Re: [soa-rm-ra] point of action

[Ken Laskey <klaskey@mitre.org>]

Where it fits in the RA is still my question.  In the example in his earlier email, Danny says

To draw another analogy for the point of action, I

know your mind will be the point of action for

processing this e-mail as you read the e-mail.  The

e-mail address and the english language is like a

service interface.

If this example aligns with your meaning, then isn't my mind part of the opaque implementation?  [The jokes are altogether too obvious so first answer the question and later we can collect the best Ken-related responses in a follow-on thread. :-) ]

Ken

On Aug 17, 2006, at 11:01 AM, Francis McCabe wrote:

The action being referred to in a service interaction is not really any private action. As you use a service to do something then you are performing an action. (There may be consequential events that follow that are internal.) That action has a point of action.

Note that with the action-at-a-distance analogy getting clarity on when and where the action is performed may be quite important. For example, if you send a message declaring that you have agreed to a contract, from the service provider's PoV, it is not until it 'groks' the message that it considers that you have actually agreed.

Frank

On Aug 17, 2006, at 7:24 AM, Ken Laskey wrote:

see below

At 09:18 AM 8/17/2006, Rex Brooks wrote:

I hope no one is surprised if I quibble with this particular definition, which comes close, in my opinion, but fall just short of the mark. I take exception with the choice of using the concept of force per se, though I do understand and agree with the requirement of making "action" transitive. I would apply a small bit of mental jiu jitsu on this definition, thus:

Action: the application of 'intent' to achieve an effect by an agent on an object.

Thus, the application of "intent" applies equally well to choosing to do "nothing" and allow inertia/momentum to achieve an effect,

but the application of nothing does not require an agent as the transferral entity if there is nothing to transfer, unless however you identify the agent as a way of establishing context for your intended nothing.

or to require action by some other agent to achieve, prevent or allow an effect. In the study of heuristics, one of the least well explored results is exactly this, the intentional refusal to act per se, which, I contend, constitutes a decision, which is, in and of itself, an action at a choice-point branching of a decision-tree.

BTW, this answers the last question below: Yes! and full responsibility or culpability applies. Needless to say, this is utterly critical to security. Choose not to apply a patch in time, and you are caught holding the hot potato if bad things happen to good systems.

So the follow-up question is: what can be identified as the poa while still maintaining the SOA principle of opacity of the implementation of services and their underlying capabilities?

Cheers,

Rex

At 7:55 AM -0400 8/17/06, Ken Laskey wrote:

Some comments from Frank that didn't get back to the list:

Ken:

 The POA *is* the action as it is applied.

 If the service is the glove, the POA is the iron fist:)

 Different people have different definitions of action, (try define:action in google). None of these definitions is all that satisfactory to me.

 My definition is adapted from John Sowa:

Action: the application of force by an agent on an object with the intention of achieving an effect.

 I.e., its a kind of event. The POA is a characterization of that event. (One reason I like this definition is that is includes all human actions but excludes rocks rolling down the hill hitting other rocks.)

 The service interface is the characterization of what it means to perform an action. It is not the action itself though.

 Hope that this throws a little light on the matter.

Frank

Per Danny's response, I think he caught my question well with the final line of his response below:

One question

we can ask is can we identify a point of action

meaningful to the reference architecture that would

not have a service interface?

Ken

On Aug 17, 2006, at 1:55 AM, Danny Thornton wrote:

To draw another analogy for the point of action, I

know your mind will be the point of action for

processing this e-mail as you read the e-mail.  The

e-mail address and the english language is like a

service interface.

The SOA has many points of action, each point of

action potentially affecting many other points of

action.  We can identify points of action in a SOA

relevant to the reference architecture.  One question

we can ask is can we identify a point of action

meaningful to the reference architecture that would

not have a service interface?

Danny

--- Ken Laskey <<mailto:klaskey@mitre.org>klaskey@mitre.org> wrote:

The following are from my notes at the ftf

Point of Action (poa)

-       Frank: anchoring mechanism for numerous

things, e.g. policy

enforcement, evaluating needs & capabilities

-       Ken: how does poa relate to service

interface?  Frank:

service interface includes actions you can perform;

each instance of

use consists of performing action; actual action is

poa; interface

vs. poa is class vs. instance relationship; the

physical action is

the point of action

-       [Ken] Given a policy is a desire of one

participant and an

agreement as part of the execution context for

participants to abide

by that policy (i.e. the other participant(s) agree

to make that

policy theirs), the policy enforcement point becomes

the point of

action for enforcing the agreed-upon policy.

-       [Frank alternative] A policy is a constraint

that represents

the desire of a participant. A contract is a

constraint that

represents the agreed desires of two or more

participants. A [policy]

enforcement point is the point of action for

enforcing constraints

that represent either policies or contracts.

I've reread this and am still having problems

differentiating between

service interface and point of action.  It appears

that poa is more

general because it is the location to which a user

would send a

command for action.  If the receiver is a service,

then the poa would

seem to be the service interface.  In the policy

example, if the

enforcement mechanism is accessed through a service,

the PEP could be

said to have a service interface.

I still seem to be missing something.

Ken

---

Ken Laskey

MITRE Corporation, M/S H305     phone:  703-983-7934

7515 Colshire Drive                        fax:

  703-983-1379

McLean VA 22102-7508

__________________________________________________

Do You Yahoo!?

Tired of spam?  Yahoo! Mail has the best spam protection around

<http://mail.yahoo.com>http://mail.yahoo.com

---

Ken Laskey

MITRE Corporation, M/S H305     phone:  703-983-7934

7515 Colshire Drive                        fax:        703-983-1379

McLean VA 22102-7508

--

Rex Brooks

President, CEO

Starbourne Communications Design

GeoAddress: 1361-A Addison

Berkeley, CA 94702

Tel: 510-849-2309

--

     ---------------------------------------------------------------------------------

  /   Ken Laskey                                                                \

 |    MITRE Corporation, M/S H305    phone:  703-983-7934   |

 |    7515 Colshire Drive                    fax:      703-983-1379   |

  \   McLean VA 22102-7508                                              /

    ----------------------------------------------------------------------------------

------------------------------------------------------------------------------------------

Ken Laskey

MITRE Corporation, M/S H305     phone:  703-983-7934

7515 Colshire Drive                        fax:        703-983-1379

McLean VA 22102-7508

smime.p7s