Abstract: A federation link is used to facilitate bi-directional identity federation between software applications. The federation link is created to include user and account identity information for software applications having respective authentication providers. The federation link is created by one of the software applications and shared, for example, with the authentication provider of the other software application. The federation link can be utilized by both software applications to facilitate automated user authentication when navigating in either direction between the software applications.

Abstract: A federation link is used to facilitate bi-directional identity federation between software applications. The federation link is created to include user and account identity information for software applications having respective authentication providers. The federation link is created by one of the software applications and shared, for example, with the authentication provider of the other software application. The federation link can be utilized by both software applications to facilitate automated user authentication when navigating in either direction between the software applications.

Abstract: A method scalably authorizes requests. A request to authorize access to a resource is received. A plurality of policies controlling the request is identified. The plurality of policies are concurrently processed. A decision for a policy is received. The decision is of a plurality of decisions corresponding to the plurality of policies. The policy is of the plurality of policies. The decision is determined using a machine learning model and the request. An aggregate decision is generated from the plurality of decisions. A token to access the resource is transmitted in response to the aggregate decision.

Abstract: An apparatus may include a database and a processor in communication with at least one network. The processor may be configured to instantiate an application stack comprising a data missing detector, a data source router, and a response handler. The data missing detector may be configured to receive a request for data and determine whether the data is available from the database. The data source router may be configured to identify an alternate database from which to obtain the data when the data is not available from the database and route the request for data through the at least one network to an alternate processor associated with the alternate database. The response handler may be configured identify responsive data to a routed response received from another processor in the database and send the responsive data to a requesting device. Multiple apparatuses may form a distributed system.

Abstract: In various exemplary embodiments, a system and associated method to perform an adaptive risk-based assessment of a user is disclosed. A method includes receiving a request from a user to perform an action at an electronic marketplace, retrieving a plurality of risk assessment factors associated with the action and the user, performing a risk assessment process on the risk assessment factors to identify a risk mitigation process, requesting that the user perform the identified risk mitigation process, and allowing the user to perform the action in response to the user completing the risk mitigation.

Abstract: A federation link is used to facilitate bi-directional identity federation between software applications. The federation link is created to include user and account identity information for software applications having respective authentication providers. The federation link is created by one of the software applications and shared, for example, with the authentication provider of the other software application. The federation link can be utilized by both software applications to facilitate automated user authentication when navigating in either direction between the software applications.

Abstract: A method may include selecting a cohort of entities for migration from a source storage repository to a target storage repository, obtaining a mapping between a source storage schema of the source storage repository to a target storage schema of the target storage repository, and migrating data for the entities in the cohort. Migrating the data of an entity may include copying, without locking the data in the source storage repository and in the target storage repository, the data from the source storage repository to the target storage repository, verifying, while the data is locked, that the data in the source storage repository is the same as the data in the target storage repository, changing, while the data in the source storage repository and the target storage repository is locked, an entity pointer for the entity to the target storage repository based on the verifying, and unlocking the data.

Abstract: Methods, systems, and programs are presented for securing user-address information. A first memory is configured according to a first table that does not include information about user identifiers. Each entry in the first table includes a physical location identifier and information about a physical location. A second memory is configured according to a second table, where each entry in the second table includes the physical location identifier and an account identifier of a user for accessing a service. The first and second tables are configured to separate profile information from the address information of the user. Additionally, a firewall is configured to control access to the second memory. The firewall defines an authentication zone including the second memory but not the first memory, where access to the second memory by internal services is allowed and direct access by the user to the second memory is denied.

Abstract: A method scalably authorizes requests. A request to authorize access to a resource is received. A plurality of policies controlling the request is identified. The plurality of policies are concurrently processed. A decision for a policy is received. The decision is of a plurality of decisions corresponding to the plurality of policies. The policy is of the plurality of policies. The decision is determined using a machine learning model and the request. An aggregate decision is generated from the plurality of decisions. A token to access the resource is transmitted in response to the aggregate decision.

Abstract: In various example embodiments, a system and method for versioning data in an unstructured data store are presented. The method includes generating a first record in the unstructured data store based on a version of a second record in the unstructured data store. The method further includes initializing a parent version identifier of the first record based on the version of the second record. The method further includes comparing the parent version identifier of the first record to a version identifier of the second record. The method further includes determining whether the first record is consistent based on the comparison.

Abstract: Methods, systems, and programs are presented for securing user-address information. A first memory is configured according to a first table that does not include information about user identifiers. Each entry in the first table includes a physical location identifier and information about a physical location. A second memory is configured according to a second table, where each entry in the second table includes the physical location identifier and an account identifier of a user for accessing a service. The first and second tables are configured to separate profile information from the address information of the user. Additionally, a firewall is configured to control access to the second memory. The firewall defines an authentication zone including the second memory but not the first memory, where access to the second memory by internal services is allowed and direct access by the user to the second memory is denied.

