Abstract: Open federation security techniques with rate limits are described. An apparatus may include a network interface operative to communicate messages, and a secure open federation (SOF) module operative to manage a message rate between multiple federated networks. The SOF module may comprise a peer authentication module operative to determine whether a peer making the message is an untrusted peer. The SOF module may comprise a peer rate tracking module operative to retrieve a message rate value and a message rate limit value associated with the untrusted peer, and compare the message rate value with the message rate limit value to form a threat status indicator value. The SOF module may comprise a peer authorization module operative to authorize communication of the message based on the threat status indicator value. Other embodiments are described and claimed.

Abstract: A system for detecting and communicating the presence of one or more computing devices is presented. The invention also presents a method and system for aggregating presence information generated by multiple devices associated with a single user. A server acting as a presence agent on behalf of a first user receives and responds to a subscription request generated by a computing device operated by a second user that wishes to be permitted as a watcher of the first user. When the second user corresponds to access preferences specified by the first user, a notify message is sent to the second user's device that includes presence information indicative of an activity level and availability level associated with the first user. When the first user employs multiple computing devices, the server generates an aggregate presence document that is representative of the overall presence of the first user.

Abstract: The claimed subject matter provides a system and/or a method that facilitates enhancing connectivity associated with data communications. An interface can receive a portion of communication state data, wherein the communication state data is related to at least one of a data communication mode and a user context state. A routing component can evaluate the portion of communication state data to identify an optimized data communication mode, wherein the optimized data communication mode is dynamically linked to a virtual contact identifier. Moreover, the routing component can automatically and seamlessly employ an optimized communication session utilizing the dynamically identified optimized data communication mode based upon an activation of the virtual contact identifier.

Abstract: The claimed subject matter provides a system and/or a method that facilitates enhancing incoming data communication connectivity within a network. An analyzer component can evaluate a portion of an incoming data communication targeted for a network to identify a context associated with the data communication. A transfer component can direct the incoming data communication to a cluster within the network based at least in part upon the identified context, wherein the cluster includes a physical entity with pre-existing knowledge of the identified context.

Abstract: Techniques to protect from open enhanced federation user enumeration are described. An apparatus may include a network interface operative to establish connections. The access edge server may further include an open enhanced federation (OEF) module communicatively coupled to the network interface. The OEF module may be operative to manage connections between multiple federated networks. In one embodiment, for example, the OEF module may comprise a peer authentication module operative to determine whether a peer making the request is an untrusted peer domain. The OEF module may further comprise a peer tracking module operative to retrieve a total request number and a total limit number associated with the untrusted peer, and compare the total request number with the total limit number to form a threat status indicator value. The OEF module may also comprise a peer authorization module operative to authorize the request based on the threat status indicator value. Other embodiments are described and claimed.

Abstract: A system and method for uniquely identifying an SIP device extends the SIP communications protocol with an end point identifier, carried for example in the header of an SIP transmission. The end point identifier is useful for routing, registration, subscription, and authentication. The end point (device) of a given user epid can be uniquely identified by creating a key from an epid and a user's address-of-record (URI). This in turn enables improved connection management and security association management when the connections/IP addresses are transient, such as when HTTPS tunneling is used.

Abstract: A method and system for configuring a client computer for real-time communication is provided, in which configuration settings are sent to the computer in the form of a configuration document, such as mark-up language document, that is readable by the client computer. The client computer may request the configuration document on an as-needed basis, or may request to be notified whenever new configuration settings are needed.

Abstract: End-to-end authentication capability based on public-key certificates is combined with the Session Initiation Protocol (SIP) to allow a SIP node that receives a SIP request message to authenticate the sender of request. The SIP request message is sent with a digital signature generated with a private key of the sender and may include a certificate of the sender. The SIP request message may also be encrypted with a public key of the recipient. After receiving the SIP request, the receiving SIP node obtains a certificate of the sender and authenticates the sender based on the digital signature. The digital signature may be included in an Authorization header of the SIP request, or in a multipart message body constructed according to the S/MIME standard.

Abstract: A system and method for uniquely identifying an SIP device extends the SIP communications protocol with an end point identifier, carried for example in the header of an SIP transmission. The end point identifier is useful for routing, registration, subscription, and authentication. The end point (device) of a given user epid can be uniquely identified by creating a key from an epid and a user's address-of-record (URI). This in turn enables improved connection management and security association management when the connections/IP addresses are transient, such as when HTTPS tunneling is used.

Abstract: End-to-end authentication capability based on public-key certificates is combined with the Session Initiation Protocol (SIP) to allow a SIP node that receives a SIP request message to authenticate the sender of request. The SIP request message is sent with a digital signature generated with a private key of the sender and may include a certificate of the sender. The SIP request message may also be encrypted with a public key of the recipient. After receiving the SIP request, the receiving SIP node obtains a certificate of the sender and authenticates the sender based on the digital signature. The digital signature may be included in an Authorization header of the SIP request, or in a multipart message body constructed according to the S/MIME standard.

Abstract: A method and system for configuring a client computer for real-time communication is provided, in which configuration settings are sent to the computer in the form of a configuration document, such as mark-up language document, that is readable by the client computer. The client computer may request the configuration document on an as-needed basis, or may request to be notified whenever new configuration settings are needed.