Abstract: An efficient, logical and expressive type system is provided for flexibly defining types of a declarative programming language so that efficient and structurally compact data intensive applications can be generated. The type system supports the combination of refinement types and type membership expressions, as well as a top type that encompasses all valid values as members. With the type system, types can be expressed as intersections and/or unions of other types. Thus, types can be efficiently represented for a full range of types of data as may be found in real world data stores.

Abstract: An efficient, logical and expressive type system supports the combination of refinement types and type membership expressions, as well as a top type that encompasses all valid values as members. A bidirectional type checking algorithm is provided for the type system including synthesis and checking steps to statically verify types of code based on the type system.

Abstract: Manual management of server farms is expensive. Low-level tools and the sheer complexity of the task make it prone to human error. By providing a typed interface using service combinators for managing server farms it is possible to improve automated server farm management. Metadata about a server farm is obtained, for example, from disk images, and this is used to generate a typed environment interface for accessing server farm resources. Scripts are received, from a human operator or automated process, which use the environment interface and optionally also pre-specified service combinators. The scripts are executed to assemble and link together services in the server farm to form and manage a running server farm application. By using typechecking server farm construction errors can be caught before implementation.

Abstract: A security language expresses assertions and authorization queries in a manner that facilitates logic resolution. In an example implementation, assertion syntax and authorization query syntax are described. In another example implementation, checks on the safety of assertions and authorization queries are described. In yet another example implementation, semantics rules are described.

Abstract: Security language constructs may be translated into logic language constructs and vise versa. Logic resolution may be effected using, for example, the logic language constructs. In an example implementation, translation of a security language assertion into at least one logic language rule is described. In another example implementation, translation of a proof graph reflecting a logic language into a proof graph reflecting a security language is described. In yet another example implementation, evaluation of a logic language program using a deterministic algorithm is described.

Abstract: One or more fact qualifiers may be associated with an assertion in security scenarios. In an example implementation, each respective assertion may be associated with a respective fact qualifier in a security token having multiple assertions. In another example implementation, a fact qualifier of a first assertion may be checked or disregarded based on whether a corresponding second assertion includes a fact qualifier check constraint. In yet another example implementation, an assertion made by an assertor may be associated with multiple fact qualifiers.

Abstract: In an example implementation, a bifurcated security scheme has a first level that does not allow usage of negations and a second level that does permit usage of negations. In another example implementation, an authorization query table maps respective resource-specific operations to respective associated authorization queries. In yet another example implementation, authorization queries are permitted to have negations, but individual assertions are not.

Abstract: The delegation of rights may be controlled in a number of manners. In an example implementation, a delegation authority assertion is formulated with a delegator principle, a delegatee principal, a verb phrase, a resource, and a delagation-directive verb. In another example implementation, a delegation mechanism involving an assertor, a first principal, and a second principal enables a delegation to be specifically controlled. In yet another example implementation, a chained delegation mechanism enables explicit control of a permitted transitive chaining depth.

Abstract: A security scheme enables control over variables that are expressed in security assertions. In an example implementation, a security type is implicitly assigned to variables based on their syntactic position within a given assertion. In another example implementation, a security scheme enforces strong variable typing such that each variable in an assertion binds to only a single security type. In yet another example implementation, a security scheme constrains the binding behavior of two variables with respect to each other.

Abstract: Security assertion revocation enables a revocation granularity in a security scheme down to the level of individual assertions. In an example implemenation, a security token includes multiple respective assertions that are associated with multiple respective assertion identifiers. More specifically, each individual assertion is associated with at least one individual assertion identifier.

Abstract: A protective package system for containing a delivery cartridge for volatile substances such as fragrances, deodorizers, air fresheners and the like, wherein the cartridge includes an active ingredient reservoir with a permeable surface through which substances may move from the reservoir. The packaging system preferably includes a cartridge container having a storage area for receiving the cartridge, and a substantially open top with an outer periphery. A peelable lid is sealingly attached to the outer periphery of the container, and a blotter is attached to at least a portion of the inner surface of the peelable lid and preferably spaced inwardly from the outer edge of the lid so as not to interfere with the sealing attachment of the lid to the container. The blotter is thereby held in face-to-face contact with the permeable surface of the cartridge within the packaging system when the lid is in sealed condition and remains captively attached to the lid upon opening of the packaging system.