OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: The Hal/David model


I have updated the use case team's domain model as a result of today's use
case telecon.  Excellent progress all!

Cheers,
Dave

> -----Original Message-----
> From: Orchard, David [mailto:dorchard@jamcracker.com]
> Sent: Monday, March 12, 2001 8:32 PM
> To: security-services@lists.oasis-open.org
> Subject: RE: The Hal/David model
> 
> 
> I have updated the domain model as best I can with the various emails,
> glossary, pdfs, etc. that are available.  I don't yet have a 
> usable copy of
> Visio, so the diagram will come from togetherJ for the near future.
> 
> This is an imperfect job as I was a bit overwhelmed by the 
> glossary and all
> the discussions on terminology differences.  I started bottom-up (what
> glossary terms are required) rather than try to fit all the 
> glossary terms
> in the diagram.  
> 
> I have liberally and flagrantly infringed copyrights by copying some
> material from the mailing list(s) and the glossary.  I also 
> copied from the
> glossary rather than refering to it, so that reviewers could 
> combine all
> their comments together.   I also added issues where 
> definitions seemed
> vague/confusing/etc.
> 
> This is complete in that every item and major relationship 
> listed in the
> class diagram has a glossary entry.   
> 
> Process going forward: I expect that once we come to 
> agreement on what we
> mean by terms, we can then push them back to the glossary.  
> Please provide
> plenty of feedback to the group on this.
> 
> Suggestion for the use case chair and subcommittee: Very soon 
> we start only
> allowing conversations about terms that are in the 
> glossary/domain model.  I
> have been scanning various e-mails and notice many different 
> synonyms, which
> I (and I'm sure other readers) would find confusing.  I 
> suggest that the set
> of requirements we are now balloting is a candidate for this. 
>  Terms like
> subject, policy-based disclosure, subject security 
> attributes, parties,
> disclosure,  run-time, sharing, etc. are not currently in the 
> domain model,
> nor in the glossary.  One person's run-time is another 
> persons compile-time,
> etc.  Let's define these terms or not use them at all.
> 
> Dave Orchard
> XML Architect
> Jamcracker Inc.,    19000 Homestead Dr., Cupertino, CA 95014
> p: 408.864.5118     m: 604.908.8425    f: 408.725.4310
> 
> www.jamcracker.com - Sounds like a job for Jamcracker.
> 
> > -----Original Message-----
> > From: Eve L. Maler [mailto:eve.maler@east.sun.com]
> > Sent: Friday, March 09, 2001 9:04 AM
> > To: security-services@lists.oasis-open.org
> > Subject: The Hal/David model
> > 
> > 
> > People who attended F2F #1 will recall the diagram that Hal 
> > Lockhart drew 
> > up on the whiteboard.  It was something he and David Orchard 
> > came up with 
> > to help the use-case group settle on terminology and a rough 
> > model of the 
> > "things" we're discussing.  Fred Moses worked from his notes 
> > to create the 
> > following electronic version, which reflects a bit more of 
> > the discussion 
> > we had that day:
> > 
> >    http://oasis-open.org/committees/security/docs/sstcach1.gif
> > 
> > I'm sure we need more revisions to this diagram, but I would 
> > like to work 
> > towards consensus on the names for things and the 
> > relationships between 
> > them.  Please use this thread to discuss it, and we will take 
> > it up as a 
> > topic at the 20 March telecon.
> > 
> > For starters:
> > 
> > - On Tuesday, we discussed separating each box so that 
> > there's no hint of 
> > chronology.  This could mean, e.g., duplicating the "1" 
> > callout so that 
> > it's shown separately as the output of a credential collector 
> > and the input 
> > to an authentication authority.
> > 
> > - I think the policy balloons should largely be in the "Not 
> > SAML" layer 
> > above.  Or is the XACML discussion precisely about whether 
> > some of these 
> > balloons should be in scope?  Can we give distinct names to 
> > the different 
> > types of policies?
> > 
> > - What exactly do the input/output letters above refer to?
> > 
> > - I think we *may* have consensus that the "SAML" box should 
> > cover more 
> > stuff to the left, e.g., it should cover the authentication 
> > authority.  Comments?
> > 
> > - Do we have consensus that SAML should cover the PEP box?
> > 
> > Thanks to Fred for making this version; I think Hal and David 
> > should now 
> > take up any revisions we ask for.
> > 
> > 	Eve
> > --
> > Eve Maler                                             +1 
> 781 442 3190
> > Sun Microsystems XML Technology Development  eve.maler @ 
> east.sun.com
> > 
> > 
> > ------------------------------------------------------------------
> > To unsubscribe from this elist send a message with the single word
> > "unsubscribe" in the body to: 
> > security-services-request@lists.oasis-open.org
> > 
> 
> 

draft-sstc-use-domain-02.doc



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC