Abstract: A selective cross-realm authenticator associates an identifier with a request from an entity authenticated in one realm to access a resource associated with a second realm. The identifier indicates that the entity was authenticated in a realm other than the realm associated with the requested resource. A domain controller associated with the resource performs an access check to verify that the authenticated user is authorized to authenticate to the requested resource. Permissions associated with the resource can be used to specify levels of access to be granted to entities authenticated by a domain controller associated with another realm.

Abstract: A selective cross-realm authenticator associates an identifier with a request from an entity authenticated in one realm to access a resource associated with a second realm. The identifier indicates that the entity was authenticated in a realm other than the realm associated with the requested resource. A domain controller associated with the resource performs an access check to verify that the authenticated user is authorized to authenticate to the requested resource. Permissions associated with the resource can be used to specify levels of access to be granted to entities authenticated by a domain controller associated with another realm.

Abstract: Methods and arrangements are provided for use in multiple user computing environments. These methods and arrangements can be configured to allow for a plurality of separate and concurrent desktops and workspaces within the shared computing environment. One method includes creating a separate desktop thread for each user that is authenticated during a logon process, creating a separate desktop associated with each desktop thread, and maintaining a list of desktop threads that are created. In this manner, several users can be logged on simultaneously. In certain implementations, the method further includes establishing a separate user environment associated with each desktop and launching a separate user shell associated with each desktop. The list of desktop threads allows for selective and/or automatic switching from a first desktop to a second desktop without terminating a desktop thread associated with the first desktop. The methods and arrangements are also applicable to remote process logon and switching.

Abstract: A role-based authorization management system maintains an authorization policy store that represents user authorizations to perform operations associated with an application. When a user attempts to perform a function associated with an application, the authorization management system verifies that the user is authorized to perform the requested function. The authorization management system also provides an interface for an application administrator to update role-based user authorization policies associated with one or more applications.

Abstract: Improved intrusion detection and/or tracking methods and systems are provided for use across various computing devices and networks. Certain methods, for example, form a substantially unique audit identifier during each authentication/logon process. One method includes identifying one or more substantially unique parameters that are associated with the authentication/logon process and encrypting them to form at least one audit identifier that can then be generated and logged by each device involved in the authentication/logon process. The resulting audit log file can then be audited along with similar audit log files from other devices to track a user across multiple platforms.

Abstract: A process determines a role that a target server will perform. The process also identifies at least one security policy associated with the role. The target server is then configured to implement the identified security policies.

Abstract: Access to WebDAV (Distributed Authoring and Versioning) servers is provided in a manner that is essentially transparent to applications. A WebDAV redirector and related components support file system I/O requests and network requests directed to WebDAV servers identified by URI (Universal Resource Identifier) names, or by a drive may be mapped to a WebDAV share. An application's create or open I/O requests directed to a WebDAV server are detected, and result in a local copy of the file being downloaded and cached for local access. When closed, the local file is uploaded to the WebDAV server. Network-related requests such as for browsing that are directed to a WebDAV server are also handled transparently. WebDAV files may be locally encrypted and decrypted at the file system level, transparent to applications and the WebDAV server, via an encrypting file system that performs local encryption and decryption at the local file system level.

Abstract: A dynamic authorization callback mechanism is provided that implements a dynamic authorization model. An application can thus implement virtually any authorization policy by utilizing dynamic data and flexible policy algorithms inherent in the dynamic authorization model. Dynamic data, such as client operation parameter values, client attributes stored in a time-varying or updateable data store, run-time or environmental factors such as time-of-day, and any other static or dynamic data that is managed or retrievable by the application may be evaluated in connection with access control decisions. Hence, applications may define and implement business rules that can be expressed in terms of run-time operations and dynamic data. An application thus has substantial flexibility in defining and implementing custom authorization policy, and at the same time provides standard definitions for such dynamic data and policy.

Abstract: A flexible way of expressing trust policies using, for example, XML. Multiple statement types may be expressed for a single authority type. Statement types may include less than all of the statements made by an authority type. Authority types may be defined using any manner interpretable by the computing system using the trust policy. In addition, trust policies may be updated as trust levels change. Even multiple trust policies may be used with reconciliation between the multiple trust policies being accomplished by using the more restrictive trust policy with respect to an assertion.

Abstract: A system and method that automatically, transparently and securely controls software execution by identifying and classifying software, and locating a rule and associated security level for executing executable software. The security level may disallow the software's execution, restrict the execution to some extent, or allow unrestricted execution. To restrict software, a restricted access token may be computed that reduces software's access to resources, and/or removes privileges, relative to a user's normal access token. The rules that control execution for a given machine or user may be maintained in a restriction policy, e.g., locally maintained and/or in a group policy object distributable over a network. Software may be identified/classified by a hash of its content, by a digital signature, by its file system or network path, and/or by its URL zone. For software having multiple classifications, a precedence mechanism is provided to establish the applicable rule/security level.

Abstract: The following subject matter provides for modeling an application's potential security threats at a logical component level early in the design phase of the application. Specifically, in a computer system, multiple model components are defined to represent respective logical elements of the application. Each model component includes a corresponding set of security threats that could potentially be of import not only to the component but also to the application as a whole in its physical implementation. The model components are interconnected to form a logical model of the application. One or more potential security threats are then analyzed in terms of the model components in the logical model.

