Re: [soa-rm] RE: Definition of Reference Model (Was RE: [soa-rm]Definition of "Service Consumer")

[Duane Nickull <dnickull@adobe.com>]

Chiusano Joseph wrote:

>What I think some of us may be grappling with is what you mean by "100%
>convinced", and the bearing of "percentage convinced" on our RM. 
>
Let me paraphrase it this way. 
Q: Is the presence of security necessary in order to define SOA? 
A: I am not sure and I am not sure if anyone else is 100% sure at this 
point.  To me, 100% sure means I would be willing to make a statement 
that I believed to be true.  I am not prepared to say that it is not 
necessary or that it is necessary at this point.  The conversations we 
are having are moving this forward a lot.  Especially in the last two days.

Q: Is Security a core element of all SOA's?
A: No.  Security itself is not core to all SOA's.

Q: Is a "Security Policy" a core element of all SOA's?
A: Possibly, if you consider that a null policy is still a policy.

>I get the strong sense that our TC is now polarized on this - and it is
>going to be very difficult to move forward in a coherent fashion until
>we get broad consensus on which approach we should take moving forward. 
>  
>
I disagree.  I think that the touch point discussed today by Rebekah, 
Anders and Matt identifies that the concept of a "security policy" 
touches the RM.  It is still very early on. I think very few are 100% 
convinced either way.  I would encourage all to keep an open mind at 
this time.

>I also believe that we should still consider the approach of beginning
>with more concrete architectural concepts rather than abstract ones, and
>determining from there what are those concepts that are really vital,
>what are nice-to-have, etc. From that we can perhaps derive our abstract
>architecture. Several of us have voiced support for this approach so
>far, but I know that we have not had an opportunity to consider it
>further amongst all of the wonderful traffic. Perhaps we can give this
>approach some thought at this point?
>  
>
That is what I think we have been doing; at least I have (does anyone 
else think we are doing it differently?).  We are examining all things 
SOA-ish and abstracting up the common elements.  Francis and Ken 
identified the tough challenge which is "how can we examine things that 
are SOA before SOA itself is defined?".  Not sure what the answer is.

I am very pleased with the progress made to date given our TC is less 
than 30 days old.  Can't wait to start getting some of this captured in 
New Orleans.

Cheers

Duane

>Thanks,
>Joe
>
>Joseph Chiusano
>Booz Allen Hamilton
>Visit us online@ http://www.boozallen.com
> 
>
>  
>
>>-----Original Message-----
>>From: Duane Nickull [mailto:dnickull@adobe.com] 
>>Sent: Tuesday, April 12, 2005 6:12 PM
>>Cc: soa-rm@lists.oasis-open.org
>>Subject: Re: [soa-rm] RE: Definition of Reference Model (Was 
>>RE: [soa-rm] Definition of "Service Consumer")
>>
>>
>>
>>Smith, Martin wrote: 
>>
>>    
>>
>>><>I also think security should be a core element:  it may not be 
>>>necessary to have security on trivial, free services, but all the 
>>>interesting cases will have it, and the RM should inform how that 
>>>element will interact with others.
>>>      
>>>
>>Martin:
>>
>>Assuming we have something that represents the notion of 
>>security within the RM (which it sounds like it might be 
>>building consensus), instead of saying "security" which 
>>implies some form of actual security should therefor be 
>>present in all SOA's, would you consider that we describe it 
>>as a "Security Policy".  This would help cover instances 
>>where there is a null security policy in effect.
>>
>>I am still not 100% convinced that security is part of 
>>service orientation other than the touch point recognized by 
>>Anders, Rebekah and Matt.
>>
>>Duane
>>
>>--
>>***********
>>Senior Standards Strategist - Adobe Systems, Inc. - 
>>http://www.adobe.com Vice Chair - UN/CEFACT Bureau Plenary - 
>>http://www.unece.org/cefact/ Adobe Enterprise Developer 
>>Resources  - http://www.adobe.com/enterprise/developer/main.html
>>***********
>>
>>    
>>
>
>  
>

-- 
***********
Senior Standards Strategist - Adobe Systems, Inc. - http://www.adobe.com
Vice Chair - UN/CEFACT Bureau Plenary - http://www.unece.org/cefact/
Adobe Enterprise Developer Resources  - http://www.adobe.com/enterprise/developer/main.html
***********