[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: Definition of Reference Model (Was RE: [soa-rm] Definition of "Service Consumer")
Kind Regards,
Joseph Chiusano
Booz Allen Hamilton
Joseph:
We should not re-define what a reference model
is. The term has
industry accepted connotations. A Reference
Model is NOT implement able
directly. It does not include the necessary
level of detail to build
anything with other than architecture. If it
did, then by definition it
would not be a reference model. A reference
model is also not
restrictive by nature. You may add more things to the
core set as you
require them.
Your email does bring up an interesting
and recurring theme however.
Perhaps in addition to a reference model,
it would be useful to deliver
a user guide/framework for development.
We may have to consider at
least a separate FAQ or similar as we
progress. I do suspect however,
that most software architects
understand how to use a RM.
There will also be plenty of opportunity to
build architecture in this
TC as a Sub TC. I had a request yesterday
for a group to start a Sub TC
within this TC to concentrate on a concrete
architecture for a very
specific field, using the SOA RM as their
guide. I hope that we have at
least 2-3 of these as time goes
on.
Other comments inline:
Chiusano Joseph wrote:
>This
definition does not state that only "mandatory" concepts are
>included,
but rather implies it through its reference to "a small number
>of
unifying concepts". I recommend that at this point, since our
>definition
of "reference model" is being used as a filter for everything
>- and so
many things are (perhaps justifiably!) being "kicked out" of it
>- we gain
consensus on what we believe "reference model" means.
>
If something is
not a unifying concept for all things SOA, it should not
be in the RM however
this does raise the chicken and egg question. How
do we determine if
something is SOA before the RM is complete? There is
no quantitative
way to determine if something is or isn't SOA.
Accordingly, the types
of discussions we are having are very healthy
IMO. I enjoy the fact
that we have all types of opinions on this list
to consider.
>I
bring this up because I have seen cases where reference models are not
>as
restrictive as the one that we are heading toward (but maybe they
>should
be?). I am also (frankly) concerned that we might be developing
>something
that is - and I don't mean this in a pejorative sense - too
>"academic"
and not implementable in real-world settings.
>
A RM by definition is
abstract, therefor you may correctly imply
"academic". It is very
useful to those who develop architecture.
>I also wonder if it might
be more valuable process-wise to concentrate
>on concrete architectures,
and then determine from among those concrete
>architectures what concepts
are mandatory, what are optional etc. - that
>is, to build our reference
model from outward-in, instead of the
>opposite which I believe is our
current process.
>
>
This is what we have been and should
continue to do. We are scouring
all things claiming to be or perceived
to be SOA and trying to determine
what are the common elements in those, how
to describe them in an
abstract manner and what the relationships amongst
those things
are.
Duane
>Thoughts?
>
>Joe
>
>Joseph
Chiusano
>Booz Allen Hamilton
>Visit us online@ http://www.boozallen.com
>
>
>
>
>>-----Original
Message-----
>>From: Ken Laskey [mailto:klaskey@mitre.org]
>>Sent:
Monday, April 11, 2005 9:02 PM
>>To: Matthew MacKenzie
>>Cc:
'Frank McCabe'; Duane Nickull;
>>soa-rm@lists.oasis-open.org;
vikas@sonoasystems.com; Chiusano
>>Joseph; 'Andrew
Nash'
>>Subject: Re: [soa-rm] Definition of "Service
Consumer"
>>
>>Let's leave this as an open issue, if we
may. Except for a
>>very simple, very closed system, I cannot
imagine a viable
>>SOA in a real environment without security. I
am willing to
>>be educated about situations where security can
legitimately
>>be skipped, but I don't think it can be left out of a
useful RM.
>>
>>Ken
>>
>>On Apr 11, 2005, at
3:32 PM, Matthew MacKenzie
wrote:
>>
>>
>>
>>>I
don't believe that all SOAs do or will have security. I think
we
>>>should simply not mention it. This is, after all, an
abstract
>>>reference model. We can produce the warmNfuzzy
that
having
>>>
>>>
>>a
security
>>
>>
>>>component adds
in our own SOA designs that are
identifiable
>>>
>>>
>>with
the
>>
>>
>>>SOA-RM.
>>>
>>>-matt
>>>
>>>On
11-Apr-05, at 12:28 PM, Duane Nickull
wrote:
>>>
>>>
>>>
>>>>Ken:
>>>>
>>>>I
am not 100% sure about this. I would like to research this on
a
>>>>more philosophical basis. Not all SOA's use explicit
security
>>>>protocols (the internet doesn't). The
fundamental philosophical
>>>>question may be " does the explicit
statement
conveying
>>>>
>>>>
>>the
absence
>>
>>
>>>>of any
security still imply a security
model"?
