[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [soa-rm-ra] point of action
Ahhhh, yes, agreed. Rex At 8:01 AM -0700 8/17/06, Francis McCabe wrote: >The action being referred to in a service interaction is not really >any private action. As you use a service to do something then you >are performing an action. (There may be consequential events that >follow that are internal.) That action has a point of action. > >Note that with the action-at-a-distance analogy getting clarity on >when and where the action is performed may be quite important. For >example, if you send a message declaring that you have agreed to a >contract, from the service provider's PoV, it is not until it >'groks' the message that it considers that you have actually agreed. > >Frank > > >On Aug 17, 2006, at 7:24 AM, Ken Laskey wrote: > >>see below >> >>At 09:18 AM 8/17/2006, Rex Brooks wrote: >>>I hope no one is surprised if I quibble with this particular >>>definition, which comes close, in my opinion, but fall just short >>>of the mark. I take exception with the choice of using the concept >>>of force per se, though I do understand and agree with the >>>requirement of making "action" transitive. I would apply a small >>>bit of mental jiu jitsu on this definition, thus: >>> >>>Action: the application of 'intent' to achieve an effect by an >>>agent on an object. >>> >>>Thus, the application of "intent" applies equally well to choosing >>>to do "nothing" and allow inertia/momentum to achieve an effect, >> >>but the application of nothing does not require an agent as the >>transferral entity if there is nothing to transfer, unless however >>you identify the agent as a way of establishing context for your >>intended nothing. >> >>>or to require action by some other agent to achieve, prevent or >>>allow an effect. In the study of heuristics, one of the least well >>>explored results is exactly this, the intentional refusal to act >>>per se, which, I contend, constitutes a decision, which is, in and >>>of itself, an action at a choice-point branching of a >>>decision-tree. >>> >>>BTW, this answers the last question below: Yes! and full >>>responsibility or culpability applies. Needless to say, this is >>>utterly critical to security. Choose not to apply a patch in time, >>>and you are caught holding the hot potato if bad things happen to >>>good systems. >> >>So the follow-up question is: what can be identified as the poa >>while still maintaining the SOA principle of opacity of the >>implementation of services and their underlying capabilities? >> >>>Cheers, >>>Rex >>> >>> >>> >>>At 7:55 AM -0400 8/17/06, Ken Laskey wrote: >>>>Some comments from Frank that didn't get back to the list: >>>> >>>>Ken: >>>> The POA *is* the action as it is applied. >>>> If the service is the glove, the POA is the iron fist:) >>>> >>>> Different people have different definitions of action, (try >>>>define:action in google). None of these definitions is all that >>>>satisfactory to me. >>>> My definition is adapted from John Sowa: >>>> >>>>Action: the application of force by an agent on an object with >>>>the intention of achieving an effect. >>>> >>>> I.e., its a kind of event. The POA is a characterization of that >>>>event. (One reason I like this definition is that is includes all >>>>human actions but excludes rocks rolling down the hill hitting >>>>other rocks.) >>>> >>>> The service interface is the characterization of what it means >>>>to perform an action. It is not the action itself though. >>>> >>>> Hope that this throws a little light on the matter. >>>>Frank >>>> >>>>Per Danny's response, I think he caught my question well with the >>>>final line of his response below: >>>> >>>>>One question >>>>>we can ask is can we identify a point of action >>>>>meaningful to the reference architecture that would >>>>>not have a service interface? >>>> >>>>Ken >>>> >>>> >>>> >>>>On Aug 17, 2006, at 1:55 AM, Danny Thornton wrote: >>>> >>>>>To draw another analogy for the point of action, I >>>>>know your mind will be the point of action for >>>>>processing this e-mail as you read the e-mail. The >>>>>e-mail address and the english language is like a >>>>>service interface. >>>>> >>>>>The SOA has many points of action, each point of >>>>>action potentially affecting many other points of >>>>>action. We can identify points of action in a SOA >>>>>relevant to the reference architecture. One question >>>>>we can ask is can we identify a point of action >>>>>meaningful to the reference architecture that would >>>>>not have a service interface? >>>>> >>>>>Danny >>>>> >>>>> >>>>>--- Ken Laskey <<mailto:klaskey@mitre.org>klaskey@mitre.org> wrote: >>>>> >>>>>>The following are from my notes at the ftf >>>>>> >>>>>>Point of Action (poa) >>>>>> >>>>>>- Frank: anchoring mechanism for numerous >>>>>>things, e.g. policy >>>>>>enforcement, evaluating needs & capabilities >>>>>> >>>>>>- Ken: how does poa relate to service >>>>>>interface? Frank: >>>>>>service interface includes actions you can perform; >>>>>>each instance of >>>>>>use consists of performing action; actual action is >>>>>>poa; interface >>>>>>vs. poa is class vs. instance relationship; the >>>>>>physical action is >>>>>>the point of action >>>>>> >>>>>>- [Ken] Given a policy is a desire of one >>>>>>participant and an >>>>>>agreement as part of the execution context for >>>>>>participants to abide >>>>>>by that policy (i.e. the other participant(s) agree >>>>>>to make that >>>>>>policy theirs), the policy enforcement point becomes >>>>>>the point of >>>>>>action for enforcing the agreed-upon policy. >>>>>> >>>>>>- [Frank alternative] A policy is a constraint >>>>>>that represents >>>>>>the desire of a participant. A contract is a >>>>>>constraint that >>>>>>represents the agreed desires of two or more >>>>>>participants. A [policy] >>>>>>enforcement point is the point of action for >>>>>>enforcing constraints >>>>>>that represent either policies or contracts. >>>>>> >>>>>> >>>>>>I've reread this and am still having problems >>>>>>differentiating between >>>>>>service interface and point of action. It appears >>>>>>that poa is more >>>>>>general because it is the location to which a user >>>>>>would send a >>>>>>command for action. If the receiver is a service, >>>>>>then the poa would >>>>>>seem to be the service interface. In the policy >>>>>>example, if the >>>>>>enforcement mechanism is accessed through a service, >>>>>>the PEP could be >>>>>>said to have a service interface. >>>>>> >>>>>>I still seem to be missing something. >>>>>> >>>>>>Ken >>>>>> >>>>>>--- >>>>>>Ken Laskey >>>>>>MITRE Corporation, M/S H305 phone: 703-983-7934 >>>>>>7515 Colshire Drive fax: >>>>>> 703-983-1379 >>>>>>McLean VA 22102-7508 >>>>>> >>>>>> >>>>> >>>>> >>>>>__________________________________________________ >>>>>Do You Yahoo!? >>>>>Tired of spam? Yahoo! Mail has the best spam protection around >>>>><http://mail.yahoo.com>http://mail.yahoo.com >>>> >>>>--- >>>>Ken Laskey >>>>MITRE Corporation, M/S H305 phone: 703-983-7934 >>>>7515 Colshire Drive fax: 703-983-1379 >>>>McLean VA 22102-7508 >>> >>> >>>-- >>>Rex Brooks >>>President, CEO >>>Starbourne Communications Design >>>GeoAddress: 1361-A Addison >>>Berkeley, CA 94702 >>>Tel: 510-849-2309 >> >>-- >> >>--------------------------------------------------------------------------------- >> / Ken >>Laskey >>\ >> | MITRE Corporation, M/S H305 phone: 703-983-7934 | >> | 7515 Colshire Drive fax: >>703-983-1379 | >> \ McLean VA 22102-7508 / >> >>---------------------------------------------------------------------------------- -- Rex Brooks President, CEO Starbourne Communications Design GeoAddress: 1361-A Addison Berkeley, CA 94702 Tel: 510-849-2309
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]