Abstract: A sandbox architecture that isolates and identifies misbehaving plug-ins (intentional or unintentional) to prevent system interruptions and failure. Based on plug-in errors, the architecture automatically disables and blocks registration of the bad plug-in via a penalty point system. Publishers of bad plug-ins are controlled by disabling the bad plug-ins and registering the publisher in an unsafe list. Isolation can be provided in multiple levels, such as machine isolation, process isolation, secure accounts with limited access rights, and application domain isolation within processes using local security mechanisms. A combination of the multiple levels of isolation achieves a high level of security. Isolation provides separation from other plug-in executions and restriction to system resources such as file system and network IP.

Abstract: Pieces of hardware on which pieces of software are executed are configured to organize computing resources from different computing resource providers so as to facilitate their discovery. A catalog, which stores instances of cloud computing resources and their providers, and a knowledge base, which stores types of computing resources including rules which reveal their discovery, are formed by the software. A curating method is performed to enable semantic search including searching for cloud computing resources that in combination cooperate to satisfy a workload or a task in addition to having a simple computational function. Semantic indexing is performed to facilitate the semantic search.

Abstract: A sandbox architecture that isolates and identifies misbehaving plug-ins (intentional or unintentional) to prevent system interruptions and failure. Based on plug-in errors, the architecture automatically disables and blocks registration of the bad plug-in via a penalty point system. Publishers of bad plug-ins are controlled by disabling the bad plug-ins and registering the publisher in an unsafe list. Isolation can be provided in multiple levels, such as machine isolation, process isolation, secure accounts with limited access rights, and application domain isolation within processes using local security mechanisms. A combination of the multiple levels of isolation achieves a high level of security. Isolation provides separation from other plug-in executions and restriction to system resources such as file system and network IP.

Abstract: A sandbox architecture that isolates and identifies misbehaving plug-ins (intentional or unintentional) to prevent system interruptions and failure. Based on plug-in errors, the architecture automatically disables and blocks registration of the bad plug-in via a penalty point system. Publishers of bad plug-ins are controlled by disabling the bad plug-ins and registering the publisher in an unsafe list. Isolation can be provided in multiple levels, such as machine isolation, process isolation, secure accounts with limited access rights, and application domain isolation within processes using local security mechanisms. A combination of the multiple levels of isolation achieves a high level of security. Isolation provides separation from other plug-in executions and restriction to system resources such as file system and network IP.

Abstract: Hardware and software are configured to select and provision computing resources from heterogeneous on-demand computing environments through the framework of a layered, federated on-demand computing ecology of computing resource providers, users, and federation servers. These pieces of hardware and software include a mechanism for defining and managing the life cycle of different resource types; a mechanism for extending document-centric protocols to support computing resources as first order objects; a mechanism for routing messages to computing resources; federation topologies; and a mechanism for federation servers to access and use computing resources from providers controlled by other federation servers.

Abstract: A sandbox architecture that isolates and identifies misbehaving plug-ins (intentional or unintentional) to prevent system interruptions and failure. Based on plug-in errors, the architecture automatically disables and blocks registration of the bad plug-in via a penalty point system. Publishers of bad plug-ins are controlled by disabling the bad plug-ins and registering the publisher in an unsafe list. Isolation can be provided in multiple levels, such as machine isolation, process isolation, secure accounts with limited access rights, and application domain isolation within processes using local security mechanisms. A combination of the multiple levels of isolation achieves a high level of security. Isolation provides separation from other plug-in executions and restriction to system resources such as file system and network IP.

Abstract: A sandbox architecture that isolates and identifies misbehaving plug-ins (intentional or unintentional) to prevent system interruptions and failure. Based on plug-in errors, the architecture automatically disables and blocks registration of the bad plug-in via a penalty point system. Publishers of bad plug-ins are controlled by disabling the bad plug-ins and registering the publisher in an unsafe list. Isolation can be provided in multiple levels, such as machine isolation, process isolation, secure accounts with limited access rights, and application domain isolation within processes using local security mechanisms. A combination of the multiple levels of isolation achieves a high level of security. Isolation provides separation from other plug-in executions and restriction to system resources such as file system and network IP.

Abstract: User are alerted by software and hardware when the in-use dynamic computing resources are underutilized so as to allow the user to effectively contain and reduce the operating cost of computing resources' services and application. The software categorizes and publishes workloads and suggests low cost alternatives to the user so as to match a user search criteria or usage pattern of computing resources or workloads.

Abstract: Hardware and software are configured to select and provision computing resources from heterogeneous on-demand computing environments through the framework of a layered, federated on-demand computing ecology of computing resource providers, users, and federation servers. These pieces of hardware and software include a mechanism for defining and managing the life cycle of different resource types; a mechanism for extending document-centric protocols to support computing resources as first order objects; a mechanism for routing messages to computing resources; federation topologies; and a mechanism for federation servers to access and use computing resources from providers controlled by other federation servers.

Abstract: Pieces of hardware on which pieces of software are executed are configured to organize computing resources from different computing resource providers so as to facilitate their discovery. A catalog, which stores instances of cloud computing resources and their providers, and a knowledge base, which stores types of computing resources including rules which reveal their discovery, are formed by the software. A curating method is performed to enable semantic search including searching for cloud computing resources that in combination cooperate to satisfy a workload or a task in addition to having a simple computational function. Semantic indexing is performed to facilitate the semantic search.

