Abstract: Systems and methods for role-based access control to computing resources are presented. In an example embodiment, a request to perform a type of access of a computing resource is received via a communication network from a process executing on a client device. Using a data store storing process identifiers and associated access control information, access control information associated with the requesting process is identified based on a process identifier of the requesting process. Based on the access control information associated with the requesting process, a determination is made whether the requesting process is allowed to perform the requested type of access of the computing resource. The request is processed based on the requesting process being allowed to perform the requested type of access of the computing resource.

Abstract: Systems and methods for role-based access control to computing resources are presented. In an example embodiment, a request to perform a type of access of a computing resource is received via a communication network from a process executing on a client device. Using a data store storing process identifiers and associated access control information, access control information associated with the requesting process is identified based on a process identifier of the requesting process. Based on the access control information associated with the requesting process, a determination is made whether the requesting process is allowed to perform the requested type of access of the computing resource. The request is processed based on the requesting process being allowed to perform the requested type of access of the computing resource.

Abstract: In an example embodiment, a method, system, and program storage device for binding an industrial application to a plurality of services in an Industrial Internet of Things (IIoT) is provided. For each of a plurality of tenants, a service template corresponding to a group in which the corresponding tenant belongs is retrieved and an instance of the industrial application is instantiated for the corresponding tenant. Then, at runtime of an instance of the industrial application, a number of actions are taken. A request by the instance of the industrial application for a service identified by a first service name is detected. Then a credential for the service name is retrieved, with the credential identifying a location where an instance of the service identified by the first service name resides. The service identified by the first service name is then dynamically called using the location.

Abstract: Provided are a system and method for routing messages in a multi-tenant cloud computing environment based on digital certificates. In one example, a server includes a network interface configured to receive a request and a digital certificate from a network object, where the digital certificate includes a plurality of attributes. The server also includes a processor configured to determine whether the digital certificate is valid, and in response to determining the digital certificate is valid, detect tenant information from an attribute among the plurality of attributes included in the digital certificate. For example, the detected tenant information may identify a tenant of the multi-tenant cloud computing environment. The network interface may be further configured to transmit the request to the multi-tenant cloud computing environment based on the detected tenant information.

Abstract: Systems and methods for role-based access control to computing resources are presented. In an example embodiment, a request to perform a type of access of a computing resource is received via a communication network from a process executing on a client device. Using a data store storing process identifiers and associated access control information, access control information associated with the requesting process is identified based on a process identifier of the requesting process. Based on the access control information associated with the requesting process, a determination is made whether the requesting process is allowed to perform the requested type of access of the computing resource. The request is processed based on the requesting process being allowed to perform the requested type of access of the computing resource.

Abstract: A credentials database that includes a first credentials locker with a first path defining the location of the first locker, and a second credentials locker. An application program is executed and the application program is a computer program that has direct interaction with a user. A first service program and a second service program are executed, and the first service program and the second service program do not have direct interaction with the user. The first service program is called by the application program, and the second service program is called by the first service program. The first service program uses security credentials to request and obtain data from the second service program, and the second service program. The first service program always has access to and is able to obtain the current credentials.

Abstract: An authentication system receives an authentication request from a client device. The authentication request includes a unique token assigned to the device that has been encrypted using a private key. In response to receiving the request, the authentication system verifies, based on the unique token received in the authentication request, that the device is registered with the authentication system, and accesses, from a blockchain, integrity measurement information for the device. The integrity measurement information was previously generated in connection with the device. The authentication system generates an access token for the device factoring in the integrity measurement information, and provides the access token to the device. The access token provides the device with access to at least a first service.

Abstract: In an example embodiment, a method, system, and program storage device for binding an industrial application to a plurality of services in an Industrial Internet of Things (IIoT) is provided. For each of a plurality of tenants, a service template corresponding to a group in which the corresponding tenant belongs is retrieved and an instance of the industrial application is instantiated for the corresponding tenant. Then, at runtime of an instance of the industrial application, a number of actions are taken. A request by the instance of the industrial application for a service identified by a first service name is detected. Then a credential for the service name is retrieved, with the credential identifying a location where an instance of the service identified by the first service name resides. The service identified by the first service name is then dynamically called using the location.

Abstract: A credentials database that includes a first credentials locker with a first path defining the location of the first locker, and a second credentials locker. An application program is executed and the application program is a computer program that has direct interaction with a user. A first service program and a second service program are executed, and the first service program and the second service program do not have direct interaction with the user. The first service program is called by the application program, and the second service program is called by the first service program. The first service program uses security credentials to request and obtain data from the second service program, and the second service program. The first service program always has access to and is able to obtain the current credentials.

