摘要:
A method and system for establishing a connection with a server after a connection has been broken is provided. A connection system in a service layer of a client detects that a connection between the client and the server has been broken. Upon detecting the broken connection, the connection system of the service layer automatically attempts to re-establish an application-level connection to the server. If the connection system can re-establish an application-level connection to the server, then it need not notify the application layer of the broken connection.
摘要:
In an embodiment, techniques for sustaining session connections are provided. The techniques send heartbeat messages when not sending a message may cause the session connection to close because of a timeout condition. Heartbeat messages are valid transport layer messages that will be ignored by protocols at higher levels of a data communications stack. As an example, the techniques may send a TCP message containing only a carriage return and line feed (“CRLF”) in its payload. Because the TCP layer considers a message containing only a CRLF to be a valid TCP message, intermediary computing devices such as proxy servers may not interpret heartbeat messages as “keep alive” messages, and may sustain session connections.
摘要:
Open federation security techniques with rate limits are described. An apparatus may include a network interface operative to communicate messages, and a secure open federation (SOF) module operative to manage a message rate between multiple federated networks. The SOF module may comprise a peer authentication module operative to determine whether a peer making the message is an untrusted peer. The SOF module may comprise a peer rate tracking module operative to retrieve a message rate value and a message rate limit value associated with the untrusted peer, and compare the message rate value with the message rate limit value to form a threat status indicator value. The SOF module may comprise a peer authorization module operative to authorize communication of the message based on the threat status indicator value. Other embodiments are described and claimed.
摘要:
Open federation security techniques with rate limits are described. An apparatus may include a network interface operative to communicate messages, and a secure open federation (SOF) module operative to manage a message rate between multiple federated networks. The SOF module may comprise a peer authentication module operative to determine whether a peer making the message is an untrusted peer. The SOF module may comprise a peer rate tracking module operative to retrieve a message rate value and a message rate limit value associated with the untrusted peer, and compare the message rate value with the message rate limit value to form a threat status indicator value. The SOF module may comprise a peer authorization module operative to authorize communication of the message based on the threat status indicator value. Other embodiments are described and claimed.
摘要:
Techniques to protect from open enhanced federation user enumeration are described. An apparatus may include a network interface operative to establish connections. The access edge server may further include an open enhanced federation (OEF) module communicatively coupled to the network interface. The OEF module may be operative to manage connections between multiple federated networks. In one embodiment, for example, the OEF module may comprise a peer authentication module operative to determine whether a peer making the request is an untrusted peer domain. The OEF module may further comprise a peer tracking module operative to retrieve a total request number and a total limit number associated with the untrusted peer, and compare the total request number with the total limit number to form a threat status indicator value. The OEF module may also comprise a peer authorization module operative to authorize the request based on the threat status indicator value. Other embodiments are described and claimed.
摘要:
Techniques to protect from open enhanced federation user enumeration are described. An apparatus may include a network interface operative to establish connections. The access edge server may further include an open enhanced federation (OEF) module communicatively coupled to the network interface. The OEF module may be operative to manage connections between multiple federated networks. In one embodiment, for example, the OEF module may comprise a peer authentication module operative to determine whether a peer making the request is an untrusted peer domain. The OEF module may further comprise a peer tracking module operative to retrieve a total request number and a total limit number associated with the untrusted peer, and compare the total request number with the total limit number to form a threat status indicator value. The OEF module may also comprise a peer authorization module operative to authorize the request based on the threat status indicator value. Other embodiments are described and claimed.
摘要:
In an embodiment, techniques for sustaining session connections are provided. The techniques send heartbeat messages when not sending a message may cause the session connection to close because of a timeout condition. Heartbeat messages are valid transport layer messages that will be ignored by protocols at higher levels of a data communications stack. As an example, the techniques may send a TCP message containing only a carriage return and line feed (“CRLF”) in its payload. Because the TCP layer considers a message containing only a CRLF to be a valid TCP message, intermediary computing devices such as proxy servers may not interpret heartbeat messages as “keep alive” messages, and may sustain session connections.