Abstract: An information processing apparatus includes a creation unit and a registration unit. The creation unit acquires first limited use information which is associated with a designated object and stored in an object storage unit from the object storage unit in accordance with an instruction to specify the designated object, and creates second limited use information containing information indicated by the acquired first limited use information and described in a different form from the acquired first limited use information. The registration unit registers the second limited use information created by the creation unit in a second limited use storage unit.

Abstract: A method and apparatus controls an MTP device to manage a media file transmitted by an MTP host. According to the method, when the number of files in a folder assigned by the MTP host is equal to or more than a predetermined number while storing a media file received from the MTP host, the MTP device generates a new folder and stores the corresponding media file in the new folder. Accordingly, the files within the predetermined number can be stored in one file. Since the number of files stored in one folder is limited, delay in processing media files due to the large number of files can be reduced.

Abstract: A method and apparatus for identifying the focus of a document, in a natural language processing application, the natural language processing application comprising a hierarchical concept tree having a plurality of nodes, each node being associated with a term, the method comprising the steps of: mapping an input document to nodes in a concept tree to determine a number of occurrences of a term in the input document which also occur at a node in the concept tree; weighting each node in the concept tree, depending on the determined number of occurrences of the term in the input document and a determined value assigned to each node in the concept tree; traversing the concept tree to identify a heaviest weighted path, in dependence on the weighting of each node in the concept tree; and determining the focus of the input document by identifying a node having the heaviest weight along the most heavily-weighted path.

Abstract: A computer-implemented method for providing protection for a data file is disclosed. The method includes employing allowable location information to control access to information of the data file, wherein the allowable location information is associated with the data file The information in the data file is inaccessible if a location of a computer employed to access the data file is not within an allowable geographic area defined by the allowable location information.

Abstract: A mechanism for automating the process of establishing a resource grid is provided. First, a grid establishment component (GEC) is communicatively coupled to a plurality of nodes, wherein each node provides zero or more resources. Next, the GEC selects which of the nodes to include in a resource grid and establishes the resource grid by configuring each selected node (i.e., grid node) to participate as part of the resource grid. In addition, the GEC establishes one or more grid masters to manage access to the resources provided by the grid nodes. Once the grid nodes are configured, and one or more grid masters are established, the resource grid is ready for regular operation. By automating the grid establishment process, the GEC removes a significant burden from a system administrator, and greatly simplifies and accelerates the process of establishing a resource grid.

Abstract: A system and method for program access control includes, for a typestate, providing typestate properties and assigning a role to the typestate in a program in accordance with the typestate properties. Access to operations is limited for the typestate in the program based on the role assigned to the typestate and an access permission level.

Abstract: A method and apparatus for retrieving data from a Lightweight Directory Access Protocol (LDAP) repository. In one embodiment, the method includes retrieving a list of lightweight directory access protocol (LDAP) access control instructions (ACIs) for an LDAP entry, and storing the list in a cache of an LDAP server as an entry associated with the LDAP entry.

Abstract: A system, method, and apparatus for implementing a plurality of dispersed data storage networks using a set of slice servers are disclosed. A plurality of information records are maintained, with each information record corresponding to a dispersed data storage network. The information record maintains what slice servers are used to implement the dispersed data storage network, as well as other information needed to administer a DDSN, such as the information dispersal algorithm used, how data is stored, and whether data is compressed or encrypted.

Abstract: The exchange of documents for execution can be performed efficiently using an automated system that routes and archives documents. The system may facilitate the exchange of drafts between parties by highlighting changes of the current draft with respect to the previous draft. Documents may be conveniently archived for efficient document storage and access by providing one or more central archive databases accessible through a shared network to a plurality of organizations. The operating system of the database may provide systematic access to individuals associated with an organization with the privilege to access documents according to a specific organizational hierarchy. Routing and archiving documents may be accomplished through a central exchange server.

