Systems and methods for hosting variable schema data such as dynamic tables and columns in a fixed physical database schema. Standard objects, such as tables are provided for use by multiple tenants or organizations in a multi-tenant database system. Each organization may add or define custom fields for inclusion in a standard object. Custom fields for multiple tenants are stored in a single field within the object data structure, and this single field may contain different data types for each tenant. Indexing columns are also provided, wherein a tenant may designate a field for indexing. Data values for designated fields are copied to an index column, and each index column may include multiple data types. Each organization may also define custom objects including custom fields and indexing columns. Custom objects for multiple tenants are stored in a single custom object data structure. The primary key values for the single custom object table are globally unique, but also include an object-specific identifier which may be re-used among different entities.

Custom entities and fields in a multi-tenant database system

The invention relates to hardware, software and electronic service components and systems to provide large-scale, reliable, and secure foundations for distributed databases and content management systems, combining unstructured and structured data, and allowing post-input reorganization to achieve a high degree of flexibility.

Systems and methods for use of structured and unstructured distributed data

Methods and apparatus for delivery of packetized content (e.g., video, audio, data, etc.) over a content delivery network. In one embodiment, the content is packetized using an Internet Protocol (IP), and delivered by a service provider over both managed and unmanaged networks to subscribers of the provider, so as to provide delivery at any time, at any location, and via any designated user device. The delivered content may originate from the service provider, third-party content sources (e.g., networks or studios), the subscriber(s) themselves, or other sources including the Internet. Use of a common control and service functions within the network afford the ability to integrate or blend services together, thereby affording the service provider and subscriber new service and economic opportunities. Content delivery sessions may also be migrated from one device to another. A network-based user interface infrastructure, and gateway-based client-side architecture, are also disclosed.

Methods and apparatus for packetized content delivery over a content delivery network

Disclosed herein are systems and methods including hardware, software and electronic service components and systems to provide large-scale, reliable, and secure foundations for distributed databases and content management systems combining unstructured and structured data, and allowing post-input reorganization to achieve a high degree of flexibility.

Security systems and methods for use with structured and unstructured data

In accordance with embodiments, there are provided mechanisms and methods for publicly providing web content of a tenant using a multi-tenant on-demand database service. These mechanisms and methods for publicly providing web content of a tenant using a multi-tenant on-demand database service can allow the web content to be published by a tenant using the multi-tenant on-demand database service for use by non-tenants of the multi-tenant on-demand database service.

System, method and computer program product for publicly providing web content of a tenant using a multi-tenant on-demand database service

A method and a system are presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions. When a user is provisioned at a particular federated domain, the federated domain can provision the user to other federated domains within the federated environment. A provision operation may include creating or deleting an account for a user, pushing updated user account information including attributes, and requesting updates on account information including attributes.

Method and system for federated provisioning

The invention provides federated functionality within a data processing system by means of a set of specialized runtimes, which are instances of an application for providing federation services to requesters. Each of the plurality of specialized runtimes provides requested federation services for selected ones of the requestors according to configuration data of respective federation relationships of the requestors with the identity provider. The configuration data is dynamically retrieved during initialization of the runtimes which allows the respective_runtime to be specialized for a given federation relationship. Requests are routed to the appropriate specialized runtime using the first requestor identity and the given federation relationship. The data, which describes each federation relationship between the identity provider and each of the plurality of requestors, is configured prior to initialization of the runtimes.

Specializing Support For A Federation Relationship

Access Control Lists (ACLs) are used to describe the permitted actions (permissions) on protected network computer system resources or objects associated with an client or user identity. An identity may be an individual user or group of users. The actions are used to represent the different access methods available on a particular projected object or resource. A new action grouping mechanism is provided which tags each action with an action group name. The grouping of actions facilitates a larger permission set to be defined in an ACL, whereas action permission indicators can be reused for unique action definitions within various action groups. This effectively extends the finite total number of permissions available within a security system, allows a more descriptive and extensible permission mechanism in an Access Control List, as well as aiding in the simplification of management and definition of security policies.

Grouped access control list actions

A method is presented for providing an HTTP-based authentication mechanism. A request for a controlled resource is received from a client at a first server, which sends a request for an uncontrolled resource to a second server, which may be an HTTP-based authentication server, e.g., by redirecting a request via the client to the second server or by forwarding a request directly to the second server. The second server then obtains authentication information from the client. The second server returns the authentication credential or the authenticated identify to the first server within a response message, e.g., by storing the authentication credential within one or more HTTP headers. In response to receiving the authentication information, the first server builds a session for the client and processes the original request for the controlled resource, e.g., by sending a redirection for the controlled resource through the client.

Method and system for externalized HTTP authentication

A method is presented for managing authentication credentials for a user. A session management server performs session management with respect to the user for a domain that includes a protected resource. The session management server receives a request to access the protected resource, which requires authentication credentials that have been generated for a first type of authentication context. In response to determining that authentication credentials for the user have been generated for a second type of authentication context, the session management server sends to an authentication proxy server a first message that contains the authentication credentials for the user and an indicator for the first type of authentication context. The session management server subsequently receives a second message that contains updated authentication credentials for the user that indicate that the updated authentication credentials have been generated for the first type of authentication context.

Anthony Scott Moran

Papers

Method and system for federated provisioning

Specializing Support For A Federation Relationship

Grouped access control list actions

Method and system for externalized HTTP authentication

Method and system for extending authentication methods