OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

soa-rm-ra message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [soa-rm-ra] point of action


Action is one of the hardest concepts to model.
But, we need something because we have to have something to hang RWE  
off of, policy decisions and enforcement, auditing, logging,  
composition, etc. etc. etc.

This is an issue because, in the context of intermediaries, it may be  
non-obvious what actions are actually specified.

On Aug 21, 2006, at 11:15 AM, Michael Stiefel wrote:

> After reading this discussion the meaning of POA is not clear to me  
> at all. Perhaps future discussions will make its meaning and  
> usefulness clearer.
>
> Michael
>
> At 12:06 PM 8/17/2006, Ken Laskey wrote:
>> OK for now.  Hopefully the use of poa in the RA will clarify  
>> things or this is going to be a bear to write up for our audience.
>>
>> Ken
>>
>> At 11:37 AM 8/17/2006, Francis McCabe wrote:
>>> The POA concept is a general concept that is not limited to  
>>> services.
>>> So, perhaps, that is what was going though Danny's mind -)
>>> As to private vs public, we are going to get similar issues with the
>>> Point of Decision and Point of Enforcement of policies.
>>>
>>> One important place for the POA in the RA is as the start of the
>>> chain of events that lead to the real world effect. Another is that
>>> the POA acts as one place were policies must be applied. (I cannot
>>> make up my mind exactly how POA relates POD and POE.) Of course,  
>>> this
>>> is but one place where policies are applied in the RA.
>>>
>>> Frank
>>> On Aug 17, 2006, at 8:15 AM, Ken Laskey wrote:
>>>
>>>> Where it fits in the RA is still my question.  In the example in
>>>> his earlier email, Danny says
>>>>
>>>> To draw another analogy for the point of action, I
>>>> know your mind will be the point of action for
>>>> processing this e-mail as you read the e-mail.  The
>>>> e-mail address and the english language is like a
>>>> service interface.
>>>>
>>>> If this example aligns with your meaning, then isn't my mind part
>>>> of the opaque implementation?  [The jokes are altogether too
>>>> obvious so first answer the question and later we can collect the
>>>> best Ken-related responses in a follow-on thread. :-) ]
>>>>
>>>> Ken
>>>>
>>>> On Aug 17, 2006, at 11:01 AM, Francis McCabe wrote:
>>>>
>>>>> The action being referred to in a service interaction is not
>>>>> really any private action. As you use a service to do something
>>>>> then you are performing an action. (There may be consequential
>>>>> events that follow that are internal.) That action has a point of
>>>>> action.
>>>>>
>>>>> Note that with the action-at-a-distance analogy getting clarity on
>>>>> when and where the action is performed may be quite important. For
>>>>> example, if you send a message declaring that you have agreed to a
>>>>> contract, from the service provider's PoV, it is not until it
>>>>> 'groks' the message that it considers that you have actually  
>>>>> agreed.
>>>>>
>>>>> Frank
>>>>>
>>>>>
>>>>> On Aug 17, 2006, at 7:24 AM, Ken Laskey wrote:
>>>>>
>>>>>> see below
>>>>>>
>>>>>> At 09:18 AM 8/17/2006, Rex Brooks wrote:
>>>>>>> I hope no one is surprised if I quibble with this particular
>>>>>>> definition, which comes close, in my opinion, but fall just
>>>>>>> short of the mark. I take exception with the choice of using the
>>>>>>> concept of force per se, though I do understand and agree with
>>>>>>> the requirement of making "action" transitive. I would apply a
>>>>>>> small bit of mental jiu jitsu on this definition, thus:
>>>>>>>
>>>>>>> Action: the application of 'intent' to achieve an effect by an
>>>>>>> agent on an object.
>>>>>>>
>>>>>>> Thus, the application of "intent" applies equally well to
>>>>>>> choosing to do "nothing" and allow inertia/momentum to achieve
>>>>>>> an effect,
>>>>>>
>>>>>> but the application of nothing does not require an agent as the
>>>>>> transferral entity if there is nothing to transfer, unless
