Abstract: A method allows access to computer resources to authorized native applications on a client device. An authorization server receives, from a native application on a device, an initial authorization grant, a public key of a private/public key pair generated on the device, and an attestation of authenticity of the native application. The authorization server receives, from the native application on the device, a refresh token and a digital signature of the refresh token that is created with the private key. The authorization server recognizes the refresh token only if the refresh token is verified with the public key that has been previously registered. The authorization server validates the digital signature of the refresh token, and transmits a new access token and a new refresh token to the native application on the device, thus allowing the native application on the device to access the computer resource.

Abstract: A method allows access to computer resources to authorized native applications on a client device. An authorization server receives, from a native application on a device, an initial authorization grant, a public key of a private/public key pair generated on the device, and an attestation of authenticity of the native application. The authorization server receives, from the native application on the device, a refresh token and a digital signature of the refresh token that is created with the private key. The authorization server recognizes the refresh token only if the refresh token is verified with the public key that has been previously registered. The authorization server validates the digital signature of the refresh token, and transmits a new access token and a new refresh token to the native application on the device, thus allowing the native application on the device to access the computer resource.

Abstract: A service provider configured to establish a federated identity management with an identity provider, provision a first user account, and retrieve revocation information from a ledger. The revocation information can include a revoked user account identifier published to the ledger by the identity provider. The service provider can determine that the revoked user account identifier corresponds to the first user account. The service provider can delete the first user account from the service provider.

Abstract: A processor-implemented method manages an identification document (ID) that is displayed on an electronic device. One or more processors (e.g., within an identity document manager) receive a set of profile details about an entity. The processor(s) send the set of profile details about the entity to a blockchain system that generates a blockchain from the set of profile details about the entity. The processor(s) generate a barcode from a hash of the blockchain, and transmit the barcode to an entity device. The processor(s) subsequently receive a new barcode from an entity verification device. The processor(s) compare information in the new barcode that is received from the entity verification device to information in the blockchain that the identity document manager received from the blockchain system. In response to the two sets of information matching, the processor(s) transmit entity authorization instructions to the entity verification device.

Abstract: A service provider configured to establish a federated identity management with an identity provider, provision a first user account, and retrieve revocation information from a ledger. The revocation information can include a revoked user account identifier published to the ledger by the identity provider. The service provider can determine that the revoked user account identifier corresponds to the first user account. The service provider can delete the first user account from the service provider.

Abstract: An automotive side view mirror attachment assembly includes first and second loading surfaces for engaging a mounting member of a side view mirror assembly, wherein the first and second loading surfaces are disposed within an interior of a vehicle door, such that, in assembly, a mounting member of the mirror assembly is substantially or fully disposed within the interior of a vehicle door, thereby minimizing the overall mirror footprint by eliminating the need for an external base for attachment of a mirror assembly to a vehicle door.

Abstract: A method sends a request for a delegated authorization grant data set, receives a delegated authorization grant data set that defines the delegated authorization grant scope, with respect to a resource. The delegated authorization grant data set includes a scope variable value having been selected by a delegator entity through a delegation grant scope user interface on the delegator device. The scope controls access to the resource in a manner limited by the scope of the delegated authorization grant defined by the delegated authorization grant data set.

Abstract: An automotive side view mirror attachment assembly includes first and second loading surfaces for engaging a mounting member of a side view mirror assembly, wherein the first and second loading surfaces are disposed within an interior of a vehicle door, such that, in assembly, a mounting member of the mirror assembly is substantially or fully disposed within the interior of a vehicle door, thereby minimizing the overall mirror footprint by eliminating the need for an external base for attachment of a mirror assembly to a vehicle door.

Abstract: An automotive side view mirror attachment assembly includes first and second loading surfaces for engaging a mounting member of a side view mirror assembly, wherein the first and second loading surfaces are disposed within an interior of a vehicle door, such that, in assembly, a mounting member of the mirror assembly is substantially or fully disposed within the interior of a vehicle door, thereby minimizing the overall mirror footprint by eliminating the need for an external base for attachment of a mirror assembly to a vehicle door.

Abstract: A method sends a request for a delegated authorization grant data set, receives a delegated authorization grant data set that defines the delegated authorization grant scope, with respect to a resource. The delegated authorization grant data set includes a scope variable value having been selected by a delegator entity through a delegation grant scope user interface on the delegator device. The scope controls access to the resource in a manner limited by the scope of the delegated authorization grant defined by the delegated authorization grant data set.

Abstract: An approach for access authorization to a protected resource is provided. The approach provisions a physical access badge identifier to a door controller. The approach receives a swipe event, wherein the swipe event includes a door controller identifier and the physical access badge identifier. The approach creates an authorization request to access a protected resource, wherein the authorization request includes a request from a user for access to a protected resource. The approach identifies one or more security policies for the protected resource. The approach determines whether to permit access to the protected resource based, at least in part, on the one or more security policies and the swipe event. Responsive to a determination to permit access to the protected resource, the approach permits access to the protected resource, wherein permitting access to the protected resource includes validating an authentication session for a user.

Abstract: An approach for access authorization to a protected resource is provided. The approach provisions a physical access badge identifier to a door controller. The approach receives a swipe event, wherein the swipe event includes a door controller identifier and the physical access badge identifier. The approach creates an authorization request to access a protected resource, wherein the authorization request includes a request from a user for access to a protected resource. The approach identifies one or more security policies for the protected resource. The approach determines whether to permit access to the protected resource based, at least in part, on the one or more security policies and the swipe event. Responsive to a determination to permit access to the protected resource, the approach permits access to the protected resource, wherein permitting access to the protected resource includes validating an authentication session for a user.

Abstract: A host organization system for a host organization of a physical site, receives a request, by a visitor with an identifier of a visitor organization for a visitor access medium, for access to the physical site controlled by a physical access control system requiring presentation of the visitor access medium for access to the physical site, wherein there is an electronic trust relationship between the host organization system and a visitor organization system for the visitor organization via a network, wherein the visitor organization system maintains an electronic identity profile for the visitor. Responsive to the host organization system receiving an authenticated identifier for the visitor from the visitor organization system and validating the authenticated identifier from the visitor organization system, issuing a visitor access medium to the visitor for controlling access to the physical site.

Abstract: An automotive side view mirror attachment assembly includes first and second loading surfaces for engaging a mounting member of a side view mirror assembly, wherein the first and second loading surfaces are disposed within an interior of a vehicle door, such that, in assembly, a mounting member of the mirror assembly is substantially or fully disposed within the interior of a vehicle door, thereby minimizing the overall minor footprint by eliminating the need for an external base for attachment of a mirror assembly to a vehicle door.

Abstract: A host organization system for a host organization of a physical site, receives a request, by a visitor with an identifier of a visitor organization for a visitor access medium, for access to the physical site controlled by a physical access control system requiring presentation of the visitor access medium for access to the physical site, wherein there is an electronic trust relationship between the host organization system and a visitor organization system for the visitor organization via a network, wherein the visitor organization system maintains an electronic identity profile for the visitor. Responsive to the host organization system receiving an authenticated identifier for the visitor from the visitor organization system and validating the authenticated identifier from the visitor organization system, issuing a visitor access medium to the visitor for controlling access to the physical site.