Gail Frederick

Technologies are shown for network attribution tracking for a multi-legged transaction. In accordance with some aspects, a first token is provided to a first partner service. A token request is received from a second partner service, wherein the token request includes the first token. A second token is associated with the first token, and the second token is provided to the second partner service. A transaction is attributed to the first partner service and the second partner service based on the association of the second token with the first token.

The disclosure relates to a multi-legged network attribution using tracking tokens and attribution stack. Technologies are shown for network attribution tracking for a multi-legged transaction that involve receiving a tracking token registration request from a partner service, generating a tracking token associated with the partner service, adding an entry to an attribution stack for a transaction, where the entry associates the tracking token with the partner service, and returning the tracking token to the partner service. Receiving a tracking token request can include determining whether the tracking token request includes a previously generated tracking token and using the previously generated tracking token to identify the attribution stack for the transaction. Adding an entry to an attribution stack for a transaction can include adding the entry to the attribution stack identified for the transaction. Attribution for a transaction can be obtained by accumulating attribution entities from each entry in the attribution stack identified for the transaction.

Technologies are shown for trust delegation that involve receiving a first request from a subject client and responding by sending a first token having first permissions to the subject client. A second request from a first actor includes the first token and responding involves linking the first actor to the subject client in a trust stack and sending a second token to the first actor with second permissions, the second token being a first complex token that identifies the subject client and the first actor. A third request from a second actor includes the second token and responding to the third request involves linking the second actor to the first actor in the trust stack, and sending a third token to the second actor partner with third permissions, the third token being a second complex token that identifies the first actor and the second actor.

Risk assessment in an authentication service is performed where an authorization request is received from a third-party application. Risk assessment policies for the authorization request are determined based on a class of the third-party application. The risk assessment policies are applied to the authorization request to determine an action to be performed for the authorization request, such as sending an authorization message in response to the authorization request or taking a remedial action (e.g., suspending the application, limiting the available actions, or sending a notification to a trusted security application).

Technologies are shown for network attribution tracking for a multi-legged transaction that involve receiving a tracking token registration request from a partner service, generating a tracking token associated with the partner service, adding an entry to an attribution stack for a transaction, where the entry associates the tracking token with the partner service, and returning the tracking token to the partner service. Receiving a tracking token request can include determining whether the tracking token request includes a previously generated tracking token and using the previously generated tracking token to identify the attribution stack for the transaction. Adding an entry to an attribution stack for a transaction can include adding the entry to the attribution stack identified for the transaction. Attribution for a transaction can be obtained by accumulating attribution entities from each entry in the attribution stack identified for the transaction.

Technologies are shown for trust delegation that involve receiving a first request from a subject client and responding by sending a first token having first permissions to the subject client. A second request from a first actor includes the first token and responding involves linking the first actor to the subject client in a trust stack and sending a second token to the first actor with second permissions, the second token being a first complex token that identifies the subject client and the first actor. A third request from a second actor includes the second token and responding to the third request involves linking the second actor to the first actor in the trust stack, and sending a third token to the second actor partner with third permissions, the third token being a second complex token that identifies the first actor and the second actor.

Systems and methods for transforming an API authorization to a UX session are provided. An authorization server receives, from a third-party application developed by a third-party, a request to access a user experience (UX) session on behalf of a user. The request comprises an access token previously granted by the authorization server to the third-party application in response to consent, by the user, to allow the third-party application to perform actions on behalf of the user. In one embodiment, this previous authorization comprises an Open Authorization (OAuth). In response to receiving the request the authorization server transforms the access token into a single sign on (SSO) link with a session token. The authorization server then returns the SSO link that includes the session token the third-party application hosted by the third-party. The SSO link causes the third-party application to redirect the user to the UX session corresponding to the SSO link.

Technologies are shown for trust delegation that involve receiving a first request from a subject client and responding by sending a first token having first permissions to the subject client. A second request from a first actor includes the first token and responding involves linking the first actor to the subject client in a trust stack and sending a second token to the first actor with second permissions, the second token being a first complex token that identifies the subject client and the first actor. A third request from a second actor includes the second token and responding to the third request involves linking the second actor to the first actor in the trust stack, and sending a third token to the second actor partner with third permissions, the third token being a second complex token that identifies the first actor and the second actor.

Technologies are shown for application risk assessment in an authentication service where an authorization request is received from a third party application calling an Application Programming Interface (API). Risk assessment policies that pertain to behavioral characteristics, such as API usage patterns or past delegation of permissions, are applied to the authorization request to obtain a risk assessment score. If the risk assessment score does not exceed a risk threshold, then an authorization message is sent in response to the authorization request. If the risk assessment score exceeds the risk threshold, then remedial action, such as suspending the application, limiting the available actions, or sending a notification to a trusted security application, is executed for an account associated with the third party application. Machine learning can be applied to historical behavioral data to generate the risk assessment policies.

Systems and methods for transforming an API authorization to a UX session are provided. An authorization server receives, from a third-party application developed by a third-party, a request to access a user experience (UX) session on behalf of a user. The request comprises an access token previously granted by the authorization server to the third-party application in response to consent, by the user, to allow the third-party application to perform actions on behalf of the user. In one embodiment, this previous authorization comprises an Open Authorization (OAuth). In response to receiving the request the authorization server transforms the access token into a single sign on (SSO) link with a session token. The authorization server then returns the SSO link that includes the session token the third-party application hosted by the third-party. The SSO link causes the third-party application to redirect the user to the UX session corresponding to the SSO link.

Aspects of the present disclosure relate to a multi-dimensional commerce platform that may be utilized for the communication of data. Aspects of the multi-dimensional commerce platform may include various functional components to facilitate a system to receive inventory data at a first server associated with the multi-dimensional commerce platform, provide a second server associated with a third-party (e.g., a third party seller/distributor) access to the inventory data, alter or modify the inventory data based on attributes of the second server, and cause display of a presentation of the modified inventory data at a client device.

Technologies are shown for trust delegation that involve receiving a first request from a subject client and responding by sending a first token having first permissions to the subject client. A second request from a first actor includes the first token and responding involves linking the first actor to the subject client in a trust stack and sending a second token to the first actor with second permissions, the second token being a first complex token that identifies the subject client and the first actor. A third request from a second actor includes the second token and responding to the third request involves linking the second actor to the first actor in the trust stack, and sending a third token to the second actor partner with third permissions, the third token being a second complex token that identifies the first actor and the second actor.

Aspects of the present disclosure relate to a multi-dimensional commerce platform that may be utilized for the communication of data. Aspects of the multi- dimensional commerce platform may include various functional components to facilitate a system to receive inventory data at a first server associated with the multi-dimensional commerce platform, provide a second server associated with a third-party (e.g., a third party seller/distributor) access to the inventory data, alter or modify the inventory data based on attributes of the second server, and cause display of a presentation of the modified inventory data at a client device.