Abstract: A pluggable cloud security system includes a plurality of nodes. Each node has a memory and a processor. At least one memory is configured to store rules indicating criteria for allowing communication between user applications and a hosted application executed by a cloud infrastructure. At least one processor is configured to receive data to be communicated to the cloud application, determine a source of the received data as a first user application, determine a channel used to transmit the received data, and determine, using the rules, whether the source and the channel satisfy criteria for allowing communication between the first user application and the hosted application. If it is determined that the source satisfies the first criteria, transmission of the data is allowed. Otherwise, transmission of the data is prevented.

Abstract: A wireless testing system is provided that tests Wi-Fi signal strength of devices of a local network to determine distribution of network devices within the local network. In particular, one or more Wi-Fi-based devices may be located within or near a premises in which a wireless network is present. The devices are configured to automatically connect to a particular test broadcast signal from a modem and provide signal strength data. An application may log into or otherwise access the information obtained by the modem concerning the Wi-Fi signal strength of the wireless devices. The application may analyze the Wi-Fi signal strength information and may execute a recommendation engine to provide one or more recommendations/directions for installing components of the wireless network, such as wireless devices, modems, etc. to improve the coverage of the wireless network and provide a more robust wireless experience for devices within the wireless network.

Abstract: A device, method or executable instructions that include receiving, over a network, an authentication request from a user device for performing a function utilizing a first authentication method, obtaining network intelligence data for a mobile network over the network, and identifying a risk for each of multiple authentication methods in response to analyzing device security behavior and the network intelligence data. Further embodiments include identifying a first risk for the first authentication method and identifying a second risk for the function, determining the first risk is higher than the second risk, and identifying a second authentication method that is associated with the second risk. Additional embodiments include notifying the user device of the second risk for the function, and providing a recommendation to the user device to utilize the second authentication method to perform the function. Other embodiments are disclosed.

Abstract: Embodiments are disclosed for a method for a wearable secure data device. The method includes setting an operational mode for the wearable secure data device that stores a plurality of secure data items. The method also includes receiving a request for at least one of the secure data items from a client device that is communicating with a third-party device. Additionally, the method includes determining if the operational mode is associated with allowing access to the secure data items. Further, the method includes providing a response based on the determination.

Abstract: A tracking device can use a permanent encryption key pair to encrypt a temporary private key that corresponds to a set of diversified temporary public keys. When a community mobile device subsequently detects the tracking device, the central tracking system provides a diversified temporary public key to the community mobile device. The community mobile device uses the diversified temporary public key to encrypt location data representative of a location of the community mobile device, and provides the encrypted location data to the central tracking system. When a user subsequently requests a location of the tracking device from the central tracking system, the central tracking system provides the encrypted temporary private key and the encrypted location data to a device of the user, and the device can decrypt the encrypted temporary private key using the permanent encryption key pair, and decrypt the encrypted location data using the decrypted temporary private key.

Abstract: A system includes at least one processor and at least one memory including instructions that, when executed by the at least one processor, cause the at least one processor to perform operations. The operations include providing a secure link to an auditable, machine-readable dataset to a client device of a user, the auditable, machine-readable dataset comprising data. At least one policy constraint is provided to at least a portion of the data in the dataset. In response to detecting activation of the secure link at the client device, one or both of the user and the client device is authenticated based on the policy constraint. Streaming access is provided to the auditable, machine-readable dataset in real-time.

Abstract: Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with providing adaptive authentication for federated environment includes receiving a request to access an application from a client. Next, one of a plurality of web application servers in which the requested application is executing is identified and data associated with the requesting client is obtained. An authentication request comprising an index based on the identified web application server and the obtained client data is generated. The requesting client using the generated authentication request including the index is authenticated.

Abstract: A device and method for provided access to distributed data sources includes a cloud security server configured to associate any number of data sources and client devices with a cloud security server account. The cloud security server assigns trust levels to the data sources and the client devices. A client device requests data from the cloud security server. The cloud security server authenticates the client device and verifies the trust levels of the client device and the requested data. If verified, the cloud security server brokers a connection between the client device and the data source, and the client device accesses the requested data. Data sources may include cloud service providers and local storage devices. The cloud security server may assign a trust level to a client device for a limited time or revoke a trust level assigned to a client device. Other embodiments are described and claimed.

