Abstract: Methods, systems, and apparatuses in a computing device enable user access to a resource. The method includes receiving, from a user, a request for access to a resource; accessing an authentication flow for granting access to the resource; obtaining first claims for a user from a first claims provider in the authentication flow; determining a second claims provider in the authentication flow, the second claims provider having a trust relationship with the claims facilitator; directing the user to the second claims provider; receiving second claims for the user from the second claims provider; and enabling the user to access the resource in response to at least the received first and second claims.

Abstract: Described is a technology by which a plug-in (e.g., an ActiveX® control) instantiated by a web browser calls functions of a credential service to use a set of credential data (e.g., a card file) for logging into a website. If the credential service determines that a previously used card file for the website exists, a representation of that card file is displayed in the browser, and the data of that card file is used to obtain a token for logging in the user. If not found, an icon is presented instead, by which the user can select a user interface that allows selection of another card file that meets that meet the website's requirements.

Abstract: Methods, systems, and apparatuses in a computing device enable user access to a resource. The method includes receiving, from a user, a request for access to a resource; accessing an authentication flow for granting access to the resource; obtaining first claims for a user from a first claims provider in the authentication flow; determining a second claims provider in the authentication flow, the second claims provider having a trust relationship with the claims facilitator; directing the user to the second claims provider; receiving second claims for the user from the second claims provider; and enabling the user to access the resource in response to at least the received first and second claims.

Abstract: Described is a technology by which a plug-in (e.g., an ActiveX® control) instantiated by a web browser calls functions of a credential service to use a set of credential data (e.g., a card file) for logging into a website. If the credential service determines that a previously used card file for the website exists, a representation of that card file is displayed in the browser, and the data of that card file is used to obtain a token for logging in the user. If not found, an icon is presented instead, by which the user can select a user interface that allows selection of another card file that meets that meet the website's requirements.

Abstract: Described is a technology by which a plug-in (e.g., an ActiveX® control) instantiated by a web browser calls functions of a credential service to use a set of credential data (e.g., a card file) for logging into a website. If the credential service determines that a previously used card file for the website exists, a representation of that card file is displayed in the browser, and the data of that card file is used to obtain a token for logging in the user. If not found, an icon is presented instead, by which the user can select a user interface that allows selection of another card file that meets that meet the website's requirements.

Abstract: Described is a technology by which a plug-in (e.g., an ActiveX® control) instantiated by a web browser calls functions of a credential service to use a set of credential data (e.g., a card file) for logging into a website. If the credential service determines that a previously used card file for the website exists, a representation of that card file is displayed in the browser, and the data of that card file is used to obtain a token for logging in the user. If not found, an icon is presented instead, by which the user can select a user interface that allows selection of another card file that meets that meet the website's requirements.

Abstract: A computer-implemented method for authorizing access by a client application to a resource of a user maintained on a first server computing system, the client application being implemented on a second server computing system, includes receiving a delegation message from the first server computer system to initiate authorization of the access by the client application, issuing an authorization message to the first server computer system, the authorization message comprising an authorization data package for redemption by the client application, the authorization data package comprising first through fourth integral delegation data indicative of the user, the client application, the resource, and a timestamp, respectively, receiving a redemption message from the second server computing system comprising the authorization data package, conducting an analysis of the authorization data package, and sending an access token to the second server computing system based on the analysis.

Abstract: Described is a technology by which a plug-in (e.g., an ActiveX® control) instantiated by a web browser calls functions of a credential service to use a set of credential data (e.g., a card file) for logging into a website. If the credential service determines that a previously used card file for the website exists, a representation of that card file is displayed in the browser, and the data of that card file is used to obtain a token for logging in the user. If not found, an icon is presented instead, by which the user can select a user interface that allows selection of another card file that meets that meet the website's requirements.

Abstract: A computer-implemented method for authorizing access by a client application to a resource of a user maintained on a first server computing system, the client application being implemented on a second server computing system, includes receiving a delegation message from the first server computer system to initiate authorization of the access by the client application, issuing an authorization message to the first server computer system, the authorization message comprising an authorization data package for redemption by the client application, the authorization data package comprising first through fourth integral delegation data indicative of the user, the client application, the resource, and a timestamp, respectively, receiving a redemption message from the second server computing system comprising the authorization data package, conducting an analysis of the authorization data package, and sending an access token to the second server computing system based on the analysis.

Abstract: A pipeline that includes at least an initialization stage, a processing stage, and a publication stage. The initialization stage acquires a set of globally sourced claims that can be used by any issuance statement. The processing stage manipulates a set of one or more user task specific claims that are derived from the set of one or more globally source claims. The set of one or more user task specific claims are manipulated by generating a set of one or more temporary claims. The processing stage generates the set of one or more temporary claims by applying issuance statements to the set of one or more user task specific claims. A publication stage then issues the set of one or more temporary claim in an issuance format.

Abstract: Described is a technology by which a plug-in (e.g., an ActiveX® control) instantiated by a web browser calls functions of a credential service to use a set of credential data (e.g., a card file) for logging into a website. If the credential service determines that a previously used card file for the website exists, a representation of that card file is displayed in the browser, and the data of that card file is used to obtain a token for logging in the user. If not found, an icon is presented instead, by which the user can select a user interface that allows selection of another card file that meets that meet the website's requirements.