Abstract: Single sign-on techniques via an application or browser are described. In one or more implementations, a single instance of entry of authentication information is received that is entered via interaction with an application or browser of a computing device. Responsive to this receipt, the single instance of the entry of authentication information is used by the computing device automatically and without user intervention to cause authentication to obtain access to one or more network services that are accessible via a network by the application and the browser.

Abstract: Embodiments are directed to providing a certificate extension to an authentication certificate, to validating an authentication certificate request and to implementing authentication certificates that include certificate extensions. In an embodiment, a computer system accesses an authentication certificate request that is to be sent to a validation server for validation and to a certificate authority for issuance of an authentication certificate. The computer system appends an extension to the authentication certificate request. The extension includes origination information about the authentication certificate. The computer system then sends the authentication certificate request with the appended extension to the validation server for validation.

Abstract: Single sign-on techniques via an application or browser are described. In one or more implementations, a single instance of entry of authentication information is received that is entered via interaction with an application or browser of a computing device. Responsive to this receipt, the single instance of the entry of authentication information is used by the computing device automatically and without user intervention to cause authentication to obtain access to one or more network services that are accessible via a network by the application and the browser.

Abstract: Techniques for resource access authorization are described. In one or more implementations, an application identifier is used to control access to user resources by an application. A determination is made whether to allow the application to access the user resources by comparing an application identifier received from an authorization service with a system application identifier for the application obtained from a computing device on which the application is executing.

Abstract: Techniques for resource access authorization are described. In one or more implementations, an application identifier is used to control access to user resources by an application. A determination is made whether to allow the application to access the user resources by comparing an application identifier received from an authorization service with a system application identifier for the application obtained from a computing device on which the application is executing.

Abstract: In accordance with one or more aspects, a storage structure including both an encrypted credential and an encrypted password is obtained. A key can be obtained from a key distribution service and the encrypted password decrypted, based on the key, to obtain a password. The encrypted credential is decrypted, based on the password to obtain the credential. Both devices able to obtain the key from the key distribution service, and devices otherwise able to obtain the password, are able to obtain the credential by decrypting the encrypted credential.

Abstract: Embodiments are directed to providing a certificate extension to an authentication certificate, to validating an authentication certificate request and to implementing authentication certificates that include certificate extensions. In an embodiment, a computer system accesses an authentication certificate request that is to be sent to a validation server for validation and to a certificate authority for issuance of an authentication certificate. The computer system appends an extension to the authentication certificate request. The extension includes origination information about the authentication certificate. The computer system then sends the authentication certificate request with the appended extension to the validation server for validation.