Abstract: A request is received from a trusted application to authorize a client application that requests a service offered by the trusted application. Whether the client application is authorized to access the trusted application is determined in view of the request. An authentication of a user of the client application is caused in response to determining the client application is authorized to access the trusted application. An authorization result is returned to the trusted application in view of the determining and the authentication.

Abstract: Methods, systems, and apparatus, including computer-readable media, for verified boot and key rotation. In some implementations, a device extracts a public key from a secure data storage area of the device. The device extracts a first certificate for an intermediate key and a second certificate for a signing key, the first certificate and the second certificate being extracted from a system image. The device verifies a signature of the first certificate using the public key. After verifying the signature of the first certificate, the device verifies the second certificate using a public key in the first certificate. In response to verifying the second certificate, the device loads the system image during a boot process of the device.

Abstract: A request is received from a trusted application to authorize a client application that requests a service offered by the trusted application. Whether the client application is authorized to access the trusted application is determined in view of the request. An authentication of a user of the client application is caused in response to determining the client application is authorized to access the trusted application. An authorization result is returned to the trusted application in view of the determining and the authentication.

Abstract: A request is received from a trusted application to authorize a client application that requests a service offered by the trusted application. In view of the request, it is determined whether the client application is authorized to access the trusted application in view of an authorization policy. An authentication of a user of the client application is caused in response to determining the client application is authorized to access the trusted application. An authorization result is returned to the trusted application in view of the determining and the authentication.

Abstract: Methods, systems, and apparatus, including computer-readable media, for verified boot and key rotation. In some implementations, a device extracts a public key from a secure data storage area of the device. The device extracts a first certificate for an intermediate key and a second certificate for a signing key, the first certificate and the second certificate being extracted from a system image. The device verifies a signature of the first certificate using the public key. After verifying the signature of the first certificate, the device verifies the second certificate using a public key in the first certificate. In response to verifying the second certificate, the device loads the system image during a boot process of the device.

Abstract: A request is received from a trusted application to authorize a client application that requests a service offered by the trusted application. In view of the request, it is determined whether the client application is authorized to access the trusted application in view of an authorization policy. An authentication of a user of the client application is caused in response to determining the client application is authorized to access the trusted application. An authorization result is returned to the trusted application in view of the determining and the authentication.

Abstract: A request is received at an authorization framework via an authorization application programming interface (API) from a trusted application for authorizing a client application, where the client application requests a service provided by the trusted application. In response to the request, the client application is authorized in view of one or more authorization policies associated with the client application to determine whether the client application is authorized to access the requested service. A user associated with the client application is authenticated to determine whether the user is allowed to access the requested service. Thereafter, a value is returned from the authorization framework via the authorization API to the trusted application indicating whether the client application can access the requested service provided by the trusted application, based on results of the authorization and authentication.

Abstract: A first display server and a second display server execute on a processing device. The first display server provides a secure environment for data presented in first application windows of the first display server and the second display server provides an unsecure environment for data presented in second application windows of the second display server. The processing device receives at least one user command to copy data from one of the first application windows of the first display server to one of the second application windows of the second display server. The processing device prompts a user to perform an authentication upon receiving the at least one user command. In response to the user successfully performing the authentication, data is copied from said one of the first application windows to said one of the second application windows.

Abstract: A hostname configuration unit associates a display hostname with a regular hostname of a host, where the regular hostname identifies the host and the display hostname identifies a service associated with the host, where the service is provided by a client application. The hostname configuration unit further associates a graphical representation with the display hostname. A hostname query unit is configured to provide the client application the regular hostname, the display hostname, and the graphical representation in response to a request for hostname data received from the client application. The regular hostname, the display hostname, and the graphical representation are used by the client application to advertise a service to allow a remote node to access the advertised service of the application over a network.

Abstract: A first display server and a second display server execute on a processing device. The first display server provides a secure environment for data presented in first application windows of the first display server and the second display server provides an unsecure environment for data presented in second application windows of the second display server. The processing device receives at least one user command to copy data from one of the first application windows of the first display server to one of the second application windows of the second display server. The processing device prompts a user to perform an authentication upon receiving the at least one user command. In response to the user successfully performing the authentication, data is copied from said one of the first application windows to said one of the second application windows.

Abstract: A request is received at an authorization framework via an authorization application programming interface (API) from a trusted application for authorizing a client application, where the client application requests a service provided by the trusted application. In response to the request, the client application is authorized in view of one or more authorization policies associated with the client application to determine whether the client application is authorized to access the requested service. A user associated with the client application is authenticated to determine whether the user is allowed to access the requested service. Thereafter, a value is returned from the authorization framework via the authorization API to the trusted application indicating whether the client application can access the requested service provided by the trusted application, based on results of the authorization and authentication.

Abstract: A hostname configuration unit associates a display hostname with a regular hostname of a host, where the regular hostname identifies the host and the display hostname identifies a service associated with the host, where the service is provided by a client application. The hostname configuration unit further associates a graphical representation with the display hostname. A hostname query unit is configured to provide the client application the regular hostname, the display hostname, and the graphical representation in response to a request for hostname data received from the client application. The regular hostname, the display hostname, and the graphical representation are used by the client application to advertise a service to allow a remote node to access the advertised service of the application over a network.