Abstract: A user creates dynamic meta-communities that span membership of multiple existing third-party online communities, based on profile attributes. This allows the user to create targeted sub-communities for specific purposes without recreating or duplicating community information. The user can communicate with members of created meta-communities by leveraging the mechanisms provided by the third party online communities.

Abstract: A method and apparatus for using a remote delegate is described. In one embodiment, the method comprising evaluating information that identifies at least one of software packages resident in a client computer or licenses associated with the software packages using a remote delegate and enabling use of a resource at the client computer based on the information through use of the remote delegate.

Abstract: According to one embodiment, a method for role determination includes detecting access to sensitive data and determining user information related to the access to sensitive data in response to detecting the access to sensitive data. The method also includes modifying at least one role in response to determining the user information related to the access to sensitive data. In addition, the method includes storing the modified at least one role.

Abstract: A computer-implemented method for managing email configuration may include receiving a first email message from a first device, identifying device-type information in the first email message, identifying a second email message addressed to the first email address, and using the device-type information to select email-configuration information for the second email. The method may further include reformatting a body of the second email based on the email-configuration information, removing an attachment to the second email in response to the email-configuration information, providing a user with the email-configuration information for the second email message, and associating the device-type information with the first email address. A computer-implemented method for including email-configuration information in an email may involve identifying a first email message from a first user, including email-configuration information in the first email message, and sending the first email message to a first recipient.

Abstract: A method and apparatus for providing claim validation without storing user information within the IDM system. During enrollment, the IDM system creates a hash representative of the identification information provided by a user. The user information is discarded, i.e., not stored within the IDM system. Only a hash representing that information is stored within the system. Upon a user providing information to a service provider, the service provider requests that the user's information be authenticated by a third party IDS system. The service provider will request such authentication from the IDM system identified by the user. The IDM system generates, from the user's information that was provided to the service provider, a signed token that is sent to the user for use by the user to access the service provider's services. In this manner, the IDM system does not store identification information of the user.

Abstract: Independent verification of user profile attributes that are stored on third-party community-based web sites is provided. A user request indicates target profile attributes to verify. Profile attribute data concerning a profile owner is collected from a plurality of community sites. The collected data is verified, and results of the verification process are stored in a database. When a user views verified profile attributes on a page on a community site, the corresponding stored verification status is retrieved, and an indication of the trust status of the profile is output to the user, for example by modifying the displayed web page to display the trust status.

Abstract: A system and method is provided for evaluating one or more security policies. Security policies may be analyzed to determine one or more policy attributes based on which one or more policy trees should be generated. These policy trees may be utilized for evaluation purposes.

Abstract: According to one embodiment, a method for securing information includes detecting an access to sensitive data and determining user information associated with the access to sensitive data. The method also includes determining a unique user identifier associated with the user information. In addition, the method includes comparing the access to sensitive data to a policy utilizing the unique user identifier. Further, the method includes determining that the access to sensitive data violates the policy in response to comparing the access to the policy. The method also includes recording an entry in response to determining that the access to sensitive data violates the policy.

Abstract: A computer-implemented method for managing email configuration may include receiving a first email message from a first device, identifying device-type information in the first email message, identifying a second email message addressed to the first email address, and using the device-type information to select email-configuration information for the second email. The method may further include reformatting a body of the second email based on the email-configuration information, removing an attachment to the second email in response to the email-configuration information, providing a user with the email-configuration information for the second email message, and associating the device-type information with the first email address. A computer-implemented method for including email-configuration information in an email may involve identifying a first email message from a first user, including email-configuration information in the first email message, and sending the first email message to a first recipient.

Abstract: A method and apparatus for providing information associated with service providers using a social network is described. In one embodiment, a method of providing indicia of familiarity with the service providers comprises identifying one or more relationships between one or more service providers and a user using a social network associated with the user and generating information regarding the one or more relationships, wherein the information comprises a social distance between the user and each service provider of the one or more service providers where the social distance represents an indicia of familiarity between the user and each service provider of the one or more service providers.

Abstract: A remote access manager protects the privacy of identified local file system content while a local computer is being accessed by a remote administrator. A local user inputs a privacy policy which identifies restricted access levels for specified files, file types and folders. During remote administration sessions, the remote access manager intercepts attempts to access the local file system, and enforces the privacy policy. Thus, the remote administrator's access to the local file system content is restricted according to the security policy.

Abstract: Visual images of computer components are provided to remotely guide users through the process of setting up physical connections. Component identifying information is automatically gleaned and provided from a user's computer to a remote administrator. The administrator provides visual images of the components to the user, and remotely annotates them to guide the user through the configuration process. Image annotation can include pointing to a specific section of the image (e.g., the plug into which a cable is to be inserted) and/or drawing or writing on or otherwise marking-up the image to direct the user's attention. The visual image-based guidance can be supplemented by voice communication with the user.

Abstract: When an executable file cannot be run on a client computer until the digital signature has been verified, the streaming server performs the verification if the entire file is not present on the client. More specifically, the client detects requests to verify digital signatures on executable files before allowing them to run. The client determines whether the entire executable file is present, and whether the server is trusted to verify digital signatures. If the entire file is not present locally and the server is trusted, the request to verify the digital signature is passed to the server. The server verifies the digital signature on its complete copy of the executable file, and returns the result to the client.

Abstract: A computer-implemented method for determining the trustworthiness of a server may comprise: 1) identifying a streaming application that originates from a server, 2) determining a trust level for the server, and then 3) determining, based on the trust level, whether to stream the streaming application from the server. The trust level for the server may be determined by comparing current streams (or portions of current streams) received from the server with prior streams to detect change, by communicating with peer computing systems or reputation services, and/or by analyzing locally stored information. Corresponding systems and computer-readable media are also disclosed.

Abstract: A system and method is provided for evaluating one or more security policies. Security policies may be analyzed to determine one or more policy attributes based on which one or more policy trees should be generated. These policy trees may be utilized for evaluation purposes.

Abstract: According to one embodiment, a method for securing information includes detecting an access to sensitive data and determining user information associated with the access to sensitive data. The method also includes determining a unique user identifier associated with the user information. In addition, the method includes comparing the access to sensitive data to a policy utilizing the unique user identifier. Further, the method includes determining that the access to sensitive data violates the policy in response to comparing the access to the policy. The method also includes recording an entry in response to determining that the access to sensitive data violates the policy.

Abstract: According to one embodiment, a method for role determination includes detecting access to sensitive data and determining user information related to the access to sensitive data in response to detecting the access to sensitive data. The method also includes modifying at least one role in response to determining the user information related to the access to sensitive data. In addition, the method includes storing the modified at least one role.

Abstract: According to one embodiment, a binary code modification system includes a code modifier configured to access a binary software code. The code modifier generates a modified software code by inserting one or more executable instructions into the binary software code. The one or more executable instructions is operable to expose at least a portion of the binary software code as a web service interface.

Abstract: According to one embodiment, a binary code modification system includes a code modifier configured to access a binary software code. The code modifier generates a modified software code by inserting one or more executable instructions into the binary software code. The one or more executable instructions is operable to provide identity and access management (IAM) functionality or governance functionality to the modified software code.

Abstract: Visual images of computer components are provided to remotely guide users through the process of setting up physical connections. Component identifying information is automatically gleaned and provided from a user's computer to a remote administrator. The administrator provides visual images of the components to the user, and remotely annotates them to guide the user through the configuration process. Image annotation can include pointing to a specific section of the image (e.g., the plug into which a cable is to be inserted) and/or drawing or writing on or otherwise marking-up the image to direct the user's attention. The visual image-based guidance can be supplemented by voice communication with the user.