Abstract: A Cross-Platform Single Sign On (CP-SSO) experience is provided herein to enable users to access multiple services via a single login when working across different platforms. A user may work across different platform when using multiple devices, when using multiple browsers on a single device, or when an integrated application requires a separate login for access within a host web application or portal service. A proxy token service manages login requests and authentication tokens after a given service has been logged into once by a user, so that the user does not need to provide login credentials on subsequent requests for the given service. By enabling a CP-SSO experience, network efficiency is improved, and the user experience is also improved as users do not need to supply authentication credentials as frequently and may freely choose to use multiple platforms instead of limiting usage to a single platform.

Abstract: A Cross-Platform Single Sign On (CP-SSO) experience is provided herein to enable users to access multiple services via a single login when working across different platforms. A user may work across different platform when using multiple devices, when using multiple browsers on a single device, or when an integrated application requires a separate login for access within a host web application or portal service. A proxy token service manages login requests and authentication tokens after a given service has been logged into once by a user, so that the user does not need to provide login credentials on subsequent requests for the given service. By enabling a CP-SSO experience, network efficiency is improved, and the user experience is also improved as users do not need to supply authentication credentials as frequently and may freely choose to use multiple platforms instead of limiting usage to a single platform.

Abstract: A Cross-Platform Single Sign On (CP-SSO) experience is provided herein to enable users to access multiple services via a single login when working across different platforms. A user may work across different platform when using multiple devices, when using multiple browsers on a single device, or when an integrated application requires a separate login for access within a host web application or portal service. A proxy token service manages login requests and authentication tokens after a given service has been logged into once by a user, so that the user does not need to provide login credentials on subsequent requests for the given service. By enabling a CP-SSO experience, network efficiency is improved, and the user experience is also improved as users do not need to supply authentication credentials as frequently and may freely choose to use multiple platforms instead of limiting usage to a single platform.

Abstract: Described herein are various aspects pertaining to generating web tickets for use with authenticating computing devices to a computing system. Symmetric keys are used when generating the web tickets, wherein a symmetric key is valid for use when generating web tickets for a first period of time, and a web ticket generated based upon the symmetric key is valid for use when authenticating a computing device for a second period of time that is longer than the first period of time. Thus, the symmetric key is used for authenticating computing devices after it has ceased being used to generate web tickets.

Abstract: Described herein are various aspects pertaining to generating web tickets for use with authenticating computing devices to a computing system. Symmetric keys are used when generating the web tickets, wherein a symmetric key is valid for use when generating web tickets for a first period of time, and a web ticket generated based upon the symmetric key is valid for use when authenticating a computing device for a second period of time that is longer than the first period of time. Thus, the symmetric key is used for authenticating computing devices after it has ceased being used to generate web tickets.

Abstract: Described herein are various aspects pertaining to a web ticket that is used in connection with authenticating a user. The web ticket is generated through use of a symmetric key, and is less than two hundred bytes in size. A ticket issuer executing on a first computing device generates the web ticket responsive to receiving authentication data from a client computing device, and transmits the web ticket to such client computing device. The client computing device includes the web ticket in requests for data transmitted to a second server computing device that is in communication with the ticket issuer. The second server computing device includes a validator that validates the web ticket using the symmetric key, which is shared between the first server and the second server.

Abstract: A Cross-Platform Single Sign On (CP-SSO) experience is provided herein to enable users to access multiple services via a single login when working across different platforms. A user may work across different platform when using multiple devices, when using multiple browsers on a single device, or when an integrated application requires a separate login for access within a host web application or portal service. A proxy token service manages login requests and authentication tokens after a given service has been logged into once by a user, so that the user does not need to provide login credentials on subsequent requests for the given service. By enabling a CP-SSO experience, network efficiency is improved, and the user experience is also improved as users do not need to supply authentication credentials as frequently and may freely choose to use multiple platforms instead of limiting usage to a single platform.

Abstract: A centralized service communicatively links an application provider to a plurality of different message forwarding services. The centralized service receives a request and authenticates the application provider associated with the request. Further, the centralized service delivers a message embodied by the request to a first message forwarding service with a first protocol and/or to a second message forwarding service with a second protocol different than the first protocol.

Abstract: Scaling up and scaling out of a server architecture for large scale real-time applications is provided. A group of users may be provisioned by assigning them to a server pool and allotting them to a group. Grouped users help to reduce inter-server communication when they are serviced by the same server in the pool. High availability may be provided by choosing a primary server and one or more secondary servers from the pool to ensure that grouped users are serviced by the same server. Operations taken on the primary server are synchronously replicated to secondary servers so that when a primary server fails, a secondary server may be chosen as the primary for the group. Servers for multiple user groups may be load balanced to account for changes in either the number of users or the number of servers in a pool. Multiple pools may be paired for disaster recovery.

Abstract: Architecture for a communications system enabling a user to provision a telephone at a new location without network administrative pre-configuring. An input component (e.g., keypad) receives a numeric extension and PIN. The extension is a telephone extension of the user and the PIN can be administratively assigned. A location component provides location information of an enterprise communications server to the telephone based on the extension. The telephone uses the location information to send messages to the enterprise communications server. A registration component registers the telephone with the enterprise communications server based on the numeric extension. A telephony address is returned to the telephone. An authentication component authenticates the telephone based on the PIN. Upon authentication, the extension is assigned to the telephone, and telephone communications can be sent and received from that location.

