Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.

Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.

Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.

Abstract: Techniques to perform federated authentication are described. An apparatus may comprise a resource server may have an authentication proxy component to perform authentication operations on behalf of a client. The authentication proxy component comprises an authentication handling module operative to receive an authentication request to authenticate the client using a basic authentication protocol. The authentication proxy component also comprises an authentication discovery module communicatively coupled to the authentication handling module, the authentication discovery module operative to discover an identity server for the client.

Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.

Abstract: Techniques to perform federated authentication are described. An apparatus may comprise a resource server may have an authentication proxy component to perform authentication operations on behalf of a client. The authentication proxy component comprises an authentication handling module operative to receive an authentication request to authenticate the client using a basic authentication protocol. The authentication proxy component also comprises an authentication discovery module communicatively coupled to the authentication handling module, the authentication discovery module operative to discover an identity server for the client.

Abstract: A method of building an offline address book (OAB). An OAB data file and a table of attributes are generated at a server. The data file and table are transferred from the server to a client. The transferred data file and table are indexed by the client.

Abstract: Mechanisms for updating an address book. A first computing system generates an address book update file format and provides the file to a second computing system. The file format contains several data fields. One of the data fields consists of a configurable list of attribute property identifications. These property identifications represent address book information such as e-mail address, phone number, first name, surname, and the like. A second data field comprises contact data that includes at least some of the properties identified by the configurable list. Changes to the information contained in the address book update may be made by simply adding or deleting attribute property identifications. This has the effect of allowing modifications to the address book file format without having to generate a new file format.

Abstract: Disclosed is a method for persisting an offline address book in a Unicode compatible format without changing the underlying file formats, record representations, and low level string comparisons. By storing the text information in UCS Transformation Format-8 (UTF-8), Unicode strings can be represented in 8-bit widths and thus are interpreted as just another multi byte character representation. Additionally the offline address book files can still be efficiently searched using the same algorithms for text searching as long as the search key is converted to UTF-8 first.