Abstract: A generic approach to extending the authentication and authorization capabilities of a client-server application (e.g., a VPN) without any code changes. To this end, the application is augmented with an authentication mechanism comprising a pair of cooperating components: an authentication agent that is associated with (and hooks into) the client-side of the application, and an authentication server that is associated with the server-side. In operation, the authentication server issues commands to the authentication agent to acquire all required data from the user, device or host environment, and the authentication agent (hooked into the VPN client) scrapes requests originating from the authentication server and injects (e.g., by auto-fill) the appropriate responses into the VPN client UI for transmission back through the VPN server and to the authentication server. The commands and responses are communicated using a challenge-response protocol (e.g., RADIUS) implemented by the VPN client-server.

Abstract: A system and method include exposing, via an application programming interface, an advertising identifier to an online advertising network executing by at least one microprocessor of a computing device. The advertising identifier is associated with a user profile and is associated with a set of packaged web applications associated with the user profile. The system automatically restricts the set of packaged web applications from accessing the advertising identifier by sandboxing a process within each of the set of packaged web applications that utilizes the advertising identifier.

Abstract: A method includes declaring, in a manifest of an application, a document URL type. The application is configured for native operation outside a web browser on a user's computing device and is coded to open a document corresponding to a document URL which conforms to the declared document URL type in the manifest. The method further includes providing the application for installation on the user's computing device.

Abstract: A method includes receiving a packaged application's request for access to a user's cloud- or network-based account. The packaged application runs outside a web browser on a computing device. If there is an outstanding user consent to access by the packaged application to the user's cloud- or network-based account, the method includes returning an access token to the packaged application. The access token gives the packaged application access to the user's cloud- or network-based account. If there is no outstanding user consent to access by the packaged application to the user's cloud- or network-based account, the method includes presenting a web-based user consent dialog in a webview container in an identity component application installed on the computing device.

Abstract: A generic approach to extending the authentication and authorization capabilities of a client-server application (e.g., a VPN) without any code changes. To this end, the application is augmented with an authentication mechanism comprising a pair of cooperating components: an authentication agent that is associated with (and hooks into) the client-side of the application, and an authentication server that is associated with the server-side. In operation, the authentication server issues commands to the authentication agent to acquire all required data from the user, device or host environment, and the authentication agent (hooked into the VPN client) scrapes requests originating from the authentication server and injects (e.g., by auto-fill) the appropriate responses into the VPN client UI for transmission back through the VPN server and to the authentication server. The commands and responses are communicated using a challenge-response protocol (e.g., RADIUS) implemented by the VPN client-server.