Abstract: In an example embodiment, a method, system, and program storage device for binding an industrial application to a plurality of services in an Industrial Internet of Things (IIoT) is provided. For each of a plurality of tenants, a service template corresponding to a group in which the corresponding tenant belongs is retrieved and an instance of the industrial application is instantiated for the corresponding tenant. Then, at runtime of an instance of the industrial application, a number of actions are taken. A request by the instance of the industrial application for a service identified by a first service name is detected. Then a credential for the service name is retrieved, with the credential identifying a location where an instance of the service identified by the first service name resides. The service identified by the first service name is then dynamically called using the location.

Abstract: Systems and methods for role-based access control to computing resources are presented. In an example embodiment, a request to perform a type of access of a computing resource is received via a communication network from a process executing on a client device. Using a data store storing process identifiers and associated access control information, access control information associated with the requesting process is identified based on a process identifier of the requesting process. Based on the access control information associated with the requesting process, a determination is made whether the requesting process is allowed to perform the requested type of access of the computing resource. The request is processed based on the requesting process being allowed to perform the requested type of access of the computing resource.

Abstract: Multiple blockchains have block data strictures with different event granularities. A first blockchain adds blocks according to a data structure with high event granularity. A second blockchain adds a block digest according to a data structure with low event granularity. The block digest is a digest of the blocks added to the first blockchain.

Abstract: In some example embodiments, a method comprises receiving a web service request for accessing a resource of a web service, with the web service request corresponding to a user and comprising an access token, identifying a zone for the web service request, identifying a security token provider based on the access token, identifying one or more trusted token providers for the zone, comparing the security token provider to the trusted token provider(s) for the zone, generating a determination that the security token provider does not match any of the trusted token provider(s) for the zone, and denying the web service request based on the determination that the security token provider does not match any of the trusted token provider(s) for the zone.

Abstract: Provided are a system and method for routing messages in a multi-tenant cloud computing environment based on digital certificates. In one example, a server includes a network interface configured to receive a request and a digital certificate from a network object, where the digital certificate includes a plurality of attributes. The server also includes a processor configured to determine whether the digital certificate is valid, and in response to determining the digital certificate is valid, detect tenant information from an attribute among the plurality of attributes included in the digital certificate. For example, the detected tenant information may identify a tenant of the multi-tenant cloud computing environment. The network interface may be further configured to transmit the request to the multi-tenant cloud computing environment based on the detected tenant information.

Abstract: In an example embodiment, a method, system, and program storage device for binding an industrial application to a plurality of services in an Industrial Internet of Things (IIoT) is provided. For each of a plurality of tenants, a service template corresponding to a group in which the corresponding tenant belongs is retrieved and an instance of the industrial application is instantiated for the corresponding tenant. Then, at runtime of an instance of the industrial application, a number of actions are taken. A request by the instance of the industrial application for a service identified by a first service name is detected. Then a credential for the service name is retrieved, with the credential identifying a location where an instance of the service identified by the first service name resides. The service identified by the first service name is then dynamically called using the location.

Abstract: In some example embodiments, a method comprises receiving a web service request for accessing a resource of a web service, with the web service request corresponding to a user and comprising an access token, identifying a zone for the web service request, identifying a security token provider based on the access token, identifying one or more trusted token providers for the zone, comparing the security token provider to the trusted token provider(s) for the zone, generating a determination that the security token provider does not match any of the trusted token provider(s) for the zone, and denying the web service request based on the determination that the security token provider does not match any of the trusted token provider(s) for the zone.

Abstract: One embodiment of the present invention provides a computer system. The computer system includes a display mechanism, a storage, and a migration management mechanism. The storage stores a data structure indicating one or more port profiles. The migration management mechanism identifies one or more port profiles associated with a target switch for a migrating virtual machine, wherein the target switch is coupled to a target host machine of the virtual machine and recommends whether the target switch is suitable for the virtual machine by examining an identifier to the virtual machine in the port profiles associated with the target switch using the display mechanism.

Abstract: One embodiment of the present invention provides a port profile management mechanism. The port profile management mechanism detects an active profile associated with a physical port on a switch and displays configuration of the port based on the identified port profile using the display mechanism. In addition, a port group management mechanism obtains information of a port group associated with a virtual machine, wherein the port group defines network configurations for the virtual machine. The port profile management mechanism detects a port profile associated with the virtual machine coupled to a physical port on a switch and displays an alert using the display mechanism in response to the port group and the port profile being out of synchronization.

Abstract: Embodiments which utilize a topology view GUI with elements in each of storage and general network views which indicate the connection to the alternate network via an icon. Properly selecting the icon causes the topology view of the other network to appear. This method allows the connections between the networks to be readily viewed without cluttering either topology and allows quick context changes to occur at the same point.

Abstract: Embodiments which utilize a topology view GUI with elements in each of storage and general network views which indicate the connection to the alternate network via an icon. Properly selecting the icon causes the topology view of the other network to appear. This method allows the connections between the networks to be readily viewed without cluttering either topology and allows quick context changes to occur at the same point.