Abstract: Modeling operational policies of operating a business's or institution's actual or planned IT system. The IT system may include components such as applications, application hosts, one or more networks or components thereof, hardware, and interrelationships between the components. The IT system is to be operated in accordance with operational policies that govern existence or numerosity of components, how the components are interrelated, how the components and interrelationships are configured, and/or manual or automated processes for managing and maintaining the IT system. The modeling may involve generating code that conforms to a language by declaring abstractions using types that correspond to the components of the IT system, by declaring types of interrelationships that correspond to the interrelationships of the IT system, and by defining constraints upon and between the abstract types, where the constraints correspond to operational policies of operating the IT system.

Abstract: Described is an invention for safeguarding against the modification of certain data associated with one domain of a distributed network by an entity (such as an administrator) within another domain of the distributed network while still allowing the entity to modify other data associated with the one domain. More particularly, security safeguards are applied by a directory replication service that operates to replicate the shared data to each domain in a domain “forest.” Those security safeguards allow a user to indicate that certain modifications of specified shared data may only be made within the domain in which the shared data was created. In that way, a shared data namespace may still be implemented in which trust relationships exist so that, for example, an administrator in one domain may alter a configuration of another domain within the forest. However, certain data may be restricted by these safeguards such that certain modifications of that data (e.g.

Abstract: An enterprise network architecture has a trust link established between two autonomous network systems that enables transitive resource access between network domains of the two network systems. The trust link is defined by data structures maintained by each of the respective network systems. The first network system maintains namespaces that correspond to the second network system and a domain controller in the first network system, or a first network system administrator, indicates whether to trust individual namespaces. An account managed by a domain in the second network system can request authentication via a domain controller in the first network system. The first network system determines from the trust link to communicate the authentication request to the second network system. The first network system also determines from the trust link where to communicate authorization requests when administrators manage group memberships and access control lists.

Abstract: Methods and arrangements are provided for use in multiple user computing environments. These methods and arrangements can be configured to allow for a plurality of separate and concurrent desktops and workspaces within the shared computing environment. One method includes creating a separate desktop thread for each user that is authenticated during a logon process, creating a separate desktop associated with each desktop thread, and maintaining a list of desktop threads that are created. In this manner, several users can be logged on simultaneously. In certain implementations, the method further includes establishing a separate user environment associated with each desktop and launching a separate user shell associated with each desktop. The list of desktop threads allows for selective and/or automatic switching from a first desktop to a second desktop without terminating a desktop thread associated with the first desktop. The methods and arrangements are also applicable to remote process logon and switching.

Abstract: An authorization handle is supported for each access policy determination that is likely to be repeated. In particular, an authorization handle may be assigned to access check results associated with the same discretionary access control list and the same client context. This likelihood may be determined based upon pre-set criteria for the application or service, based on usage history and the like. Once an access policy determination is assigned an authorization handle, the static maximum allowed access is cached for that policy determination. From access check to access check, the set of permissions desired by the client may change, and dynamic factors that might affect the overall privilege grant may also change; however, generally there is still a set of policies that is unaffected by the changes and common across access requests. The cached static maximum allowed access data is thus used to provide efficient operations for the evaluation of common policy sets.

Abstract: An enterprise network architecture has a trust link established between two autonomous network systems that enables transitive resource access between network domains of the two network systems. The trust link is defined by data structures maintained by each of the respective network systems. The first network system maintains namespaces that correspond to the second network system and a domain controller in the first network system, or a first network system administrator, indicates whether to trust individual namespaces. An account managed by a domain in the second network system can request authentication via a domain controller in the first network system. The first network system determines from the trust link to communicate the authentication request to the second network system. The first network system also determines from the trust link where to communicate authorization requests when administrators manage group memberships and access control lists.

Abstract: A process identifies one or more roles associated with a target server. The process also identifies one or more services associated with each role and identifies one or more ports associated with each role. The identified ports associated with the role are presented to a user. The user is requested to select among the identified ports associated with the role.

Abstract: A system and method for encryption and decryption of files. The system and method operate in conjunction with the file system to transparently encrypt and decrypt files in using a public key-private key pair encryption scheme. When a user puts a file in an encrypted directory or encrypts a file, data writes to the disk for that file are encrypted with a random file encryption key generated from a random number and encrypted with the public key of a user and the public key of at least one recovery agent. The encrypted key information is stored with the file, whereby the user or a recovery agent can decrypt the file data using a private key. With a correct private key, encrypted reads are decrypted transparently by the file system and returned to the user. One or more selectable encryption and decryption algorithms may be provided via interchangeable cryptographic modules.

Abstract: Described is a system and method for replicating each of a set of resources to a subject computer in a replica set prior to making use of a resource in the set of resources. The set of resources includes resources that are dependent upon each other for a proper functioning of the group. A manifest file that identifies each resource in a group of interrelated resources is used. The manifest file is generated at one computer in the replica set (typically the computer at which a modification to one of the interrelated resources occurred). When the modification occurs to one of the set of resources, the manifest file is transmitted (e.g., itself replicated) to each computer in the replica set. The manifest file includes an indicator that identifies the manifest file as a special file. When received at another computer in the replica set, a service evaluates the manifest file to identify whether the appropriate versions of the identified resources exist at the receiving computer.