Abstract: Multiple application server instances can be arranged in a cluster that implements a distributed EJB timer system. A high availability database can store EJB timer info. The EJB timer jobs can be distributed among the application server instances of the cluster that implement the distributed EJB timer system. In case of a failure of an application server instance, the EJB timer info can be used to reassign the EJB timer jobs associated with the failed application server instance.

Abstract: Techniques described herein can be implemented as one or a combination of methods, systems or processor executed code to form embodiments capable of improved protection of data or other computing resources based at least in part upon limiting access to a select number of delegates. Limited access to cloud data based on customer selected or other criterion, reducing the possibility of security exposures and/or improving privacy is provided for.

Abstract: In accordance with disclosed embodiments, there are provided systems and methods for implementing an encrypted search index.

Abstract: Disclosed herein are techniques for provisioning computing services. In some implementations, a plurality of computing resources available within a computing environment are identified. The plurality of computing resources may be capable of being used to provide computing services via the computing environment. Each of the computing resources may comprise a respective unit of computing functionality available within the computing environment. A plurality of dependency relationships among the computing resources may be identified. Based on the identified dependency relationships, a first one or more of the computing resources may be selected for inclusion in a license definition. A license conforming to the license definition may provide an entity with access to the computing functionality associated with the first one or more computing resources.

Abstract: Methods and systems are described for providing support representative access to applications deployed in an enterprise network environment. An access provisioning system defines a support user class in a user profile database for an application executed on an organization partition within the network. The support user is granted read only privileges to metadata of the application. An organization administrator can grant support personnel access to the application as a support user, thus the ability to view, analyze, and possibly modify the metadata. The access provisioning system generates a Security Assertion Markup Language (SAML) assertion upon request by the support personnel to enable access to the data to the extent of the granted privileges. The SAML protocol includes authentication of the support representative as an authorized support user within the system.

Abstract: Methods and systems are described for providing support representative access to applications deployed in an enterprise network environment. An access provisioning system defines a support user class in a user profile database for an application executed on an organization partition within the network. The support user is granted read only privileges to metadata of the application. An organization administrator can grant support personnel access to the application as a support user, thus the ability to view, analyze, and possibly modify the metadata. The access provisioning system generates a Security Assertion Markup Language (SAML) assertion upon request by the support personnel to enable access to the data to the extent of the granted privileges. The SAML protocol includes authentication of the support representative as an authorized support user within the system.

Abstract: Disclosed herein are techniques for creating a representation of dependency relationships between computing resources within a computing environment. In some implementations, one or more sources for dependency analysis may be identified. Each source may be capable of being accessed to provide computing functionality via the computing environment. Each source may include one or more references to a respective one or more computing resources. Each computing resource may define a unit of the computing functionality available within the computing environment. A plurality of dependency relationships may be identified based on the one or more sources. A dependency relationship representation may be created based on the identified dependency relationships.

Abstract: Disclosed herein are techniques for providing a user interface component. In some implementations, a request for the user interface component may be received at a computing device. The user interface component may have a default visual presentation. A branding override may be selected from a plurality of available branding overrides. The branding override may define a modification to the default visual presentation of the user interface component. The branding override may be selected based on one or more contextual variables associated with the request for the user interface component. The user interface component may be modified in accordance with the selected branding override. The user interface component may be displayed on a display device.

Abstract: Embodiments are described for providing access by application vendors to applications deployed in an enterprise network environment. A package access system defines a support user class in a user profile database for an application executed within organization resources maintained in a multi-tenant data store. The support user is granted read only privileges to metadata of the application. An organization administrator can grant the application vendor access to the application as a support user, allowing the vendor to view and analyze the metadata. The organization administrator can further grant access by a specific support representative to the application as a specific user within the organization user for a limited term. The support representative can then log into the organization and access and use the application in order to diagnose any post-installation usage problems with the application.

Abstract: Techniques described herein can be implemented as one or a combination of methods, systems or processor executed code to form embodiments capable of improved protection of data or other computing resources based at least in part upon limiting access to a select number of delegates. Limited access to cloud data based on customer selected or other criterion, reducing the possibility of security exposures and/or improving privacy is provided for.

Abstract: Disclosed herein are techniques for creating a representation of dependency relationships between computing resources within a computing environment. In some implementations, one or more sources for dependency analysis may be identified. Each source may be capable of being accessed to provide computing functionality via the computing environment. Each source may include one or more references to a respective one or more computing resources. Each computing resource may define a unit of the computing functionality available within the computing environment. A plurality of dependency relationships may be identified based on the one or more sources. A dependency relationship representation may be created based on the identified dependency relationships.

