Abstract: A system is disclosed that provides the ability for a resource residing in one tenancy of a cloud service provider infrastructure (CSPI) to use the identity of a higher-level resource upon which the resource is built to access other resources residing in another tenancy of the CSPI. The system obtains a first identity associated with the first resource that is provisioned in a first tenancy of the CSPI and obtains a first token for the first resource. The system executes instructions to obtain a second identity associated with a second resource upon which the first resource is built. The second resource resides in a second tenancy of the CSPI. The system obtains a second identity associated with the second resource and obtains a second token for the first resource. The first resource uses the second token to access resources that reside in the second tenancy of the CSPI.

Abstract: A system is disclosed that includes capabilities by which a nested sub-resource residing in a service tenancy can access a customer-owned resource residing in a customer tenancy without the use of a cross-tenant policy. The disclosed system provides the ability for a nested sub-resource residing in a service tenancy to obtain the resource principal identity of a higher-level resource residing in the customer tenancy and use the identity of the higher-level resource to access a customer-owned resource residing in the customer tenancy. Using the resource principal identity of its higher-level resource, the sub-resource can access a customer-owned resource that resides in a customer tenancy in a seamless way without having to write a cross-tenancy policy statement that provides permission to the sub-resource to access the customer-owned resource.

Abstract: A system is disclosed that includes capabilities by which a nested sub-resource residing in a service tenancy can access a customer-owned resource residing in a customer tenancy without the use of a cross-tenant policy. The disclosed system provides the ability for a nested sub-resource residing in a service tenancy to obtain the resource principal identity of a higher-level resource residing in the customer tenancy and use the identity of the higher-level resource to access a customer-owned resource residing in the customer tenancy. Using the resource principal identity of its higher-level resource, the sub-resource can access a customer-owned resource that resides in a customer tenancy in a seamless way without having to write a cross-tenancy policy statement that provides permission to the sub-resource to access the customer-owned resource.

Abstract: Techniques for consent-driven access management include: receiving, from a requestor, a request for consent for an actor to access a target set of resources in a cloud environment; identifying a consent workflow that specifies a name and/or an attribute of a set of one or more users from which to obtain respective approvals of the consent request; traversing the consent workflow to obtain the respective approvals from the set of one or more users; determining that one or more access policies, separate from the consent workflow, permit the actor to access the target set of resources; where access by the actor to the target set of resources is conditioned on both (a) obtaining the respective approvals from the set of one or more users and (b) determining that the one or more access policies, separate from the consent workflow, permit the actor to access the target set of resources.

Abstract: A method for monitoring and evaluating the photocatalytic activity of a photocatalytic substance is described. The method includes dispersing particles of the photocatalytic substance in a 4-hydroxy-2,2,6,6-tetramethylpiperidine-N-oxyl (TEMPOL) solution to form a photocatalytic suspension; introducing a gas composition to a reactor containing the photocatalytic suspension in the dark to form a purged photocatalytic suspension; illuminating the purged photocatalytic suspension with a light to initiate a photocatalytic reaction and generate a reactive oxygen species (ROS) that is detectable by an electron paramagnetic resonance (EPR) spectrometer; introducing a portion of the purged photocatalytic suspension to the EPR cell in the cavity of the EPR spectrometer to generate an EPR signal and recirculating the portion of the purged photocatalytic suspension back to the reactor; reacting TEMPOL with the ROS to form a EPR silent compound; continuously recording the EPR signal.

Abstract: The present embodiments include new methods for low-cost inertial measurement units (IMU) using an extended Kalman filter (EKF) to increase the navigation parameters accuracy or reduce the total RMS errors even during the unavailability of Above Ground Markers (AGM) using new developed method called PipeLine Junctions (PLJ) detection. This method detects the pipeline junctions and adds heading and pitch constraints to the Pipeline Inspection Gauge (PIG) motion between junctions. The results of this such embodiments with a micro-electro-mechanical systems (MEMS) based IMU showed that the position RMS errors have been reduced around 85% of the original applied EKF solution. Therefore, this approach is a useful solution for PIG navigation system.

Abstract: Optical fiber connections and their applications in downhole assemblies are described herein. The downhole assembly includes a well completion element with an end that couples with a corresponding well completion element. An optical fiber extends along at least a portion of the well completion element and transmits an optical signal using a first mode. The well completion element includes an optical fiber connector that is coupled to the optical fiber. The connector also includes a mode converter that receives the optical signal from the optical fiber and converts the optical signal from the first mode to a second larger mode. This second larger mode may be more robustly communicated to a corresponding optical fiber connector affixed to the corresponding well completion element.

Abstract: Techniques are described for enabling resources within a cloud computing system to interact with each other. In certain embodiments, a base identifier assigned to a first resource is extended by mapping the base identifier onto a second identifier assigned to a logical resource that is built upon the first resource. This allows the first resource to have two identities, one identity indicating what the first resource is (e.g., a particular compute instance) and another identity indicating the purpose of the first resource (e.g., operating as a database for a particular tenancy). Consequently, the first resource may be provided with access privileges different from those associated with the base identifier. For example, the first resource may access another resource in the tenancy using the second identifier, but may have no access to the other resource using the base identifier.

Abstract: Techniques are described for enabling resources within a cloud computing system to interact with each other. In certain embodiments, a resource is assigned a digital token that provides certain access privileges for the duration in which the digital token is valid. The digital token permits the resource to have access for a duration sufficient to perform some operation (e.g., run one-time code or the same code periodically on a scheduled basis), but without extending the level of access for significantly longer than necessary to complete the operation. Each time the resource principal is to perform the operation, the token can be reissued to the resource to provide the resource with time-limited access privileges. The use of this short-lived token avoids having to create permanent credentials for the resource.

