Abstract: An application host (such as a web application server) may execute a set of applications on behalf of a set of users. Such applications may not be fully trusted, and a two-way isolation of the distributed resources of an application (e.g., the executing application, the application user interface on the user's computer, and server- and client-side stored resources) from other applications may be desirable. This isolation may be promoted utilizing the cross-domain restriction policies of each user's computer by allocating a distinct subdomain of the application host for each application. The routing of network requests to a large number of distinct subdomains may be economized by mapping all distinct subdomains to the address of the domain of the application host. Moreover, the application user interfaces may be embedded in an isolation construct (e.g., an IFRAME HTML element) to promote two-way isolation among application user interfaces and client-side application resources.

Abstract: Variety of approaches to provide dynamic schedule creation based on a knowledge are described. A hosted service initiates operations to provide dynamic schedule creation upon receiving a request to generate a schedule for a team. Next, a schedule information associated with the team is retrieved from a scheduling data provider. Furthermore, the hosted service retrieves an expertise information and a scheduling preference information associated with the team from a personnel data provider. The schedule is generated based on the scheduling information, the expertise information, and/or the scheduling preference information. The schedule is provided for a presentation to a manager of the team.

Abstract: Variety of approaches to provide a workflow management with location, temporal, and biometric information are described. A scheduling service initiates operations to provide the workflow management upon receiving a start task signal from a client device of an employee at a start time-period associated with a task. The start task signal includes a biometric identifier associated with the employee, a location of the client device, and a task identifier of the task. The task is identified within a schedule using the task identifier. The schedule is composed by a manager of the employee. The biometric identifier is verified as matching the employee. The location of the client device is confirmed as within a geo-fenced area designated to the task. A status of the task is recorded as started within the schedule.

Abstract: An application host (such as a web application server) may execute a set of applications on behalf of a set of users. Such applications may not be fully trusted, and a two-way isolation of the distributed resources of an application (e.g., the executing application, the application user interface on the user's computer, and server- and client-side stored resources) from other applications may be desirable. This isolation may be promoted utilizing the cross-domain restriction policies of each user's computer by allocating a distinct subdomain of the application host for each application. The routing of network requests to a large number of distinct subdomains may be economized by mapping all distinct subdomains to the address of the domain of the application host. Moreover, the application user interfaces may be embedded in an isolation construct (e.g., an IFRAME HTML element) to promote two-way isolation among application user interfaces and client-side application resources.

Abstract: An application host (such as a web application server) may execute a set of applications on behalf of a set of users. Such applications may not be fully trusted, and a two-way isolation of the distributed resources of an application (e.g., the executing application, the application user interface on the user's computer, and server- and client-side stored resources) from other applications may be desirable. This isolation may be promoted utilizing the cross-domain restriction policies of each user's computer by allocating a distinct subdomain of the application host for each application. The routing of network requests to a large number of distinct subdomains may be economized by mapping all distinct subdomains to the address of the domain of the application host. Moreover, the application user interfaces may be embedded in an isolation construct (e.g., an IFRAME HTML element) to promote two-way isolation among application user interfaces and client-side application resources.

Abstract: Portions of a computing environment (such as a user's mesh) may restrict accessing to particular types of access by particular applications. The computer may support applications executing within a virtual environment (such as a web browser) by brokering such access through a token-based system. When an application requests a particular type of access (e.g., writing to a particular data object), the computer may contact an authorization server with the credentials of the application to request the specified access, and may receive and store an authorization token. The computer may then access the computing environment with the authorization token, and may return the results to the application within the virtual environment. Additional features may further support such applications; e.g., a programmatic interface may be provided in a familiar language, such as JavaScript, whereby applications can request access to particular data objects and identify authorized access capabilities.

Abstract: Log entries are described that are stored in a log during a log session. In one implementation, a content provider includes a plurality of content servers. Each content server includes a processor and memory that is configured to maintain an application and a log for storing one or more log entries. The application is executable on the processor to process a request from a client. Each of the log entries include a log session identifier (ID) that references a log session that includes the request, data that describes an action performed in the processing of the request, and a log ordering ID representing the sequence in which each said log entry was stored in the log by the content server.

Abstract: An application host (such as a web application server) may execute a set of applications on behalf of a set of users. Such applications may not be fully trusted, and a two-way isolation of the distributed resources of an application (e.g., the executing application, the application user interface on the user's computer, and server- and client-side stored resources) from other applications may be desirable. This isolation may be promoted utilizing the cross-domain restriction policies of each user's computer by allocating a distinct subdomain of the application host for each application. The routing of network requests to a large number of distinct subdomains may be economized by mapping all distinct subdomains to the address of the domain of the application host. Moreover, the application user interfaces may be embedded in an isolation construct (e.g., an IFRAME HTML element) to promote two-way isolation among application user interfaces and client-side application resources.

Abstract: Portions of a computing environment (such as a user's mesh) may restrict accessing to particular types of access by particular applications. The computer may support applications executing within a virtual environment (such as a web browser) by brokering such access through a token-based system. When an application requests a particular type of access (e.g., writing to a particular data object), the computer may contact an authorization server with the credentials of the application to request the specified access, and may receive and store an authorization token. The computer may then access the computing environment with the authorization token, and may return the results to the application within the virtual environment. Additional features may further support such applications; e.g., a programmatic interface may be provided in a familiar language, such as JavaScript, whereby applications can request access to particular data objects and identify authorized access capabilities.

Abstract: Configuration settings are described which may be utilized to indicate a configuration of an application. In an exemplary implementation, a method includes validating a configuration setting of a first application for use with a second application. The configuration setting includes a first field and a first description of a first condition for the first field. The second application is composed of computer instructions that include an attribute. The attribute provides a second description of a second condition for a second field. If the first field corresponds to the second field, then the first description of the first condition is compared with the second description of the second condition to determine whether the first condition is met by the second condition. If the first condition is met, the configuration setting is determined to be valid for use with the second application.