RE: [soa-rm] RE: Definition of Reference Model (Was RE: [soa-rm] Definition of "Service Consumer")

["Chiusano Joseph" <chiusano_joseph@bah.com>]

<Quote>
I am still not 100% convinced that security is part of service
orientation other than the touch point recognized by Anders, Rebekah and
Matt.
</Quote>

Duane,

What I think some of us may be grappling with is what you mean by "100%
convinced", and the bearing of "percentage convinced" on our RM. Several
folks are taking the approach of "the concept must be a vital part of an
SOA to be included in the RM, and if it's not vital, it is not
included", while other folks are taking the approach of "the concept
must apply to SOA - i.e. there must be some association - for it to be
included in the RM". I would characterize (roughly) the former approach
as an "highly conservative" approach, and the former as a "more
middle-of-the-road" approach (sorry Democrats;).

I get the strong sense that our TC is now polarized on this - and it is
going to be very difficult to move forward in a coherent fashion until
we get broad consensus on which approach we should take moving forward. 

I also believe that we should still consider the approach of beginning
with more concrete architectural concepts rather than abstract ones, and
determining from there what are those concepts that are really vital,
what are nice-to-have, etc. From that we can perhaps derive our abstract
architecture. Several of us have voiced support for this approach so
far, but I know that we have not had an opportunity to consider it
further amongst all of the wonderful traffic. Perhaps we can give this
approach some thought at this point?

Thanks,
Joe

Joseph Chiusano
Booz Allen Hamilton
Visit us online@ http://www.boozallen.com
 

> -----Original Message-----
> From: Duane Nickull [mailto:dnickull@adobe.com] 
> Sent: Tuesday, April 12, 2005 6:12 PM
> Cc: soa-rm@lists.oasis-open.org
> Subject: Re: [soa-rm] RE: Definition of Reference Model (Was 
> RE: [soa-rm] Definition of "Service Consumer")
> 
> 
> 
> Smith, Martin wrote: 
> 
> > <>I also think security should be a core element:  it may not be 
> > necessary to have security on trivial, free services, but all the 
> > interesting cases will have it, and the RM should inform how that 
> > element will interact with others.
> 
> Martin:
> 
> Assuming we have something that represents the notion of 
> security within the RM (which it sounds like it might be 
> building consensus), instead of saying "security" which 
> implies some form of actual security should therefor be 
> present in all SOA's, would you consider that we describe it 
> as a "Security Policy".  This would help cover instances 
> where there is a null security policy in effect.
> 
> I am still not 100% convinced that security is part of 
> service orientation other than the touch point recognized by 
> Anders, Rebekah and Matt.
> 
> Duane
> 
> --
> ***********
> Senior Standards Strategist - Adobe Systems, Inc. - 
> http://www.adobe.com Vice Chair - UN/CEFACT Bureau Plenary - 
> http://www.unece.org/cefact/ Adobe Enterprise Developer 
> Resources  - http://www.adobe.com/enterprise/developer/main.html
> ***********
> 
>