Abstract: Keyword bids determined from sparse data are described. Initially, a portfolio optimization platform identifies which keywords included in a portfolio of keywords are low-impression keywords. This platform trains a machine learning model to generate bids for the low-impression keywords with historical data from a search engine. In particular, the platform trains this machine learning model according to an algorithm suited for training with sparse amounts of data, e.g., a temporal difference learning algorithm. In contrast, the platform uses different models, trained according to different algorithms than the low-impression keyword model, to generate bids for keywords determined not to be low-impression keywords. Once the low-impression keyword model is trained offline, the platform deploys the model for use online to generate actual bids for the low-impression keywords and submits them to the search engine.

Abstract: Techniques are described herein that are capable of dynamically failing over authentication traffic to a backup authentication system by a proxy system. An authentication request, which requests authentication of a principal, is received at the proxy system. The authentication request is directed to a primary authentication system. A determination is made, by the proxy system, that the primary authentication system is incapable of providing a valid response to the authentication request. The backup authentication system is caused, by the proxy system, to authenticate the principal using an authentication package received from the primary authentication system by dynamically routing the authentication request to the backup authentication system as a result of the primary authentication system being incapable of providing a valid response to the authentication request.

Abstract: Techniques are described herein that are capable of using an authentication package from a primary authentication system to authenticate a principal by a backup authentication system. The authentication package includes an authentication artifact, which is signed with a cryptographic key by the primary authentication system and which includes claim(s) that are usable to authenticate the principal, and further includes metadata. The metadata includes credential verification information that is usable to verify a credential of the principal and a first principal identifier that identifies the principal. A request to authenticate the principal is received at the backup authentication system. The request includes the credential and a second principal identifier that identifies the principal.

Abstract: A computing system configured to support entities having the ability to indicate capability information for capabilities of the entities is illustrated. Embodiments may include an identity provider computer system comprising at least one processor. The identity provider computer system is configured to receive requests for access tokens from entities. The requests include capability information for the entities. The identity provider computer system is further configured to provide access tokens to the entities which include the capability information. The computing system further includes a resource provider computer system comprising at least one processor configured to receive resource requests and access tokens from entities. The access tokens include the capability information. The resource providers are further configured to provide responses to the entities according to the capability information.

Abstract: Keyword bids determined from sparse data are described. Initially, a portfolio optimization platform identifies which keywords included in a portfolio of keywords are low-impression keywords. This platform trains a machine learning model to generate bids for the low-impression keywords with historical data from a search engine. In particular, the platform trains this machine learning model according to an algorithm suited for training with sparse amounts of data, e.g., a temporal difference learning algorithm. In contrast, the platform uses different models, trained according to different algorithms than the low-impression keyword model, to generate bids for keywords determined not to be low-impression keywords. Once the low-impression keyword model is trained offline, the platform deploys the model for use online to generate actual bids for the low-impression keywords and submits them to the search engine.

Abstract: Techniques are described herein that are capable of using an authentication package from a primary authentication system to authenticate a principal by a backup authentication system. The authentication package includes an authentication artifact, which is signed with a cryptographic key by the primary authentication system and which includes claim(s) that are usable to authenticate the principal, and further includes metadata. The metadata includes credential verification information that is usable to verify a credential of the principal and a first principal identifier that identifies the principal. A request to authenticate the principal is received at the backup authentication system. The request includes the credential and a second principal identifier that identifies the principal.

Abstract: A data analysis system (S) including a data analysis server (11), a data retention system (12) which retains data to be analyzed, and an analysis terminal (14). The data analysis server (11) sends to the data retention system (12), according to an analysis demand from the analysis terminal (14), an analysis request of the data based on a requirement to be satisfied by analysis of the data, and sends to the analysis terminal (14) an analysis result of the data based on the requirement received from the data retention system (12). The data retention system (12) analyzes the data based on the requirement according to the analysis request and sends an analysis result to the analysis terminal (14).

Abstract: Techniques are described herein that are capable of dynamically failing over authentication traffic to a backup authentication system by a proxy system. An authentication request, which requests authentication of a principal, is received at the proxy system. The authentication request is directed to a primary authentication system. A determination is made, by the proxy system, that the primary authentication system is incapable of providing a valid response to the authentication request. The backup authentication system is caused, by the proxy system, to authenticate the principal using an authentication package received from the primary authentication system by dynamically routing the authentication request to the backup authentication system as a result of the primary authentication system being incapable of providing a valid response to the authentication request.

Abstract: Techniques are described herein that are capable of dynamically routing an authentication request to a backup authentication system by a client device. For instance, the client device stores a list, which identifies authentication systems that are authorized to respond to authentication requests from the client device. The client device sends the authentication request toward a primary authentication system based at least in part on the authentication request identifying the primary authentication system as a recipient of the authentication request. The authentication request requests authentication of a principal by the primary authentication system.

