TODO:

* nicer exception handling than ASSERT
* implementation of UBF(B) and (C).
* auditing for recognition errors (this /is/ a one-night hack,
  after all)
* auditing for security errors


;;  arch-tag: "bc95a29f-e9e0-11d7-ad53-000c76244c24"
