Abstract: A data processing system implements obtaining, at a file services platform, first mapping information by mapping files, folders, or a combination thereof stored on each of a plurality of client devices associated with a first user. The data processing system further implements synchronizing the first mapping information with the plurality of client devices, receiving a first request for a first file from a first client device of the plurality of client devices, where the first file stored locally on a second client device of the plurality of client devices. The data processing system further implements requesting that the second client device upload an instance of the first file to the file services platform; receiving the instance of the first file from the second client device; and causing the first client device to download the instance of the first file from the file services platform to the first client device.

Abstract: Examples of the present disclosure describe systems and methods for maintaining stale files to minimize computing costs. In examples, a determination is made regarding whether a hydrated file is eligible to remain temporarily stale. If the hydrated file is determined to be eligible to remain temporarily stale, the hydrated file is caused to remain stale at a time when a content refresh for the hydrated file is pending. While the hydrated file remains stale, a set of rules for determining whether the hydrated file should be refreshed is evaluated. If, based on the set of rules, it is determined that the hydrated file should be refreshed, the hydrated file is refreshed.

Abstract: A system is provided for controlling access to data stored in a cloud-based storage service. A first request is received to access data stored at the cloud-based storage service, the data associated with a user account. The first request is authenticated based on a username and password associated with the user account. A second request is received for a file that is stored in an area associated with a heightened authentication protocol. The heightened authentication protocol is performed to authenticate the second request. In response to authenticating the second request, permission is granted to a temporary strong authentication state. The permission is to access the file that is stored in the area associated with the heightened authentication protocol.

Abstract: A system is provided for controlling access to data stored in a cloud-based storage service. A first request is received to access data stored at the cloud-based storage service, the data associated with a user account. The first request is authenticated based on a username and password associated with the user account. A second request is received for a file that is stored in an area associated with a heightened authentication protocol. The heightened authentication protocol is performed to authenticate the second request. In response to authenticating the second request, permission is granted to a temporary strong authentication state. The permission is to access the file that is stored in the area associated with the heightened authentication protocol.

Abstract: Techniques and technologies for dynamic schema determination and enforcement are described. In at least some embodiments, a system comprises: a processing component; and a schema determination and enforcement component configured to receive a first data unit; analyze the first data unit to determine an inferred data schema; receive a second data unit; analyze the second data unit to determine whether the second incoming data unit complies with the inferred data schema; if the second data unit complies with the inferred data schema, write the second data unit to storage; and if the second data unit does not comply with the inferred data schema, at least one of: modify the inferred data schema based on the second data unit; or provide a notification of a non-compliance of the second data unit.

Abstract: A system is provided for controlling access to data stored in a cloud-based storage service. Data associated with a user account is stored at the cloud-based storage service. A portion of the data is associated with a heightened authentication protocol, a first request receiving, at the cloud-based storage service, for an application to access data that is associated with the heightened authentication protocol. The first request is authenticated based on the heightened authentication protocol. In response to authenticating the first request, permission is granted to the application to access the data that is associated with the heightened authentication protocol. The permission is time-limited. It is determined that the application is editing the data that is associated with the heightened authentication protocol. Permission for the application to access the data while the application is editing the data is temporarily extended.

Abstract: A system is provided for controlling access to data stored in a cloud-based storage service. A first request is received to access data stored at the cloud-based storage service, the data associated with a user account. The first request is authenticated based on a username and password associated with the user account. A second request is received for a file that is stored in an area associated with a heightened authentication protocol. The heightened authentication protocol is performed to authenticate the second request. In response to authenticating the second request, permission is granted to a temporary strong authentication state. The permission is to access the file that is stored in the area associated with the heightened authentication protocol.

Abstract: A system is provided for controlling access to data stored in a cloud-based storage service. Data associated with a user account is stored at the cloud-based storage service. A portion of the data is associated with a heightened authentication protocol. a first request receiving, at the cloud-based storage service, for an application to access data that is associated with the heightened authentication protocol. The first request is authenticated based on the heightened authentication protocol. In response to authenticating the first request, permission is granted to the application to access the data that is associated with the heightened authentication protocol. The permission is time-limited. It is determined that the application is editing the data that is associated with the heightened authentication protocol. Permission for the application to access the data while the application is editing the data is temporarily extended.

Abstract: The techniques enable a device to identify a best suitable application to open a resource such as a file. The file can be shared via a link or can be attached to a communication. The link comprises a uniform resource locator (URL) or is in some way associated with an underlying URL. The URL includes a pattern, or a portion that identifies a domain (e.g., a hostname) and/or a portion that identifies a type of file that is to be accessed and opened. Upon activation of the link, the device analyzes the URL to determine the pattern. The device then obtains, from a service associated with the URL, a ranked list of applications that are authorized to open the file. Moreover, the device performs, at run-time, a negotiation with the service to determine which application is best suited to open the file.

Abstract: Aspects of the present disclosure relate to systems and methods for impersonating target user accounts via account redirection. In one aspect, a request may be received at a service issued from a temporary account of the service accessed by a client application. It may be determined whether the temporary account is stored in a mapping table comprising one or more temporary accounts mapped to a corresponding impersonation token. When it is determined that the temporary account is stored in the mapping table, the corresponding impersonation token mapped to the temporary account may be identified. The request may be processed in an impersonation mode based on the identified impersonation token.