Abstract: Keyword bids determined from sparse data are described. Initially, a portfolio optimization platform identifies which keywords included in a portfolio of keywords are low-impression keywords. This platform trains a machine learning model to generate bids for the low-impression keywords with historical data from a search engine. In particular, the platform trains this machine learning model according to an algorithm suited for training with sparse amounts of data, e.g., a temporal difference learning algorithm. In contrast, the platform uses different models, trained according to different algorithms than the low-impression keyword model, to generate bids for keywords determined not to be low-impression keywords. Once the low-impression keyword model is trained offline, the platform deploys the model for use online to generate actual bids for the low-impression keywords and submits them to the search engine.

Abstract: Usage-limited passcodes support authentication when onboarding new employees, when recovering access after an enrolled device is lost or temporarily unavailable, or when registering passwordless authentication methods for new devices during an out of the box setup, among other scenarios. Usage-limited passcodes are also referred to as “temporary access passes” or TAPs. TAP usage may be limited to a specific number of uses, particular kinds of uses, certain time periods, or a combination thereof. A TAP includes a code string and an implementation of corresponding tokens, rights, and other identity aspects within an enhanced access control infrastructure. TAP usage may supplement or replace other authentication, and in particular may replace authentication through a username and password combination, thereby enhancing both usability and security. Self-service identity confirmation may be used to obtain a TAP. Redirection to a federated domain identity provider may be avoided during TAP authentication.

Abstract: Authenticating computing entities. A method includes at an identity provider, providing a first access token to an entity for use by the entity in obtaining resources from a resource provider. The method further includes, at the identity provider, receiving response information from the entity. The response information from the entity is provided to the entity from the resource provider as a result of the resource provider enforcing policy at the resource provider. At the identity provider, a second access token is provided to the entity. The second access token is provided based on the response information, such that the second access token can be used by the entity to obtain the resources from the resource provider.

Abstract: Managing an authenticated user session. A method includes a resource provider computer system subscribing to a conditional access termination service for an entity configured to obtain resources from the resource provider computer system through a user session. The resource provider computer system receives an event, related to resource requests, for the entity from the conditional access termination service. The resource provider computer system receives a request for resources from the entity. The resource provider computer system evaluates the request with respect to the event. The resource provider computer system responds to the request based on evaluating the request with respect to the event.

Abstract: An embodiment disclosed herein is related to computing systems and method for a computing system to generate an access token that includes an IP address from a request. In the embodiment, a request is received for access to one secured data items. The request may include user credentials that specify that a user making the request is permitted to access the secured data items. The user credentials are validated and an Internet Protocol (IP) address that the request was sent from is determined. An access token is generated that includes the IP address that the request was sent from.

Abstract: Provided is an information recommendation system that includes a trust management framework that generates alternatives of information that has a history and is evaluated, based on a perspective about adoption criteria for evaluation of the information input to search the information, and criteria for ranking the information, being input to search the information.

Abstract: An embodiment disclosed herein is related to computing systems and method for a computing system to generate an access token that includes an IP address from a request. In the embodiment, a request is received for access to one secured data items. The request may include user credentials that specify that a user making the request is permitted to access the secured data items. The user credentials are validated and an Internet Protocol (IP) address that the request was sent from is determined. An access token is generated that includes the IP address that the request was sent from.

Abstract: Implementing policy at a resource provider computer system. The method includes a resource provider computer system receiving policy from an identity provider system, the policy being related to an entity that authenticates using the identity provider computer system. The resource provider computer system receives a request for resources from the entity and an access token from the entity. The access token was obtained by the entity from the identity provider computer system as a result of the entity authenticating with the identity provider computer system. The resource provider computer system evaluates the request with respect to the policy. The resource provider computer system responds to the request based on evaluating the request with respect to the policy.

Abstract: Authenticating computing entities. A method includes at an identity provider, providing a first access token to an entity for use by the entity in obtaining resources from a resource provider. The method further includes, at the identity provider, receiving response information from the entity. The response information from the entity is provided to the entity from the resource provider as a result of the resource provider enforcing policy at the resource provider. At the identity provider, a second access token is provided to the entity. The second access token is provided based on the response information, such that the second access token can be used by the entity to obtain the resources from the resource provider.

Abstract: Managing an authenticated user session. A method includes a resource provider computer system subscribing to a conditional access termination service for an entity configured to obtain resources from the resource provider computer system through a user session. The resource provider computer system receives an event, related to resource requests, for the entity from the conditional access termination service. The resource provider computer system receives a request for resources from the entity. The resource provider computer system evaluates the request with respect to the event. The resource provider computer system responds to the request based on evaluating the request with respect to the event.

Abstract: A computing system configured to support entities having the ability to indicate capability information for capabilities of the entities is illustrated. Embodiments may include an identity provider computer system comprising at least one processor. The identity provider computer system is configured to receive requests for access tokens from entities. The requests include capability information for the entities. The identity provider computer system is further configured to provide access tokens to the entities which include the capability information. The computing system further includes a resource provider computer system comprising at least one processor configured to receive resource requests and access tokens from entities. The access tokens include the capability information. The resource providers are further configured to provide responses to the entities according to the capability information.