Re: [soa-rm-ra] point of action

[Francis McCabe <frankmccabe@mac.com>]

I think that Point of Action is an instance of a Point of Enforcement/ 
Decision pair (personally, I find the distinction between Point of  
Enforcement/Decision less than compelling).
But, there are many other kinds of policy enforcement points that  
have no direct relation to action (e.g., policies about the  
composition of a description) and the point of action has an interest  
for things other than policy (e.g., as a marker for the RWE)
Frank

On Aug 22, 2006, at 11:10 AM, Michael Stiefel wrote:

> So how does Point of Action differ from Point of Enforcement or  
> Point of Decision?
>
> Michael
>
> At 12:31 PM 8/22/2006, Francis McCabe wrote:
>> Action is one of the hardest concepts to model.
>> But, we need something because we have to have something to hang RWE
>> off of, policy decisions and enforcement, auditing, logging,
>> composition, etc. etc. etc.
>>
>> This is an issue because, in the context of intermediaries, it may be
>> non-obvious what actions are actually specified.
>>
>> On Aug 21, 2006, at 11:15 AM, Michael Stiefel wrote:
>>
>>> After reading this discussion the meaning of POA is not clear to me
>>> at all. Perhaps future discussions will make its meaning and
>>> usefulness clearer.
>>>
>>> Michael
>>>
>>> At 12:06 PM 8/17/2006, Ken Laskey wrote:
>>>> OK for now.  Hopefully the use of poa in the RA will clarify
>>>> things or this is going to be a bear to write up for our audience.
>>>>
>>>> Ken
>>>>
>>>> At 11:37 AM 8/17/2006, Francis McCabe wrote:
>>>>> The POA concept is a general concept that is not limited to
>>>>> services.
>>>>> So, perhaps, that is what was going though Danny's mind -)
>>>>> As to private vs public, we are going to get similar issues  
>>>>> with the
>>>>> Point of Decision and Point of Enforcement of policies.
>>>>>
>>>>> One important place for the POA in the RA is as the start of the
>>>>> chain of events that lead to the real world effect. Another is  
>>>>> that
>>>>> the POA acts as one place were policies must be applied. (I cannot
>>>>> make up my mind exactly how POA relates POD and POE.) Of course,
>>>>> this
>>>>> is but one place where policies are applied in the RA.
>>>>>
>>>>> Frank
>>>>> On Aug 17, 2006, at 8:15 AM, Ken Laskey wrote:
>>>>>
>>>>>> Where it fits in the RA is still my question.  In the example in
>>>>>> his earlier email, Danny says
>>>>>>
>>>>>> To draw another analogy for the point of action, I
>>>>>> know your mind will be the point of action for
>>>>>> processing this e-mail as you read the e-mail.  The
>>>>>> e-mail address and the english language is like a
>>>>>> service interface.
>>>>>>
>>>>>> If this example aligns with your meaning, then isn't my mind part
>>>>>> of the opaque implementation?  [The jokes are altogether too
>>>>>> obvious so first answer the question and later we can collect the
>>>>>> best Ken-related responses in a follow-on thread. :-) ]
>>>>>>
>>>>>> Ken
>>>>>>
>>>>>> On Aug 17, 2006, at 11:01 AM, Francis McCabe wrote:
>>>>>>
>>>>>>> The action being referred to in a service interaction is not
>>>>>>> really any private action. As you use a service to do something
>>>>>>> then you are performing an action. (There may be consequential
>>>>>>> events that follow that are internal.) That action has a  
>>>>>>> point of
>>>>>>> action.
>>>>>>>
>>>>>>> Note that with the action-at-a-distance analogy getting  
>>>>>>> clarity on
>>>>>>> when and where the action is performed may be quite  
>>>>>>> important. For
>>>>>>> example, if you send a message declaring that you have agreed  
>>>>>>> to a
>>>>>>> contract, from the service provider's PoV, it is not until it
>>>>>>> 'groks' the message that it considers that you have actually
>>>>>>> agreed.
>>>>>>>
>>>>>>> Frank
>>>>>>>
>>>>>>>
>>>>>>> On Aug 17, 2006, at 7:24 AM, Ken Laskey wrote:
>>>>>>>
>>>>>>>> see below
>>>>>>>>
>>>>>>>> At 09:18 AM 8/17/2006, Rex Brooks wrote:
>>>>>>>>> I hope no one is surprised if I quibble with this particular
>>>>>>>>> definition, which comes close, in my opinion, but fall just
>>>>>>>>> short of the mark. I take exception with the choice of  
>>>>>>>>> using the
>>>>>>>>> concept of force per se, though I do understand and agree with
>>>>>>>>> the requirement of making "action" transitive. I would apply a
>>>>>>>>> small bit of mental jiu jitsu on this definition, thus:
>>>>>>>>>
>>>>>>>>> Action: the application of 'intent' to achieve an effect by an
>>>>>>>>> agent on an object.