Abstract: The present invention relates to systems and methods that provide a portal user with role-based access to components on a network via portlets within the portal. The role-based access can be sharable such that one or more users with a similar role can instantiate instances of a shared portal. Sharable configurations can be stored local to the user's portal, local to another portal and/or within a networked storage medium. The access provides a user with an entry-point to components, wherein a user can monitor and control components. The user can additionally configure the portal such that the component access is further based on the user's location. Advantages of the present invention include delineation of access and administrative functionality, the ability to combine web and application servers within a similar environment, and the ability to access (e.g., controlling, collecting and analyzing data, etc.) when the user is not utilizing the portal.

Abstract: A method for resolving permissions using role activation operators to evaluate permissions assigned to a user in a role context inheritance hierarchy. The method comprises several steps. A step of retrieving a plurality of activated roles within a role context that match roles assigned to a user, wherein one or more permissions in the role context inherit from one or more permissions in a parent role context in a role context permission inheritance hierarchy. A step of determining an aggregate permission for each of the plurality of activated roles, wherein a role activation operator determines how an activated role is evaluated. A step of processing the aggregate permissions for the plurality of activated roles. A step of resolving a final permission for the user.

Abstract: A method and apparatus for providing service discovery are disclosed. Specifically, each service provider builds or constructs a behavior description or model of its service and, in turn, stores and publishes the behavior description. Each behavior description is implemented in accordance with a set of shared ontology of terms for a particular domain. In turn, a user may generate a query associated with service discovery that will be capable of exploiting the behavior descriptions for a plurality of services.

Abstract: A mechanism is disclosed for implementing file access control using labeled containers. With this mechanism, it is possible to implement file access control without storing a sensitivity label with each file, and without checking a sensitivity label each time a file is accessed. Rather, by virtue of the manner in which the containers are labeled, and the manner in which a portion of the file system of one container is incorporated into the file system of another container, file access is effectively controlled. Thus, with this mechanism, it is possible to implement file access control simply and efficiently.

Abstract: A method of displaying building system controller data includes receiving a user login associated with predefined user access privileges and receiving a building system controller selection, requesting a listing of building system controller applications and activities from a building system controller associated with the building system controller selection, and generating a display of available building system controller applications and allowable activities based on the user access privileges and based on the listing.

Abstract: In response to a user request, a computer generates a graphical user interface on a computer display. A schema information region of the graphical user interface includes multiple operand names, each operand name associated with one or more fields of a multi-dimensional database. A data visualization region of the graphical user interface includes multiple shelves. Upon detecting a user selection of the operand names and a user request to associate each user-selected operand name with a respective shelf in the data visualization region, the computer generates a visual table in the data visualization region in accordance with the associations between the operand names and the corresponding shelves. The visual table includes a plurality of panes, each pane having at least one axis defined based on data for the fields associated with a respective operand name.

Abstract: Under the present invention, role types are defined by association with certain permissible actions. Once defined in this manner, a role type can then be bound to “nodes” of a hierarchical tree that represent computer-based resources such as dynamic object spaces. Once bound to a node, instances of this role type are created that will be inherited by hierarchical descendants of that node unless a role type block (e.g., inheritance or propagation) has been established for the corresponding role type. The present invention also allows the computer-based resources to be defined as virtual or private. Virtual resources represent general protected concepts in the system instead of computer-based resources and are subject to be bound with roles, while private resources are not. That is, the private resources remain the “property” of the creating user or group.

Abstract: An access control method and system. The method includes enabling, by a computing system for a requester, access to the computing system. The computing system comprises group based access control data and computing resource data organized based on an XML schema that comprises a recursive format used to support a plurality of branch levels in a resource tree. The computing system associates first group data of the group based access control data with the requester. The computing system receives a request from the requester to access the computing resource data. The computing system determines an access control decision associated with the request to access the computing resource data. The computing system presents the access control decision to the requester.

