Abstract: A request to store a container image is received from a device associated with a customer of a computing resource service provider. Validity of a security token associated with the request is authenticated using a cryptographic key maintained as a secret by the computing resource service provider. One or more layers of the container image is built based at least in part on at least one build artifact to form a set of built layers. The software image including the set of built layers is stored in a repository associated with the customer. A manifest of metadata for the set of built layers is stored in a database of a structured data store. The container image is obtained in the form of an obtained container image. The obtained container image is deployed as the software container in at least one virtual machine instance associated with the customer.

Abstract: Catheter-based delivery systems for delivery and retrieval of a leadless pacemaker include features to facilitate improved manipulation of the catheter and improved capture and docking functionality of leadless pacemakers. Such functionality includes mechanisms directed to deflecting and locking a deflectable catheter, maintaining tension on a retrieval feature, protection from anti-rotation, and improved docking cap and drive gear assemblies.

Abstract: A leadless biostimulator including an attachment feature to facilitate precise manipulation during delivery or retrieval is described. The attachment feature can be monolithically formed from a rigid material, and includes a base, a button, and a stem interconnecting the base to the button. The stem is a single post having a transverse profile extending around a central axis. The transverse profile can be annular and can surround the central axis. The leadless biostimulator includes a battery assembly having a cell can that includes an end boss. A tether recess in the end boss is axially aligned with a face port in the button to receive tethers of a delivery or retrieval system through an inner lumen of the stem. The attachment feature can be mounted on and welded to the cell can at a thickened transition region around the end boss. Other embodiments are also described and claimed.

Abstract: Disclosed are various embodiments for browser-based payment for content. A first request for content is sent to a network content server. A response protocol header is received indicating that a payment is sought for the content in response to the first request. Payment manager code integral to a browser or a browser plug-in is executed in response to receiving the response protocol header. A payment-signifying token is received from a payment provider in response to consummating the payment. A second request for the content is sent to the network content server, where the second request includes a request protocol header specifying the payment-signifying token. The content is received from the network content server in response to the second request.

Abstract: A request to store a container image is received from a device associated with a customer of a computing resource service provider. Validity of a security token associated with the request is authenticated using a cryptographic key maintained as a secret by the computing resource service provider. One or more layers of the container image is built based at least in part on at least one build artifact to form a set of built layers. The software image including the set of built layers is stored in a repository associated with the customer. A manifest of metadata for the set of built layers is stored in a database of a structured data store. The container image is obtained in the form of an obtained container image. The obtained container image is deployed as the software container in at least one virtual machine instance associated with the customer.

Abstract: A request to store, in first data store associated with a customer of a computing resource service provider, a software image is received, the request including a set of layers of the software image to be stored. As a result of successful authentication of the request, based at least in part on a security token included with the request, a subset of layers of the software image that have not previously been stored in the first data store are determined, based at least in part on first metadata obtained from a second data store, the subset of layers in the first data store are stored, second metadata about the subset of layers are stored in the second data store, and the software image is caused to be launched in a software container of an instance based at least in part on the subset of layers.

Abstract: Disclosed are various embodiments for browser-based payment for content. A first request for content is sent to a network content server. A response protocol header is received indicating that a payment is sought for the content in response to the first request. Payment manager code integral to a browser or a browser plug-in is executed in response to receiving the response protocol header. A payment-signifying token is received from a payment provider in response to consummating the payment. A second request for the content is sent to the network content server, where the second request includes a request protocol header specifying the payment-signifying token. The content is received from the network content server in response to the second request.

Abstract: Disclosed are various embodiments for browser-based payment for content. A request for content is obtained from a client. It is determined whether a payment is sought for the content. It is determined whether a payment-signifying token is presented in a request protocol header of the request. A response protocol header indicating that the payment is sought is returned to the client in response to the request when the payment is sought for the content and the payment-signifying token is not presented in the request protocol header. The content is returned to the client in response to the request when the payment is sought for the content and the payment-signifying token is presented in the request protocol header.

Abstract: Catheter-based delivery systems for delivery and retrieval of a leadless pacemaker include features to facilitate improved manipulation of the catheter and improved capture and docking functionality of leadless pacemakers. Such functionality includes mechanisms directed to deflecting and locking a deflectable catheter, maintaining tension on a retrieval feature, protection from anti-rotation, and improved docking cap and drive gear assemblies.

Abstract: A system, method, apparatus, and computer program product for a privacy ensured brokered identity federation system. The privacy ensured brokered identity federation system connects a user in a brokered identity federation environment that blinds relying parties (RP) from credential service providers (CSP), blinds CSPs from RPs, and blinds a user's identity and data from the federation middleware hubs. The system utilizes ring signatures to attest to CSPs that a valid RP of the federation is making a request. The process utilizes CSP ring signatures to assure RPs that a valid CSP of the federation has provided a response. The process utilizes per transaction encryption keys created by the RP to ensure the federation has no access to data messages. It can further ensure that only the correct RP can decrypt a CSP response.

