Abstract: User-authentication-based approval of a first device via communication with a second device over a channel (e.g., an insecure channel) is described. The first device receives a session ID and first user-observable information, or an identifier thereof, from an identity provider, presents the first user-observable information to a user, and sends the session ID to the second device. The second device sends the session ID to the identity provider to obtain therefrom second user-observable information, or an identifier thereof, and a security challenge. The second user-observable information bears a user-discernable relationship to the first user-observable information and is presented to the user by the second device. The second device is capable of generating a response to the security challenge for transmission to the identity provider based at least on input received from the user, the response to the security challenge being indicative of the suitability of the first device for approval.

Abstract: Facilitating single sign-on on a device having sandboxed applications. A method includes identifying a plurality of associated applications. Criteria are evaluated to identify a primary application. Authentication state is stored at the primary application. One or more portions of the authentication state can be used by the applications in the plurality of associated application for authentication.

Abstract: In one embodiment, a user device 110 may access a network service 122 using a secure cookie 300. A high trust process may create an authentication proof 360 using a secure key. The high trust process may provide a browsing token 310 and the authentication proof 360 to a low trust process to send to an authentication service 124.

Abstract: Facilitating single sign-on on a device having sandboxed applications. A method includes identifying a plurality of associated applications. Criteria are evaluated to identify a primary application. Authentication state is stored at the primary application. One or more portions of the authentication state can be used by the applications in the plurality of associated application for authentication.

Abstract: User-authentication-based approval of a first device via communication with a second device over a channel (e.g., an insecure channel) is described. The first device receives a session ID and first user-observable information, or an identifier thereof, from an identity provider, presents the first user-observable information to a user, and sends the session ID to the second device. The second device sends the session ID to the identity provider to obtain therefrom second user-observable information, or an identifier thereof, and a security challenge. The second user-observable information bears a user-discernable relationship to the first user-observable information and is presented to the user by the second device. The second device is capable of generating a response to the security challenge for transmission to the identity provider based at least on input received from the user, the response to the security challenge being indicative of the suitability of the first device for approval.

Abstract: In one embodiment, a user device 110 may access a network service 122 using a secure cookie 300. A high trust process may create an authentication proof 360 using a secure key. The high trust process may provide a browsing token 310 and the authentication proof 360 to a low trust process to send to an authentication service 124.

Abstract: A schema is provided that defines people, groups and organizations by their corresponding contact information and other related characteristics. The schema defines a person by personal data, name data, location data, and e-address data. A group is defined by group membership data and e-address data. An organization is defined by location data and by e-address data. The schema also defines role occupancies for interrelating the various contacts. The role occupancies are defined by role occupancy data that may include employee data, team member data, group membership data, family data, customer or business data, and other types of data that can link two or more contacts. By interrelating contacts based on role occupancies, the schema is able to provide rich querying of one or more databases for obtaining desired contact information.

Abstract: A method and system for recording and accessing usage of an item allows a user to select from a list of previously used items across a computing system. A relationship is established between a used item (e.g., a contact) and a usage pattern. The usage pattern records the number of times that the item is accessed. The usage pattern is available across the system such that multiple applications may retrieve the usage pattern to obtain information associated with a particular item. A weight factor associated with the relationship is generated and implemented in a ranking scheme. When a user begins typing the name of an item in a data field, the user is presented with a list of previously created items based on the ranking scheme. The user then selects the desired item from the list such that typing time is shortened and the user experience is enhanced.

Abstract: A schema is provided that defines people, groups and organizations by their corresponding contact information and other related characteristics. The schema defines a person by personal data, name data, location data, and e-address data. A group is defined by group membership data and e-address data. An organization is defined by location data and by e-address data. The schema also defines role occupancies for interrelating the various contacts. The role occupancies are defined by role occupancy data that may include employee data, team member data, group membership data, family data, customer or business data, and other types of data that can link two or more contacts. By interrelating contacts based on role occupancies, the schema is able to provide rich querying of one or more databases for obtaining desired contact information.