Abstract: A master license entry that links a software application to a user identification can be made. Application licenses to use the software application can be roamed to multiple computing machines. Feature licenses for added features of the software application can be roamed to those computing machines as well. Multiple overlapping license rights for the software application may be linked to the master license entry. A count of how many license rights for the software application are linked to the master license entry can be maintained. Requests for licenses may be refused if the count of license rights has reached zero.

Abstract: A master license entry that links a software application to a user identification can be made. Application licenses to use the software application can be roamed to multiple computing machines. Feature licenses for added features of the software application can be roamed to those computing machines as well. Multiple overlapping license rights for the software application may be linked to the master license entry. A count of how many license rights for the software application are linked to the master license entry can be maintained. Requests for licenses may be refused if the count of license rights has reached zero.

Abstract: Described is a technology by which access to a resource is determined by evaluating a resource label of the resource against a user claim of an access request, according to policy decoupled from the resource. The resource may be a file, and the resource label may be obtained by classifying the file into classification properties, such that a change to the file may change its resource label, thereby changing which users have access to the file. The resource label-based access evaluation may be logically combined with a conventional ACL-based access evaluation to determine whether to grant or deny access to the resource.

Abstract: Example embodiments are provided for integrating operating systems with content offered by internet based entities.

Abstract: The subject invention relates to systems and methods that provide region-based security to database objects having hierarchical relationships. In one aspect, a system is provided that facilitates database security and management. The system includes a database component that stores a plurality of objects having a hierarchical relationship between the objects. A region component defines security zones for a subset of the objects and maps security data to the subset, wherein the security zones are independent, decoupled, or disassociated from the hierarchical relationships between the objects.

Abstract: The claimed subject matter provides a method for licensing software in a computing environment. An exemplary method includes initiating application software program on a computer system having a plurality of authorized users, one of the authorized users having a single-user license to use the software program. An identity of a current user of the computer system is checked. Operation of the software program is prohibited if the current user is one of the plurality of authorized users other than the user who is granted the single-user license.

Abstract: A master license entry that links a software application to a user identification can be made. Application licenses to use the software application can be roamed to multiple computing machines. Feature licenses for added features of the software application can be roamed to those computing machines as well. Multiple overlapping license rights for the software application may be linked to the master license entry. A count of how many license rights for the software application are linked to the master license entry can be maintained. Requests for licenses may be refused if the count of license rights has reached zero.

Abstract: The claimed subject matter provides a method for revoking licensed software in a computing environment. An exemplary method includes receiving a machine ID from a computer system. An application program and a license credential for the application program are sent to the computer system. Subsequently, upon theft or other loss of the computer system, a request to revoke the license credential is received. The request identifies the machine ID. When the computer system subsequently initiates a connection, the connection is detected based on the machine ID. An indication that the license credential for the application program is revoked is sent to the computer system. When the application program is later initiated, its operation is disabled because of the revocation of the license credential.

Abstract: The claimed subject matter provides a method for managing license upgrades in a computing environment. An exemplary method includes sending a request to upgrade a license status of application software program. The method further includes receiving licensing information indicating a change to the license status of the software program, the change to the license status of the software program being sufficient to allow the user to use the software program under the changed status automatically, and without further action by a user.

Abstract: Described is a technology, such as implemented in an operating system security system, by which a resource's metadata (e.g., including data properties) is evaluated against an audit rule or audit rules associated with that resource (e.g., object). The audit rule may be associated with all such resources corresponding to a resource manager, and/or by a resource-specific audit rule. When a resource is accessed, each audit rule is processed against the metadata to determine whether to generate an audit event for that rule. The audit rule may be in the form of one or more conditional expressions. Audit events may be maintained and queried to obtain audit information for various usage scenarios.

Abstract: Described is a technology by which access to a resource is determined by evaluating a resource label of the resource against a user claim of an access request, according to policy decoupled from the resource. The resource may be a file, and the resource label may be obtained by classifying the file into classification properties, such that a change to the file may change its resource label, thereby changing which users have access to the file. The resource label-based access evaluation may be logically combined with a conventional ACL-based access evaluation to determine whether to grant or deny access to the resource.

Abstract: A database management system that supports multiple databases in an instance with controlled sharing between the databases. The invention can also support execution of procedures and other modules in the context of any principal possibly different from that of the caller. Trusted certificates can be employed to permit access to procedures (or other modules). The security context of the invention can enable the building blocks of building a pure trusted sub-system model of authorization.

Abstract: A database management system that supports multiple databases in an instance with controlled sharing between the databases. The invention can also support execution of procedures and other modules in the context of any principal possibly different from that of the caller. Trusted certificates can be employed to permit access to procedures (or other modules). The security context of the invention can enable the building blocks of building a pure trusted sub-system model of authorization.

Abstract: Provided are systems and methods that facilitate providing permission to entities of a database. A system includes a component that authorizes a principal of a containing entity to grant a permission to that entity, and a component that grants the permission to the containing entity, the grantee of the permission inherits a set of permissions to one or more entities contained by the containing entity. When a permission is granted to a parent in a hierarchy of a relational database, the permission is inherited by the child nodes. Also provided is a method for transferring ownership of entities in a relational database. The method includes a two-part handshake that can be audited to avoid repudiation issues.

Abstract: A database management system that supports multiple databases in an instance with controlled sharing between the databases. The invention can also support execution of procedures and other modules in the context of any principal possibly different from that of the caller. Trusted certificates can be employed to permit access to procedures (or other modules). The security context of the invention can enable the building blocks of building a pure trusted sub-system model of authorization.

Abstract: A database management system that supports multiple databases in an instance with controlled sharing between the databases. The invention can also support execution of procedures and other modules in the context of any principal possibly different from that of the caller. Trusted certificates can be employed to permit access to procedures (or other modules).

Abstract: Provided are systems and methods that facilitate providing permission to entities of a database. A system includes a component that authorizes a principal of a containing entity to grant a permission to that entity, and a component that grants the permission to the containing entity, the grantee of the permission inherits a set of permissions to one or more entities contained by the containing entity. When a permission is granted to a parent in a hierarchy of a relational database, the permission is inherited by the child nodes. Also provided is a method for transferring ownership of entities in a relational database. The method includes a two-part handshake that can be audited to avoid repudiation issues.

Abstract: The subject invention relates to systems and methods that provide region-based security to database objects having hierarchical relationships. In one aspect, a system is provided that facilitates database security and management. The system includes a database component that stores a plurality of objects having a hierarchical relationship between the objects. A region component defines security zones for a subset of the objects and maps security data to the subset, wherein the security zones are independent, decoupled, or disassociated from the hierarchical relationships between the objects.