Abstract: Methods for differencing and conversion of software application containers are performed by systems and devices. An initiation instruction that identifies an application container image associated with an operating system is received, and a request for the container image is provided to a repository. The container image is received and a converter extracts a portion of the container image and generates another container image of the application associated with a different operating system and that includes the extracted container image portion. Difference operations are performed on layers of different container images to isolate base layers, and application artifacts are identified for conversions in layers above the operating system. Similarly, container images are converted on the basis of processor instruction sets via binary translations, and applications native to different operating systems are generated based on original container images.

Abstract: Methods for differencing and conversion of software application containers are performed by systems and devices. An initiation instruction that identifies an application container image associated with an operating system is received, and a request for the container image is provided to a repository. The container image is received and a converter extracts a portion of the container image and generates another container image of the application associated with a different operating system and that includes the extracted container image portion. Difference operations are performed on layers of different container images to isolate base layers, and application artifacts are identified for conversions in layers above the operating system. Similarly, container images are converted on the basis of processor instruction sets via binary translations, and applications native to different operating systems are generated based on original container images.

Abstract: Embodiments are directed to defining a query expression over a dynamic system model and to transforming a dynamically built query expression into a simplified, canonical form. A computer system receives various user inputs that are to be included as part of a query expression for querying a dynamic system model. The dynamic system model is queryable to determine features provided by a service hosted by a back-end server. The computer system dynamically builds the query expression based on both the received inputs and the available features provided by the service as indicated by the dynamic system model. The query expression also includes metadata structures representing those features of the service which are provided by the service. The computer system also queries across the dynamic system model using the dynamically built query expression to retrieve and provide the service features requested in the received user input.

Abstract: Embodiments are directed to defining a query expression over a dynamic system model and to transforming a dynamically built query expression into a simplified, canonical form. A computer system receives various user inputs that are to be included as part of a query expression for querying a dynamic system model. The dynamic system model is queryable to determine features provided by a service hosted by a back-end server. The computer system dynamically builds the query expression based on both the received inputs and the available features provided by the service as indicated by the dynamic system model. The query expression also includes metadata structures representing those features of the service which are provided by the service. The computer system also queries across the dynamic system model using the dynamically built query expression to retrieve and provide the service features requested in the received user input.

Abstract: Embodiments are directed to implementing a dynamically changeable system model that is customizable per version, programmatically generating system models at runtime and to extending a programmatically generated system model. In an embodiment, a computer system determines that a dynamically changeable system model corresponds to a managed system. The dynamically changeable system model includes various managed system objects. The computer system indicates for the dynamically changeable system model which managed system objects are available in each version of the managed system. The available managed system objects are stored in a data store of the dynamically changeable system model.

Abstract: A system for managing updates of an executable component in accordance with an updating tree with multiple branches is provided. In one implementation, specific updates are provided to users with specific problems while general updates are provided to all users of the executable component. A range of lower version numbers is reserved for the general updates. When a specific update with a version number higher than those in the reserved range has been installed on a computing device, an installer may prevent a new general update with a lower version number to be installed. The installer may determine a new specific update corresponding to the general update and provide an indication to the user to install this new specific update instead of the general update. This multi-branch update delivery system enables users to elect to receive only updates that are necessary.

Abstract: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.

Abstract: Embodiments are directed to defining a query expression over a dynamic system model and to transforming a dynamically built query expression into a simplified, canonical form. A computer system receives various user inputs that are to be included as part of a query expression for querying a dynamic system model. The dynamic system model is queryable to determine features provided by a service hosted by a back-end server. The computer system dynamically builds the query expression based on both the received inputs and the available features provided by the service as indicated by the dynamic system model. The query expression also includes metadata structures representing those features of the service which are provided by the service. The computer system also queries across the dynamic system model using the dynamically built query expression to retrieve and provide the service features requested in the received user input.

