[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [soa-rm-ra] point of action
OK for now. Hopefully the use of poa in the RA will clarify things
or this is going to be a bear to write up for our audience.
Ken
At 11:37 AM 8/17/2006, Francis McCabe wrote:
>The POA concept is a general concept that is not limited to services.
>So, perhaps, that is what was going though Danny's mind -)
>As to private vs public, we are going to get similar issues with the
>Point of Decision and Point of Enforcement of policies.
>
>One important place for the POA in the RA is as the start of the
>chain of events that lead to the real world effect. Another is that
>the POA acts as one place were policies must be applied. (I cannot
>make up my mind exactly how POA relates POD and POE.) Of course, this
>is but one place where policies are applied in the RA.
>
>Frank
>On Aug 17, 2006, at 8:15 AM, Ken Laskey wrote:
>
>>Where it fits in the RA is still my question. In the example in
>>his earlier email, Danny says
>>
>>To draw another analogy for the point of action, I
>>know your mind will be the point of action for
>>processing this e-mail as you read the e-mail. The
>>e-mail address and the english language is like a
>>service interface.
>>
>>If this example aligns with your meaning, then isn't my mind part
>>of the opaque implementation? [The jokes are altogether too
>>obvious so first answer the question and later we can collect the
>>best Ken-related responses in a follow-on thread. :-) ]
>>
>>Ken
>>
>>On Aug 17, 2006, at 11:01 AM, Francis McCabe wrote:
>>
>>>The action being referred to in a service interaction is not
>>>really any private action. As you use a service to do something
>>>then you are performing an action. (There may be consequential
>>>events that follow that are internal.) That action has a point of
>>>action.
>>>
>>>Note that with the action-at-a-distance analogy getting clarity on
>>>when and where the action is performed may be quite important. For
>>>example, if you send a message declaring that you have agreed to a
>>>contract, from the service provider's PoV, it is not until it
>>>'groks' the message that it considers that you have actually agreed.
>>>
>>>Frank
>>>
>>>
>>>On Aug 17, 2006, at 7:24 AM, Ken Laskey wrote:
>>>
>>>>see below
>>>>
>>>>At 09:18 AM 8/17/2006, Rex Brooks wrote:
>>>>>I hope no one is surprised if I quibble with this particular
>>>>>definition, which comes close, in my opinion, but fall just
>>>>>short of the mark. I take exception with the choice of using the
>>>>>concept of force per se, though I do understand and agree with
>>>>>the requirement of making "action" transitive. I would apply a
>>>>>small bit of mental jiu jitsu on this definition, thus:
>>>>>
>>>>>Action: the application of 'intent' to achieve an effect by an
>>>>>agent on an object.
>>>>>
>>>>>Thus, the application of "intent" applies equally well to
>>>>>choosing to do "nothing" and allow inertia/momentum to achieve
>>>>>an effect,
>>>>
>>>>but the application of nothing does not require an agent as the
>>>>transferral entity if there is nothing to transfer, unless
>>>>however you identify the agent as a way of establishing context
>>>>for your intended nothing.
>>>>
>>>>>or to require action by some other agent to achieve, prevent or
>>>>>allow an effect. In the study of heuristics, one of the least
>>>>>well explored results is exactly this, the intentional refusal
>>>>>to act per se, which, I contend, constitutes a decision, which
>>>>>is, in and of itself, an action at a choice-point branching of a
>>>>>decision-tree.
>>>>>
>>>>>BTW, this answers the last question below: Yes! and full
>>>>>responsibility or culpability applies. Needless to say, this is
>>>>>utterly critical to security. Choose not to apply a patch in
>>>>>time, and you are caught holding the hot potato if bad things
>>>>>happen to good systems.
>>>>
>>>>So the follow-up question is: what can be identified as the poa
>>>>while still maintaining the SOA principle of opacity of the
>>>>implementation of services and their underlying capabilities?
>>>>
>>>>>Cheers,
>>>>>Rex
>>>>>
>>>>>
>>>>>
>>>>>At 7:55 AM -0400 8/17/06, Ken Laskey wrote:
>>>>>>Some comments from Frank that didn't get back to the list:
>>>>>>
>>>>>>Ken:
>>>>>> The POA *is* the action as it is applied.
>>>>>> If the service is the glove, the POA is the iron fist:)
>>>>>>
>>>>>> Different people have different definitions of action, (try
>>>>>>define:action in google). None of these definitions is all that
>>>>>>satisfactory to me.
>>>>>> My definition is adapted from John Sowa:
>>>>>>
>>>>>>Action: the application of force by an agent on an object with
>>>>>>the intention of achieving an effect.
>>>>>>
>>>>>> I.e., its a kind of event. The POA is a characterization of
>>>>>>that event. (One reason I like this definition is that is
>>>>>>includes all human actions but excludes rocks rolling down the
>>>>>>hill hitting other rocks.)
>>>>>>
>>>>>> The service interface is the characterization of what it means
>>>>>>to perform an action. It is not the action itself though.
>>>>>>
>>>>>> Hope that this throws a little light on the matter.
>>>>>>Frank
>>>>>>
>>>>>>Per Danny's response, I think he caught my question well with
>>>>>>the final line of his response below:
>>>>>>
>>>>>>>One question
>>>>>>>we can ask is can we identify a point of action
>>>>>>>meaningful to the reference architecture that would
>>>>>>>not have a service interface?
