-----Original Message-----
From: Daniel Feygin
[mailto:feygin@unitspace.com]
Sent: Sat 10-Apr-04 3:11
To: uddi-spec@lists.oasis-open.org
Cc:
Subject: [uddi-spec] Proposal 16: breaking the containment
model
I have read the FTF minutes' discussion of proposal 16 and
have these
thoughts on the matter.
First, I need to admit that I
don't understand what is meant by "signature
transforms to allow signature
compartmentalization" and how that would work.
It sounds like something
that has the potential to make signatures work
within the framework
currently proposed for requirement 16. However I see
another option
of how the concept of containment might be transformed in
V.Next to support
ACL granularity and limit their impact on invalidation
of
signatures.
My thoughts on this center around extending the use
of publisherAssertions
to provide the mechanism to link all types of keyed
entities to each other.
This would allow us to do away with containment for
all keyed entities and
thereby make it easier to satisfy these
requirements:
- filtering out search results inaccessible in a particular
query;
- completely separating maintenance of different entities;
-
supporting service projections (although they can now be deprecated if
we
choose to allow multi-homed services/bindings);
- both publishers
control the "inclusion";
- signing the relationship can be supported by
adding two signatures ("from"
and "to" publishers') to the
publisherAssertion structure
This solution would entail publishing
canonical tModels to represent the
relationships between businesses,
services, bindings and contacts. It may
also provide a way to
redesign isOwnedBy and isReplacedBy type of solutions
that currently rely
on keyedReferences in lieu of publisherAssertion support
of uddiKey (vs.
businessKey).
This would simplify the rather complicated visibility
rules discussed in the
minutes. With this proposal, it seems that
they can be collapsed to just
one: if the user does not have access to one
of the entities linked by the
publisherAssertion, then that
publisherAssertion is invisible to the user.
Of course, this is in addition
to V3 publisherAssertion visibility
constraints. I don't really see a
plausible way to reconcile ACLs with
keyedReferences (to hide
keyedReferences with invisible tModelKeys), since -
unlike
publisherAssertions - they are embedded inside an entity and
their
exclusion would inevitably break the signature. Perhaps we can
add a rule
that by signing an entity, the publisher makes the whole entity
invisible to
all inquirers who have at least one part of the entity hidden
from them.
This is less of an issue if publisherAssertion linking is used,
because
references to serviceKeys and bindingKeys become external to the
content of
the entity.
The nice thing about this approach is that
appears to simplify
implementation by reusing existing schema providing a
uniform design for all
links across entities. Requirement 27 would
also be solved by this.
Daniel
To unsubscribe from this
mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/uddi-spec/members/leave_workgroup.php.