[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [soa-rm] Definition of "Service Consumer"
The type of authentication required will certainly vary
depending on the
type of service and the "domain" in which a service or its
requestor reside.
So different "strengths" or other attributes of a
particular authentication
credential are important in different contexts.
This will also be different
between a credential that may be used to
represent a human participant and
the web service or
consumer.
Financial institutions are certainly interested in performing
correlation
among a collection of services to detect phishing or other
fraudulent
activity. To do this most of the folks I have talked to require an
identity
associated with the transaction "originator" to be used in
conjunction with
the identity of one or more of the web service, requestor or
intermediaries.
--Andrew
-----Original Message-----
From:
Frank McCabe [mailto:frank.mccabe@us.fujitsu.com]
Sent:
Monday, April 11, 2005 11:58 AM
To: Chiusano Joseph
Cc:
soa-rm@lists.oasis-open.org
Subject: Re: [soa-rm] Definition of "Service
Consumer"
I read this morning in the paper that some banks are guarding
against
phishing -- by noting that if a customer normally accesses his or
her
bank account from Sunnyvale, CA, it is pretty unlikely that
the
customer access it from Chechnya!
More prosaically, I was thinking
of the kinds of
authentication/verification on a given request will vary
depending on
whether its internal, external, already part of a conversation,
etc.
Frank
On Apr 10, 2005, at 11:00 AM, Chiusano Joseph
wrote:
> <Quote>
> Here is an example of why its
important: the appropriate business logic
> to apply to a service request
will depend on many factors: the means by
> which the request was
delivered,
> </Quote>
>
> Could you please expand on
what you mean by "the means by which the
> request was delivered,"? I'm
thinking MVC violation (using term
> "violation" loosely, for point) here,
but perhaps not depending on your
> usage of this phrase.
>
>
Joe
>
> Joseph Chiusano
> Booz Allen Hamilton
> Visit us
online@ http://www.boozallen.com
>
>
>>
-----Original Message-----
>> From: Frank McCabe [mailto:frank.mccabe@us.fujitsu.com]
>>
Sent: Thursday, April 07, 2005 12:00 PM
>> To:
soa-rm@lists.oasis-open.org
>> Subject: Re: [soa-rm] Definition of
"Service Consumer"
>>
>> There is a distinction between the
software *entity*
>> (agent/component/J2EE bean/.../) that interacts
with a
>> service in order to achieve some goal, and the person
or
>> persons for whom that interaction is taking
place.
>>
>> The reason that this distinction is important is
similar to
>> the distinction between a service interface and the
service itself:
>> accessing your bank account from an ATM or on-line
will use
>> different interfaces but ultimately all use the same
service.
>>
>> Here is an example of why its important: the
appropriate
>> business logic to apply to a service request will depend
on
>> many factors: the means by which the request was
delivered,
>> the request itself and the person (or
>>
persons) for whom the request was made. This last aspect is
>>
completely independent of mode of requesting and is purely
>>
business/application specific.
>>
>> Incidentally, the above
definition: "an agent that interacts
>> with a service in order to
achieve a goal" seems to be a
>> reasonable definition of a service
requester.
>>
>>
>> On Apr 7, 2005, at 7:23 AM,
Gregory A. Kohring wrote:
>>
>>>
Matthew,
>>>
>>> OK, here a fewer other choices which
might be deemed more
>>>
"respectful"...
>>>
>>> Service
Consumer:
>>>
>>> 1) End-user of a
service.
>>>
>>> 2) An agent which, acting on behalf of
its owner, uses a service.
>>>
>>> 3) An entity which
utilizes a service
>>>
>>> 4) An entity which consumes
the product or information produced by a
>>>
service.
>>>
>>>
>>> Note all of these
definitions depend upon the definition of
>> the term
>>>
"service". Have we agreed on this already? Perhaps we should
start
>>> there
first...
>>>
>>>
>>> --
Greg
>>>
>>>
>>>
>>> Matthew
MacKenzie wrote:
>>>> I think services deserve respect, lets try
not to exploit them :-)
>>>> Gregory A. Kohring
wrote:
>>>>>
Thomas,
>>>>>
>>>>> Perhaps one should use a
somewhat broader definition
>> which captures
>>>>>
the human user as well:
>>>>>
>>>>> Service
Consumer: An entity which exploits a
service.
>>>>>
>>>>>
>>>>>
-- Greg
>>>>>
>>>>>
>>>>>
Thomas Erl wrote:
>>>>>
>>>>>> Now that
we've decided on the term "service consumer" it may
be
>>>>>> useful to formally define it. The term "consumer"
is used by the
>>>>>> WS-I Basic Profile wherein it is
simply defined as
>> "Software that
>>>>>> invokes
an instance."
>>>>>>
>>>>>>
Thomas
>>>>>>
>>>>>
>>>>>
>>>
>>>
>>>
--
>>>
>>
======================================================================
>>>
G.A. Kohring
>>> C&C Research Laboratories, NEC Europe
Ltd.
>>>
>>
======================================================================
>>>
>>
>>
>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]