[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Proposal 16: breaking the containment model
I have read the FTF minutes' discussion of proposal 16 and have these thoughts on the matter. First, I need to admit that I don't understand what is meant by "signature transforms to allow signature compartmentalization" and how that would work. It sounds like something that has the potential to make signatures work within the framework currently proposed for requirement 16. However I see another option of how the concept of containment might be transformed in V.Next to support ACL granularity and limit their impact on invalidation of signatures. My thoughts on this center around extending the use of publisherAssertions to provide the mechanism to link all types of keyed entities to each other. This would allow us to do away with containment for all keyed entities and thereby make it easier to satisfy these requirements: - filtering out search results inaccessible in a particular query; - completely separating maintenance of different entities; - supporting service projections (although they can now be deprecated if we choose to allow multi-homed services/bindings); - both publishers control the "inclusion"; - signing the relationship can be supported by adding two signatures ("from" and "to" publishers') to the publisherAssertion structure This solution would entail publishing canonical tModels to represent the relationships between businesses, services, bindings and contacts. It may also provide a way to redesign isOwnedBy and isReplacedBy type of solutions that currently rely on keyedReferences in lieu of publisherAssertion support of uddiKey (vs. businessKey). This would simplify the rather complicated visibility rules discussed in the minutes. With this proposal, it seems that they can be collapsed to just one: if the user does not have access to one of the entities linked by the publisherAssertion, then that publisherAssertion is invisible to the user. Of course, this is in addition to V3 publisherAssertion visibility constraints. I don't really see a plausible way to reconcile ACLs with keyedReferences (to hide keyedReferences with invisible tModelKeys), since - unlike publisherAssertions - they are embedded inside an entity and their exclusion would inevitably break the signature. Perhaps we can add a rule that by signing an entity, the publisher makes the whole entity invisible to all inquirers who have at least one part of the entity hidden from them. This is less of an issue if publisherAssertion linking is used, because references to serviceKeys and bindingKeys become external to the content of the entity. The nice thing about this approach is that appears to simplify implementation by reusing existing schema providing a uniform design for all links across entities. Requirement 27 would also be solved by this. Daniel
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]