Abstract: A request to a scan a software image for specified criteria is received, the software image comprising layers stored in a first data store. Metadata in a second data store, different from the first data store, is searched through to obtain information corresponding to the software image. A first set of the layers that matches the specified criteria is determined, based at least in part on the information. The first set of layers is marked as un-referenceable. Asynchronous to fulfillment of the request, a second set of layers of the layers to be deleted is determined, based at least in part on the metadata, the second set of layers including layers marked as un-referenceable, and the second set of layers is deleted.

Abstract: Tracking waiting lists associated with merchants and presenting deals to users based on adding the users to waiting lists is described. A service provider may enable merchants to track waiting lists associated with their own services and services of other merchants. Users may be automatically added to waiting lists of merchants based at least in part on a service provider determining that a user is at a geographic location of a merchant. Based at least in part on adding a user to a waiting list for a particular merchant, the service provider may access and select deals from one or more alternative merchants. The one or more alternative merchants may not have waiting lists or may have waiting lists with fewer groups than the waiting list for the particular merchant. The service provider may offer the deals to the user via a user device.

Abstract: A software image associated with a first customer of a computing resource service provider and criteria for identifying an event is received, the software image comprising a set of layers. The set of layers is stored in a first data store to form a stored set of layers, the first data store being physically located in a first region. The set of layers is copied to a second data store to form a copied set of layers, the second data store being physically located in a second region different from the first region. The copied set of layers is launched as a container executing in an instance that is physically located in the second region, and, as a result of identifying an occurrence of the event, the container is caused to be unavailable to an entity associated with the instance.

Abstract: Catheter-based delivery systems for delivery and retrieval of a leadless pacemaker include features to facilitate improved manipulation of the catheter and improved capture and docking functionality of leadless pacemakers. Such functionality includes mechanisms directed to deflecting and locking a deflectable catheter, maintaining tension on a retrieval feature, protection from anti-rotation, and improved docking cap and drive gear assemblies.

Abstract: A rich client performs single sign-on (SSO) to access a web- or cloud-based application. According to the described SSO approach, the rich client delegates to its native application server the task of obtaining a credential, such as a SAML assertion. The native server, acting on behalf of the user, obtains an assertion from a federated identity provider (IdP) that is then returned to the rich client. The rich client provides the assertion to a cloud-based proxy, which presents the assertion to an identity manager to attempt to prove that the user is entitled to access the web- or cloud-based application using the rich client. If the assertion can be verified, it is exchanged with a signed token, such as a token designed to protect against cross-site request forgery (CSRF). The rich client then accesses the web- or cloud-based application making a REST call that includes the signed token. The application, which recognizes the request as trustworthy, responds to the call with the requested data.

Abstract: A secure database includes a catalog of information about one or more identity providers (IdPs) that are trusted by a service provider (SP) to authenticate users on the SP's behalf. The catalog securely stores one or more IdP configurations. An entry in the database stores information associated with the trusted IdP including artifacts to identify the IdP, artifacts used by the IdP for cryptographic operations, and a specification of one or more website(s) serviced by the trusted identity provider. Upon receipt by the SP of identity information representing a user that has authenticated to an IdP, information in the catalog of information is used to determine whether the IdP is trusted to authenticate the user on the service provider's behalf. The determination verifies that the SP uses the IdP and that a binding between an IdP identifier and at least one IdP cryptographic artifact is valid.

Abstract: A request to a scan a software image for specified criteria is received, the software image comprising layers stored in a first data store. Metadata in a second data store, different from the first data store, is searched through to obtain information corresponding to the software image. A first set of the layers that matches the specified criteria is determined, based at least in part on the information. The first set of layers is marked as un-referenceable. Asynchronous to fulfillment of the request, a second set of layers of the layers to be deleted is determined, based at least in part on the metadata, the second set of layers including layers marked as un-referenceable, and the second set of layers is deleted.

Abstract: A request to store, in first data store associated with a customer of a computing resource service provider, a software image is received, the request including a set of layers of the software image to be stored. As a result of successful authentication of the request, based at least in part on a security token included with the request, a subset of layers of the software image that have not previously been stored in the first data store are determined, based at least in part on first metadata obtained from a second data store, the subset of layers in the first data store are stored, second metadata about the subset of layers are stored in the second data store, and the software image is caused to be launched in a software container of an instance based at least in part on the subset of layers.

Abstract: A software image associated with a first customer of a computing resource service provider and criteria for identifying an event is received, the software image comprising a set of layers. The set of layers is stored in a first data store to form a stored set of layers, the first data store being physically located in a first region. The set of layers is copied to a second data store to form a copied set of layers, the second data store being physically located in a second region different from the first region. The copied set of layers is launched as a container executing in an instance that is physically located in the second region, and, as a result of identifying an occurrence of the event, the container is caused to be unavailable to an entity associated with the instance.