Re: [soa-rm] Identity (Was RE: [soa-rm] Good Recent SOA Piece: "Managing an XML Data Model In Your SOA - Best Practices")

[Ken Laskey <klaskey@mitre.org>]

Excuse me if I sound like I'm beating a dead horse but I think  
everything being said about identity could be equally said about  
security.  I'm not sure how the two fit into the RM but I feel these  
can't be merely pushed off as out of scope.

Ken

On May 9, 2005, at 9:32 PM, Chiusano Joseph wrote:

> +1 on everything you wrote Matt.
>
> Joe
>
> Joseph Chiusano
> Booz Allen Hamilton
> Visit us online@ http://www.boozallen.com
>
>
>> -----Original Message-----
>> From: Matthew MacKenzie [mailto:mattm@adobe.com]
>> Sent: Monday, May 09, 2005 9:29 PM
>> To: SOA-RM
>> Subject: Re: [soa-rm] Identity (Was RE: [soa-rm] Good Recent
>> SOA Piece: "Managing an XML Data Model In Your SOA - Best Practices")
>>
>> Joe,
>>
>> The expedia example is a great one.  System architectures
>> deal with this kind of issue by having a default
>> pseudo-principal that is passed around or assumed in the
>> absence of a  "real" principle.  As important as identity is
>> to most of the enterprise architectures that I encounter on a
>> daily basis, I really am not convinced that the concept
>> belongs in the RM as a core concept.  I wouldn't cry into my
>> beer if it was mentioned in passing...just not up there in
>> lights with "Services" and "Policy".
>>
>> -Matt
>>
>> On 9-May-05, at 9:24 PM, Chiusano Joseph wrote:
>>
>>> Matt,
>>>
>>> Interesting thoughts. My first inclination was to say that we could
>>> consider requiring identity as a component of our RM - i.e.
>> in order
>>> to be in conformance with our RM, identity has to be
>> present in a SOA
>>> "operation" (whatever term we use).
>>>
>>> But what about cases in which a user makes a request
>> anonymously, such
>>> as is done with Web sites? For example, browsing for
>> flights/hotels to
>>> Paris on Expedia.com (like I did today).
>>>
>>> Joe
>>>
>>> Joseph Chiusano
>>> Booz Allen Hamilton
>>> Visit us online@ http://www.boozallen.com
>>>
>>>
>>>
>>>> -----Original Message-----
>>>> From: Matthew MacKenzie [mailto:mattm@adobe.com]
>>>> Sent: Monday, May 09, 2005 8:51 PM
>>>> To: Chiusano Joseph
>>>> Cc: SOA-RM
>>>> Subject: Re: [soa-rm] Identity (Was RE: [soa-rm] Good Recent SOA
>>>> Piece: "Managing an XML Data Model In Your SOA - Best Practices")
>>>>
>>>> Is it true that all future s-o architectures will require identity?
>>>> Can we make that statement?  Do we want to make that statement?
>>>>
>>>> -Matt
>>>> On 9-May-05, at 8:48 PM, Chiusano Joseph wrote:
>>>>
>>>>
>>>>> Just wanted to voice my support for incorporating the
>>>>>
>>>> abstract concept
>>>>
>>>>> of identity in our RM. I also note that this abstract
>>>>>
>>>> concept can be
>>>>
>>>>> mapped to multiple concrete concepts, such as Liberty Federated
>>>>> Identity, SAML tokens, etc. (getting the hang of this RM stuff!)
>>>>>
>>>>> Joe
>>>>>
>>>>> Joseph Chiusano
>>>>> Booz Allen Hamilton
>>>>> Visit us online@ http://www.boozallen.com
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Duane Nickull [mailto:dnickull@adobe.com]
>>>>>> Sent: Monday, May 09, 2005 11:36 AM
>>>>>> Cc: soa-rm@lists.oasis-open.org
>>>>>> Subject: Re: [soa-rm] Good Recent SOA Piece: "Managing
>> an XML Data
>>>>>> Model In Your SOA - Best Practices"
>>>>>>
>>>>>> Sally:
>>>>>>
>>>>>> Good catch.  Ajay is a voting member of this group and I
>>>>>>
>>>> am sure he
>>>>
>>>>>> can submit them to the member submissions area.
>>>>>>
>>>>>> While we didn't take on the gist of the work due to the
>>>>>>
>>>> fact it was
>>>>
>>>>>> very concrete, the abstract concept of identity is
>>>>>>
>>>> probably at least
>>>>
>>>>>> worth a discussion at some point.  Assuming that SOA is a set of
>>>>>> patterns implementable across multiple, unknown
>>>>>>
>>>> environments, there
>>>>
>>>>>> is probably a section in the service description that
>>>>>>
>>>> should be able
>>>>
>>>>>> to make some sort of identity declaration and/or present
>>>>>>
>>>> credentials.
>>>>
>>>>>>
>>>>>> If anyone wants to get into this now, perhaps we should
>> rename the
>>>>>> thread to "Identity".
>>>>>>
>>>>>> Duane
>>>>>>
>>>>>> Sally St. Amand wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Having just read this blog I need to ask if the "identity"
>>>>>>> presentation (made at the F2F) you spoke of on Wed's call
>>>>>>>
>>>>>>>
>>>>>> related to
>>>>>>
>>>>>>
>>>>>>> this same point? I was not at the F2F. Did the presenter
>>>>>>>
>>>> provide a
>>>>
>>>>>>> copy of the slides?
>>>>>>>
>>>>>>> John Harby <jharby@gmail.com> wrote:
>>>>>>>
>>>>>>>     This is an excellent blog entry from Phil:
>>>>>>>
>>>>>>>     http://www.looselycoupled.com/blog/lc00aa00096.html
>>>>>>>
>>>>>>>     On 5/6/05, Chiusano Joseph wrote:
>>>>>>>
>>>>>>>
>>>>>>>> Forwarding a good recent SOA piece[1] for those interested in
>>>>>>>>
>>>>>>>>
>>>>>>>     reading it.
>>>>>>>
>>>>>>>
>>>>>>>> Covers the notion of an integrated data model as a
>>>>>>>>
>>>>>>>>
>>>>>> foundational
>>>>>>
>>>>>>
>>>>>>>     concept;
>>>>>>>
>>>>>>>
>>>>>>>> also presents a 6-layer approach to SOA (about mid-article).
>>>>>>>>
>>>>>>>> Joe
>>>>>>>>
>>>>>>>> [1] http://www.tdan.com/i032ht02.htm
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Joseph Chiusano
>>>>>>>>
>>>>>>>> Booz Allen Hamilton
>>>>>>>>
>>>>>>>> Visit us online@ http://www.boozallen.com
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> ***********
>>>>>> Senior Standards Strategist - Adobe Systems, Inc. -
>>>>>> http://www.adobe.com Chair - OASIS Service Oriented Architecture
>>>>>> Reference Model Technical Committee -
>>>>>> http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=soa-rm
>>>>>> Vice Chair - UN/CEFACT Bureau Plenary -
>>>>>>
>>>> http://www.unece.org/cefact/
>>>>
>>>>>> Adobe Enterprise Developer Resources  -
>>>>>> http://www.adobe.com/enterprise/developer/main.html
>>>>>> ***********
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>>
------------------------------------------------------------------------ 
------------------
Ken Laskey
MITRE Corporation, M/S H305     phone:  703-983-7934
7515 Colshire Drive                        fax:        703-983-1379
McLean VA 22102-7508

*** note change of phone extension from 883 to 983 effective 4/15/2005  
***