>>>>>>
>>>>>>Ken
>>>>>>
>>>>>>
>>>>>>
>>>>>>On Aug 17, 2006, at 1:55 AM, Danny Thornton wrote:
>>>>>>
>>>>>>>To draw another analogy for the point of action, I
>>>>>>>know your mind will be the point of action for
>>>>>>>processing this e-mail as you read the e-mail. The
>>>>>>>e-mail address and the english language is like a
>>>>>>>service interface.
>>>>>>>
>>>>>>>The SOA has many points of action, each point of
>>>>>>>action potentially affecting many other points of
>>>>>>>action. We can identify points of action in a SOA
>>>>>>>relevant to the reference architecture. One question
>>>>>>>we can ask is can we identify a point of action
>>>>>>>meaningful to the reference architecture that would
>>>>>>>not have a service interface?
>>>>>>>
>>>>>>>Danny
>>>>>>>
>>>>>>>
>>>>>>>--- Ken Laskey <<mailto:klaskey@mitre.org>klaskey@mitre.org>
>>>>>>>wrote:
>>>>>>>
>>>>>>>>The following are from my notes at the ftf
>>>>>>>>
>>>>>>>>Point of Action (poa)
>>>>>>>>
>>>>>>>>- Frank: anchoring mechanism for numerous
>>>>>>>>things, e.g. policy
>>>>>>>>enforcement, evaluating needs & capabilities
>>>>>>>>
>>>>>>>>- Ken: how does poa relate to service
>>>>>>>>interface? Frank:
>>>>>>>>service interface includes actions you can perform;
>>>>>>>>each instance of
>>>>>>>>use consists of performing action; actual action is
>>>>>>>>poa; interface
>>>>>>>>vs. poa is class vs. instance relationship; the
>>>>>>>>physical action is
>>>>>>>>the point of action
>>>>>>>>
>>>>>>>>- [Ken] Given a policy is a desire of one
>>>>>>>>participant and an
>>>>>>>>agreement as part of the execution context for
>>>>>>>>participants to abide
>>>>>>>>by that policy (i.e. the other participant(s) agree
>>>>>>>>to make that
>>>>>>>>policy theirs), the policy enforcement point becomes
>>>>>>>>the point of
>>>>>>>>action for enforcing the agreed-upon policy.
>>>>>>>>
>>>>>>>>- [Frank alternative] A policy is a constraint
>>>>>>>>that represents
>>>>>>>>the desire of a participant. A contract is a
>>>>>>>>constraint that
>>>>>>>>represents the agreed desires of two or more
>>>>>>>>participants. A [policy]
>>>>>>>>enforcement point is the point of action for
>>>>>>>>enforcing constraints
>>>>>>>>that represent either policies or contracts.
>>>>>>>>
>>>>>>>>
>>>>>>>>I've reread this and am still having problems
>>>>>>>>differentiating between
>>>>>>>>service interface and point of action. It appears
>>>>>>>>that poa is more
>>>>>>>>general because it is the location to which a user
>>>>>>>>would send a
>>>>>>>>command for action. If the receiver is a service,
>>>>>>>>then the poa would
>>>>>>>>seem to be the service interface. In the policy
>>>>>>>>example, if the
>>>>>>>>enforcement mechanism is accessed through a service,
>>>>>>>>the PEP could be
>>>>>>>>said to have a service interface.
>>>>>>>>
>>>>>>>>I still seem to be missing something.
>>>>>>>>
>>>>>>>>Ken
>>>>>>>>
>>>>>>>>---
>>>>>>>>Ken Laskey
>>>>>>>>MITRE Corporation, M/S H305 phone: 703-983-7934
>>>>>>>>7515 Colshire Drive fax:
>>>>>>>> 703-983-1379
>>>>>>>>McLean VA 22102-7508
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>__________________________________________________
>>>>>>>Do You Yahoo!?
>>>>>>>Tired of spam? Yahoo! Mail has the best spam protection around
>>>>>>><http://mail.yahoo.com>http://mail.yahoo.com
>>>>>>
>>>>>>---
>>>>>>Ken Laskey
>>>>>>MITRE Corporation, M/S H305 phone: 703-983-7934
>>>>>>7515 Colshire Drive fax:
>>>>>>703-983-1379
>>>>>>McLean VA 22102-7508
>>>>>
>>>>>
>>>>>--
>>>>>Rex Brooks
>>>>>President, CEO
>>>>>Starbourne Communications Design
>>>>>GeoAddress: 1361-A Addison
>>>>>Berkeley, CA 94702
>>>>>Tel: 510-849-2309
>>>>
>>>>--
>>>>
>>>>--------------------------------------------------------------------
>>>>-------------
>>>> / Ken
>>>>Laskey
>>>> \
>>>> | MITRE Corporation, M/S H305 phone: 703-983-7934 |
>>>> | 7515 Colshire Drive fax:
>>>>703-983-1379 |
>>>> \ McLean VA
>>>>22102-7508 /
>>>>
>>>>--------------------------------------------------------------------
>>>>--------------
>>
>>
>>----------------------------------------------------------------------
>>--------------------
>>Ken Laskey
>>MITRE Corporation, M/S H305 phone: 703-983-7934
>>7515 Colshire Drive fax: 703-983-1379
>>McLean VA 22102-7508
>
--
---------------------------------------------------------------------------------
/ Ken
Laskey \
| MITRE Corporation, M/S H305 phone: 703-983-7934 |
| 7515 Colshire Drive fax: 703-983-1379 |
\ McLean VA 22102-7508 /
----------------------------------------------------------------------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]