Abstract: The techniques disclosed herein provide hosted third-party application experiences within storage service viewers. Users can store a number of files having many different formats (AutoCAD files, word processing documents, spreadsheets, presentation files, and many files having unique formats) at a storage service. Users can view and edit the contents of a wide range of file formats by the use of a Web browser. The storage service can generate a display page that is configured to access viewing and editing tools from one or more remote services. The display page can also provide controls for the storage service, e.g., Dropbox controls, while concurrently providing the viewing and editing controls for select files. The viewing and editing tools can be provided by one or more remote services, such as a website managed by a third-party entity, such as Autodesk, Inc.

Abstract: The techniques enable a device to identify a best suitable application to open a resource such as a file. The file can be shared via a link or can be attached to a communication. The link comprises a uniform resource locator (URL) or is in some way associated with an underlying URL. The URL includes a pattern, or a portion that identifies a domain (e.g., a hostname) and/or a portion that identifies a type of file that is to be accessed and opened. Upon activation of the link, the device analyzes the URL to determine the pattern. The device then obtains, from a service associated with the URL, a ranked list of applications that are authorized to open the file. Moreover, the device performs, at run-time, a negotiation with the service to determine which application is best suited to open the file.

Abstract: The present invention extends to methods, systems, and computer program products for reverse replication to rollback corrupted files. When a computer system detects that a copy of a file includes inappropriate content, the computer system can coordinate with other computer systems (e.g., in replicated storage system) to determine that a viable (e.g., clean) copy of the file exists. The computer system can access the viable copy and replace the copy that includes the inappropriate content with the viable copy. As such, a computer system can “reverse replicate” a file rather than break a synchronization relationship. Reverse replication can be used to rollback a copy of an infected file to another (possibly earlier) copy of the file that is not infected. Embodiments of the invention can be used to rollback data files, such as, for example, pictures, videos, documents, etc.

Abstract: Aspects of the present disclosure relate to systems and methods for impersonating target user accounts via account redirection. In one aspect, a request may be received at a service issued from a temporary account of the service accessed by a client application. It may be determined whether the temporary account is stored in a mapping table comprising one or more temporary accounts mapped to a corresponding impersonation token. When it is determined that the temporary account is stored in the mapping table, the corresponding impersonation token mapped to the temporary account may be identified. The request may be processed in an impersonation mode based on the identified impersonation token.

Abstract: Various embodiments provide an evaluation module that is configured to monitor activities of new users and ascertain, from monitored activities, a reputation associated with the new users. In at least some embodiments, the evaluation module comprises an activity store and/or a reputation service. The activity store can monitor different types of actions associated with new users. For example, the activity store can monitor content-based actions that pertain to particular pieces of content and/or user behaviors associated with new users. The reputation service, which may or may not comprise part of the evaluation module, can ascertain from information provided from the activity store, information, such as a reputation category, associated with content-based actions and/or user behaviors associated with new users. Based on a new user's information, e.g. reputation category, the new user can be assigned an activity type which, in turn, defines allowed and disallowed activities for the new user.

Abstract: A system of resource-based action attribution provides a mechanism for tracking actions performed on a resource shared among multiple users of a resource sharing system, whether the users are authenticated within the resource sharing system or not. The tracking mechanism may allow users to track identifying information of other users who perform actions (e.g., editing actions) on the shared resource. A user can access a resource by providing a resource identifier and/or an access credential associated with the resource. The user's actions on the resource can be associated with an invitee identifier (e.g., an email address) that is associated in memory with the resource identifier and/or the access credential.

Abstract: Techniques and technologies for dynamic schema determination and enforcement are described. In at least some embodiments, a system comprises: a processing component; and a schema determination and enforcement component configured to receive a first data unit; analyze the first data unit to determine an inferred data schema; receive a second data unit; analyze the second data unit to determine whether the second incoming data unit complies with the inferred data schema; if the second data unit complies with the inferred data schema, write the second data unit to storage; and if the second data unit does not comply with the inferred data schema, at least one of: modify the inferred data schema based on the second data unit; or provide a notification of a non-compliance of the second data unit.

Abstract: The techniques disclosed herein provide hosted third-party application experiences within storage service viewers. Users can store a number of files having many different formats (AutoCAD files, word processing documents, spreadsheets, presentation files, and many files having unique formats) at a storage service. Users can view and edit the contents of a wide range of file formats by the use of a Web browser. The storage service can generate a display page that is configured to access viewing and editing tools from one or more remote services. The display page can also provide controls for the storage service, e.g., Dropbox controls, while concurrently providing the viewing and editing controls for select files. The viewing and editing tools can be provided by one or more remote services, such as a website managed by a third-party entity, such as Autodesk, Inc.

Abstract: The present invention extends to methods, systems, and computer program products for scanning files for inappropriate content during file synchronization. Embodiments of the invention are mindful of the order of operations when scanning files for inappropriate content and in subsequent file processing. In some embodiments, during synchronization, an intermediary server scans a file for inappropriate content. The file is not permitted to be fully downloaded to a client device until the scan determines that the file does not contain inappropriate content. In other embodiments, during synchronization, a client device scans a newer version of a file for inappropriate content. An older version of the file is not deleted until the scan determines that the newer version of the file does not contain inappropriate content. In further embodiments, server side scanning and client side scanning are both used to enhance capabilities for detecting inappropriate content.

Abstract: When files or other objects are to be shared, a storage system creates a bundle object that identifies the objects to be shared, and the permissions associated with objects in that bundle object. Each object is marked as being associated with a bundle object. When the object is accessed, the storage system determines if the object is associated with a bundle object. The bundle object in turn is accessed to determine the permissions to be associated with that object for the entity accessing the object. Files and other objects can be shared without copying or moving them. Any collection of files or other objects, however selected or identified, can be shared through this mechanism. Using this mechanism, a user can select several files, and then share those files in one operation without copying or moving those files or creating a new folder for those files.