Abstract: A system and method for determining consent user interface validity for a provided consent user interface of a web form presenting consent information, comprising: accessing a consent user interface presented on a web form; determining one or more configuration attributes of the consent user interface; accessing one or more privacy regulations associated with presenting consent information; comparing the one or more configuration attributes of the consent user interface to each of the one or more privacy regulations; determining whether the consent user interface is compliant with each of the one or more privacy regulations; and in response to determining that the consent user interface is not compliant with one or more privacy regulations, flagging the consent user interface.

Abstract: Typically, clients request a service from a computer hosting multiple services by specifying a destination port number associated with the desired service. In embodiments, the functionality of such a host computer is enhanced by having it condition client access to services available at a particular port number based on client authentication and/or authorization. A host computer can change the service(s) available at a given port number on a client by client basis, enabling access to service(s) for trusted clients unavailable to untrusted clients. Preferably, client trust is based on client authentication via a certificate and a valid, signed transport layer security (TLS) handshake (or similar mechanism in other protocol contexts). In some embodiments, an authorization step can be added following authentication. The systems and methods disclosed herein find wide uses in bundling services on ports, as well as protecting access to services from untrusted and/or malicious clients, among others.

Abstract: Systems and methods mediate permissions for applications on user devices using predictive models. Data communications are monitored on a user device for permission requests and responses. A predictive model is trained with these permission requests and responses until a threshold is met. Then, a default permission response is provided on behalf of the user device in response to a permission request.

Abstract: There is provided mechanisms for initial network authentication between a communications device and a network. A method is performed by the communications device. The communications device comprises an identity module supporting remote subscription profile download. The identity module comprises credentials for remote subscription profile download. The method comprises performing a first message exchange with an authentication server. The first message exchange comprises an identity module challenge obtained from the identity module being transmitted to the authentication server from the communications device. The method comprises receiving a second message from the authentication server. The second message comprises an ephemeral public key of the authentication server, an authentication server challenge and an authentication server signature.

Abstract: In one general aspect, a method can include displaying, on a display device included in a computing device, content in an application executing on the computing device. The method can further include displaying, in a user interface on the display device, at least one identifier, receiving a selection of the at least one identifier, and initiating casting in response to receiving the selection of the at least one identifier.

Abstract: Session resumption for cryptographic communications is provided. Session data and encrypted early data are received from a client. A key is derived using the session data and a one-time pad. The early data is decrypted using the derived key.

Abstract: Methods, systems, apparatuses, and non-transitory computer-readable media are provided for tying virtual whiteboards to physical spaces. In one implementation, the computer-readable medium includes instructions to cause a processor to receive wirelessly, an indication of a location of a first wearable extended reality appliance; perform a lookup to determine that the location of the first wearable extended reality appliance corresponds to a location of a particular virtual whiteboard; transmit to the first wearable extended reality appliance, data corresponding to content of the particular virtual whiteboard; receive, during a first time period, virtual content added by a first user; receive wirelessly at a second time period an indication that a second wearable extended reality appliance is in the location of the particular virtual whiteboard; and transmit to the second wearable extended reality appliance, data corresponding to the content and the added content of the particular virtual whiteboard.

Abstract: Dynamically tailored trust for secure application-server networking and advanced enterprise security is provided. A system can individually assess the security posture of each application connecting to the Internet from each client device in an enterprise. For each application, the system tailors a security mode of the Internet connection based on the security posture of the application. Assessment of the security posture of an application is a comprehensive inventory of the security of the application, the security of the device hosting the application, the rights and security of the user, security attributes of the intended service or website being accessed, the security of the communication channel, and so forth. A network-based controller communicates with an agent running within a secure boot mode of each client device to select a security mode for application-service connection, including lean-trust direct access to the Internet, secure VPN-like access, or no access to the Internet.

Abstract: Techniques for recommending microservices to perform the different functions of a legacy architecture are disclosed. In one example, a computer implemented method comprises receiving a plurality of recommendations comprising a plurality of program components as candidates for assignment to a plurality of microservices, and determining roles of respective ones of the plurality of program components. A user interface is provided which is configured to allow a user to modify one or more of the plurality of recommendations based at least in part on the roles. Modifications to the one or more of the plurality of recommendations are analyzed, and one or more metrics are computed based at least in part on the analysis.

