Abstract: Examples of the present disclosure describe systems and methods for migrating mailbox identities. In aspects, a system may receive one or more requests to perform tasks for migrating identities of a plurality of mailboxes included in a security group created at a source tenant to a plurality of mail users created at a target tenant that correspond to the plurality of mailboxes. Based on the one or more requests, the system may copy the identities to a data store associated with the target tenant, upload mapping data to the data store, and use that mapping data to map the identities copied to the data store to the corresponding plurality of mail users in the target tenant. For each of the identities mapped, the system may copy at least one or more attributes of the respective identity from the data store to the respective corresponding mail user in the target tenant.

Abstract: A client application is specified by a target tenant and represented in an OAuth provider, along with a corresponding secret. A source tenant consents to permissions to be executed by the client application on a resource of the source tenant. A target service uses the secret to obtain an access token from an authorization server coupled to the source tenant and uses the access token to obtain access, specified by the permissions, to the resource served by a source service acting on behalf of the source tenant.

Abstract: A cross-tenant authentication system is described. The system receives a user token from a client device that is registered with a first tenant of a service application of a server. The system receives a request, from the client device, to access a second feature of a second tenant of the service application. The second feature of the second tenant of the service application is separate from a first feature of the first tenant of the service application. The second feature is only accessible to devices registered with the second tenant of the service application. The system authenticates the request by validating the user token from the client device and determines a cross-tenant policy of the second tenant of the service application based on the user token. The system forms an identity object based on the cross-tenant policy.

Abstract: A system and method for detecting anomalies in a data stream is described. The system receives the data stream that comprises values of metrics derived from observations of operation of a computing entity over a time window. A model comprising variances of the data over the time window is formed. The model identifies operating thresholds for each metric based on the variances of the data for each metric in the data stream. The system computes a steady state distance matrix of the data stream. The system determines that the steady state distance matrix exceeds a steady state threshold. In response to determining that the steady state distance matrix exceeds the steady state threshold, the system computes a pattern distance matrix based on the steady state distance matrix. The anomaly in the data stream is detected based on the pattern distance matrix. The system generates an alert indicating the anomaly.

Abstract: A service computing system receives an API call in which an authorization token, that contains an identifier in the content of the authorization token, is included in a header of the API call. The identifier is also included as a parameter passed in with the API call. The service computing system parses the API call to obtain the authorization token, and the identifier included in the authorization token. It also obtains the identifier passed in as a parameter of the API call. The service computing system compares the identifier obtained from the authorization token to the identifier passed in as a parameter of the API call to determine whether they match. If they do not match, the API call is processed as an unauthorized API call. A security system in the service computing system authorizes the API call based on the comparison.

Abstract: Examples of the present disclosure describe systems and methods for migrating mailbox identities. In aspects, a system may receive one or more requests to perform tasks for migrating identities of a plurality of mailboxes included in a security group created at a source tenant to a plurality of mail users created at a target tenant that correspond to the plurality of mailboxes. Based on the one or more requests, the system may copy the identities to a data store associated with the target tenant, upload mapping data to the data store, and use that mapping data to map the identities copied to the data store to the corresponding plurality of mail users in the target tenant. For each of the identities mapped, the system may copy at least one or more attributes of the respective identity from the data store to the respective corresponding mail user in the target tenant.

Abstract: Examples of the present disclosure describe systems and methods for migrating mailbox identities. In aspects, a system may receive one or more requests to perform tasks for migrating identities of a plurality of mailboxes included in a security group created at a source tenant to a plurality of mail users created at a target tenant that correspond to the plurality of mailboxes. Based on the one or more requests, the system may copy the identities to a data store associated with the target tenant, upload mapping data to the data store, and use that mapping data to map the identities copied to the data store to the corresponding plurality of mail users in the target tenant. For each of the identities mapped, the system may copy at least one or more attributes of the respective identity from the data store to the respective corresponding mail user in the target tenant.

Abstract: In a multi-tenant computing system, a cross-tenant user search system receives a user search input from a user using a client of a first tenant. The cross-tenant user search system accesses a policy that identifies one or more related tenants that are related to the first tenant. The policy also identifies directory records of users in the related tenant that can be searched by users of the first tenant. The cross-tenant user search system executes a search against a directory for the first tenant and executes a separate search against the directory records in the related tenants, identified in the policy. The search results from searching the directory for the first tenant and the related search results from searching the directory records in the tenant are aggregated into an aggregated set of search results which are then returned to the client.

