Abstract: A system for assessing a computer device's state may collect state data about the device, then assess the state with respect to the policy for granting one or more claims. Each claim may be defined by a set of requirements that, if fulfilled, may be used to permit or deny access to a resource, such as an application, network, data, or other resource. A collection engine may reside on the device or other location and may collect requested data, and some collection engines may be extensible with a plugin architecture for expansion. A server may receive information from the device to evaluate claims. Depending on the use scenario, the claim results may be incorporated into communications and passed to an evaluator that may produce an access token which is used to permit or deny access based on the claim results.

Abstract: Attestation by a self-regulating attestation client. The attestation client requests a credential of health from an attestation service, which includes an ordered attestation log and proof of integrity and freshness of the log. The attestation client receives the requested credential of health, which certifies the attestation client was healthy when it requested the credential of health and that the attestation service trusts the attestation client to be healthy each time the attestation client authenticates using the credential of health. The attestation client receives a request to authenticate that it is healthy using the credential of health, verifies that it is currently healthy, and performs the requested authentication.

Abstract: Aspects of the subject matter described herein relate to delegating application invocation back to a client. In aspects, a server hosts an application that has a user interface that is presented on a client. User interaction on the user interface is encoded and sent to the server to give to the application. When the user uses the application such that another application is to be executed, a server delegator determines whether to execute the other application on the server or the client. If the application is to be executed on the client, the server delegator instructs a component that executes on the client to execute the application on the client. Otherwise, the application is executed on the server and data representing the user interface of the application is sent to the client so that the client may present the user interface to a user.

Abstract: Embodiments of the invention enable a client device to procure trustworthy device claims describing one or more attributes of the client device, have those device claims included in a data structure having a format suitable for processing by an application, and use the data structure which includes the device claims in connection with a request to access the application. The application may use the device claims to drive any of numerous types of application functionality, such as security-related and/or other functionality.

Abstract: A system for assessing a computer device's state may collect state data about the device, then assess the state with respect to the policy for granting one or more claims. Each claim may be defined by a set of requirements that, if fulfilled, may be used to permit or deny access to a resource, such as an application, network, data, or other resource. A collection engine may reside on the device or other location and may collect requested data, and some collection engines may be extensible with a plugin architecture for expansion. A server may receive information from the device to evaluate claims. Depending on the use scenario, the claim results may be incorporated into communications and passed to an evaluator that may produce an access token which is used to permit or deny access based on the claim results.

Abstract: Attestation by a self-regulating attestation client. The attestation client requests a credential of health from an attestation service, which includes an ordered attestation log and proof of integrity and freshness of the log. The attestation client receives the requested credential of health, which certifies the attestation client was healthy when it requested the credential of health and that the attestation service trusts the attestation client to be healthy each time the attestation client authenticates using the credential of health. The attestation client receives a request to authenticate that it is healthy using the credential of health, verifies that it is currently healthy, and performs the requested authentication.

Abstract: Embodiments of the invention enable a client device to procure trustworthy device claims describing one or more attributes of the client device, have those device claims included in a data structure having a format suitable for processing by an application, and use the data structure which includes the device claims in connection with a request to access the application. The application may use the device claims to drive any of numerous types of application functionality, such as security-related and/or other functionality.

Abstract: Aspects of the subject matter described herein relate to delegating application invocation back to a client. In aspects, a server hosts an application that has a user interface that is presented on a client. User interaction on the user interface is encoded and sent to the server to give to the application. When the user uses the application such that another application is to be executed, a server delegator determines whether to execute the other application on the server or the client. If the application is to be executed on the client, the server delegator instructs a component that executes on the client to execute the application on the client. Otherwise, the application is executed on the server and data representing the user interface of the application is sent to the client so that the client may present the user interface to a user.

Abstract: A system, method and medium associates source code with a plurality of elements of a model representing the source code. Portions of computer code are associated with one or more of the model elements. The source code is modified to correspond to one or more modified model elements, and at least a portion of the source code that has been modified can optionally be displayed.

Abstract: A system, method and medium associates source code with a plurality of elements of a model representing the source code. Portions of computer code are associated with one or more of the model elements. The source code is modified to correspond to one or more modified model elements, and at least a portion of the source code that has been modified can optionally be displayed.