>>>>>> however you identify the agent as a way of establishing context
>>>>>> for your intended nothing.
>>>>>>
>>>>>>> or to require action by some other agent to achieve, prevent or
>>>>>>> allow an effect. In the study of heuristics, one of the least
>>>>>>> well explored results is exactly this, the intentional refusal
>>>>>>> to act per se, which, I contend, constitutes a decision, which
>>>>>>> is, in and of itself, an action at a choice-point branching of a
>>>>>>> decision-tree.
>>>>>>>
>>>>>>> BTW, this answers the last question below: Yes! and full
>>>>>>> responsibility or culpability applies. Needless to say, this is
>>>>>>> utterly critical to security. Choose not to apply a patch in
>>>>>>> time, and you are caught holding the hot potato if bad things
>>>>>>> happen to good systems.
>>>>>>
>>>>>> So the follow-up question is: what can be identified as the poa
>>>>>> while still maintaining the SOA principle of opacity of the
>>>>>> implementation of services and their underlying capabilities?
>>>>>>
>>>>>>> Cheers,
>>>>>>> Rex
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> At 7:55 AM -0400 8/17/06, Ken Laskey wrote:
>>>>>>>> Some comments from Frank that didn't get back to the list:
>>>>>>>>
>>>>>>>> Ken:
>>>>>>>>  The POA *is* the action as it is applied.
>>>>>>>>  If the service is the glove, the POA is the iron fist:)
>>>>>>>>
>>>>>>>>  Different people have different definitions of action, (try
>>>>>>>> define:action in google). None of these definitions is all that
>>>>>>>> satisfactory to me.
>>>>>>>>  My definition is adapted from John Sowa:
>>>>>>>>
>>>>>>>> Action: the application of force by an agent on an object with
>>>>>>>> the intention of achieving an effect.
>>>>>>>>
>>>>>>>>  I.e., its a kind of event. The POA is a characterization of
>>>>>>>> that event. (One reason I like this definition is that is
>>>>>>>> includes all human actions but excludes rocks rolling down the
>>>>>>>> hill hitting other rocks.)
>>>>>>>>
>>>>>>>>  The service interface is the characterization of what it means
>>>>>>>> to perform an action. It is not the action itself though.
>>>>>>>>
>>>>>>>>  Hope that this throws a little light on the matter.
>>>>>>>> Frank
>>>>>>>>
>>>>>>>> Per Danny's response, I think he caught my question well with
>>>>>>>> the final line of his response below:
>>>>>>>>
>>>>>>>>> One question
>>>>>>>>> we can ask is can we identify a point of action
>>>>>>>>> meaningful to the reference architecture that would
>>>>>>>>> not have a service interface?
>>>>>>>>
>>>>>>>> Ken
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Aug 17, 2006, at 1:55 AM, Danny Thornton wrote:
>>>>>>>>
>>>>>>>>> To draw another analogy for the point of action, I
>>>>>>>>> know your mind will be the point of action for
>>>>>>>>> processing this e-mail as you read the e-mail.  The
>>>>>>>>> e-mail address and the english language is like a
>>>>>>>>> service interface.
>>>>>>>>>
>>>>>>>>> The SOA has many points of action, each point of
>>>>>>>>> action potentially affecting many other points of
>>>>>>>>> action.  We can identify points of action in a SOA
>>>>>>>>> relevant to the reference architecture.  One question
>>>>>>>>> we can ask is can we identify a point of action
>>>>>>>>> meaningful to the reference architecture that would
>>>>>>>>> not have a service interface?
>>>>>>>>>
>>>>>>>>> Danny
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --- Ken Laskey <<mailto:klaskey@mitre.org>klaskey@mitre.org>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> The following are from my notes at the ftf
>>>>>>>>>>
>>>>>>>>>> Point of Action (poa)
>>>>>>>>>>
>>>>>>>>>> -       Frank: anchoring mechanism for numerous
>>>>>>>>>> things, e.g. policy
>>>>>>>>>> enforcement, evaluating needs & capabilities
>>>>>>>>>>
>>>>>>>>>> -       Ken: how does poa relate to service
>>>>>>>>>> interface?  Frank:
>>>>>>>>>> service interface includes actions you can perform;
>>>>>>>>>> each instance of
>>>>>>>>>> use consists of performing action; actual action is
