Abstract: Technologies are described herein for relevance-based expiration of data. An initial expiration time for the data is computed based upon an expiration duration associated with the data. The expiration time for the data is periodically re-computed in order to extend the expiration time. A relevance value for the meeting data is computed and the expiration time is set as a function of the computed relevance value. The relevance value may be computed as a product of a user-settable relevance value for the meeting data and a dynamic relevance point for the meeting data. When the computed expiration time for meeting data has been reached, the meeting data is expired, such as through the deletion of the meeting data.

Abstract: A method and system for controlling access to files in a remote file system is provided. In one embodiment, a firewall system at a client computer system intercepts requests originating from the client computer system and sent to the remote file system for accessing remote files, that is, files stored on a server computer system. Upon intercepting a remote file access request (e.g., to open a remote file), the firewall system determines whether the file access request should be allowed based on access control criteria.

Abstract: A method and system for distributing and enforcing security policies is provided. A firewall agent executing at a host computer system that is to be protected receives security policies for the enforcement engines responsible for enforcing the security policies on the host computer system. A security policy has rules that each provide a condition and action to be performed when the condition is satisfied. A rule also has a rule type that is used by the distribution system to identify the security components that are responsible for enforcing the rules. To distribute the security policies that have been received at a host computer system, the firewall agent identifies to which enforcement engine a rule applies based in part on rule type. The firewall agent then distributes the rule to the identified enforcement engine, which then enforces the rule.

Abstract: Technologies are described herein for relevance-based expiration of data. An initial expiration time for the data is computed based upon an expiration duration associated with the data. The expiration time for the data is periodically re-computed in order to extend the expiration time. A relevance value for the meeting data is computed and the expiration time is set as a function of the computed relevance value. The relevance value may be computed as a product of a user-settable relevance value for the meeting data and a dynamic relevance point for the meeting data. When the computed expiration time for meeting data has been reached, the meeting data is expired, such as through the deletion of the meeting data.

Abstract: A method and system for intercepting communications between a transport client and a transport provider is provided. An interceptor system registers to intercept calls made by the transport client to functions of the transport provider. The interceptor system also replaces callbacks of the transport client so that calls from the transport provider intended for the transport client can be intercepted. When the interceptor system intercepts the call, it provides an indication of the call to a processing component. The processing component may analyze the call and determine whether the call should be allowed or denied. The interceptor system then proceeds to process the call in accordance with the indication of the processing component.

Abstract: A method and system for distributing and enforcing security policies is provided. A firewall agent executing at a host computer system that is to be protected receives security policies for the enforcement engines responsible for enforcing the security policies on the host computer system. A security policy has rules that each provide a condition and action to be performed when the condition is satisfied. A rule also has a rule type that is used by the distribution system to identify the security components that are responsible for enforcing the rules. To distribute the security policies that have been received at a host computer system, the firewall agent identifies to which enforcement engine a rule applies based in part on rule type. The firewall agent then distributes the rule to the identified enforcement engine, which then enforces the rule.

Abstract: A method and system for intercepting communications between a transport client and a transport provider is provided. An interceptor system registers to intercept calls made by the transport client to functions of the transport provider. The interceptor system also replaces callbacks of the transport client so that calls from the transport provider intended for the transport client can be intercepted. When the interceptor system intercepts the call, it provides an indication of the call to a processing component. The processing component may analyze the call and determine whether the call should be allowed or denied. The interceptor system then proceeds to process the call in accordance with the indication of the processing component.

Abstract: A method and system for controlling access to files in a remote file system is provided. In one embodiment, a firewall system at a client computer system intercepts requests originating from the client computer system and sent to the remote file system for accessing remote files, that is, files stored on a server computer system. Upon intercepting a remote file access request (e.g., to open a remote file), the firewall system determines whether the file access request should be allowed based on access control criteria.

Abstract: A method and system for distributing and enforcing security policies is provided. A firewall agent executing at a host computer system that is to be protected receives security policies for the enforcement engines responsible for enforcing the security policies on the host computer system. A security policy has rules that each provide a condition and action to be performed when the condition is satisfied. A rule also has a rule type that is used by the distribution system to identify the security components that are responsible for enforcing the rules. To distribute the security policies that have been received at a host computer system, the firewall agent identifies to which enforcement engine a rule applies based in part on rule type. The firewall agent then distributes the rule to the identified enforcement engine, which then enforces the rule.

Abstract: A method and system for multicast network transmissions dynamically sets response time parameters for handling negative acknowledgments (NAKs). When the sender receives a NAK for a lost packet, it returns an NAK confirmation (NCF), waits for a back-off time before sending requested repair data, and then waits for a “linger time” during which the sender does not respond to other NAKs for the same lost packet. The back-off time and the linger time are dynamically set according to the position of the requested sequence number in the sender's transmit window such that the back-off time is shorter when the requested data is closer to being flushed out of the transmit window. After receiving the NCF, the receiver waits for a timeout period and resends the NAK if no repair data is received. The timeout period for data receipt is dynamically set according to a statistical average time for receiving repair data from the sender and the estimated sender's transmit window size.

Abstract: Languages for expressing security policies are provided. The languages comprise rules that specify conditions and actions. The rules may be enforced by a security engine when a security enforcement event occurs. The languages support data separation, dynamic evaluation, and ordered rule scope. By separating data from logic, security engines may only need to be updated with a portion of rules that change. With dynamic evaluation, expressions of rules may be evaluated dynamically, such as by querying a database, when a security engine enforces a rule. With ordered rule scope, when a security enforcement event implicates a number of rules simultaneously, the rules may be enforced in a deterministic and logically organized manner.

Abstract: A method and system for multicast network transmissions dynamically sets response time parameters for handling negative acknowledgments (NAKs). When the sender receives a NAK for a lost packet, it returns an NAK confirmation (NCF), waits for a back-off time before sending requested repair data, and then waits for a “linger time” during which the sender does not respond to other NAKs for the same lost packet. The back-off time and the linger time are dynamically set according to the position of the requested sequence number in the sender's transmit window such that the back-off time is shorter when the requested data is closer to being flushed out of the transmit window. After receiving the NCF, the receiver waits for a timeout period and resends the NAK if no repair data is received. The timeout period for data receipt is dynamically set according to a statistical average time for receiving repair data from the sender and the estimated sender's transmit window size.