Abstract: The invention relates to methods and systems for reconnecting a client and providing user authentication across a reliable and persistent communication session. The method includes providing a first connection between a client and first protocol service and a second connection between the first protocol service and a host service. The first protocol service detects a disruption in the first connection. The client re-establishes the first connection between the client and the first protocol service while maintaining the second connection between the first protocol service and the host service. The first protocol service receives a ticket associated with the client and validates the ticket. The first protocol service links the re-established first connection to the maintained second connection after the ticket is validated.

Abstract: A mechanism for running interactive applications with a minimal set of privileges is disclosed. The privileges form a subset of the privileges afforded to the user requesting the application and are allocated consistent with the principle of least privilege. The application runs with the minimal amount of permissions necessary to accomplish its assigned tasks. A new user account is created and provisioned or identified for each application to which a user requests access. The accounts have a subset or superset of the access rights and operating system privileges that the user who is logged on to the system and requesting access to the application ordinarily enjoys. The subset/superset of the user's privileges is determined by a policy-based decision system.

Abstract: The invention enables the publishing of a graphical user interface application on the web in a manner so that they can be discovered by manual or automatic searches. The invention includes the step of receiving a service access point (SAP) from a web service directory. The SAP is associated with a first application and identifies a web server. The invention also includes the step of retrieving address information associated with the first application from the web server identified by the SAP and launching a second application. The second application establishes a communication channel with an application server identified by the retrieved address information. The application server subsequently executes the first application and returns information to the second application.

Abstract: The invention relates to methods and systems for reconnecting a client and providing user authentication across a reliable and persistent communication session. A first protocol that encapsulates a plurality of secondary protocols is used to communicate over a network. A first protocol service, using the first protocol, provides session persistence and a reliable connection between a client and a host service. When there is a disruption in the network connection between a client and a host service when a client roams between networks, the connection is reestablished and the client's network connection is maintained thru a change in a network identifier assigned to the client.

Abstract: The invention relates to systems and methods for reestablishing client communications by securely traversing network components using an encapsulating communication protocol to provide session persistence and reliability. A first protocol that encapsulates a plurality of secondary protocols is used to communicate over a network to provide session persistence and a reliable connection between a client and a host service via a first protocol service. A ticket authority generates a first ticket and a second ticket associated with the client. The first ticket is provided to the client and the client uses the first ticket to establish a communication session with the first protocol service. The second ticket is provided to the first protocol service and the first protocol service uses the second ticket to establish a communication session with the host service.

Abstract: The invention relates to methods and systems for reconnecting a client and providing user authentication across a reliable and persistent communication session. The method includes providing a first connection between a client and first protocol service and a second connection between the first protocol service and a host service. The first protocol service detects a disruption in the first connection. The client re-establishes the first connection between the client and the first protocol service while maintaining the second connection between the first protocol service and the host service. The first protocol service receives a ticket associated with the client and validates the ticket. The first protocol service links the re-established first connection to the maintained second connection after the ticket is validated.

Abstract: A method and apparatus for authenticating a client to a content server. A ticket authority generates a ticket associated with the client. The ticket comprises a first ticket and a second ticket. The ticket authority transmits the first ticket to the client and the client uses the first ticket to establish a communication session with an content server proxy. The ticket authority then transmits a second ticket to the content server proxy and the content server proxy uses the second ticket to establish a communication session with the content server.

Abstract: A mechanism for running interactive applications with a minimal set of privileges is disclosed. The privileges form a subset of the privileges afforded to the user requesting the application and are allocated consistent with the principle of least privilege. The application runs with the minimal amount of permissions necessary to accomplish its assigned tasks. A new user account is created and provisioned or identified for each application to which a user requests access. The accounts have a subset or superset of the access rights and operating system privileges that the user who is logged on to the system and requesting access to the application ordinarily enjoys. The subset/superset of the user's privileges is determined by a policy-based decision system.

Abstract: A mechanism for running interactive applications with a minimal set of privileges is disclosed. The privileges form a subset of the privileges afforded to the user requesting the application and are allocated consistent with the principle of least privilege. The application runs with the minimal amount of permissions necessary to accomplish its assigned tasks. A new user account is created and provisioned or identified for each application to which a user requests access. The accounts have a subset or superset of the access rights and operating system privileges that the user who is logged on to the system and requesting access to the application ordinarily enjoys. The subset/superset of the user's privileges is determined by a policy-based decision system.

Abstract: The invention relates to methods and systems for reconnecting a client and providing user authentication across a reliable and persistent communication session. A first protocol that encapsulates a plurality of secondary protocols is used to communicate over a network. A first protocol service, using the first protocol, provides session persistence and a reliable connection between a client and a host service. When there is a disruption in the network connection between a client and a host service, the connection is reestablished and the user's session with the host service is maintained through the connection being reestablished.

