[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [soa-rm-ra] point of action
The action being referred to in a service interaction is not really any private action. As you use a service to do something then you are performing an action. (There may be consequential events that follow that are internal.) That action has a point of action. Note that with the action-at-a-distance analogy getting clarity on when and where the action is performed may be quite important. For example, if you send a message declaring that you have agreed to a contract, from the service provider's PoV, it is not until it 'groks' the message that it considers that you have actually agreed. Frank On Aug 17, 2006, at 7:24 AM, Ken Laskey wrote: > see below > > At 09:18 AM 8/17/2006, Rex Brooks wrote: >> I hope no one is surprised if I quibble with this particular >> definition, which comes close, in my opinion, but fall just short >> of the mark. I take exception with the choice of using the concept >> of force per se, though I do understand and agree with the >> requirement of making "action" transitive. I would apply a small >> bit of mental jiu jitsu on this definition, thus: >> >> Action: the application of 'intent' to achieve an effect by an >> agent on an object. >> >> Thus, the application of "intent" applies equally well to choosing >> to do "nothing" and allow inertia/momentum to achieve an effect, > > but the application of nothing does not require an agent as the > transferral entity if there is nothing to transfer, unless however > you identify the agent as a way of establishing context for your > intended nothing. > >> or to require action by some other agent to achieve, prevent or >> allow an effect. In the study of heuristics, one of the least well >> explored results is exactly this, the intentional refusal to act >> per se, which, I contend, constitutes a decision, which is, in and >> of itself, an action at a choice-point branching of a decision-tree. >> >> BTW, this answers the last question below: Yes! and full >> responsibility or culpability applies. Needless to say, this is >> utterly critical to security. Choose not to apply a patch in time, >> and you are caught holding the hot potato if bad things happen to >> good systems. > > So the follow-up question is: what can be identified as the poa > while still maintaining the SOA principle of opacity of the > implementation of services and their underlying capabilities? > >> Cheers, >> Rex >> >> >> >> At 7:55 AM -0400 8/17/06, Ken Laskey wrote: >>> Some comments from Frank that didn't get back to the list: >>> >>> Ken: >>> The POA *is* the action as it is applied. >>> If the service is the glove, the POA is the iron fist:) >>> >>> Different people have different definitions of action, (try >>> define:action in google). None of these definitions is all that >>> satisfactory to me. >>> My definition is adapted from John Sowa: >>> >>> Action: the application of force by an agent on an object with >>> the intention of achieving an effect. >>> >>> I.e., its a kind of event. The POA is a characterization of that >>> event. (One reason I like this definition is that is includes all >>> human actions but excludes rocks rolling down the hill hitting >>> other rocks.) >>> >>> The service interface is the characterization of what it means >>> to perform an action. It is not the action itself though. >>> >>> Hope that this throws a little light on the matter. >>> Frank >>> >>> Per Danny's response, I think he caught my question well with the >>> final line of his response below: >>> >>>> One question >>>> we can ask is can we identify a point of action >>>> meaningful to the reference architecture that would >>>> not have a service interface? >>> >>> Ken >>> >>> >>> >>> On Aug 17, 2006, at 1:55 AM, Danny Thornton wrote: >>> >>>> To draw another analogy for the point of action, I >>>> know your mind will be the point of action for >>>> processing this e-mail as you read the e-mail. The >>>> e-mail address and the english language is like a >>>> service interface. >>>> >>>> The SOA has many points of action, each point of >>>> action potentially affecting many other points of >>>> action. We can identify points of action in a SOA >>>> relevant to the reference architecture. One question >>>> we can ask is can we identify a point of action >>>> meaningful to the reference architecture that would >>>> not have a service interface? >>>> >>>> Danny >>>> >>>> >>>> --- Ken Laskey <<mailto:klaskey@mitre.org>klaskey@mitre.org> wrote: >>>> >>>>> The following are from my notes at the ftf >>>>> >>>>> Point of Action (poa) >>>>> >>>>> - Frank: anchoring mechanism for numerous >>>>> things, e.g. policy >>>>> enforcement, evaluating needs & capabilities >>>>> >>>>> - Ken: how does poa relate to service >>>>> interface? Frank: >>>>> service interface includes actions you can perform; >>>>> each instance of >>>>> use consists of performing action; actual action is >>>>> poa; interface >>>>> vs. poa is class vs. instance relationship; the >>>>> physical action is >>>>> the point of action >>>>> >>>>> - [Ken] Given a policy is a desire of one >>>>> participant and an >>>>> agreement as part of the execution context for >>>>> participants to abide >>>>> by that policy (i.e. the other participant(s) agree >>>>> to make that >>>>> policy theirs), the policy enforcement point becomes >>>>> the point of >>>>> action for enforcing the agreed-upon policy. >>>>> >>>>> - [Frank alternative] A policy is a constraint >>>>> that represents >>>>> the desire of a participant. A contract is a >>>>> constraint that >>>>> represents the agreed desires of two or more >>>>> participants. A [policy] >>>>> enforcement point is the point of action for >>>>> enforcing constraints >>>>> that represent either policies or contracts. >>>>> >>>>> >>>>> I've reread this and am still having problems >>>>> differentiating between >>>>> service interface and point of action. It appears >>>>> that poa is more >>>>> general because it is the location to which a user >>>>> would send a >>>>> command for action. If the receiver is a service, >>>>> then the poa would >>>>> seem to be the service interface. In the policy >>>>> example, if the >>>>> enforcement mechanism is accessed through a service, >>>>> the PEP could be >>>>> said to have a service interface. >>>>> >>>>> I still seem to be missing something. >>>>> >>>>> Ken >>>>> >>>>> --- >>>>> Ken Laskey >>>>> MITRE Corporation, M/S H305 phone: 703-983-7934 >>>>> 7515 Colshire Drive fax: >>>>> 703-983-1379 >>>>> McLean VA 22102-7508 >>>>> >>>>> >>>>> >>>> >>>> >>>> __________________________________________________ >>>> Do You Yahoo!? >>>> Tired of spam? Yahoo! Mail has the best spam protection around >>>> <http://mail.yahoo.com>http://mail.yahoo.com >>> >>> --- >>> Ken Laskey >>> MITRE Corporation, M/S H305 phone: 703-983-7934 >>> 7515 Colshire Drive fax: 703-983-1379 >>> McLean VA 22102-7508 >> >> >> -- >> Rex Brooks >> President, CEO >> Starbourne Communications Design >> GeoAddress: 1361-A Addison >> Berkeley, CA 94702 >> Tel: 510-849-2309 > > -- > > ---------------------------------------------------------------------- > ----------- > / Ken > Laskey > \ > | MITRE Corporation, M/S H305 phone: 703-983-7934 | > | 7515 Colshire Drive fax: > 703-983-1379 | > \ McLean VA > 22102-7508 / > > ---------------------------------------------------------------------- > ------------ >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]