Abstract: A method and system for validating access to a group of related elements are described. The elements within the group access a security context associated with a markup domain when a call is made to an element. An authorized call to an element is enabled such that the markup domain is navigated to a new web page. However, an unauthorized call is prevented so that the navigation to the new web page is not permitted. After the markup domain has been navigated, the security context associated with the markup domain is invalidated. A new security context is generated and associated with the markup domain. The elements associated with the web page navigated from are inaccessible after navigation of the markup domain to the new page. The association of the new security context with the markup domain prevents an unauthorized user from accessing any element that references the previous security context.

Abstract: In a computing environment, one may wish to have interoperability between trusted and untrusted controls/plug-ins allowing for richer expression of content and control within a platform. This can be accomplished by allowing an untrusted plug-in to communicate with a trusted plug-in, while having the trusted plug-in exercise control over the platform. This allows for the creation of a layered secure approach of communication with a platform, thus allowing for increased application richness in untrusted third party applications.

Abstract: A method and system for validating access to a group of related elements are described. The elements within the group access a security context associated with a markup domain when a call is made to an element. An authorized call to an element is enabled such that the markup domain is navigated to a new web page. However, an unauthorized call is prevented so that the navigation to the new web page is not permitted. After the markup domain has been navigated, the security context associated with the markup domain is invalidated. A new security context is generated and associated with the markup domain. The elements associated with the web page navigated from are inaccessible after navigation of the markup domain to the new page. The association of the new security context with the markup domain prevents an unauthorized user from accessing any element that references the previous security context.

Abstract: A method and system for validating access to a group of related elements are described. The elements within the group access a security context associated with a markup domain when a call is made to an element. An authorized call to an element is enabled such that the markup domain is navigated to a new web page. However, an unauthorized call is prevented so that the navigation to the new web page is not permitted. After the markup domain has been navigated, the security context associated with the markup domain is invalidated. A new security context is generated and associated with the markup domain. The elements associated with the web page navigated from are inaccessible after navigation of the markup domain to the new page. The association of the new security context with the markup domain prevents an unauthorized user from accessing any element that references the previous security context.

Abstract: Concepts and technologies for creating and accessing room-based computing environments are disclosed. Resources are categorized and/or bundled into categories or bundles of resources. Resources are associated with the room-based computing environment and various data relating to the resources is stored, including data relating to permissions for accessing the resources. Upon detecting access of the room-based computing environment, a room engine can authenticate an entity associated with the access and determine what contents of the room-based computing environment are to be presented based upon the permissions information and/or other considerations. The environment is generated and presented to the entity via one or more user interfaces.

Abstract: Concepts and technologies are described herein for contextual and task-focused computing. In accordance with the concepts and technologies disclosed herein, a discovery engine analyzes application data describing applications, recognizes tasks associated with the applications, and stores task data identifying and describing the tasks in a data storage location. The task data is searchable by search engines, indexing and search services, and task engines configured to provide tasks to one or more client devices operating alone or in a synchronized manner, the tasks being provided on demand or based upon activity associated with the one or more client devices. A task engine receives or obtains contextual data describing context associate with the client devices and/or social networking data associated with one or more users of the client devices.

Abstract: Described is a technology including an evaluation methodology by which a set of privileged code such as a platform's API method may be marked as being security critical and/or safe for being called by untrusted code. The set of code is evaluated to determine whether the code is security critical code, and if so, it is identified as security critical. Such code is further evaluated to determine whether the code is safe with respect to being called by untrusted code, and if so, is marked as safe. To determine whether the code is safe, a determination is made as to whether the first set of code leaks criticality, including by evaluating one or more code paths corresponding to one or more callers of the first set of code, and by evaluating one or more code paths corresponding to one or more callees of the first set of code.

Abstract: Described is a technology by which a managed web browser control hosts an unmanaged web OLE control to control navigation requests by the unmanaged web OLE control on behalf of partially trusted code. Site locking may be performed to constrain a site to navigation only to other pages within its site, thereby preventing navigation to an undesirable location. In one example, the unmanaged web OLE control communicates information corresponding to a navigation request to the managed web browser control, and the managed web browser control processes the information to establish whether the navigation is to be allowed or blocked. The benefits of site-locking with respect to privacy are also described, as is z-order management to protect against site spoofing.

Abstract: In a computing environment, one may wish to have interoperability between trusted and untrusted controls/plug-ins allowing for richer expression of content and control within a platform. This can be accomplished by allowing an untrusted plug-in to communicate with a trusted plug-in, while having the trusted plug-in exercise control over the platform. This allows for the creation of a layered secure approach of communication with a platform, thus allowing for increased application richness in untrusted third party applications.

Abstract: A resource loader provides resource lookup and redirection to computer software applications. The resource loader allows applications to be written using relative Uniform Resource Identifier (“URI”) rather than hard-coded URI that includes a protocol identified at the beginning of the URI and further indicates the location of the resource in a fully qualified path. During execution, applications may initiate execution of the resource loader that in turn locates and returns the resource to the application. In this way, applications may be written that are agnostic as to how their resources are packaged. That is, a change of resource packaging does not necessitate a re-write of the application source code. In some cases, the resource loader may be accessed by one or more applications through an Application Program Interface (API) provided by the resource loader. The applications may also pass a resource identifier for the desired resource to the resource loader.