Abstract: A reputability analysis system receives a domain assessment request associated with a domain and accesses a database to find a match for the domain. A reputability score is derived according to a hierarchical analysis of a matching domain in the database. Traceability, accountability, and association information associated with the domain assessment request may also be used to adjust the reputability score.

Abstract: Techniques are disclosed that efficiently support the querying of meta-data in XML documents. The techniques include efficiently identifying XML elements along each location step in an XPath query that satisfy range constraints on ordered meta-data. The techniques include generating an inheritance meta-data index in which actual meta-data levels are associated only with elements for which a value is explicitly specified and associating non-leaf nodes of the index structure with inherited meta-data levels and inheritance source nodes. The techniques may be used with navigation-based and join-based XPath evaluation strategies.

Abstract: A method in a computer system is disclosed for enabling authors to work on hierarchical documents. The method comprises retrieving a hierarchical document from a server computing device, modifying the retrieved hierarchical document, sending an indication of the modification to the server computing device, and when the modification cannot be applied on the server computing device, reverting the modified hierarchical document to a current form of the hierarchical document on the server computing device. A system is disclosed for receiving an indication to lock a node, the indication identifying an owner of the lock, receiving an indication of a request to mutate the node, determining whether the request is from a user other than the owner of the lock, and when the user is not the owner of the lock, denying the request.

Abstract: In accordance with embodiments, there are provided mechanisms and methods for providing nested variables in a content management system. These mechanisms and methods for providing nested variables in a content management system can enable users to model types that can be used within other type definitions. This differs from the Type Inheritance feature in that types that make use of the nested type feature do not extend their functionality but define a property definition having a value defined by all property definitions in the nested type. For example, user can create a type address with property definitions such as street, city, zip code, etc. The user can then create another type person that has property definitions such as “name” and home address and business address. The two address property definitions can be represented by the address type, each with the address type's property definitions. Embodiments may further provide the ability to have abstract types and link property types.

Abstract: The present invention provides an account management system and method for use within a computer network that allows for automated provisioning, configuration, and maintenance of the servers and other devices connected to a computer network. This account management system and method make use of a master directory structure which is replicated by way of a directory structure replication hub to multiple remote data centers in the form of multiple copies of a directory structure. The directory structure allows access to various customers, who may access information contained only within that particular customer's account. Authentication information for each of the customers is located within the copies of the directory structures contained at each customer data center, and therefore transmitting authentication information is not required.

Abstract: Methods and apparatuses consistent with the present invention relate to a cellular phone having a mailing function and a mail security processing method for the same. The user inputs a secret number and then selects a mail folder to display a security setting/releasing mail folder list. When the user selects a mail folder, the security processing is executed for the mail folder. The folder is not shown in an ordinary mail folder list. To release the setting of security implemented by the security processing, the user displays the security setting/releasing screen, inputs a secret number, and selects a mail folder. In a security setting/releasing mail folder list, the mail folder for which the security processing has been executed is displayed. The user selects the folder, and as a result, the setting of security is released.

Abstract: A database comprising a plurality of tables is interrogated by generating a database query, and a data map, the data map describing the structure of table instances implicated in the database query. Next, the database query is submitted to the database. A response is received from the database. The data map is traversed so as to iteratively apply a data extraction process to components of the response corresponding to each table instance associated with the database query, thereby extracting the required data from the response.

Abstract: A system, method, computer program and article of manufacture for membership list management is described. A rules-based membership list is built and cached. Any modifications to the member objects are incrementally added to the cache, and are submitted to a change log. Queries access the membership in the cache instead of having to execute the rules to build the list. The change log entries allow membership modification notifications to be sent to any subscribing application.

Abstract: It is one object of the present invention to provide an access control system that employs an access control rule and that does not distinguish between data and the access control rule, so that the same flexible access control that is available for the data can also be provided for the access control rule. An access control system comprises: an access controller 200 for, in accordance with the access request, employing an access control rule defining an access right for the object to determine whether or not access to the object should be permitted; and an object storage unit 500 for storing a set of access control rules as objects equivalent to common data objects, wherein, upon the receipt of a request to access an access control rule, the access controller 200 determines whether or not access to the access control rule should be permitted.

