Abstract: A method of determining whether to authorize a user of a computer system to perform an action in the computer system is described. Besides the explicit authorization grants, a new, more secure semantics is defined where only unassigned users or actions are granted generically. For example, if an access control list for an action is not empty, a user may be authorized to perform the action only if the user is a member of the access control list for the action. If the access control list for the action is empty, the user may be authorized to perform the action only if the user is not a member of any access control list of a group of access control lists.

Abstract: A system may include a sender computing system to transmit first authentication data in association with a message, the first authentication data conforming to a first authentication mechanism, and to transmit second authentication data in association with the message, the second authentication data conforming to a second authentication mechanism. The system may also include a component to receive the first authentication data in association with the message from the sender computing system, and to receive the second authentication data in association with the message from the sender computing system.

Abstract: A system may include a sender computing system, an intermediary component, and a receiver computing system. The sender computing system may transmit first authentication data and second authentication data, and the intermediary component may receive the first authentication data and second authentication data from the sender computing system, perform an authentication action based on the second authentication data, and transmit the first authentication data. The receiver computing system may receive the first authentication data.

Abstract: A system may include a sender computing system, an intermediary service component, and a receiver computing system. The sender computing system may transmit a message and authentication data, and the intermediary service component may receive the message and the authentication data from the sender computing system, process the message, and transmit the authentication data and the processed message. The receiver computing system may receive the authentication data and the processed message.

Abstract: A system may include a sender computing system to transmit first authentication data in association with a message, the first authentication data conforming to a first authentication mechanism, and to transmit second authentication data in association with the message, the second authentication data conforming to a second authentication mechanism. The system may also include a component to receive the first authentication data in association with the message from the sender computing system, and to receive the second authentication data in association with the message from the sender computing system.

Abstract: A system may include a sender computing system, an intermediary component, and a receiver computing system. The sender computing system may transmit first authentication data and second authentication data, and the intermediary component may receive the first authentication data and second authentication data from the sender computing system, perform an authentication action based on the second authentication data, and transmit the first authentication data. The receiver computing system may receive the first authentication data.

Abstract: A system may include a sender computing system, an intermediary service component, and a receiver computing system. The sender computing system may transmit a message and authentication data, and the intermediary service component may receive the message and the authentication data from the sender computing system, process the message, and transmit the authentication data and the processed message. The receiver computing system may receive the authentication data and the processed message.