Re: [soa-rm-ra] Groups - Secure Interactions (SecureInteractions3.png) uploaded

["Mike Poulin" <mpoulin@usa.com>]

---

I agree with Ken that the Actor better be Participant.

About a year ago, I wrote a BLOG "Do we need to pass a user identity through the service interface in SOA?" (http://it.toolbox.com/blogs/so-enterprise-blog/do-we-need-to-pass-a-user-identity-through-the-service-interface-in-soa-28393). This was about end-user identity and the answer was NO because of the fact that SOA service may be an aggregation/composition of other services that do not 'know' the end-user. Instead, it was proposed to use the composite service's identity to interact with the engaged services, in a chain. That is, the Actor - the composite service - becomes the Participant with regard to the engaged services.

- Michael

----- Original Message -----
From: "Ken Laskey"
To: Danny.Thornton@ngc.com
Cc: "soa-rm-ra@lists.oasis-open.org" <soa-rm-ra@lists.oasis-open.org>
Subject: Re: [soa-rm-ra] Groups - Secure Interactions (Secure Interactions3.png) uploaded
Date: Wed, 19 Aug 2009 10:45:18 -0400


Danny,

Been talking with Dave Ellis and here are a few quick thoughts:
- not clear what it means for the listener to be an Actor (capable
of action) and not a Participant (an actor who is also a
Stakeholder)
- Credibility depends on who is assessing it and is not a part of
actor/participant although (1) the things that you have as part of
credibility are attributes of the actor/participant but I'm not
sure if composition is the best relationship, (2) an assertion of
someone's credibility assessment (e.g. my credit report) may be an
attribute
- Authorization is for an Action, not a Joint Action, i.e. I am
authorized to send a message regardless of whether anyone receives
the message; however, it would take Joint Action (as I understand
it) to cause RWE
- Authorization is a piece of evidence in the assessment of trust,
risk, and eventual willingness. Authorization may be necessary and
sufficient or merely necessary. The result of a willingness
assessment based on available evidence may be a request for
additional evidence. For example, I apply for a mortgage and am
approved but I must provide additional documentation (evidence) to
prove the initial evidence for the approval was accurate.
- Authority is not a composite part of
actor/participant/stakeholder but rather an attribute based on
external entities, e.g. the social structure.

Ken

On Aug 19, 2009, at 2:57 AM, Danny.Thornton@ngc.com wrote:

> The document named Secure Interactions (Secure Interactions3.png) has been
> submitted by Danny Thornton to the SOA-RM Reference Architecture
> Subcommittee document repository.
>
> Document Description:
> Updates to the Secure Interactions diagram from last week's telecon.
>
> View Document Details:
> http://www.oasis-open.org/committees/document.php?document_id=33842
>
> Download Document:
> http://www.oasis-open.org/committees/download.php/33842/Secure%20Interactions3.png
>
>
> PLEASE NOTE: If the above links do not work for you, your email application
> may be breaking the link into two pieces. You may be able to copy and paste
> the entire link address into the address field of your web browser.
>
> -OASIS Open Administration

-----------------------------------------------------------------------------
Ken Laskey
MITRE Corporation, M/S H305 phone: 703-983-7934
7515 Colshire Drive fax: 703-983-1379
McLean VA 22102-7508






---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

--

Be Yourself @ mail.com
Choose From 200+ Email Addresses
Get a Free Account at www.mail.com!