>>>>>>>>>
>>>>>>>>> Thus, the application of "intent" applies equally well to
>>>>>>>>> choosing to do "nothing" and allow inertia/momentum to achieve
>>>>>>>>> an effect,
>>>>>>>>
>>>>>>>> but the application of nothing does not require an agent as the
>>>>>>>> transferral entity if there is nothing to transfer, unless
>>>>>>>> however you identify the agent as a way of establishing context
>>>>>>>> for your intended nothing.
>>>>>>>>
>>>>>>>>> or to require action by some other agent to achieve,  
>>>>>>>>> prevent or
>>>>>>>>> allow an effect. In the study of heuristics, one of the least
>>>>>>>>> well explored results is exactly this, the intentional refusal
>>>>>>>>> to act per se, which, I contend, constitutes a decision, which
>>>>>>>>> is, in and of itself, an action at a choice-point branching  
>>>>>>>>> of a
>>>>>>>>> decision-tree.
>>>>>>>>>
>>>>>>>>> BTW, this answers the last question below: Yes! and full
>>>>>>>>> responsibility or culpability applies. Needless to say,  
>>>>>>>>> this is
>>>>>>>>> utterly critical to security. Choose not to apply a patch in
>>>>>>>>> time, and you are caught holding the hot potato if bad things
>>>>>>>>> happen to good systems.
>>>>>>>>
>>>>>>>> So the follow-up question is: what can be identified as the poa
>>>>>>>> while still maintaining the SOA principle of opacity of the
>>>>>>>> implementation of services and their underlying capabilities?
>>>>>>>>
>>>>>>>>> Cheers,
>>>>>>>>> Rex
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> At 7:55 AM -0400 8/17/06, Ken Laskey wrote:
>>>>>>>>>> Some comments from Frank that didn't get back to the list:
>>>>>>>>>>
>>>>>>>>>> Ken:
>>>>>>>>>>  The POA *is* the action as it is applied.
>>>>>>>>>>  If the service is the glove, the POA is the iron fist:)
>>>>>>>>>>
>>>>>>>>>>  Different people have different definitions of action, (try
>>>>>>>>>> define:action in google). None of these definitions is all  
>>>>>>>>>> that
>>>>>>>>>> satisfactory to me.
>>>>>>>>>>  My definition is adapted from John Sowa:
>>>>>>>>>>
>>>>>>>>>> Action: the application of force by an agent on an object  
>>>>>>>>>> with
>>>>>>>>>> the intention of achieving an effect.
>>>>>>>>>>
>>>>>>>>>>  I.e., its a kind of event. The POA is a characterization of
>>>>>>>>>> that event. (One reason I like this definition is that is
>>>>>>>>>> includes all human actions but excludes rocks rolling down  
>>>>>>>>>> the
>>>>>>>>>> hill hitting other rocks.)
>>>>>>>>>>
>>>>>>>>>>  The service interface is the characterization of what it  
>>>>>>>>>> means
>>>>>>>>>> to perform an action. It is not the action itself though.
>>>>>>>>>>
>>>>>>>>>>  Hope that this throws a little light on the matter.
>>>>>>>>>> Frank
>>>>>>>>>>
>>>>>>>>>> Per Danny's response, I think he caught my question well with
>>>>>>>>>> the final line of his response below:
>>>>>>>>>>
>>>>>>>>>>> One question
>>>>>>>>>>> we can ask is can we identify a point of action
>>>>>>>>>>> meaningful to the reference architecture that would
>>>>>>>>>>> not have a service interface?
>>>>>>>>>>
>>>>>>>>>> Ken
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Aug 17, 2006, at 1:55 AM, Danny Thornton wrote:
>>>>>>>>>>
>>>>>>>>>>> To draw another analogy for the point of action, I
>>>>>>>>>>> know your mind will be the point of action for
>>>>>>>>>>> processing this e-mail as you read the e-mail.  The
>>>>>>>>>>> e-mail address and the english language is like a
>>>>>>>>>>> service interface.
>>>>>>>>>>>
>>>>>>>>>>> The SOA has many points of action, each point of
>>>>>>>>>>> action potentially affecting many other points of
>>>>>>>>>>> action.  We can identify points of action in a SOA
>>>>>>>>>>> relevant to the reference architecture.  One question
>>>>>>>>>>> we can ask is can we identify a point of action
>>>>>>>>>>> meaningful to the reference architecture that would
>>>>>>>>>>> not have a service interface?
