Abstract: Mechanisms are provided for dispatching requests to service instances based on data storage boundaries. A request specifying an identity is received and dispatched to a service instance of a data storage boundary, where each data storage boundary is defined by a regulation or policy restricting data storage of specific types of data to computing devices within a specified boundary. A feedback response, specifying a target location, is received from the service instance in response to determining that the service instance cannot access the data because the data is associated with a different data storage boundary. A dynamic dispatch rule specifying the identity and the target location is generated and a subsequent request specifying the identity is processed by executing this dynamic dispatch rule to dispatch the subsequent request directly to a service instance associated with the target location.

Abstract: Access token scope limiting is provided. An access token of a client containing a list of scopes is presented to an authorization application programming interface of the computer. Each scope in the list of scopes defines a permission to access a particular protected resource hosted by a resource server. A new access token is returned to the client containing a decreased number of scopes using a scope alias in response to the authorization application programming interface requesting a decrease in a number of scopes in the list of scopes. The scope alias representing a plurality of specific scopes from the list of scopes contained in the presented access token.

Abstract: In an approach for authentication of a username, a processor maintains a mapping of usernames and realms. A processor receives a username and a time-based one-time password code (TOTP code) for the username based on an authentication application. A processor, upon receiving the TOTP code: determines a realm from the mapping based on the received username and the received TOTP; and requests an entry of a credential relating to the username in the realm. A processor, upon receiving of the requested credential, authenticates the username by determining that the received credential matches an expected credential for the realm.

Abstract: Aspects of the present invention disclose a method for handling incoming microservice requests at an application server. The method includes one or more processors identifying a microservice request of a user at an application server. The method further includes querying a database associated with the application server for a feedback history corresponding to the microservice request. The method further includes collecting a response corresponding to the microservice request of the user. The method further includes generating a rule corresponding to the microservice request based at least in part on the response corresponding to the microservice request.

Abstract: Access token scope limiting is provided. An access token of a client containing a list of scopes is presented to an authorization application programming interface of the computer. Each scope in the list of scopes defines a permission to access a particular protected resource hosted by a resource server. A new access token is returned to the client containing a decreased number of scopes using a scope alias in response to the authorization application programming interface requesting a decrease in a number of scopes in the list of scopes. The scope alias representing a plurality of specific scopes from the list of scopes contained in the presented access token.

Abstract: In an approach for authentication of a username, a processor maintains a mapping of usernames and realms. A processor receives a username and a time-based one-time password code (TOTP code) for the username based on an authentication application. A processor, upon receiving the TOTP code: determines a realm from the mapping based on the received username and the received TOTP; and requests an entry of a credential relating to the username in the realm. A processor, upon receiving of the requested credential, authenticates the username by determining that the received credential matches an expected credential for the realm.

Abstract: A computer-implemented method for a token-based authorization in a data processing environment may be provided. The data processing environment comprises at least a user system, an application, an authentication server and an access control server. The method comprises accessing the application via a user system request, redirecting the user access request to an authentication server, authenticating the user, wherein authentication credentials comprise a request for a restricted entitlement, wherein the restricted entitlement represents a subset of existing entitlements managed by the access control server for a resource. The method comprises also sending an access token from the authentication server to the application, requesting execution of an operation comprising invoking the operation by the application providing the access token comprising restricted entitlements, invoking the access control server, and providing the scope of the token comprising the subset of the existing entitlements.

Abstract: Aspects of the present invention disclose a method for handling incoming microservice requests at an application server. The method includes one or more processors identifying a microservice request of a user at an application server. The method further includes querying a database associated with the application server for a feedback history corresponding to the microservice request. The method further includes collecting a response corresponding to the microservice request of the user. The method further includes generating a rule corresponding to the microservice request based at least in part on the response corresponding to the microservice request.

Abstract: A computer-implemented method for reducing cookie traffic in browser communication is provided. The method sends, by a browser to a domain, a first request resulting in a returned cookie. The returned cookie includes a category tag. The method adds the returned cookie to a set of cookies for the browser. The category tag of the returned cookie is added to a related category tag in a browser tag list. The method sends, by the browser to a server of the domain, a second request resulting in a returned list of required category tags. The method sends a selected cookie with a category tag relating to at least one required category tag of the list of required category tags for the server. The selected cookie is selected from the set of cookies and the category tag for the selected cookie occurs within the browser tag list.

Abstract: A method, a computer program product, and a system for distributing a private signature key between authorization instances. The method includes registering a plurality of authorization instances in a configuration file and generating host instance key pairs by each of the authorization instances. The method also includes storing the public host keys in the shared database and electing one of the authorization instances to be a signature key leader instance. The method includes generating, by the signature key leader instance, a signature key pair. The signature key pair includes a public signature key and a private signature key. The method also includes storing the public signature key in the shared database and transmitting an encrypted private signature key to a requesting authorization instance of the authorization instances. The method further includes decrypting the encrypted private signature key using the private host key generated by the requesting authorization instance.