Abstract: Embodiments are directed to implementing a dynamically changeable system model that is customizable per version, programmatically generating system models at runtime and to extending a programmatically generated system model. In an embodiment, a computer system determines that a dynamically changeable system model corresponds to a managed system. The dynamically changeable system model includes various managed system objects. The computer system indicates for the dynamically changeable system model which managed system objects are available in each version of the managed system. The available managed system objects are stored in a data store of the dynamically changeable system model.

Abstract: Embodiments are directed to combining service operations with various managed system objects to form a new dynamic programming interface combination and determining valid dynamic programming interface combinations. A computer system determines which service operations are offered by a selected managed system. The selected managed system is configured to provide various services comprising multiple different service operations. The computer system determines that managed system objects of the managed system are to be combined with at least one of the service operations. The computer system also combines the service operation with the managed system object, so that a new dynamic programming interface combination is created. The new dynamic programming interface combination is configured for use by the services offered by the managed system.

Abstract: A system for managing updates of an executable component in accordance with an updating tree with multiple branches is provided. In one implementation, specific updates are provided to users with specific problems while general updates are provided to all users of the executable component. A range of lower version numbers is reserved for the general updates. When a specific update with a version number higher than those in the reserved range has been installed on a computing device, an installer may prevent a new general update with a lower version number to be installed. The installer may determine a new specific update corresponding to the general update and provide an indication to the user to install this new specific update instead of the general update. This multi-branch update delivery system enables users to elect to receive only updates that are necessary.

Abstract: A system for managing updates of an executable component in accordance with an updating tree with multiple branches is provided. In one implementation, specific updates are provided to users with specific problems while general updates are provided to all users of the executable component. A range of lower version numbers is reserved for the general updates. When a specific update with a version number higher than those in the reserved range has been installed on a computing device, an installer may prevent a new general update with a lower version number to be installed. The installer may determine a new specific update corresponding to the general update and provide an indication to the user to install this new specific update instead of the general update. This multi-branch update delivery system enables users to elect to receive only updates that are necessary.

Abstract: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.

Abstract: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.

Abstract: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.

Abstract: A system and method for employing a key exchange key to facilitate secure communication is provided. The key exchange key can be employed, for example, to encrypt and/or decrypt dialog session key(s) that are used to encrypt and/or decrypt message(s) that form a dialog between an initiator system and target system. In one example, a key exchange key is unique to a service pair, while a dialog session key is unique to a particular dialog between the service pair. The system can facilitate end-to-end encryption of message data in a dialog—the message data is encrypted at one dialog endpoint and not decrypted until it reaches the other dialog endpoint. The system can be employed to facilitate secure dialog with minimal performance overhead when compared with conventional system(s). Optionally, the system can facilitate load balancing (e.g., among deployed instances of a service).

Abstract: A system and method that facilitate secure communication employing dialog session keys that can be shifted unilaterally is provided. A key exchange key can further be employed to encrypt and/or decrypt the dialog session keys that are used to encrypt and/or decrypt message(s) that form a dialog between services. For example, the key exchange key can be unique to a service pair, while a first dialog session key is unique to message(s) originated by a first service, and, a second dialog session key is unique to message(s) originated by a second service. The system allows the dialog session keys to be independently managed by each endpoint (e.g., service). This makes updating the dialog session key very easy and lightweight compared to other messaging systems, where both endpoints must agree on the updated session key. An endpoint can shift the dialog session key for message(s) it originates based on a dialog session key policy (e.g.

Abstract: A system for managing updates of an executable component in accordance with an updating tree with multiple branches is provided. In one implementation, specific updates are provided to users with specific problems while general updates are provided to all users of the executable component. A range of lower version numbers is reserved for the general updates. When a specific update with a version number higher than those in the reserved range has been installed on a computing device, an installer may prevent a new general update with a lower version number to be installed. The installer may determine a new specific update corresponding to the general update and provide an indication to the user to install this new specific update instead of the general update. This multi-branch update delivery system enables users to elect to receive only updates that are necessary.

Abstract: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.

Abstract: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.