Farrukh, (01)
I see your interest/purpose in the hosting aspect for a CIO Council (US
Federal) SOA demo. (02)
Your work (03)
http://ebxmlrr.sourceforge.net/tmp/SOAGovernanceWithServiceRegistry.pdf (04)
shows a justified interest in the substance of information structure as
found in a repository (and pointed to using a registry). (05)
Are you familiarity with OASIS FERA *federated enterprise reference
architecture* ? Also are you familiar with the OASIS BCM *business centric
methodology*? (06)
I simple yes or no would help me communicate with you. (07)
The BCM is more important to me at the present, and the four layers of the
BCM model is my focus - because of the issue of conceptualization of the
internal transactions (services) within an enterprise. How can clear
conceptualization at the local level be separated from a clear
conceptualization at the global level? (Otherwise one can not control one's
boundaries?) (08)
The BCM conceptual layer hides something that I need to make explicit,
(David Webber - please correct me if I make a mistake here). (09)
The BCM conceptual layer is "only" about the internal transactions
(services) of a specific entity. Boundaries exist between the specific
entity and others in the business environment and are needed. But in many
cases the IT orientation produces the wrong boundaries. Interoperability is
then seen as being imposed from above (by IT). (010)
The solution is to see that many individualized conceptual layers are merged
to produce the BMC business layer. This many localized realities forming a
global reality is seen also in chemistry (as pressure fro example). (011)
This relationship between many individual conceptual layers and a global
common (emerging) conceptual layer is one that was of interest to soviet
cybernetics: (012)
http://www.bcngroup.org/area3/pprueitt/kmbook/Chapter6.htm (013)
where a combination of Mill's logic and Peircean viewpoints produced a
"stratified" theory similar to the stratification between a science of atoms
and a science of chemistry. (014)
The registry is "merely" an index on a set of tokens and thus the use of
these (metadata tokens) to point at and organize access to the real data
(often data about a model of data) residing in repositories - can be loosely
(not strongly) coupled to purpose. (015)
Flexibility/agility can occur if one lifts the "semantics" off of the
registry (by ignoring) and create a harvesting process that observes how the
use of repository maps relate to the conceptualization of the (016)
1) Internal transactions (local) of a single entity (the BCM conceptual
layer)
2) Domain centric (global) synthesis of all conceptual layers (017)
How can this be done as a general methodology? Two approaches (018)
1) identify the exceptions and fix (leading to more complicated information
structure) (019)
2) establish a stratified approach that seeks to decouple semantics from
invariance and to then allow pragmatics to aggregated a set of invariance to
resolve a specific issue. (020)
Farrukh, (021)
Do you agree with these notions? Some of them? (022)
-----Original Message-----
From: soa-forum-bounces@xxxxxxxxxxxxxx
[mailto:soa-forum-bounces@xxxxxxxxxxxxxx] On Behalf Of Weiland, John R.
NMIMC GS
Sent: Friday, March 24, 2006 7:00 AM
To: 'Service-Oriented Architecture CoP'
Subject: RE: [soa-forum] Secure Web Service (023)
No controversy here Farrukh. (024)
+1 (025)
John R. Weiland
Information Technology Specialist
GS 2210 (APPSW) Code 07 Navy Medicine OnLine
Chair, DoN CIO Business Standards Council (026)
Naval Medical Information Mngmt Cntr
Bldg 27
8901 Wisconsin Ave
Bethesda, Md. 20889-5605 (027)
301-319-1159
JRWeiland@xxxxxxxxxxxxxxx
http://navymedicine.med.navy.mil
"GIVE ME A PLACE TO STAND AND I WILL MOVE THE EARTH"
A remark of Archimedes quoted by Pappus of Alexandria (028)
-----Original Message-----
From: soa-forum-bounces@xxxxxxxxxxxxxx
[mailto:soa-forum-bounces@xxxxxxxxxxxxxx] On Behalf Of Farrukh Najmi
Sent: Friday, March 24, 2006 9:01 AM
To: Service-Oriented Architecture CoP
Subject: [soa-forum] Secure Web Service (029)
I am taking liberty (pub intended) to change the subject of thread to
reflect the focus on secure web services. (030)
I support Mark's comments below. I see Liberty, OASIS SAML and OASIS
Web Services Security (WSS) , OASIS XACML
as key specs to support in our work to demonstrate Secure Web Services
using established standards rather than proprietary
alternatives. This should be as non-controversial as motherhood and
apple pie I hope :-). (031)
This is the only way for multiple products to inter-operate and to avoid
vendor lock-in (032)
--
Regards,
Farrukh (033)
Mark O'Neill wrote:
> Just a short email just to add to some of the points in this email thread
>
> - Amazon should certainly be commended for making authenticated Web
Services
> live, but I wouldn't recommend copying their authentication model. They
have
> re-invented some items which are present in WS-Security, for example the
> UsernameToken. I spoke about this at the RSA conference - see slides 33 to
> 36 in this slide deck for some analysis of Amazon's authentication model
> (http://www.vordel.com/downloads/rsa_conf_2006.pdf) . Putting tokens into
> proprietary fields in the XML, and using these for authentication is, in
my
> view, a re-invention of the WS-Security wheel.
>
> - Vordel's products are being used for management and security of
> inter-departmental Web Services for a European govt. My lessons, from
> working on the implementation of this, were that: (1) A variety of
> authentication methods should be provided to the client: from HTTP-Auth
over
> SSL up to WS-Security token-based Auth. You can always give varying access
> depending on the authN that was used, but my lesson was that you can't
force
> one particular AuthN method on the client [unless your architecture
includes
> an "onramp" client-side device like they have in the UK with their "DIS
> box"]. (2) Following AuthN, you must insert tokens into the messages in
> order to persist the security context. This is where SAML and
WS-Federation
> come into play. In the case of some platforms, such as WebLogic, these
> tokens can be used to pass the user context (and/or Roles etc) to the
actual
> Web Service endpoint (3) PKI integration and, just as important, Web
Access
> Control policy server integration is vital.
>
> (034)
_________________________________________________________________
Subscribe/Unsubscribe/Config:
http://colab.cim3.net/mailman/listinfo/soa-forum/
Shared Files: http://colab.cim3.net/file/work/soa/
Community Portal: http://colab.cim3.net/
Community Wiki: http://colab.cim3.net/cgi-bin/wiki.pl?AnnouncementofSOACoP (035)
_________________________________________________________________
Subscribe/Unsubscribe/Config: http://colab.cim3.net/mailman/listinfo/soa-forum/
Shared Files: http://colab.cim3.net/file/work/soa/
Community Portal: http://colab.cim3.net/
Community Wiki: http://colab.cim3.net/cgi-bin/wiki.pl?AnnouncementofSOACoP (036)
|