Abstract: Techniques described herein are directed to proxies configured to handle identity and access management for a web application. For instance, a second proxy receives requests to the application from a browser. The second proxy redirects the browser to an identity endpoint, which prompts the user to enter authentication credentials for the application. Upon successful authentication, the endpoint provides an access token for accessing web APIs to the second proxy. The second proxy provides the token to a first proxy, which stores the token. The first proxy receives anonymous API calls from the web application to the web APIs. When receiving an anonymous API call, the first proxy obtains the token and inserts it into an outgoing request to the API. Responsive to the API returning a message indicating that the token is invalid, the first proxy communicates with the second proxy to obtain a new token from the endpoint.

Abstract: The present disclosure relates to managing services by a managed service provider (MSP) in a cloud based infrastructure. A control plane of the MSP is established in a first tenancy, and a first access plane of the MSP is established in a second tenancy of a cloud environment. The control plane is configured to manage a plurality of services offered by the MSP to a first host machine included in the second tenancy. A first request is transmitted from the control plane to the first access plane, where the first request is forwarded by the first access plane to the first host machine, and corresponds to a service utilized by the first host machine and managed by the control plane of the MSP. In response to the first request being validated, a first state of the first host machine is modified in the second tenancy based on the first request.

Abstract: The invention relates to implementing rules based authentication for credit card transactions. The system and method may involve: receiving a transaction request associated with a card product from a user at a point of sale system; determining an authorization mode for the transaction request based on one or more transaction attributes; executing an authentication rule for the transaction request; transmitting an authentication request via the authorization mode based on the authentication rule; requiring an authorization input from the user responsive to the authentication request; and upon receiving a proper authentication input, verifying the user and proceeding with the transaction request.

Abstract: Systems and methods to create a customized watch face and retrieve the watch face to be displayed are disclosed. Exemplary implementations may effectuate presentation of a selection interface; receive a mint request to mint the watch face in accordance with a watch face design; effectuate a transfer of consideration from a user wallet to an administrative wallet; mint the watch face; transfer a non-fungible token to the user wallet; receive a display request to display the watch face on a watch screen; determine whether the user wallet holds a non-fungible token associated with the watch face; responsive to the user wallet holding the non-fungible token, facilitate display of the watch face on the watch screen; responsive to the user wallet not holding the non-fungible token, take no action to facilitate display of the watch face on the watch screen; and/or perform other operations.

Abstract: Systems, methods, and storage media for analyzing authentication and authorization requirements in an identity infrastructure are disclosed. Exemplary implementations may: intercept, at a server, a first request to access an application in the identity infrastructure; transmit, from the server, one or more of the first request and a modified version of the first request to the application; intercept, at the server, a response from the application, based at least in part on the transmission; and display, via at least one interface, an analysis of one or more of the first request, the modified version of the first request, and the response, wherein the analysis comprising determining requirements for application authentication and authorization requirements, identity protocol(s) and/or techniques utilized by the application, whether user-defined security requirements have been implemented, and/or whether application meets predetermined compliance standards.

Abstract: The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. A method performed by a terminal in a wireless communication system is provided.

Abstract: A mobile control unit adapted to move to a plurality of premises, the mobile control unit having a central monitoring system in communication with a facility system of each of the plurality of premises, such that the mobile control unit is adapted to move to one of the plurality of premises when alerted by the facility system of the one of the plurality of premises. A facility management system adapted to manage at least one of the plurality of premises, the facility management system having the mobile control unit and a facility system adapted to monitor each of the plurality of premises. A method of monitoring the plurality of premises using the mobile control unit. A facility management system having a plurality of mobile control units and a main control unit adapted to monitor the location of the plurality of mobile control units.

Abstract: A method of contact-less access control to a device available for rental, access and use in an environment, by scanning multi-level machine-readable codes displayed in the environment using web-enabled mobile phones wirelessly connected to a wireless access control network. To practice a facility-level, site-level access and/or device-level access control method, a web-enabled mobile phone is used to scan facility-level, site-level and/or device-level machine-readable codes in the environment, and in response, rental transaction identifiers are stored within the cache on the web-enabled mobile phone scanning the machine-readable code. Each rental transaction identifier identifies the web-enabled mobile phone that is linked to a specific device rental transaction. After renting the selected device at either a facility-level, site-level or device-level location in the environment, the web-enabled mobile phone is used to scan the device-level machine-readable code on the rented device.

