Gail Frederick

Technologies are shown for trust delegation that involve receiving a first request from a subject client and responding by sending a first token having first permissions to the subject client. A second request from a first actor includes the first token and responding involves linking the first actor to the subject client in a trust stack and sending a second token to the first actor with second permissions, the second token being a first complex token that identifies the subject client and the first actor. A third request from a second actor includes the second token and responding to the third request involves linking the second actor to the first actor in the trust stack, and sending a third token to the second actor partner with third permissions, the third token being a second complex token that identifies the first actor and the second actor.

Technologies are shown for application risk assessment in an authentication service where an authorization request is received from a third party application calling an Application Programming Interface (API). Risk assessment policies that pertain to behavioral characteristics, such as API usage patterns or past delegation of permissions, are applied to the authorization request to obtain a risk assessment score. If the risk assessment score does not exceed a risk threshold, then an authorization message is sent in response to the authorization request. If the risk assessment score exceeds the risk threshold, then remedial action, such as suspending the application, limiting the available actions, or sending a notification to a trusted security application, is executed for an account associated with the third party application. Machine learning can be applied to historical behavioral data to generate the risk assessment policies.

Systems and methods for transforming an API authorization to a UX session are provided. An authorization server receives, from a third-party application developed by a third-party, a request to access a user experience (UX) session on behalf of a user. The request comprises an access token previously granted by the authorization server to the third-party application in response to consent, by the user, to allow the third-party application to perform actions on behalf of the user. In one embodiment, this previous authorization comprises an Open Authorization (OAuth). In response to receiving the request the authorization server transforms the access token into a single sign on (SSO) link with a session token. The authorization server then returns the SSO link that includes the session token the third-party application hosted by the third-party. The SSO link causes the third-party application to redirect the user to the UX session corresponding to the SSO link.

Aspects of the present disclosure relate to a multi-dimensional commerce platform that may be utilized for the communication of data. Aspects of the multi-dimensional commerce platform may include various functional components to facilitate a system to receive inventory data at a first server associated with the multi-dimensional commerce platform, provide a second server associated with a third-party (e.g., a third party seller/distributor) access to the inventory data, alter or modify the inventory data based on attributes of the second server, and cause display of a presentation of the modified inventory data at a client device.

Technologies are shown for trust delegation that involve receiving a first request from a subject client and responding by sending a first token having first permissions to the subject client. A second request from a first actor includes the first token and responding involves linking the first actor to the subject client in a trust stack and sending a second token to the first actor with second permissions, the second token being a first complex token that identifies the subject client and the first actor. A third request from a second actor includes the second token and responding to the third request involves linking the second actor to the first actor in the trust stack, and sending a third token to the second actor partner with third permissions, the third token being a second complex token that identifies the first actor and the second actor.

Aspects of the present disclosure relate to a multi-dimensional commerce platform that may be utilized for the communication of data. Aspects of the multi- dimensional commerce platform may include various functional components to facilitate a system to receive inventory data at a first server associated with the multi-dimensional commerce platform, provide a second server associated with a third-party (e.g., a third party seller/distributor) access to the inventory data, alter or modify the inventory data based on attributes of the second server, and cause display of a presentation of the modified inventory data at a client device.