Abstract: Techniques for controlling access to resources within a device are described. A device is described, for example, that includes a computer-readable medium and a management interface. The computer-readable medium stores configuration data and authorization data. The authorization data defines an access control attribute and an associated regular expression specifying a textual pattern. The management interface receives a text-based command to access the configuration data of the device, evaluates the command using the regular expression, and controls access to the configuration data based on the evaluation.

Abstract: A method for tracking game comprising the steps of fixing tracking devices to the game, receiving data transmitted by the tracking devices, storing the data in the database, providing the web page as a user interface, registering users through the web page, issuing user credentials to authenticate users, and displaying information via the web page. The tracking devices can be configured to gather and to transmit a variety of data, such as weather or water conditions, location, species of game, and many others. Data is processed and stored according to categories of information contained therein. The user accesses the stored data by a web page, which can be configured to display certain categories of data, to provide access to certain electronic features, or to provide certain features corresponding to a user-selected membership level.

Abstract: An Internet delivery method delivers electronic information products to a plurality of users via the Internet. A plurality of display formats are stored in a database. The display formats including at least a default display format and a custom display format. Information is also stored for each user indicating whether the user is a specific type of user. When a user logs in, the user is identified as being that specific type of user. If the user is identified as the specific type of user, then an electronic information product is delivered to the user in the custom display format. The electronic information products are accessed via computers connected to the Internet, including wireless devices.

Abstract: Embodiments are provided to use metadata to provide readable and/or writeable regions of a multi-dimensional space. In an embodiment, metadata can be used to define readable and/or writeable regions of a multi-dimensional data store. The various embodiments also use relational and/or multi-dimensional representations to resolve and validate readable and/or writeable regions of a multi-dimensional space. Metadata can also be used to designate a number of writeable and/or readable regions of a relational and/or multi-dimensional representation.

Abstract: Provided are a method, system, and program for deriving and using data access control information to determine whether to permit requested derivations of data elements. Data access control information is initialized for each of a plurality of data elements, wherein the data access control information for each associated data element includes a user access list indicating authorized users and a data access list indicating at least one data element that may be subject to a derivation operation with the associated data element. A request is received from one user to subject a first data element and a second data element to a derivation operation. The data access control information for one of the first and second data elements is processed to determine whether the user access list and data access list in the processed data access control information permits the user to perform the requested derivations of the first and second data elements.

Abstract: Critical resource management is disclosed. In one embodiment of the invention, a method is provided. First, the method detects whether maximum utilization of a critical resource has been reached. For example, the critical resource can be a number of modems within a modem pool of an Internet Server Provider (ISP). Second, the method determines the priority of access to this critical resource for each of a plurality of clients. For example, such clients can be end-user computers attempting to dial into the modem pool of the ISP. Third, the method denies access to at least one of the clients that have the lowest priority of access to the critical resource. For example, this can mean that a client currently connected to the ISP via a modem of the model pool is disconnected, or can mean that a client attempting to dial into the ISP is refused access.

Abstract: By varying the levels of detail associated with items in an ordered collection of information, items may be organized in a way to emphasize details about item of current interest. Displaying varying levels of detail about items in an ordered collection of information involves determining a focus, and based on their relative location to the focus adding additional detail to other items displayed from the collection of information. For instance, a user browsing a web search results list typically only sees a few essential details such as the name, link, and brief abstract about each item in the list. Providing the user with varying levels of detail about each item in the list helps them decide to where they want to navigate.

Abstract: A document management system includes: a document producing apparatus including a protected document producing unit; and a document use managing apparatus including: a document information storage; a document information registering unit; a use restriction information storage; and a use restriction information registering unit.