Abstract: Methods, systems, and programs are presented for securing user-address information. A first memory is configured according to a first table that does not include information about user identifiers. Each entry in the first table includes a physical location identifier and information about a physical location. A second memory is configured according to a second table, where each entry in the second table includes the physical location identifier and an account identifier of a user for accessing a service. The first and second tables are configured to separate profile information from the address information of the user. Additionally, a firewall is configured to control access to the second memory. The firewall defines an authentication zone including the second memory but not the first memory, where access to the second memory by internal services is allowed and direct access by the user to the second memory is denied.

Abstract: In various exemplary embodiments, a system and associated method to perform an adaptive risk-based assessment of a user is disclosed. A method includes receiving a request from a user to perform an action at an electronic marketplace, retrieving a plurality of risk assessment factors associated with the action and the user, performing a risk assessment process on the risk assessment factors to identify a risk mitigation process, requesting that the user perform the identified risk mitigation process, and allowing the user to perform the action in response to the user completing the risk mitigation.

Abstract: In various exemplary embodiments, a system and associated method to perform an adaptive risk-based assessment of a user is disclosed. A method includes receiving a request from a user to perform an action at an electronic marketplace, retrieving a plurality of risk assessment factors associated with the action and the user, performing a risk assessment process on the risk assessment factors to identify a risk mitigation process, requesting that the user perform the identified risk mitigation process, and allowing the user to perform the action in response to the user completing the risk mitigation.

Abstract: In various example embodiments, a system and method for versioning data in an unstructured data store are presented. The method includes generating a first record in the unstructured data store based on a version of a second record in the unstructured data store. The method further includes initializing a parent version identifier of the first record based on the version of the second record. The method further includes comparing the parent version identifier of the first record to a version identifier of the second record. The method further includes determining whether the first record is consistent based on the comparison.

Abstract: Systems and methods for multi-dimensional query statement modification are described. A system presents a user interface including a first plurality of graphical elements representing a plurality of activity dimensions to a user. The system detects a user selection of a first activity dimension and a second user selection of a first attribute of the first activity dimension without a selection of the second attribute. The system searches objects using a search query based on the first activity dimension and the first attribute to return search results including a first object published on a network-based publication system by a client. The system provides a notification message to the user responsive to identifying feedback information that is received from a trading partner of the client as transgressing a first threshold. The feedback information is identified based on the first object and the second attribute that is not selected from the user interface.

Abstract: Systems and methods for multi-dimensional query statement modification are described. A system presents a user interface including a first plurality of graphical elements representing a plurality of activity dimensions to a user. The system detects a user selection of a first activity dimension and a second user selection of a first attribute of the first activity dimension without a selection of the second attribute. The system searches objects using a search query based on the first activity dimension and the first attribute to return search results including a first object published on a network-based publication system by a client. The system provides a notification message to the user responsive to identifying feedback information that is received from a trading partner of the client as transgressing a first threshold. The feedback information is identified based on the first object and the second attribute that is not selected from the user interface.

Abstract: Methods, systems, and programs are presented for securing user-address information. A first memory is configured according to a first table that does not include information about user identifiers. Each entry in the first table includes a physical location identifier and information about a physical location. A second memory is configured according to a second table, where each entry in the second table includes the physical location identifier and an account identifier of a user for accessing a service. The first and second tables are configured to separate profile information from the address information of the user. Additionally, a firewall is configured to control access to the second memory. The firewall defines an authentication zone including the second memory but not the first memory, where access to the second memory by internal services is allowed and direct access by the user to the second memory is denied.

Abstract: Methods, systems, and programs are presented for securing user-address information. A first memory is configured according to a first table that does not include information about user identifiers. Each entry in the first table includes a physical location identifier and information about a physical location. A second memory is configured according to a second table, where each entry in the second table includes the physical location identifier and an account identifier of a user for accessing a service. The first and second tables are configured to separate profile information from the address information of the user. Additionally, a firewall is configured to control access to the second memory. The firewall defines an authentication zone including the second memory but not the first memory, where access to the second memory by internal services is allowed and direct access by the user to the second memory is denied.

Abstract: Methods, systems, and programs are presented for securing user-address information. A first memory is configured according to a first table that does not include information about user identifiers. Each entry in the first table includes a physical location identifier and information about a physical location. A second memory is configured according to a second table, where each entry in the second table includes the physical location identifier and an account identifier of a user for accessing a service. The first and second tables are configured to separate profile information from the address information of the user. Additionally, a firewall is configured to control access to the second memory. The firewall defines an authentication zone including the second memory but not the first memory, where access to the second memory by internal services is allowed and direct access by the user to the second memory is denied.