Abstract: A sandbox architecture that isolates and identifies misbehaving plug-ins (intentional or unintentional) to prevent system interruptions and failure. Based on plug-in errors, the architecture automatically disables and blocks registration of the bad plug-in via a penalty point system. Publishers of bad plug-ins are controlled by disabling the bad plug-ins and registering the publisher in an unsafe list. Isolation can be provided in multiple levels, such as machine isolation, process isolation, secure accounts with limited access rights, and application domain isolation within processes using local security mechanisms. A combination of the multiple levels of isolation achieves a high level of security. Isolation provides separation from other plug-in executions and restriction to system resources such as file system and network IP.

Abstract: A mechanism is provided for signing on a user of a first domain into an affiliate application in a second domain. When the user needs access to the affiliate application, the request for access causes a ticket to be generated. The ticket identifies the user and is passed to an adapter. The adapter, which ultimately will perform the sign on in the affiliate application, redeems the ticket for the user's credentials (e.g., a valid userID/password combination for the affiliate application), and then presents the credentials to the affiliate application. A service is provided that issues tickets, redeems tickets, manages the registration and de-registration of affiliate applications, manages the correlation between a user and the user's credentials with an affiliate application, and manages encryption of stored records.

Abstract: Systems and methods for activating a component in a computing system having a plurality of partitions. One method includes receiving a request to activate a component having an object class ID and a partition ID and detecting if the object class ID is contained within a default partition corresponding to the partition ID. If the object class ID is contained within the default partition, an instance of the component in the partition ID is activated. If the object class ID is not contained within the default partition, the method includes detecting if the object class ID is contained within a base partition. If the object class ID is contained in the base partition, an instance of the component in the base partition is activated.

Abstract: A system that allows a user of a first domain to access a second domain. A request originates in the first domain to perform an action in the second domain. The request indicates a user of the first domain on whose behalf the request was originated. The access request is received by an adapter in the second domain. The adapter requests an access token for a user of the second domain who corresponds to the user of the first domain. A mapping table is used to identify which user in the second domain corresponds to the user in the first domain. Once the correct user of the second domain is identified, an access token for that user is returned to the adapter. The adapter then carries out the requested action by using the access token to impersonate the user of the second domain.

Abstract: A mechanism that synchronizes passwords maintained for plural domains. A user maintains accounts in two domains. The first and second domains each maintain tables correlating userIDs with passwords, such that the same user's password can be different in the different domains. A database stores tables that correlate a given user's userID/password combination in the first domain with his corresponding userID/password combination in the second domain. The database is used to sign the user onto one domain when the user is working in the other domain. When the user changes his password in the first domain, the change is reported to the database, so that the database stores the current password. Optionally, the password change may be reported to the second domain, such that the user will have the same password in both domains.

Abstract: The present invention relates to broadband wireless communication using multiple carrier frequencies, and the selection or allocation of those frequencies. The invention is particularly but not exclusively related to ultra wideband (UWB) technologies. The present invention provides a method of dynamically selecting carrier frequencies for carrying a broadband channel, the method comprising: allocate a group of carrier frequencies for carrying the broadband channel; identify a number of alterative groups of carrier frequencies; monitor channel performance of the broadband channel for the allocated group of carrier frequencies; re-allocate the broadband channel to be carried by one of the alternative groups of carrier frequencies in response to the monitored channel performance degrading below a threshold.

Abstract: A method, apparatus, and article of manufacture provide a component-based computing system having both publicly accessible and privately-only accessible computing components within multiple applications for providing component addressing/identification and naming spaces. A requested processing component is initiated by a calling component within a local computing system having one or more applications. The identity of the requested processing component, including an identity of a class ID and an identity of a partition from a request to activate a component initiated by a calling component, is obtained using configuration data for the requested component. The configuration data provides an indication of public-private status for the requested component. An instance of the requested component can be activated based on the public-private status.

Abstract: A mechanism is provided for signing on a user of a first domain into an affiliate application in a second domain. When the user needs access to the affiliate application, the request for access causes a ticket to be generated. The ticket identifies the user and is passed to an adapter. The adapter, which ultimately will perform the sign on in the affiliate application, redeems the ticket for the user's credentials (e.g., a valid userID/password combination for the affiliate application), and then presents the credentials to the affiliate application. A service is provided that issues tickets, redeems tickets, manages the registration and de-registration of affiliate applications, manages the correlation between a user and the user's credentials with an affiliate application, and manages encryption of stored records.

Abstract: A mechanism that synchronizes passwords maintained for plural domains. A user maintains accounts in two domains. The first and second domains each maintain tables correlating userIDs with passwords, such that the same user's password can be different in the different domains. A database stores tables that correlate a given user's userID/password combination in the first domain with his corresponding userID/password combination in the second domain. The database is used to sign the user onto one domain when the user is working in the other domain. When the user changes his password in the first domain, the change is reported to the database, so that the database stores the current password. Optionally, the password change may be reported to the second domain, such that the user will have the same password in both domains.

Abstract: A system that allows a user of a first domain to access a second domain. A request originates in the first domain to perform an action in the second domain. The request indicates a user of the first domain on whose behalf the request was originated. The access request is received by an adapter in the second domain. The adapter requests an access token for a user of the second domain who corresponds to the user of the first domain. A mapping table is used to identify which user in the second domain corresponds to the user in the first domain. Once the correct user of the second domain is identified, an access token for that user is returned to the adapter. The adapter then carries out the requested action by using the access token to impersonate the user of the second domain.