Abstract: A method, a computer program product, and a system for distributing a private signature key between authorization instances. The method includes registering a plurality of authorization instances in a configuration file and generating host instance key pairs by each of the authorization instances. The method also includes storing the public host keys in the shared database and electing one of the authorization instances to be a signature key leader instance. The method includes generating, by the signature key leader instance, a signature key pair. The signature key pair includes a public signature key and a private signature key. The method also includes storing the public signature key in the shared database and transmitting an encrypted private signature key to a requesting authorization instance of the authorization instances. The method further includes decrypting the encrypted private signature key using the private host key generated by the requesting authorization instance.

Abstract: A computer-implemented method for a token-based authorization in a data processing environment may be provided. The data processing environment comprises at least a user system, an application, an authentication server and an access control server. The method comprises accessing the application via a user system request, redirecting the user access request to an authentication server, authenticating the user, wherein authentication credentials comprise a request for a restricted entitlement, wherein the restricted entitlement represents a subset of existing entitlements managed by the access control server for a resource. The method comprises also sending an access token from the authentication server to the application, requesting execution of an operation comprising invoking the operation by the application providing the access token comprising restricted entitlements, invoking the access control server, and providing the scope of the token comprising the subset of the existing entitlements.

Abstract: The present disclosure relates to a method for authentication with identity providers via a federating authorization server, wherein the federating authorization server has at least one interface to at least one identity provider. Each identity provider is configured to validate user identities using a respective validation method. The method comprises: receiving login data via a webpage, the login data indicating at least an identity provider and a user. The validation method of the indicated identity provider may be determined using the login data. An update of the content of the webpage may be caused for enabling the determined validation method. Identity information of the user may be provided via the updated webpage and verifying the identity information using the determined validation method.

Abstract: A method for maintaining a technical plant including several components is provided. The method provides a system for planning the use of an enterprise resources system and a control system, with the enterprise resource system connected to the control system and structures of the technical plant are automatically set up in the enterprise resource system.

Abstract: A method for power plant usage planning of a power plant fleet having a plurality of power plants is provided. The current control technology values are supplied to models for lifespan calculations, maintenance information is derived from the lifespan calculations and the maintenance information is taken into consideration in a calculation for power plant usage planning.

Abstract: A method for maintaining a technical plant including several components is provided. The method provides a system for planning the use of an enterprise resources system and a control system, with the enterprise resource system connected to the control system and structures of the technical plant are automatically set up in the enterprise resource system.

Abstract: A powder transfer pump to convey a powder, in particular in a powder coating station. The powder transfer pump comprises a transfer chamber with a transfer chamber wall, an inlet opening into the transfer chamber to supply the powder to the transfer chamber, an outlet opening out of the transfer chamber to convey the powder from the transfer chamber, a negative pressure connection opening into the transfer chamber to generate negative pressure in the transfer chamber in order to suck the powder into the transfer chamber, and a positive pressure connection opening into the transfer chamber to discharge the powder that is present in the transfer chamber through the outlet. The transfer chamber wall is essentially gas-tight.

Abstract: An operating system for a power feed pump and a power feed pump having a transfer chamber with an inlet and an outlet. The outlet of the transfer chamber is closed, the inlet of the transfer chamber is opened, and a negative pressure is generated in the transfer chamber to suck a powder in through the inlet to the transfer chamber. The inlet of the transfer chamber is closed, the outlet of the transfer chamber is opened, and the powder in the transfer chamber is delivered through the outlet. The negative pressure in the transfer chamber is built up at least partially before the inlet of the transfer chamber is opened.

Abstract: A powder transfer pump to convey a powder, in particular in a powder coating station. The powder transfer pump comprises a transfer chamber with a transfer chamber wall, an inlet opening into the transfer chamber to supply the powder to the transfer chamber, an outlet opening out of the transfer chamber to convey the powder from the transfer chamber, a negative pressure connection opening into the transfer chamber to generate negative pressure in the transfer chamber in order to suck the powder into the transfer chamber, and a positive pressure connection opening into the transfer chamber to discharge the powder that is present in the transfer chamber through the outlet. The transfer chamber wall is essentially gas-tight.

Abstract: A powder conveying pump, in particular for a powder coating device. The pump comprises a working chamber with a variable working chamber volume, a powder inlet opening into the working chamber to suck powder into the working chamber, a powder outlet opening out of the working chamber to expel the powder present in the working chamber and a moveable piston that forms one boundary surface of the working chamber and sucks the powder into the working chamber through the powder inlet during an upward movement. The piston is driven directly by pneumatic means.