Abstract: Application message payload data elements are transformed within a network infrastructure element such as a packet data router or switch. The network element has application message transformation logic for receiving one or more packets representing an input application message logically associated with OSI network model Layer 5 or above; extracting an application message payload from the input application message; identifying one or more first content elements in the application message payload; transforming the first content elements into one or more second content elements of an output application message; and forwarding the output application message to a destination that is identified in the input application message. Transformations performed in the network element can include field reordering, field enrichment, field filtering, and presentation transformation.

Abstract: Application message payload data elements are transformed within a network infrastructure element such as a packet data router or switch. The network element has application message transformation logic for receiving one or more packets representing an input application message logically associated with OSI network model Layer 5 or above; extracting an application message payload from the input application message; identifying one or more first content elements in the application message payload; transforming the first content elements into one or more second content elements of an output application message; and forwarding the output application message to a destination that is identified in the input application message. Transformations performed in the network element can include field reordering, field enrichment, field filtering, and presentation transformation.

Abstract: A network infrastructure element such as a router or switch performs brokering network user identity and credential information. An application or administrative user can declare a policy for user identity information extraction, authentication and authorization. Based on the policy, the network element extracts user identity information or credentials from a transport-layer message header, application-layer message header, and message body. Based on the policy, the network element performs one or more authentication or authorization operations with the user identity information or credentials. As a result, a network element can broker identity information among incompatible applications and perform identity operations for the applications.

Abstract: A networking device comprises an interface configured to receive and transmit data from and to a network; policy data configured to specify, for one or more application-layer messages, a session key that uniquely identifies an application session associated with the application-layer messages; logic encoded in one or more media for execution and when executed operable to receive a particular application-layer message through the interface, generate a particular session key for the particular application-layer message based on the policy data, and provide the particular session key to a message processing function.

Abstract: A role based access control system is described that assigns roles, which otherwise are mutually exclusive, to users based on detecting designated conditions when the user initiates actions or operations on the network. The assignment of the role to a particular user may be conditional upon one or more such designated conditions occurring. In particular, two roles that are mutually exclusive of one another may be occupied by one user for purpose of performing specified operations upon designated conditions being detected when the user initiates one or more of the specified operations. Business rules specify conditions for assigning the conditional roles.

Abstract: A network access system. In particular implementations, a method includes monitoring, responsive to a network access request of a client, an authentication session between an authentication server and the client, and determining user credential information associated with a user of the client based on one or more messages of the authentication session. The method also includes accessing, using the user credential information, physical entry information indicating a physical location of the user relative to a defined perimeter, and conditionally allowing the client access to a network based on the physical entry information and a successful authentication of the client.

Abstract: A network infrastructure element such as a router or switch performs brokering network user identity and credential information. An application or administrative user can declare a policy for user identity information extraction, authentication and authorization. Based on the policy, the network element extracts user identity information or credentials from a transport-layer message header, application-layer message header, and message body. Based on the policy, the network element performs one or more authentication or authorization operations with the user identity information or credentials. As a result, a network element can broker identity information among incompatible applications and perform identity operations for the applications.

Abstract: Application message payload data elements are transformed within a network infrastructure element such as a packet data router or switch. The network element has application message transformation logic for receiving one or more packets representing an input application message logically associated with OSI network model Layer 5 or above; extracting an application message payload from the input application message; identifying one or more first content elements in the application message payload; transforming the first content elements into one or more second content elements of an output application message; and forwarding the output application message to a destination that is identified in the input application message. Transformations performed in the network element can include field reordering, field enrichment, field filtering, and presentation transformation.