[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [soa-rm] Identity
To understand better the concept of identity, I think we need to make a distinction between design-time and runtime. A service definition/specification defines the service Type (design/development time). It defines an encapsulated piece of software that offers its functionality through well defined end-points. At runtime we should also consider the existence of state associated with the service (NOTE: state here refers to the information that the service is managing at runtime, not the requester-provider conversation state). To use an example, image a bookTicket service. This service has a service definition expressed as a service contract (syntax, semantics etc). We can deploy this same service (definition + implementation) and configure it to manage different set of data. One service to manage the US tickets and one to manage Europe/Asia. Looking at just the service description these services seem to be equivalent. While the service description is important, so is the information/data managed by the service at runtime. The key difference between development time and runtime is that the runtime service has state. Since we can refer to the service and the state together, we could call the runtime service, a service object or service instance. It is these service objects that actually have an identity. George -----Original Message----- From: Duane Nickull [mailto:dnickull@adobe.com] Sent: 10 May 2005 16:17 Cc: SOA-RM Subject: Re: [soa-rm] Identity What about from the Service providers point of view? I definitely think that identifying service consumers is not required in all cases, however service providers have some form of implied identity. The expedia example however does raise the question of would you use the site to book a trip if you could not identify it was Expedia's site? If just before you were going to give them your credit card, it jumped to a different domain name? Identity is implied by the URL resolution process, which in itself places a great deal of security requirements on the entire DNS process. I am not thinking so much in terms of a service consumer as I am the service provider. Ajay made the point in his presentation that it would be mandatory to be able to ascertain to some degree that the service you are going to use is the one you want to use. I would at least like to mention it in the RM as an aspect (perhaps just in passing). To me, the Service description is probably where a service provider could make a statement of claim regarding their identity and perhaps supply a token, even as simple as a URI, to provide proof. anyone else? Duane -- *********** Senior Standards Strategist - Adobe Systems, Inc. - http://www.adobe.com Chair - OASIS Service Oriented Architecture Reference Model Technical Committee - http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=soa-rm Vice Chair - UN/CEFACT Bureau Plenary - http://www.unece.org/cefact/ Adobe Enterprise Developer Resources - http://www.adobe.com/enterprise/developer/main.html ***********
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]