Abstract: Authenticating internet application sessions. A method includes downloading client side code that when executed implements one or more client side modules including at least one module with message interception functionality. The method includes executing the client side code to implement the one or more client side modules. A request is sent to an internet application server. In response to the request, a message is received from the internet application server indicating that the request is not authorized. The message from the internet application server indicating that the request is not authorized is intercepted at the one or more client side modules. The one or more client side modules, as a result of the message indicating that the request is not authorized, send a request for authentication in a required format for authentication. Authentication is performed without losing user state associated with the request to the internet application server.

Abstract: A pipeline that includes at least an initialization stage, a processing stage, and a publication stage. The initialization stage acquires a set of globally sourced claims that can be used by any issuance statement. The processing stage manipulates a set of one or more user task specific claims that are derived from the set of one or more globally source claims. The set of one or more user task specific claims are manipulated by generating a set of one or more temporary claims. The processing stage generates the set of one or more temporary claims by applying issuance statements to the set of one or more user task specific claims. A publication stage then issues the set of one or more temporary claim in an issuance format.

Abstract: Authenticating internet application sessions. A method includes downloading client side code that when executed implements one or more client side modules including at least one module with message interception functionality. The method includes executing the client side code to implement the one or more client side modules. A request is sent to an internet application server. In response to the request, a message is received from the internet application server indicating that the request is not authorized. The message from the internet application server indicating that the request is not authorized is intercepted at the one or more client side modules. The one or more client side modules, as a result of the message indicating that the request is not authorized, send a request for authentication in a required format for authentication. Authentication is performed without losing user state associated with the request to the internet application server.