Abstract: Scaling and highly available clustering for large scale real-time applications is provided. A ring may be formed which includes multiple nodes for providing a set of services in a system. When a network partition is detected which affects communications between each of the nodes in the ring, the formation of additional rings is prevented by shutting down nodes which include a minority of voting nodes in the ring while maintaining the availability of the nodes which include a majority of the voting nodes to continue providing the set of services in the system.

Abstract: Techniques to recursively discover services in a distributed environment may include receiving a request, including a unique client identifier, from a client device to access a home resource at a services site. The services site may identify which services site is mapped to the client domain of the unique client identifier in the request. If the services site that received the request is not the services site identified by the client domain, the services site that received the request may provide a redirect token that includes a link to the identified services site to the client device. Otherwise, the services site that received the request may provide one or more links to resources in a cluster within the services site. The links to resources may include a link to the requested home resource. Other embodiments are described and claimed.

Abstract: A communication system has a plurality of collections. Each collection comprises a security boundary within which private data is accessible. Each collection is associated with a director. The directors receive messages that specify domains. When a director for a given collection receives a message, the director identifies one of the collections as being a home collection for the domain specified by the message. If the specified domain's home collection is the given collection or another collection within a given privacy boundary, the director forwards the message to a server pool associated with the specified domain's home collection. Otherwise, if the specified domain's home collection is not within the given privacy boundary, the director forwards the message to the director of the specified domain's home collection.

Abstract: Described herein are various aspects pertaining to a web ticket that is used in connection with authenticating a user. The web ticket is generated through use of a symmetric key, and is less than two hundred bytes in size. A ticket issuer executing on a first computing device generates the web ticket responsive to receiving authentication data from a client computing device, and transmits the web ticket to such client computing device. The client computing device includes the web ticket in requests for data transmitted to a second server computing device that is in communication with the ticket issuer. The second server computing device includes a validator that validates the web ticket using the symmetric key, which is shared between the first server and the second server.

Abstract: Architecture for a scalable, pluggable multi-party, and distributed multimedia conferencing. A centralized policy and control conferencing component allows the seamless plug-in of different distributed media components (e.g., data, audio/video, messaging) to accommodate client participation in a conference session. The centralized conference control component includes the following: a conference notification service for accepting subscriptions to the conference state and notifying subscribers about changes to that state; a conference policy and roster control service for storing and manipulating conference policy and rosters; a security service for user authorization/authentication based on user identity information; a scheduling service for conference scheduling; an allocation service for allocating the most available media component(s) for a conference session; and, an MCU management service for conference policy and roster management of the distributed media components.

Abstract: Online and on-premise applications identify trusted authentication providers. The applications are configured with a list of trusted issuers of authentication credentials. When an application receives a request requiring authentication, the application returns a 401 response that includes the trusted issuer list. The requesting application compares the trusted issuer list from the 401 response to its own list of authentication providers. If there is a match between the two lists, then the requesting application creates a self-issued token for the authentication provider. The authentication provider uses the self-issued token to generate an authentication token for the requesting application. The requesting application may also directly create a token for a target partner application, without an authentication provider, if there is a direct trust between the two applications.

Abstract: A platform for manipulating data associated with defining, deploying, and administering distributed server systems utilizes a structured data model with a flexible replication mechanism, a set of schemas, and an object model to manipulate system topology, configuration (settings), and policies. A scoping mechanism for characteristics of the settings, policies, and resolution is provided in addition to the data model along with an authorization mechanism for single and multi-tenant environments.

Abstract: Scaling and highly available clustering for large scale real-time applications is provided. A ring may be formed which includes multiple nodes for providing a set of services in a system. When a network partition is detected which affects communications between each of the nodes in the ring, the formation of additional rings is prevented by shutting down nodes which include a minority of voting nodes in the ring while maintaining the availability of the nodes which include a majority of the voting nodes to continue providing the set of services in the system.

Abstract: Scaling up and scaling out of a server architecture for large scale real-time applications is provided. A group of users may be provisioned by assigning them to a server pool and allotting them to a group. Grouped users help to reduce inter-server communication when they are serviced by the same server in the pool. High availability may be provided by choosing a primary server and one or more secondary servers from the pool to ensure that grouped users are serviced by the same server. Operations taken on the primary server are synchronously replicated to secondary servers so that when a primary server fails, a secondary server may be chosen as the primary for the group. Servers for multiple user groups may be load balanced to account for changes in either the number of users or the number of servers in a pool. Multiple pools may be paired for disaster recovery.

Abstract: Techniques to recursively discover services in a distributed environment may include receiving a request, including a unique client identifier, from a client device to access a home resource at a services site. The services site may identify which services site is mapped to the client domain of the unique client identifier in the request. If the services site that received the request is not the services site identified by the client domain, the services site that received the request may provide a redirect token that includes a link to the identified services site to the client device. Otherwise, the services site that received the request may provide one or more links to resources in a cluster within the services site. The links to resources may include a link to the requested home resource. Other embodiments are described and claimed.