Abstract: Techniques are described herein for performing authentication, and also “eager” or “lazy” fetch of data, for restricted webpages based on the restricted webpages being associated with an authentication tier in an AASD registry. Inclusion of a restricted webpage in the AASD registry enables AASD-based authentication for the webpage. According to embodiments, information for a restricted webpage included in the AASD registry includes one or more of the following for the webpage: an identifier, an authentication level, allowed fields, eager fetch fields, one or more sources for one or more fields, etc. When information for a webpage is included in the AASD registry, that information is used to perform eager fetch for one or more fields of the webpage that are not associated with authentication requirements indicated in the AASD registry information, or whose authentication requirements are already fulfilled by the requesting client.

Abstract: Techniques are described herein for using special session identifiers to defer additional authentication steps (AAS) for at least some restricted application actions. A client session is associated with a special session identifier that is mapped to an authentication tier (AT) achieved for the session based on the satisfied authentication steps. Web servers that are enabled for AAS deferral include context information, which identifies a requested action, with session verification requests to an authentication service. The authentication service determines that AAS is required to perform an action when (a) the AT associated with the action is a higher-security tier than the AT associated with the session, or (b) the session is associated with an AT that is lower than the highest-security AT and there is no context information accompanying the request for session validation, in which case the authentication service assumes that the highest-security AT is required to perform the request.

Abstract: Techniques are described herein for performing authentication, and also “eager” or “lazy” fetch of data, for restricted webpages based on the restricted webpages being associated with an authentication tier in an AASD registry. Inclusion of a restricted webpage in the AASD registry enables AASD-based authentication for the webpage. According to embodiments, information for a restricted webpage included in the AASD registry includes one or more of the following for the webpage: an identifier, an authentication level, allowed fields, eager fetch fields, one or more sources for one or more fields, etc. When information for a webpage is included in the AASD registry, that information is used to perform eager fetch for one or more fields of the webpage that are not associated with authentication requirements indicated in the AASD registry information, or whose authentication requirements are already fulfilled by the requesting client.

Abstract: Techniques are described herein for using special session identifiers to defer additional authentication steps (AAS) for at least some restricted application actions. A client session is associated with a special session identifier that is mapped to an authentication tier (AT) achieved for the session based on the satisfied authentication steps. Web servers that are enabled for AAS deferral include context information, which identifies a requested action, with session verification requests to an authentication service. The authentication service determines that AAS is required to perform an action when (a) the AT associated with the action is a higher-security tier than the AT associated with the session, or (b) the session is associated with an AT that is lower than the highest-security AT and there is no context information accompanying the request for session validation, in which case the authentication service assumes that the highest-security AT is required to perform the request.

Abstract: Techniques are described herein for performing authentication, and also “eager” or “lazy” fetch of data, for restricted webpages based on the restricted webpages being associated with an authentication tier in an AASD registry. Inclusion of a restricted webpage in the AASD registry enables AASD-based authentication for the webpage. According to embodiments, information for a restricted webpage included in the AASD registry includes one or more of the following for the webpage: an identifier, an authentication level, allowed fields, eager fetch fields, one or more sources for one or more fields, etc. When information for a webpage is included in the AASD registry, that information is used to perform eager fetch for one or more fields of the webpage that are not associated with authentication requirements indicated in the AASD registry information, or whose authentication requirements are already fulfilled by the requesting client.

Abstract: Techniques are described herein for using special session identifiers to defer additional authentication steps (AAS) for at least some restricted application actions. A client session is associated with a special session identifier that is mapped to an authentication tier (AT) achieved for the session based on the satisfied authentication steps. Web servers that are enabled for AAS deferral include context information, which identifies a requested action, with session verification requests to an authentication service. The authentication service determines that AAS is required to perform an action when (a) the AT associated with the action is a higher-security tier than the AT associated with the session, or (b) the session is associated with an AT that is lower than the highest-security AT and there is no context information accompanying the request for session validation, in which case the authentication service assumes that the highest-security AT is required to perform the request.

Abstract: Techniques are described herein for using special session identifiers to defer additional authentication steps (AAS) for at least some restricted application actions. A client session is associated with a special session identifier that is mapped to an authentication tier (AT) achieved for the session based on the satisfied authentication steps. Web servers that are enabled for AAS deferral include context information, which identifies a requested action, with session verification requests to an authentication service. The authentication service determines that AAS is required to perform an action when (a) the AT associated with the action is a higher-security tier than the AT associated with the session, or (b) the session is associated with an AT that is lower than the highest-security AT and there is no context information accompanying the request for session validation, in which case the authentication service assumes that the highest-security AT is required to perform the request.

Abstract: Techniques are described herein for performing authentication, and also “eager” or “lazy” fetch of data, for restricted webpages based on the restricted webpages being associated with an authentication tier in an AASD registry. Inclusion of a restricted webpage in the AASD registry enables AASD-based authentication for the webpage. According to embodiments, information for a restricted webpage included in the AASD registry includes one or more of the following for the webpage: an identifier, an authentication level, allowed fields, eager fetch fields, one or more sources for one or more fields, etc. When information for a webpage is included in the AASD registry, that information is used to perform eager fetch for one or more fields of the webpage that are not associated with authentication requirements indicated in the AASD registry information, or whose authentication requirements are already fulfilled by the requesting client.