Abstract: Verifying caller identification information is described. A query to verify a first communications connection associated with an observed caller ID is received. Using a second communications channel, a message to a device associated with the observed caller ID is transmitted. A response to the message is received. The message is evaluated to perform a security determination. The security determination is provided as output.

Abstract: Various embodiments are generally directed to provide a semi-local authentication scheme. A server can transmit one or more encryption mechanisms to a user device, which in turn can transmit the encrypted mechanisms to one or more secondary devices associated with the user device, where the user device and the secondary devices share a local connection. The secondary devices can transmit the one or more encrypted mechanism utilizing one or more one or more decryption mechanisms supplied by the server, and then transmit the result of the decryption, e.g. decrypted codes, back to the user device, which in turn can then transmit a final decrypted code or codes to the server. Upon confirming receipt of the decryption from the user device, the server can authorize access (via the user device) to one or more devices, networks, applications, and/or components.

Abstract: A management system detects a change at the target device. The management system transmits a request message to authorization devices of the authorization users of the multi-user authorization pool to from the authorization users an indication of whether the detected change is approved. The management system receives a plurality of response messages from authorization devices of the multi-user authorization pool indicating whether the detected change is approved by the corresponding authorization user, and based on at least three of the plurality of response messages indicating a disapproval, that the detected change is disapproved. In response to the determination that the change is disapproved, an instruction message is sent to a target managed device to instruct the target managed device to rollback to an earlier state.

Abstract: Systems and methods for tokenless authorization are provided. Obtaining an electronic representation of an initial biometric sampling of a registrant. Applying the initial electronic representation to a template data construct producing a unique digital identifier (UDI). Obtaining account information constructs corresponding to an account by the registrant with a third party. Generating a unique secure identification number (SIN) using the UDI and the account information constructs. Storing a unique link from the UDI to the account information constructs. Receiving a request for service and an electronic representation of a second biometric sampling. Forming the UDI by applying the second electronic representation to the template data construct. Verifying the UDI corresponds to the stored UDI to reconstruct the unique SIN from the UDI and using this unique SIN to retrieve the account information constructs using the indexed data structure. Transmitting the request and the unique SIN to the third party.

Abstract: Systems and techniques for centralized threat intelligence are described herein. A connection may be established to a plurality of threat data sources. An anonymized set of threat data may be obtained by application of a set of privacy rules to the threat data from the plurality of threat data. A threat database may be populated with the anonymized set of threat data. A registration request may be received for a user of a device. A unique user identifier may be assigned for the user and a unique device identifier may be assigned for the device. A threat model may be generated based on a set of the characteristics from the threat database. A set of data access attributes may be received for a data access request. The data access request may be blocked based on an evaluation of the data access attributes using the threat model.

Abstract: A scheduling method and apparatus, a device and a storage medium, which relate to fields of big data, cloud computation, artificial intelligence, intelligent authentication and intelligent scheduling. A specific implementation includes: acquiring an authentication request that indicates to-be-authenticated information; determining an authentication strategy group required by an authentication processing procedure of the to-be-authenticated information, wherein the authentication strategy group is determined based on an authentication dependency relationship between authentication strategies and comprises at least two authentication strategies; and calling the authentication strategies in the authentication strategy group in parallel, and performing authentication processing on the to-be-authenticated information in parallel, to obtain an authentication processing result corresponding to the authentication strategy group.

Abstract: Methods and systems for a document-level attribute-based access control service are provided. The document-level attribute-based access control service may be positioned between a directory service and a search engine service. The directory service can manage information and permissions for users. The document-level attribute-based access control service can map security attributes to the user based on the information and permissions. Based on the mapping, it can be determined whether to permit the user making a query to the search engine service to access documents based on the query. Information and permissions attributes can be injected into queries dynamically via a template. Attributes may be combined with role query templates to create document-level attribute-based access control on top of role-based access control. The present technology can enable enforcement of security policies requiring all of a combination of attributes to be satisfied before permitting certain access.

Abstract: A service request is received at a first service communication proxy element, wherein the service request is received from a service consumer and is a request to access at least one service of a service producer. The first service communication proxy element determines at least one target service producer based on the service request. The first service communication proxy element sends an access token request to an authorization entity, wherein the access token request is generated based on the determining step. The first service communication proxy element receives an access token response from the authorization entity, wherein the access token response comprises an access token. The first service communication proxy element may then send a service request with the access token to a second service communication proxy element, wherein the second service communication proxy element is associated with the target service producer. The method may apply to roaming and non-roaming scenarios.