Abstract: A client application is specified by a target tenant and represented in an OAuth provider, along with a corresponding secret. A source tenant consents to permissions to be executed by the client application on a resource of the source tenant. A target service uses the secret to obtain an access token from an authorization server coupled to the source tenant and uses the access token to obtain access, specified by the permissions, to the resource served by a source service acting on behalf of the source tenant.

Abstract: A client application is specified by a target tenant and represented in an OAuth provider, along with a corresponding secret. A source tenant consents to permissions to be executed by the client application on a resource of the source tenant. A target service uses the secret to obtain an access token from an authorization server coupled to the source tenant and uses the access token to obtain access, specified by the permissions, to the resource served by a source service acting on behalf of the source tenant.

Abstract: A service computing system receives an API call in which an authorization token, that contains an identifier in the content of the authorization token, is included in a header of the API call. The identifier is also included as a parameter passed in with the API call. The service computing system parses the API call to obtain the authorization token, and the identifier included in the authorization token. It also obtains the identifier passed in as a parameter of the API call. The service computing system compares the identifier obtained from the authorization token to the identifier passed in as a parameter of the API call to determine whether they match. If they do not match, the API call is processed as an unauthorized API call. A security system in the service computing system authorizes the API call based on the comparison.

Abstract: A service computing system receives an API call in which an authorization token, that contains an identifier in the content of the authorization token, is included in a header of the API call. The identifier is also included as a parameter passed in with the API call. The service computing system parses the API call to obtain the authorization token, and the identifier included in the authorization token. It also obtains the identifier passed in as a parameter of the API call. The service computing system compares the identifier obtained from the authorization token to the identifier passed in as a parameter of the API call to determine whether they match. If they do not match, the API call is processed as an unauthorized API call. A security system in the service computing system authorizes the API call based on the comparison.

Abstract: A client application is specified by a target tenant and represented in an OAuth provider, along with a corresponding secret. A source tenant consents to permissions to be executed by the client application on a resource of the source tenant. A target service uses the secret to obtain an access token from an authorization server coupled to the source tenant and uses the access token to obtain access, specified by the permissions, to the resource served by a source service acting on behalf of the source tenant.

Abstract: A computer implemented method is used for changing a password in a multi-domain environment. The method includes obtaining a private key and a public key from a security card at a user device in a user domain, transferring the public key to a controller in a secure domain, requesting a password change, receiving a public key encrypted new password from the secure domain, and decrypting the new password using the private key.

Abstract: A computer implemented method is used for changing a password in a multi-domain environment. The method includes obtaining a private key and a public key from a security card at a user device in a user domain, transferring the public key to a controller in a secure domain, requesting a password change, receiving a public key encrypted new password from the secure domain, and decrypting the new password using the private key.

Abstract: A service computing system receives an API call in which an authorization token, that contains an identifier in the content of the authorization token, is included in a header of the API call. The identifier is also included as a parameter passed in with the API call. The service computing system parses the API call to obtain the authorization token, and the identifier included in the authorization token. It also obtains the identifier passed in as a parameter of the API call. The service computing system compares the identifier obtained from the authorization token to the identifier passed in as a parameter of the API call to determine whether they match. If they do not match, the API call is processed as an unauthorized API call. A security system in the service computing system authorizes the API call based on the comparison.

Abstract: A computer implemented method is used for changing a password in a multi-domain environment. The method includes obtaining a private key and a public key from a security card at a user device in a user domain, transferring the public key to a controller in a secure domain, requesting a password change, receiving a public key encrypted new password from the secure domain, and decrypting the new password using the private key.

Abstract: In a computing device that implements an encoder, a method comprises receiving an encoded video sequence with a file container, receiving input to execute a trimming operation to create a frame accurate target segment of one or more desired pictures from the encoded video sequence and trimming to frame accuracy. Trimming to frame accuracy is accomplished by changing the parameter identifications of leading and trailing portions, if supported, or changing the parameters, and using the changed parameters or parameter identifications in re-encoding the leading and trailing portions, while an untouched middle portion between the leading and trailing portions is re-muxed without re-encoding.

Abstract: In a computing device that implements an encoder, a method comprises receiving an encoded video sequence with a file container, receiving input to execute a trimming operation to create a frame accurate target segment of one or more desired pictures from the encoded video sequence and trimming to frame accuracy. Trimming to frame accuracy is accomplished by changing the parameter identifications of leading and trailing portions, if supported, or changing the parameters, and using the changed parameters or parameter identifications in re-encoding the leading and trailing portions, while an untouched middle portion between the leading and trailing portions is re-muxed without re-encoding.