>>>>>>>>>> poa; interface
>>>>>>>>>> vs. poa is class vs. instance relationship; the
>>>>>>>>>> physical action is
>>>>>>>>>> the point of action
>>>>>>>>>>
>>>>>>>>>> -       [Ken] Given a policy is a desire of one
>>>>>>>>>> participant and an
>>>>>>>>>> agreement as part of the execution context for
>>>>>>>>>> participants to abide
>>>>>>>>>> by that policy (i.e. the other participant(s) agree
>>>>>>>>>> to make that
>>>>>>>>>> policy theirs), the policy enforcement point becomes
>>>>>>>>>> the point of
>>>>>>>>>> action for enforcing the agreed-upon policy.
>>>>>>>>>>
>>>>>>>>>> -       [Frank alternative] A policy is a constraint
>>>>>>>>>> that represents
>>>>>>>>>> the desire of a participant. A contract is a
>>>>>>>>>> constraint that
>>>>>>>>>> represents the agreed desires of two or more
>>>>>>>>>> participants. A [policy]
>>>>>>>>>> enforcement point is the point of action for
>>>>>>>>>> enforcing constraints
>>>>>>>>>> that represent either policies or contracts.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> I've reread this and am still having problems
>>>>>>>>>> differentiating between
>>>>>>>>>> service interface and point of action.  It appears
>>>>>>>>>> that poa is more
>>>>>>>>>> general because it is the location to which a user
>>>>>>>>>> would send a
>>>>>>>>>> command for action.  If the receiver is a service,
>>>>>>>>>> then the poa would
>>>>>>>>>> seem to be the service interface.  In the policy
>>>>>>>>>> example, if the
>>>>>>>>>> enforcement mechanism is accessed through a service,
>>>>>>>>>> the PEP could be
>>>>>>>>>> said to have a service interface.
>>>>>>>>>>
>>>>>>>>>> I still seem to be missing something.
>>>>>>>>>>
>>>>>>>>>> Ken
>>>>>>>>>>
>>>>>>>>>> ---
>>>>>>>>>> Ken Laskey
>>>>>>>>>> MITRE Corporation, M/S H305     phone:  703-983-7934
>>>>>>>>>> 7515 Colshire Drive                        fax:
>>>>>>>>>>   703-983-1379
>>>>>>>>>> McLean VA 22102-7508
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> __________________________________________________
>>>>>>>>> Do You Yahoo!?
>>>>>>>>> Tired of spam?  Yahoo! Mail has the best spam protection  
>>>>>>>>> around
>>>>>>>>> <http://mail.yahoo.com>http://mail.yahoo.com
>>>>>>>>
>>>>>>>> ---
>>>>>>>> Ken Laskey
>>>>>>>> MITRE Corporation, M/S H305     phone:  703-983-7934
>>>>>>>> 7515 Colshire Drive                        fax:
>>>>>>>> 703-983-1379
>>>>>>>> McLean VA 22102-7508
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Rex Brooks
>>>>>>> President, CEO
>>>>>>> Starbourne Communications Design
>>>>>>> GeoAddress: 1361-A Addison
>>>>>>> Berkeley, CA 94702
>>>>>>> Tel: 510-849-2309
>>>>>>
>>>>>> --
>>>>>>
>>>>>> ----------------------------------------------------------------- 
>>>>>> --- -------------
>>>>>>   /   Ken
>>>>>> Laskey
>>>>>>   \
>>>>>>  |    MITRE Corporation, M/S H305    phone:  703-983-7934   |
>>>>>>  |    7515 Colshire Drive                    fax:
>>>>>> 703-983-1379   |
>>>>>>   \   McLean VA
>>>>>> 22102-7508                                              /
>>>>>>
>>>>>> ----------------------------------------------------------------- 
>>>>>> --- --------------
>>>>
>>>>
>>>> ------------------------------------------------------------------- 
>>>> --- --------------------
>>>> Ken Laskey
>>>> MITRE Corporation, M/S H305     phone:  703-983-7934
>>>> 7515 Colshire Drive                        fax:        703-983-1379
>>>> McLean VA 22102-7508
>>
>> --
>> --------------------------------------------------------------------- 
>> ------------
>>   /   Ken  
>> Laskey                                                                
>>  \
>>  |    MITRE Corporation, M/S H305    phone:  703-983-7934   |
>>  |    7515 Colshire Drive                    fax:       
>> 703-983-1379   |
>>   \   McLean VA  
>> 22102-7508                                              /
>> --------------------------------------------------------------------- 
>> -------------
>>
>
>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]