Abstract: Embodiments are directed monitoring network traffic using network monitoring computers. Activity associated with a document in a network may be determined based on the network traffic. A profile may be generated based on a summarization of the activity associated with the document such that the profile may be stored in a data store that stores other profiles. Similar profiles may be determined based on a classification of each profile in the data store based on similarities between the profile and the other profiles in the data store. In response to determining similar profiles, locations in the network associated with documents that correspond to the similar profiles may be determined. Locations may be classified based on the activity, the similar profiles and access policies. In response to portions of the locations being classified as inconsistent with the access policies may be reported.

Abstract: An example operation may include one or more of receiving storage requests endorsed by blockchain peers of a blockchain, selecting a group of the endorsed storage requests to be stored together and ordering the group of endorsed storage requests with respect to each other based on timestamps, encoding the group of ordered and endorsed storage requests into an image, and storing the encoded image within a data section of a block of the blockchain.

Abstract: The embodiments described herein relate generally to securely establishing an account and authentication metrics associated with a communication platform. An account associated with a communication platform may allow a user associated with the account to send and receive communications via the communication platform.

Abstract: A system and method for mitigating security vulnerabilities of a computer network by detecting a management status of an endpoint computing device attempting to authenticate to one or more computing resources accessible via the computer network includes: detecting an authentication attempt by the endpoint computing device to the computer network; during the authentication attempt, collecting management status indicia from the endpoint computing device, wherein the management status indicia comprise data used to determine a management status of the endpoint computing device; using the management status indicia to identify the management status of the endpoint computing device and identifying the management status of the endpoint computing device; and controlling access to the computer network based on (a) whether the authentication attempt by the endpoint computing device is successful and (b) the identified management status of the endpoint computing device.

Abstract: Methods and systems are disclosed herein for a media guidance application that allows access restrictions to be modified in a flexible manner based on a deviation in a user's projected location. Specifically, the media guidance application determines at an end of a first time period whether a user is in a projected location for a second time period. If the user is in a projected location for the second time period, the media guidance application sets a second level of media access restriction. However, if the media guidance application determines that the user is not in the projected location for the second time period, the media guidance application maintains the first level of media access restriction.

Abstract: A data analytics system is disclosed that can include a data repository configured to store data for multiple clients, a metadata repository separate from the data store, an access control system, and a policy store. The data analytics system can automatically generate metadata for data in the data repository using a metadata engine, the metadata including technical metadata and usage metadata, and store the metadata in the metadata repository. The data analytics system can obtain a client policy governing access to the data. The data analytics system can receive a request to provide the data, the request including instructions to create a pipeline to provide the data. The data analytics system can authorize, by the access control system, the request using the policy and usage metadata; create the pipeline using the technical metadata; and provide the data using the pipeline.

Abstract: A simulated environment presentation device with a display configured to present a rendering of a simulated environment. A simulated environment subsystem is communicatively coupled to the simulated environment presentation device and is configured to provide instructions for rendering the simulated environment. A simulated environment monitoring device includes at least one processor communicatively coupled to the simulated environment subsystem. The simulated environment monitoring device monitors the rendering of the simulated environment over a period of time. Features associated with objects presented in the rendering of the simulated environment are determined over the period of time. An anomaly associated with a first object is detected based on a change in a determined first feature of the first object over the period of time.

Abstract: This document describes among other things, network security systems that incorporate a feedback loop so as to automatically and dynamically adjust the scope of network traffic that is subject to inspection. Risky traffic can be sent for inspection; risky traffic that is demonstrated to have high rate of threats can be outright blocked without further inspection; traffic that is causing errors due to protocol incompatibility or should not be inspected for regulatory or other reasons can be flagged so it bypasses the security inspection system. The system can operate on a domain by domain basis, IP address basis, or otherwise.

Abstract: Methods, apparatuses, or computer program products according to the present disclosure provide for service permissions scaling. In example embodiments, an apparatus receives a service request from an edge server. The apparatus may generate an authorization token based at least in part on a permissions data vector, where the authorization token is configured for access by one or more computing devices to determine whether to grant access by a first computing device associated with the requesting entity identifier to one or more resources associated with the one or more computing devices. The apparatus may then transmit the authorization token to the edge server. According to some embodiments, the authorization token may be configured for storing in an authorization token cache. In some embodiments, the authorization token may be retrieved from the authorization token cache.

