A system for validating an authorization request to facilitate controlling access to content or computer commands, in which the access is requested by multiple entities operated on discrete computing environments. The techniques make use of a system including a switchboard and a rule engine that collect parameter sets required for validation from the entities and dynamically generate a lock and key combination based on the collected parameter sets. The key of the lock and key combination allows the system to validate each entity independently regardless of the required parameters specified in the lock and key combination.

Using an action registry to edit data across users and devices is described. In one or more implementations, a user editing data in an application requests to share the data with another user or another device for further editing. Responsive simply to the request or based on an exchange of content transfer information, the data is communicated to the selected user or device. Using information maintained by an action registry, a list of applications capable of editing the data is presented to the selected user or via the selected device. Upon selection of an application from the list, the selected application is launched. Once changes are made to the data by the selected user or device, those changes can be saved and the changed data automatically returned to the original user and/or device. The changed data can then be automatically presented to the original user or on the original device.

Aspects of the present disclosure include systems and methods for generating and managing user authentication rules of a computing device. In an example, a computing device may include a memory storing instructions and a processor communicatively coupled with the memory and configured to execute the instructions. The processor may determine a state of the computing device, wherein the state of the computing device is one of a locked state or an unlocked state. The processor may determine a user authentication rule corresponding to the state of the computing device. The processor may also identify whether a combination of signals associated with the user authentication rule of the computing device are received by the computing device. The processor may also change or maintain the state of the computing device based on the combination of signals being received.

A capability-based data processing architecture (100) integrating an attesting module (120) are disclosed, together with subroutines for: securing the booting phase of a replicated or unreplicated subsystem (150) of computing units (130, 140) in the architecture and attesting to same; for adding and removing computing units (140) to and from booted systems 150; for relabelling authentication tokens when the booted subsystem (150) comprises computing units; for sealing and unsealing a memory storing data structures that are processed by the other subroutines described herein; and for recovering a booted subsystem (150) beset by faults.

Managing organization disconnections from a shared resource of a communication platform is described. In a sharing approval repository of a communication platform, a shared resource can be associated with a host organization identifier and a non-host organization identifier. In an example, in response to receiving, from a user computing device associated with the host organization identifier or the non-host organization identifier, a resource disconnection request comprising a disconnecting organization identifier and a resource identifier associated with the shared resource, the sharing approval repository can be updated to add a disconnection indication for the resource identifier in association with the disconnecting organization identifier. The disconnection indication can restrict access, of users of a disconnected organization, to data associated with the shared resource that is stored in a live shared resource repository and can cause a static shared resource to be presented based on a selection input corresponding to the shared resource.

A data security and fraud prevention system is configured to transmit a web form to a first device, receive through the web form first data including first user private data associated with a first user, receive a request to share the web form with a second user, create a cache storage and an unique identifier associated with the web form, and mask the first user private data to prevent access to the first user private data by the second user. The data security and fraud prevention system is further configured to encrypt the unique identifier, generate a share session between the first device and a second device associated with the second user, receive through the web form second data including second user private data associated with the second user, mask the second user private data to prevent access to the second user private data by the first user, and aggregate the first data and the second data to complete the web form.

A method to incorporate a first edit and a second edit into an electronic document includes receiving the first edit and the second edit having a shared position in the electronic document, and determining whether the second edit is privileged relative to the first edit. The method further includes responsive to determining that the second edit is not privileged relative to the first edit, requiring the second edit to be independently accepted prior to incorporating the second edit into the electronic document, and responsive to determining that the second edit is privileged relative to the first edit, incorporating the second edit into the electronic document without requiring the second edit to be independently accepted, and responsive to receiving an acceptance of the first edit, causing the first edit and the second edit to be incorporated into the electronic document.

A first server computing device, including a processor configured to receive, from a first application instance, a first access request for a file. The first access request may include a first modification privilege request and a modification privilege sharing request. The processor may determine that the file is not locked for editing and grant the first application instance access to the file with modification privileges indicated by the first modification privilege request and without modification privilege sharing permissions indicated by the modification privilege sharing request. The processor may set the file to be locked for editing. The processor may receive, from a second application instance, a second access request including a second modification privilege request. The processor may determine that the file is locked for editing and deny the second application instance access to the file.

Media, methods, and systems are disclosed for generating a document from a workflow within a group-based communication system. A document may be created from a document template in response to a workflow trigger. The document may have a plurality of structured sections and a plurality of unstructured sections. Unstructured input may be received into an unstructured section and saved into the document. Structured input may be received into a structured section. Based on the structured input, a step of a workflow associated with the document may be performed and a result saved into the document.

A system for validating an authorization request to facilitate controlling access to content or computer commands, in which the access is requested by multiple entities operated on discrete computing environments. The techniques make use of a system including a switchboard and a rule engine that collect parameter sets required for validation from the entities and dynamically generate a lock and key combination based on the collected parameter sets. The key of the lock and key combination allows the system to validate each entity independently regardless of the required parameters specified in the lock and key combination.