[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [soa-rm] Definition of "Service Consumer"
The type of authentication required will certainly vary depending on the type of service and the "domain" in which a service or its requestor reside. So different "strengths" or other attributes of a particular authentication credential are important in different contexts. This will also be different between a credential that may be used to represent a human participant and the web service or consumer. Financial institutions are certainly interested in performing correlation among a collection of services to detect phishing or other fraudulent activity. To do this most of the folks I have talked to require an identity associated with the transaction "originator" to be used in conjunction with the identity of one or more of the web service, requestor or intermediaries. --Andrew -----Original Message----- From: Frank McCabe [mailto:frank.mccabe@us.fujitsu.com] Sent: Monday, April 11, 2005 11:58 AM To: Chiusano Joseph Cc: soa-rm@lists.oasis-open.org Subject: Re: [soa-rm] Definition of "Service Consumer" I read this morning in the paper that some banks are guarding against phishing -- by noting that if a customer normally accesses his or her bank account from Sunnyvale, CA, it is pretty unlikely that the customer access it from Chechnya! More prosaically, I was thinking of the kinds of authentication/verification on a given request will vary depending on whether its internal, external, already part of a conversation, etc. Frank On Apr 10, 2005, at 11:00 AM, Chiusano Joseph wrote: > <Quote> > Here is an example of why its important: the appropriate business logic > to apply to a service request will depend on many factors: the means by > which the request was delivered, > </Quote> > > Could you please expand on what you mean by "the means by which the > request was delivered,"? I'm thinking MVC violation (using term > "violation" loosely, for point) here, but perhaps not depending on your > usage of this phrase. > > Joe > > Joseph Chiusano > Booz Allen Hamilton > Visit us online@ http://www.boozallen.com > > >> -----Original Message----- >> From: Frank McCabe [mailto:frank.mccabe@us.fujitsu.com] >> Sent: Thursday, April 07, 2005 12:00 PM >> To: soa-rm@lists.oasis-open.org >> Subject: Re: [soa-rm] Definition of "Service Consumer" >> >> There is a distinction between the software *entity* >> (agent/component/J2EE bean/.../) that interacts with a >> service in order to achieve some goal, and the person or >> persons for whom that interaction is taking place. >> >> The reason that this distinction is important is similar to >> the distinction between a service interface and the service itself: >> accessing your bank account from an ATM or on-line will use >> different interfaces but ultimately all use the same service. >> >> Here is an example of why its important: the appropriate >> business logic to apply to a service request will depend on >> many factors: the means by which the request was delivered, >> the request itself and the person (or >> persons) for whom the request was made. This last aspect is >> completely independent of mode of requesting and is purely >> business/application specific. >> >> Incidentally, the above definition: "an agent that interacts >> with a service in order to achieve a goal" seems to be a >> reasonable definition of a service requester. >> >> >> On Apr 7, 2005, at 7:23 AM, Gregory A. Kohring wrote: >> >>> Matthew, >>> >>> OK, here a fewer other choices which might be deemed more >>> "respectful"... >>> >>> Service Consumer: >>> >>> 1) End-user of a service. >>> >>> 2) An agent which, acting on behalf of its owner, uses a service. >>> >>> 3) An entity which utilizes a service >>> >>> 4) An entity which consumes the product or information produced by a >>> service. >>> >>> >>> Note all of these definitions depend upon the definition of >> the term >>> "service". Have we agreed on this already? Perhaps we should start >>> there first... >>> >>> >>> -- Greg >>> >>> >>> >>> Matthew MacKenzie wrote: >>>> I think services deserve respect, lets try not to exploit them :-) >>>> Gregory A. Kohring wrote: >>>>> Thomas, >>>>> >>>>> Perhaps one should use a somewhat broader definition >> which captures >>>>> the human user as well: >>>>> >>>>> Service Consumer: An entity which exploits a service. >>>>> >>>>> >>>>> -- Greg >>>>> >>>>> >>>>> Thomas Erl wrote: >>>>> >>>>>> Now that we've decided on the term "service consumer" it may be >>>>>> useful to formally define it. The term "consumer" is used by the >>>>>> WS-I Basic Profile wherein it is simply defined as >> "Software that >>>>>> invokes an instance." >>>>>> >>>>>> Thomas >>>>>> >>>>> >>>>> >>> >>> >>> -- >>> >> ====================================================================== >>> G.A. Kohring >>> C&C Research Laboratories, NEC Europe Ltd. >>> >> ====================================================================== >>> >> >> >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]