Abstract: Various systems and methods for user-authorized onboarding of a device using a public authorization service are described herein. In an example, a 3-way authorization protocol is used to coordinate device onboarding among several Internet of Things (IoT) Fog users (e.g., devices in a common network topology or domain) with principles of least privilege. For instance, respective onboarding steps may be assigned for performance by different Fog ‘owners’ such as respective users and clients. Each owner may rely on a separate authorization protocol or user interaction to be notified of and to give approval for the specific onboarding actions(s) assigned. Further techniques for implementation and tracking such onboarding actions as part of an IoT network service are also disclosed.

Abstract: The variable domain data access control system and method described herein use the same variable domain to describe a data security model and a variable domain data model, such as a product configuration model. A variable domain is a set of resource data that can be described using a logical relationship data structure. The variable domain utilizes logical relationship expressions, such as a Boolean logic language, to define resource data in terms of parts, rules and/or attributes, and any other property that can be accessed for viewing, manipulation, or other purposes. The data security model represents an access control list (ACL) that includes security attributes as resource data and uses the same data structure and logical relationship expressions as an associated variable domain data model. An application, such as a configuration engine, can be used to create controlled access to the variable domain data model using the data security model.

Abstract: A method for controlling deployment of network configuration changes includes receiving, by centralized network management system executed by a processor and memory, configuration change instructions to alter a configuration of a network; computing, by the centralized network management system, a weighted impact of the configuration change instructions; determining, by the centralized network management system, whether the weighted impact of the configuration change instructions exceeds a threshold impact level; and in response to determining that the weighted impact does not exceed the threshold impact level, executing the configuration change instructions.

Abstract: Systems and methods of disarming malicious code in protected content in a computer system having a processor are provided. The method includes determining that a received input file intended for a recipient is protected, the recipient may be connected to a network; accessing a credential associated with the intended recipient for accessing the protected input file; accessing the content of the protected input file based on the credential; modifying at least a portion of digital values of the content of the input file configuring to disable any malicious code included in the input file, thereby creating a modified input file; and protecting the modified input file based on the credential associated with the intended recipient. The method also includes forwarding the protected modified input file to the intended recipient in the network.

Abstract: Methods and systems for a transportation vehicle are provided. One method includes generating a packet by an application executed by a processor of a first seat device of an in-flight entertainment system having a plurality of seat devices on an aircraft; dropping the packet by the seat device when the application is not authorized for Internet communication; dropping the packet by the seat device when the packet is one of a broadcast packet, multicast packet or destined to a second seat device of the in-flight entertainment system; determining that the seat device Internet traffic is below a threshold value; and transmitting the packet to a network device when the application is authorized, and the packet is not a broadcast packet, multicast packet or destined for a second seat device.

Abstract: Disclosed herein are embodiments of a cloud data synchronization system enabling an user operating a mobile client device to download mission-specific data sets from a fixed cloud-based server system to a database of the mobile client device, and then use the downloaded data sets independently on the mobile client device when the mobile client device is disconnected from a network connecting to the fixed cloud-based server system. When connectivity to the fixed cloud-based server system is re-established by the mobile client device in an intermittent and bandwidth-limited communication network environment, the fixed cloud-based server system may provide bi-directional data synchronization between records of the fixed cloud-based server system and the mobile client device to update the data sets on the fixed cloud-based server system and the mobile client device while operating in the intermittent and bandwidth-limited communication network environment.

Abstract: Disclosed are various embodiments for chaining of authorizations in an authorization framework. In one embodiment, a service receives an authorization request for access by a relying party service operated by a first entity to obtain information associated with a user account. The service determines that the authorization request requires a consent of a second entity. The service then obtains a first authorization token representing the consent of the second entity. The service generates a second authorization token based at least in part on the first authorization token. The service sends the second authorization token to the relying party service.

Abstract: Methods, systems, and media for providing media guidance with contextual controls are provided. In some embodiments, the method comprises: causing a user interface to be presented that includes media interface elements, wherein each of the media interface elements is a selectable object that represents at least one media content item; determining that a media interface element from the media interface elements has been selected; in response to determining that the media interface element has been selected, causing the at least one media content item corresponding to the selected media interface element to be presented in a portion of the user interface; and concurrently with causing the at least one media content item to be presented, causing a control interface to be presented that is associated with the selected media interface element.