Abstract: There is provided a surface functionalized with cross linking groups adapted to receive antibodies and/or fragments thereof. The surface has an antibody binding biomolecule having a linker region which is covalently crosslinked to functional groups and an antibody binding region. The surface also has a cell interacting biomolecule having a linker region which is covalently crosslinked to functional groups of the surface and a cell interacting region that imparts functional attributes including cell adhesion, spreading, proliferation, differentiation and/or a functional response. The two biomolecules are present in independently controlled concentrations and have similar small molecular weights.

Abstract: A framework for establishing new regions and/or new realms. For example, techniques for establishing new regions and/or new realms by generating seed data by a seed maker and provisioning the seed data to resources for the new regions and/or new realms.

Abstract: Methods, systems and processor-readable media for classifying human coactivity performed jointly by two humans shown in an image or a sequence of frames of a video. A 2D convolutional neural network is used to identify key points on the human body, such as human body joints, visible within the image or within each frame, for each of the two people performing the coactivity. An encoded representation of the key points is created for each image or frame, the encoded representation being based on distances between the key points of the first person and key points of the second person. The encoded representation for the image, or a concatenated volume of the encoded representations of the frames, is processed by a fully-connected neural network trained to classify the coactivity.

Abstract: A method, processing system and processor-readable medium for classifying human behavior based on a sequence of frames of a digital video. A 2D convolutional neural network is used to identify key points on a human body, such as human body joints, visible within each frame. An encoded representation of the key points is created for each video frame. The sequence of encoded representations corresponding to the sequence of frames is processed by a 3D CNN trained to identify human behaviors based on key point positions varying over time.

Abstract: Techniques are provided for granting an application of a first type of identity system, which uses a first type of identity token, access to a second type of identity system, which uses a second type of identity token. An application can make a request to a token exchange system. The request can include a bearer token and a public key of the application. The token exchange system can exchange the bearer token for a Proof-of-Possession token after performing verification steps. A token exchange system can exchange the first token (e.g., bearer token) for the first identity system for the second token (e.g., Proof-of-Possession token) for the second identity system without requiring entry of credentials to access the second identity system.

Abstract: Optical fiber connections and their applications in downhole assemblies are described herein. The downhole assembly includes a well completion element with an end that couples with a corresponding well completion element. An optical fiber extends along at least a portion of the well completion element and transmits an optical signal using a first mode. The well completion element includes an optical fiber connector that is coupled to the optical fiber. The connector also includes a mode converter that receives the optical signal from the optical fiber and converts the optical signal from the first mode to a second larger mode. This second larger mode may be more robustly communicated to a corresponding optical fiber connector affixed to the corresponding well completion element.

Abstract: Techniques are described for enabling resources within a cloud computing system to interact with each other. In certain embodiments, a token renewal mechanism is provided for extending the duration in which a first resource can access another resource. The token renewal mechanism can involve the first resource periodically causing a new credential to be generated for itself and then communicating the new credential to an identity and access management (IAM) system. The new credential may be generated for compliance with a credential rotation policy specifying that credentials should be changed after a certain period of time. The IAM system may associate a digital access token with the new credential so that for subsequent requests, the IAM system will only recognize the resource principal based upon the new credential. The digital token can be invalidated if a new credential is not changed within the specified period of time.

Abstract: Optical fiber connections and their applications in downhole assemblies are described herein. The downhole assembly includes a well completion element with an end that couples with a corresponding well completion element. An optical fiber extends along at least a portion of the well completion element and transmits an optical signal using a first mode. The well completion element includes an optical fiber connector that is coupled to the optical fiber. The connector also includes a mode converter that receives the optical signal from the optical fiber and converts the optical signal from the first mode to a second larger mode. This second larger mode may be more robustly communicated to a corresponding optical fiber connector affixed to the corresponding well completion element.

Abstract: Techniques are described for enabling resources within a cloud computing system to interact with each other. In certain embodiments, a base identifier assigned to a first resource is extended by mapping the base identifier onto a second identifier assigned to a logical resource that is built upon the first resource. This allows the first resource to have two identities, one identity indicating what the first resource is (e.g., a particular compute instance) and another identity indicating the purpose of the first resource (e.g., operating as a database for a particular tenancy). Consequently, the first resource may be provided with access privileges different from those associated with the base identifier. For example, the first resource may access another resource in the tenancy using the second identifier, but may have no access to the other resource using the base identifier.

Abstract: Techniques are described for enabling resources within a cloud computing system to interact with each other. In certain embodiments, a resource is assigned a digital token that provides certain access privileges for the duration in which the digital token is valid. The digital token permits the resource to have access for a duration sufficient to perform some operation (e.g., run one-time code or the same code periodically on a scheduled basis), but without extending the level of access for significantly longer than necessary to complete the operation. Each time the resource principal is to perform the operation, the token can be reissued to the resource to provide the resource with time-limited access privileges. The use of this short-lived token avoids having to create permanent credentials for the resource.

Abstract: Techniques are described for enabling resources within a cloud computing system to interact with each other. In certain embodiments, a token renewal mechanism is provided for extending the duration in which a first resource can access another resource. The token renewal mechanism can involve the first resource periodically causing a new credential to be generated for itself and then communicating the new credential to an identity and access management (IAM) system. The new credential may be generated for compliance with a credential rotation policy specifying that credentials should be changed after a certain period of time. The IAM system may associate a digital access token with the new credential so that for subsequent requests, the IAM system will only recognize the resource principal based upon the new credential. The digital token can be invalidated if a new credential is not changed within the specified period of time.