>>>>>>>>>>>
>>>>>>>>>>> Danny
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --- Ken Laskey <<mailto:klaskey@mitre.org>klaskey@mitre.org>
>>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> The following are from my notes at the ftf
>>>>>>>>>>>>
>>>>>>>>>>>> Point of Action (poa)
>>>>>>>>>>>>
>>>>>>>>>>>> -       Frank: anchoring mechanism for numerous
>>>>>>>>>>>> things, e.g. policy
>>>>>>>>>>>> enforcement, evaluating needs & capabilities
>>>>>>>>>>>>
>>>>>>>>>>>> -       Ken: how does poa relate to service
>>>>>>>>>>>> interface?  Frank:
>>>>>>>>>>>> service interface includes actions you can perform;
>>>>>>>>>>>> each instance of
>>>>>>>>>>>> use consists of performing action; actual action is
>>>>>>>>>>>> poa; interface
>>>>>>>>>>>> vs. poa is class vs. instance relationship; the
>>>>>>>>>>>> physical action is
>>>>>>>>>>>> the point of action
>>>>>>>>>>>>
>>>>>>>>>>>> -       [Ken] Given a policy is a desire of one
>>>>>>>>>>>> participant and an
>>>>>>>>>>>> agreement as part of the execution context for
>>>>>>>>>>>> participants to abide
>>>>>>>>>>>> by that policy (i.e. the other participant(s) agree
>>>>>>>>>>>> to make that
>>>>>>>>>>>> policy theirs), the policy enforcement point becomes
>>>>>>>>>>>> the point of
>>>>>>>>>>>> action for enforcing the agreed-upon policy.
>>>>>>>>>>>>
>>>>>>>>>>>> -       [Frank alternative] A policy is a constraint
>>>>>>>>>>>> that represents
>>>>>>>>>>>> the desire of a participant. A contract is a
>>>>>>>>>>>> constraint that
>>>>>>>>>>>> represents the agreed desires of two or more
>>>>>>>>>>>> participants. A [policy]
>>>>>>>>>>>> enforcement point is the point of action for
>>>>>>>>>>>> enforcing constraints
>>>>>>>>>>>> that represent either policies or contracts.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> I've reread this and am still having problems
>>>>>>>>>>>> differentiating between
>>>>>>>>>>>> service interface and point of action.  It appears
>>>>>>>>>>>> that poa is more
>>>>>>>>>>>> general because it is the location to which a user
>>>>>>>>>>>> would send a
>>>>>>>>>>>> command for action.  If the receiver is a service,
>>>>>>>>>>>> then the poa would
>>>>>>>>>>>> seem to be the service interface.  In the policy
>>>>>>>>>>>> example, if the
>>>>>>>>>>>> enforcement mechanism is accessed through a service,
>>>>>>>>>>>> the PEP could be
>>>>>>>>>>>> said to have a service interface.
>>>>>>>>>>>>
>>>>>>>>>>>> I still seem to be missing something.
>>>>>>>>>>>>
>>>>>>>>>>>> Ken
>>>>>>>>>>>>
>>>>>>>>>>>> ---
>>>>>>>>>>>> Ken Laskey
>>>>>>>>>>>> MITRE Corporation, M/S H305     phone:  703-983-7934
>>>>>>>>>>>> 7515 Colshire Drive                        fax:
>>>>>>>>>>>>   703-983-1379
>>>>>>>>>>>> McLean VA 22102-7508
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> __________________________________________________
>>>>>>>>>>> Do You Yahoo!?
>>>>>>>>>>> Tired of spam?  Yahoo! Mail has the best spam protection
>>>>>>>>>>> around
>>>>>>>>>>> <http://mail.yahoo.com>http://mail.yahoo.com
>>>>>>>>>>
>>>>>>>>>> ---
>>>>>>>>>> Ken Laskey
>>>>>>>>>> MITRE Corporation, M/S H305     phone:  703-983-7934
>>>>>>>>>> 7515 Colshire Drive                        fax:
>>>>>>>>>> 703-983-1379
>>>>>>>>>> McLean VA 22102-7508
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Rex Brooks
>>>>>>>>> President, CEO
>>>>>>>>> Starbourne Communications Design
>>>>>>>>> GeoAddress: 1361-A Addison
>>>>>>>>> Berkeley, CA 94702
>>>>>>>>> Tel: 510-849-2309
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>> --------------------------------------------------------------- 
>>>>>>>> -- --- -------------
>>>>>>>>   /   Ken
>>>>>>>> Laskey
>>>>>>>>   \
>>>>>>>>  |    MITRE Corporation, M/S H305    phone:  703-983-7934   |
>>>>>>>>  |    7515 Colshire Drive                    fax:
>>>>>>>> 703-983-1379   |
>>>>>>>>   \   McLean VA
>>>>>>>> 22102-7508                                              /
>>>>>>>>
>>>>>>>> --------------------------------------------------------------- 
>>>>>>>> -- --- --------------
>>>>>>
>>>>>>
>>>>>> ----------------------------------------------------------------- 
>>>>>> -- --- --------------------
>>>>>> Ken Laskey
>>>>>> MITRE Corporation, M/S H305     phone:  703-983-7934
>>>>>> 7515 Colshire Drive                        fax:         
>>>>>> 703-983-1379
>>>>>> McLean VA 22102-7508
>>>>
>>>> --
>>>> ------------------------------------------------------------------- 
>>>> -- ------------
>>>>   /   Ken
>>>> Laskey
>>>>  \
>>>>  |    MITRE Corporation, M/S H305    phone:  703-983-7934   |
>>>>  |    7515 Colshire Drive                    fax:
>>>> 703-983-1379   |
>>>>   \   McLean VA
>>>> 22102-7508                                              /
>>>> ------------------------------------------------------------------- 
>>>> -- -------------
>>>
>>
>
>