Abstract: The invention relates to methods and systems for reconnecting a client and providing user authentication across a reliable and persistent communication session. A first protocol that encapsulates a plurality of secondary protocols is used to communicate over a network. A first protocol service, using the first protocol, provides session persistence and a reliable connection between a client and a server. An operation may be executed or transacted between the client and the server. When there is a disruption in the network connection between the client and the server that interrupts the operation, the connection is automatically reestablished and the operation is continued.

Abstract: A mechanism for running interactive applications with a minimal set of privileges is disclosed. The privileges form a subset of the privileges afforded to the user requesting the application and are allocated consistent with the principle of least privilege. The application runs with the minimal amount of permissions necessary to accomplish its assigned tasks. A new user account is created and provisioned or identified for each application to which a user requests access. The accounts have a subset or superset of the access rights and operating system privileges that the user who is logged on to the system and requesting access to the application ordinarily enjoys. The subset/superset of the user's privileges is determined by a policy-based decision system.

Abstract: The present invention features a system and method for establishing a secure communication channel between a client and an application server. In one embodiment, a ticket service generates a ticket having an identifier and a session key. A communications device obtains the ticket from the ticket service and transmits the ticket to a client over a secure communication channel. The client transmits the identifier of the ticket to an application server over an application communication channel. The application server then obtains a copy of the session key of the ticket from the ticket service. Communications exchanged between the client and the application server over the application communication channel are then encrypted using the session key to establish the application communication channel as a secure communication channel.

Abstract: The invention relates to methods and systems for reconnecting a client and providing user authentication across a reliable and persistent communication session. A first protocol that encapsulates a plurality of secondary protocols is used to communicate over a network. A first protocol service, using the first protocol, provides session persistence and a reliable connection between a client and a server. An operation may be executed or transacted between the client and the server. When there is a disruption in the network connection between the client and the server that interrupts the operation, the connection is automatically reestablished and the operation is continued.

Abstract: The invention relates to methods and systems for reconnecting a client and providing user authentication across a reliable and persistent communication session. A first protocol that encapsulates a plurality of secondary protocols is used to communicate over a network. A first protocol service, using the first protocol, provides session persistence and a reliable connection between a client and a host service. When there is a disruption in the network connection between a client and a host service when a client roams between networks, the connection is reestablished and the client's network connection is maintained thru a change in a network identifier assigned to the client.

Abstract: The invention relates to methods and systems for reconnecting a client and providing user authentication across a reliable and persistent communication session. A first protocol that encapsulates a plurality of secondary protocols is used to communicate over a network. A first protocol service, using the first protocol, provides session persistence and a reliable connection between a client and a host service. When there is a disruption in the network connection between a client and a host service, the connection is reestablished and the user's session with the host service is maintained through the connection being reestablished.

Abstract: The invention relates to methods and systems for reconnecting a client and providing user authentication across a reliable and persistent communication session. A first protocol that encapsulates a plurality of secondary protocols is used to communicate over a network. A first protocol service, using the first protocol, provides session persistence and a reliable connection between a client and a host service.

Abstract: The invention relates to systems and methods for reestablishing client communications by securely traversing network components using an encapsulating communication protocol to provide session persistence and reliability. A first protocol that encapsulates a plurality of secondary protocols is used to communicate over a network to provide session persistence and a reliable connection between a client and a host service via a first protocol service. A ticket authority generates a first ticket and a second ticket associated with the client. The first ticket is provided to the client and the client uses the first ticket to establish a communication session with the first protocol service. The second ticket is provided to the first protocol service and the first protocol service uses the second ticket to establish a communication session with the host service.

Abstract: The present invention features a system and method for establishing a secure communication channel between a client and an application server. In one embodiment, a ticket service generates a ticket having an identifier and a session key. A communications device obtains the ticket from the ticket service and transmits the ticket to a client over a secure communication channel. The client transmits the identifier of the ticket to an application server over an application communication channel. The application server then obtains a copy of the session key of the ticket from the ticket service. Communications exchanged between the client and the application server over the application communication channel are then encrypted using the session key to establish the application communication channel as a secure communication channel.

Abstract: The invention enables the publishing of a graphical user interface application on the web in a manner so that they can be discovered by manual or automatic searches. The invention includes the step of receiving a service access point (SAP) from a web service directory. The SAP is associated with a first application and identifies a web server. The invention also includes the step of retrieving address information associated with the first application from the web server identified by the SAP and launching a second application. The second application establishes a communication channel with an application server identified by the retrieved address information. The application server subsequently executes the first application and returns information to the second application.