Abstract: An architectural software framework is provided for creating Web-style application software incorporating protocols and means for expansion and interfacing with other Web-style programs, as well as a reusable basic programming structure, consisting of abstract and concrete data types, that assist in building Web-style applications. The architectural software framework includes a page function and frame. Each Web-style application includes one or more page functions which communicate via the frame.

Abstract: Described is a technology including an evaluation methodology by which a set of privileged code such as a platform's API method may be marked as being security critical and/or safe for being called by untrusted code. The set of code is evaluated to determine whether the code is security critical code, and if so, it is identified as security critical. Such code is further evaluated to determine whether the code is safe with respect to being called by untrusted code, and if so, is marked as safe. To determine whether the code is safe, a determination is made as to whether the first set of code leaks criticality, including by evaluating one or more code paths corresponding to one or more callers of the first set of code, and by evaluating one or more code paths corresponding to one or more callees of the first set of code.

Abstract: Described is a technology by which a managed web browser control hosts an unmanaged web OLE control to control navigation requests by the unmanaged web OLE control on behalf of partially trusted code. Site locking may be performed to constrain a site to navigation only to other pages within its site, thereby preventing navigation to an undesirable location. In one example, the unmanaged web OLE control communicates information corresponding to a navigation request to the managed web browser control, and the managed web browser control processes the information to establish whether the navigation is to be allowed or blocked. The benefits of site-locking with respect to privacy are also described, as is z-order management to protect against site spoofing.

Abstract: Described is a method and system by which a computer program window is sized based on the content to display. The window may automatically resize itself as content changes. When laying out an element tree of elements that contain the content, the elements provide desired size information to a parent container, and so on, up to the root element (e.g., a window). If a window property is set to size to the content, a window size is computed during layout, having a height and/or width based on the child elements plus X and Y deltas for a window non-client area and borders. Logic attached to window message handling controls changes to the content/window, such as to automatically resize for changed content, and to selectively turn off or persist the size to content property. Sizing to content may be programmatically limited to one dimension, with the other dimension fixed.

Abstract: Described are security critical data containers for platform code, comprising a Get container and Set container that allow data to be marked as security critical for critical usage of that data, but left unmarked for non-critical usage. The number of critical methods in the code is reduced, facilitating better code analysis. A container's method may be marked as security critical, with the only access to the data via the method. By using a generic class for a Get container, access to the critical data only occurs through the property on the class, which is marked as critical. The field pointing to the generic class instance need not be critical, whereby initialization or existence checking may remain non-critical. The Set container handles security critical situations such as data that controls whether code can elevate permissions; a set method is marked as critical, while other methods can be accessed by non-critical code.

Abstract: An extensible editor allows integration of extensions that modify the editor's default behavior and provide customized feedback to users. The editor includes interfaces through which extensions are connected to the editor and through which selection services and highlight rendering services are provided. The selection services interfaces provide a clear separation of a logical selection position in the document and the visual feedback provided for the selection, allowing extensions to be designed that provide customized selection feedback. The highlight rendering services interfaces provide an extension with the ability to augment an existing selection without modifying the actual document. The editor also includes an event routing model that works to decrease the occurrence of conflicts between the editor and extensions and between extensions. Upon the occurrence of an event, the editor routes the event to each extension before the editor's default handling of the event occurs.

Abstract: Software programming models are provided for supporting host-environment agnostic content that can be hosted in different hosting environments (e.g., browser or window) without needing to rewrite the content. The models comprise a host-environment abstraction wrapper that provides a transparent layer of abstraction between content and host-environment specific instructions. The host-environment abstraction wrapper supports the use of host-environment independent interaction instructions or declarative statements in content by invoking host-environment specific implementation details on behalf of the content. The host-environment independent interaction instructions represent particular interactions between some content and a hosting environment, but do not provide host-environment implementation instructions that are specific to any particular hosting environment.

Abstract: Software programming models are provided for supporting host-environment agnostic content that can be hosted in different hosting environments (e.g., browser or window) without needing to rewrite the content. The models comprise a host-environment abstraction wrapper that provides a transparent layer of abstraction between content and host-environment specific instructions. The host-environment abstraction wrapper supports the use of host-environment independent interaction instructions or declarative statements in content by invoking host-environment specific implementation details on behalf of the content. The host-environment independent interaction instructions represent particular interactions between some content and a hosting environment, but do not provide host-environment implementation instructions that are specific to any particular hosting environment.

Abstract: A platform that provides the ability for a developer to specify different synchronicity properties for navigations within the same application is disclosed. This includes the ability to specify synchronicity globally for the entire application, to specify different synchronicities on different navigation windows within the application, and on different frames within the same navigation window. It also includes the ability to override the synchronicity of a navigation window or frame for a specific hyperlink or navigation without changing the property for other navigations within the same navigation window or frame. Two classes of navigation objects (navigation window and frame) and computer-implemented methods for retrieving and rendering data are disclosed. The navigation objects include a synchronicity attribute that dictates whether the object will render data synchronously (i.e., at one time after the data has been retrieved) or asynchronously (i.e.

Abstract: A method and system for validating access to a group of related elements are described. The elements within the group access a security context associated with a markup domain when a call is made to an element. An authorized call to an element is enabled such that the markup domain is navigated to a new web page. However, an unauthorized call is prevented so that the navigation to the new web page is not permitted. After the markup domain has been navigated, the security context associated with the markup domain is invalidated. A new security context is generated and associated with the markup domain. The elements associated with the web page navigated from are inaccessible after navigation of the markup domain to the new page. The association of the new security context with the markup domain prevents an unauthorized user from accessing any element that references the previous security context.