Abstract: Permitting a decentralized identity to authenticate on behalf of a centralized identity to a centralized identity system, and/or permitting a centralized identity to authenticate on behalf of a decentralized identity to a decentralized identity system. Thus, the principles described herein permit authentication across decentralized and centralized domains. The identity system receives and registers a delegation for the first identity to authentic as the second identity, where one of the identities is a decentralized identity and one is a centralized identity. Thereafter, when the identity system receives a communication from the first identity to access a resource owned by the second identity, the identity system accesses the registration to determine that the first identity is authorized to authenticate as the second identity, authenticates the first identity as the second identity, and grants the first identity access to the resource owned by the second identity.

Abstract: Embodiments disclosed herein are related to computing systems, computer program products, and methods for providing a callback pattern for DID attestations or claims. An attestation is provided from a first entity of a decentralized network to a second entity of the decentralized network. The attestation defines information about an owner of the attestation that has been generated by the first entity and that is to be used by the second entity. The attestation includes contact metadata that defines how to contact the first entity. In response to the attestation being provided to the second entity, the first entity is contacted using the contact metadata.

Abstract: Embodiments disclosed herein are related to computing systems and methods for broadcasting an intent of a first user to a second user of a decentralized network. The computing system and methods are implemented in the decentralized network that implements a distributed ledger that backs one or more decentralized identities (DID) for one or more users of the computing system. Intent from first users of the computing system is received. The intent data defines potential interactions between the first users and second users of the computing system. Broadcast messages are generated. The broadcast messages include a DID for each of the first users and information specifying the potential interactions. The generated broadcast messages are provided to the second users.

Abstract: Enforcing different policy rules that are applicable to different types of data. The computing system and methods are implemented in a decentralized network that implements a distributed ledger, the distributed ledger backing one or more decentralized identities (DID) for one or more users of the computing system. Receive a request from an entity for operating on data stored or to be stored in a storage that is associated with an owner of a DID. A type of data that is requested to be operated on is then determined. One or more policy rules that are applicable to the determined type of data are accessed. Based on the one or more policy rules, determine if the operation to be performed on the data will result in the data complying with the one or more policy rules. Based on the determination, allow the request when the operation will result the data complying with the one or more policy rules.

Abstract: Enforcing different policy rules that are applicable to different types of data. A plurality of DIDs and a plurality of storages are managed by a computing system. Each of the plurality of storages is associated with at least one of the plurality of DIDs. Receive a request from an entity for operating on data stored or to be stored in one of the plurality of storages. Determine a type of the data requested to be operated on. Access one or more policy rules that are applicable to the type of the data. Based on the accessed one or more policy rules, determine whether the operation to be performed on the data will result in the data complying with the one or more policy rules. Based on the determination, allow or deny the request.

Abstract: Methods for composable user journeys for user authentication via an identity experience framework are performed by systems and apparatuses. Initiating a user authentication process for an application triggers application calls for dynamic invocation of a specific identity policy, required by the application, of a number of identity policies managed by a host of the identity experience framework. User interfaces defined by the identity policies are provided from the host to the application for interaction by the user and entry of identity information needed to authenticate the user according to specified verification providers. Identity claims and token requests are provided from the application to the host which then authenticates the identity claims via the verification providers and mints a token that includes the claims required by the application, according to the identity policy. The application consumes the token to complete the token request and allow the user access to the application.

Abstract: Inserting media data into existing media data in a way that ensures the inserted data is not accessible to all users. The computing system and methods are implemented in a decentralized network that implements a distributed ledger, the distributed ledger backing one or more decentralized identities (DID) for one or more users of the computing system. Access to a first portion of media data is granted to various users. The access is partially based on a DID that is associated with each of the users. A second portion of media data is received that is inserted into the first portion of media data. The second portion of media data is accessible by only some of the users who have access to the first portion of media data. Access to the second portion of media data is also partially based on the DID of each of the subset of users.

Abstract: Methods for composable user journeys for user authentication via an identity experience framework are performed by systems and apparatuses. Initiating a user authentication process for an application triggers application calls for dynamic invocation of a specific identity policy, required by the application, of a number of identity policies managed by a host of the identity experience framework. User interfaces defined by the identity policies are provided from the host to the application for interaction by the user and entry of identity information needed to authenticate the user according to specified verification providers. Identity claims and token requests are provided from the application to the host which then authenticates the identity claims via the verification providers and mints a token that includes the claims required by the application, according to the identity policy. The application consumes the token to complete the token request and allow the user access to the application.

Abstract: Methods for composable user journeys for user authentication via an identity experience framework are performed by systems and apparatuses. Initiating a user authentication process for an application triggers application calls for dynamic invocation of a specific identity policy, required by the application, of a number of identity policies managed by a host of the identity experience framework. User interfaces defined by the identity policies are provided from the host to the application for interaction by the user and entry of identity information needed to authenticate the user according to specified verification providers. Identity claims and token requests are provided from the application to the host which then authenticates the identity claims via the verification providers and mints a token that includes the claims required by the application, according to the identity policy. The application consumes the token to complete the token request and allow the user access to the application.

Abstract: A cloud service can be merged with a client content to provide an integrated user experience. A user interface associated with a client may be accessed. In response to accessing the user interface associated with the client, redirect instructions to navigate to a cloud service may be received. In response to receiving redirect instructions, navigation to the cloud service may be performed. In response to navigating to the cloud service, merger code may be received from the cloud service. In response to receiving the merger code, content data associated with the client may be retrieved based on the received merger code, and service content associated with the cloud service may be generated. Additionally, in response to receiving the merger code, the generated service content may be merged with the retrieved client content data into a single document, and the single document may be set to be rendered for use.