>>>>
>>>>The danger in saying "yes" is
that it opens the door for more
>>>>"things" to be part of the
RM.
>>>>
>>>>I would like to mull this over and do
some research. I
am
>>>>
>>>>
>>sure
Matt
>>
>>
>>>>has a good
answer
;-)
>>>>
>>>>Duane
>>>>
>>>>Ken
Laskey
wrote:
>>>>
>>>>
>>>>
>>>>>Moreover,
the question is whether all SOAs SHOULD
have
>>>>>
>>>>>
>>security
and
>>
>>
>>>>>whether
that needs to be captured in the RM. As
noted,
>>>>>
>>>>>
>>secuirty
is
>>
>>
>>>>>often just
tacked on and that may not be sufficient
for
>>>>>
>>>>>
>>*any*
SOA to
>>
>>
>>>>>be
successful.
>>>>>
>>>>>Ken
>>>>>
>>>>>At
02:27 PM 4/11/2005, Duane Nickull
wrote:
>>>>>
>>>>>
>>>>>
>>>>>>The
RM does not support security models. A
reference
>>>>>>
>>>>>>
>>model
is used
>>
>>
>>>>>>to
guide the design of architecture that may include
specific
>>>>>>security protocols or models. Our
requirement must be to ensure
>>>>>>that nothing we place
in the RM makes any
specific
>>>>>>
>>>>>>
>>security
model
a
>>
>>
>>>>>>requirement
(since not all SOA's have security) and
to
>>>>>>
>>>>>>
>>ensure
that
>>
>>
>>>>>>we do
not preclude a specific type of security model from
being
>>>>>>used.
>>>>>>Duane
>>>>>>
>>>>>>Vikas
Deolaliker
wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>>I
think the question should be how many different types
of
>>>>>>>security models will this RM
support?
>>>>>>>Vikas
>>>>>>>
>>>>>>>--
>>>>>>>
>>>>>>>
>>>>>>--
>>>>>>***********
>>>>>>Senior
Standards Strategist - Adobe Systems, Inc. -
>>>>>>http://www.adobe.com Vice Chair - UN/CEFACT
Bureau Plenary -
>>>>>>http://www.unece.org/cefact/ Adobe
Enterprise
Developer
>>>>>>
>>>>>>
>>Resources
>>
>>
>>>>>>-
http://www.adobe.com/enterprise/developer/main.html
>>>>>>***********
>>>>>>
>>>>>>
>>>>>>
>>>>>--
>>>>>
>>>>>
>>>>>
>>--------------------------------------------------------------------
>>
>>
>>>>>-
>>>>>------------
>>>>>
/ Ken
Laskey
>>>>>
>>>>>
>>
>>
>>
>>>>>
\
>>>>> | MITRE Corporation, M/S
H305 phone: 703-883-7934
|
>>>>> | 7515 Colshire
Drive
fax:
>>>>>
>>>>>
>>703-883-1379
>>
>>
>>>>>
|
>>>>> \ McLean VA
22102-7508
>>>>>
>>>>>
>>
>>
>>
>>>>>
/
>>>>>
>>>>>
>>>>>
>>>>>
>>--------------------------------------------------------------------
>>
>>
>>>>>-
>>>>>-------------
>>>>>
>>>>>
>>>>>
>>>>>
>>>>--
>>>>***********
>>>>Senior
Standards Strategist - Adobe Systems, Inc. -
>>>>http://www.adobe.com Vice Chair - UN/CEFACT
Bureau Plenary -
>>>>http://www.unece.org/cefact/ Adobe
Enterprise
Developer
>>>>
>>>>
>>Resources
-
>>
>>
>>>>http://www.adobe.com/enterprise/developer/main.html
>>>>***********
>>>>
>>>>
>>>>
>>>
>>>
>>--------------------------------------------------------------
>>----------
>>------------------
>>Ken
Laskey
>>MITRE Corporation, M/S H305
phone: 703-883-7934
>>7515 Colshire
Drive
fax: 703-883-1379
>>McLean VA
22102-7508
>>
>>
>>
>>
>
>
>
--
***********
Senior
Standards Strategist - Adobe Systems, Inc. - http://www.adobe.com
Vice Chair - UN/CEFACT
Bureau Plenary - http://www.unece.org/cefact/
Adobe
Enterprise Developer Resources - http://www.adobe.com/enterprise/developer/main.html
***********
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]