Abstract: A service access gateway is described that provides enforcement of service level agreements across geographically remote domains. Each domain can comprise an access tier and a network tier that can be scaled by adding or removing server nodes. At the network tier level, a master node can be selected in each domain in order to maintain budget state information for the domain. Additionally, a global master can be elected in order to maintain the state information across multiple domains such that the service level agreements can be enforced in a synchronized manner. A geographical configuration service can also be implemented to generate alarms in cases where service level agreements across the multiple sites are not identical.

Abstract: Embodiments are described for providing support representative access to applications deployed in an enterprise network environment. An access provisioning system defines a support user class in a user profile database for an application executed on an organization partition within the network. The support user is granted read only privileges to metadata of the application. An organization administrator can grant support personnel access to the application as a support user, thus the ability to view, analyze, and possibly modify the metadata. The access provisioning system generates a Security Assertion Markup Language (SAML) assertion upon request by the support personnel to enable access to the data to the extent of the granted privileges. The SAML protocol includes authentication of the support representative as an authorized support user within the system.

Abstract: A system and method for providing transaction-level security, such as authentication, authorization, or non-repudiation of business-related and other transactions, using shared keys and single use transaction signatures (SUTS). In accordance with an embodiment, to utilize the system, a user registers a client device with an identity service provider (IdP). The client device can be a computing device such as a mobile phone, personal digital assistant (PDA), netbook, or other specialized computer or computing device, each of which are hereinafter generally referred to as a “client device”. The registration process typically involves setting-up a shared secret key and personal identification number (pin). Once registered, all communication between the client device and the IdP is encrypted using a key generated with some combination of the secret key, pin, and/or timestamp, over a secured channel (e.g. https).

Abstract: Embodiments are described for providing access by application vendors to applications deployed in an enterprise network environment. A package access system defines a support user class in a user profile database for an application executed within organization resources maintained in a multi-tenant data store. The support user is granted read only privileges to metadata of the application. An organization administrator can grant the application vendor access to the application as a support user, allowing the vendor to view and analyze the metadata. The organization administrator can further grant access by a specific support representative to the application as a specific user within the organization user for a limited term. The support representative can then log into the organization and access and use the application in order to diagnose any post-installation usage problems with the application.

Abstract: Disclosed herein are techniques for provisioning computing services. In some implementations, a plurality of computing resources available within a computing environment are identified. The plurality of computing resources may be capable of being used to provide computing services via the computing environment. Each of the computing resources may comprise a respective unit of computing functionality available within the computing environment. A plurality of dependency relationships among the computing resources may be identified. Based on the identified dependency relationships, a first one or more of the computing resources may be selected for inclusion in a license definition. A license conforming to the license definition may provide an entity with access to the computing functionality associated with the first one or more computing resources.

Abstract: Disclosed herein are techniques for identifying computing resources specified by a representation of a computing service. In some implementations, a request to analyze a computing service provided via a computing environment may be received. The computing service may have an activated state in which the computing service is available for use and a deactivated state in which the computing service is not available for use. The computing environment may comprise a plurality of computing resources each defining a variable unit of computing functionality within the computing environment. Each computing resource may be associated with a respective parameter corresponding with a respective parameter value that specifies a level of the variable unit of computing functionality defined by the computing resource. The computing service may be represented by a metadata model comprising a plurality of nodes, at least some of which specify a respective one or more of the parameter values.

Abstract: Disclosed herein are techniques for creating a representation of dependency relationships between computing resources within a computing environment. In some implementations, one or more sources for dependency analysis may be identified. Each source may be capable of being accessed to provide computing functionality via the computing environment. Each source may include one or more references to a respective one or more computing resources. Each computing resource may define a unit of the computing functionality available within the computing environment. A plurality of dependency relationships may be identified based on the one or more sources. A dependency relationship representation may be created based on the identified dependency relationships.

Abstract: Disclosed herein are techniques for providing a user interface component. In some implementations, a request for the user interface component may be received at a computing device. The user interface component may have a default visual presentation. A branding override may be selected from a plurality of available branding overrides. The branding override may define a modification to the default visual presentation of the user interface component. The branding override may be selected based on one or more contextual variables associated with the request for the user interface component. The user interface component may be modified in accordance with the selected branding override. The user interface component may be displayed on a display device.

Abstract: A system and a method for dynamic or as-needed activation of Remote Method Invocation (RMI) layer remote objects in response to a client request. Object activation allows the system to clean up or delete currently unused remote objects, and then reactivate them when a client actually needs them. An object implementation can first be created in response to a client request. The client receives a remote reference (remote ref) and an activation identifier (activation id) identifying that particular implementation. The implementation can subsequently be cleaned up or deleted during garbage collection so as to save server resources, or alternatively the object can be reused if the system is set up to maintain a pool of objects. When the client requests the same object at a later point in time, the system activates an object based on the activation ID previously received from the server.