Abstract: A solution descriptor comprises a set of component workload units, a workload unit describing a deployable application component with application binary, configuration parameters and dependency declarations. An environment descriptor specifies a set of target platforms and plugins in an execution environment. A deployer interprets the solution descriptor and the environment descriptor, and generates a list of tuples comprising compatible workload-plugin-platform combinations. The deployer determines an execution order for the list of tuples, and invokes the plugins in the list of tuples in the execution order, wherein each of the plugins executes a corresponding compatible workload on a corresponding compatible target platform specified in the list of tuples.

Abstract: A solution descriptor comprises a set of component workload units, a workload unit describing a deployable application component with application binary, configuration parameters and dependency declarations. An environment descriptor specifies a set of target platforms and plugins in an execution environment. A deployer interprets the solution descriptor and the environment descriptor, and generates a list of tuples comprising compatible workload-plugin-platform combinations. The deployer determines an execution order for the list of tuples, and invokes the plugins in the list of tuples in the execution order, wherein each of the plugins executes a corresponding compatible workload on a corresponding compatible target platform specified in the list of tuples.

Abstract: A distributed component software system that includes an analysis server that: (i) receives a set of messages, where each message is sent between components of a distributed component software system (DCSS), and where each message includes an identification of a respective source component, an identification of a respective target component and respective message content; (ii) for each message of the set of received messages, resolves the respective source component; (iii) for each message of the set of received messages, resolves the respective source component; (iv) determines a sequence of the plurality of messages; and (v) generates a human-understandable abstract corresponding to the set of received messages based upon the respective message sources, the respective message targets, the respective message content and the sequence of the set of received messages.

Abstract: A sending entity creates a structured document and communicates it to a receiving entity includes a transform to ensure document elements are not moved during communication. The structured document comprises a root element and a set of child elements. A child element is protected by a digital signature, prior to being positioned within the document. This element includes a sending entity security policy. The receiving entity includes a transform that determines whether the signed element is in a given position within the received document. The transform evaluates the data string against a set of ancestor elements of the signed element to determine whether the signed element is in the given position. If so, the transform preferably outputs the signed element itself. If the transform determines that the signed element has been moved, however, preferably it outputs a given value other than the signed element.

Abstract: A method, system and computer program product for security model for workflows aggregating third party secure services. In one embodiment, a workflow model described in a workflow language is provided and configured to declare security requirements of a composite application integrating protected data from two or more external network resources. The method also incorporates providing an authentication service executing on at least one secure server computer. The authentication service is configured to conduct user authentication and authorization to access the protected data at the external network resources on behalf of the composite application executing on at least one host server computer according to the workflow language.

Abstract: An embodiment of the invention provides a method for non-intrusive cloud services billing, including storing service log files in a data store, wherein each of the service log files include a lifecycle event of a resource in a service produced by an instance of the service. A log transformer connected to the data store converts the service log files into a standardized format. A metering descriptor describing billable entities for each offering of the service is obtained, wherein each offering of the service has a different metering descriptor, and wherein the billable entities include multiple categories of billing. A billing record generator connected to the log transformer is programmed, wherein the billing record generator converts standardized log records into metering records. The billing record generator generates a metering record with one or more of the service log files in the standardized format and the metering descriptor.

Abstract: A method for single sign-on with established federation includes triggering a single sign-on operation from a first service to a second service, retrieving, by the first service, an associated federation key and pseudo identification for a user agent, generating, by the first service, a token signed with a federation key for the user agent based on the pseudo identification, redirecting, by the first service, the user agent to the second service, wherein the user agent transfers the token to the second service, verifying, by the second service, the token and determining an associated identification in the second service, and returning, by the second service, a resource to the user agent.

Abstract: A system in a cloud services environment comprises one or more service offerings, one or more service instances and one or more service support utilities. Each of the one or more service offerings is described by at least one service descriptor. Each of the one or more service instances is obtained from at least one of the one or more service offerings. Each of the one or more service support utilities is customized by at least one service descriptor. A service comprises at least one component and a service descriptor comprises one or more models.

Abstract: A system in a cloud services environment comprises one or more service offerings, one or more service instances and one or more service support utilities. Each of the one or more service offerings is described by at least one service descriptor. Each of the one or more service instances is obtained from at least one of the one or more service offerings. Each of the one or more service support utilities is customized by at least one service descriptor. A service comprises at least one component and a service descriptor comprises one or more models.

Abstract: A method for single sign-on with established federation includes triggering a single sign-on operation from a first service to a second service, retrieving, by the first service, an associated federation key and pseudo identification for a user agent, generating, by the first service, a token signed with a federation key for the user agent based on the pseudo identification, redirecting, by the first service, the user agent to the second service, wherein the user agent transfers the token to the second service, verifying, by the second service, the token and determining an associated identification in the second service, and returning, by the second service, a resource to the user agent.

Abstract: A method, system and computer program product for security model for workflows aggregating third party secure services. In one embodiment, a workflow model described in a workflow language is provided and configured to declare security requirements of a composite application integrating protected data from two or more external network resources. The method also incorporates providing an authentication service executing on at least one secure server computer. The authentication service is configured to conduct user authentication and authorization to access the protected data at the external network resources on behalf of the composite application executing on at least one host server computer according to the workflow language.

Abstract: A system in which a sending entity creates a structured document and communicates that document to a receiving entity includes a transform to ensure that document elements are not moved during communication. The structured document is typically XML, and the document comprises a root element and a set of one or more child elements. At least one child element is protected, for example, by a digital signature, prior to being positioned within the XML document. This “signed” element includes a sending entity security policy, preferably in the form of a position dependent or absolute path expression. The receiving entity includes a transform that determines whether the signed element is in a given position within the received XML document. Typically, the given position is the position at which the signed element was placed within the structured document by the sending entity.

Abstract: Apparatus and methods for providing secure electronic brokers are provided. The apparatus and methods make use of trading programs and their matching rules (and if needed some negotiation protocols) which allows the apparatus to communicate with customers using messaging middleware, thereby becoming an electronic broker or e-broker for the customers. The e-broker device publishes, using Pub/Sub messaging technology, for example, the type of trades it expects to broker. Potential users subscribe, using content based matching, to the types of trades they would like to make. Together with its advertising, the e-broker publishes the public part of its public encryption scheme. The user then sends it encrypted bids and the public part of its own public encryption scheme to the e-broker. When the users submit their identification, the e-broker device checks their overall quality (credit, reputation, etc.).