[alf-req] Minutes from the 8/31/2005 ALF Requirements Committee meeting

["Kelly Shaw" <kshaw@xxxxxxxxxx>]

ALF Requirements Committee Meeting Minutes

8/31/2005

 

At this meeting we discussed committee logistics, SSON in the example implementation and roles within ALF.

 

Requirements Committee Logistics

 

Discussion: Compuware asked that all communications and discussions use the mail list or the newsgroup. Others agreed. Shaw directed the committee to the ALF website for instructions on how to sign up for the newsgroup and mailing lists.

 

Action Item: Shaw to post meeting announcements to alf-events and alf-req. Shaw to post meeting agendas and minutes to alf-req.

 

Decision: The Requirements Committee will start to use alf-req for all requirements discussions.

 

SSON in the Example Implementation

 

Discussion: The committee decided last week that ALF was not in the user administration business, and that any SSON capability should be delegated to an implementer through a SPI. Serena asked whether it would be a good idea to deliver a SSON example using JOSSO or some other technology in the example implementation. The committee agreed that it would be a good idea, resources permitting, but not for the POC. Instead, we will try to deliver an example for the first release candidate.

 

Action Item: Cognizant to post a white paper summarizing SSON models, JOSSO and Higgins, to the newsgroup. The committee will review the summary to decide if either model would be appropriate for use within ALF.

 

Decision: If time and resources permit, ALF will provide an example SSON capability for the first release candidate.

 

Roles in ALF

 

Discussion: This discussion was led by John Streiff from Secure Software. Most of the discussions centered around a taxonomical description of roles within ALF versus roles within the participating tools. All agreed that ALF was not in the business of mapping roles to permissions within tools. Thus, ALF runtime roles, (as compared to design-time roles) what ever they end up being, have a strict boundary starting at the event broker and ending in the service flow.

 

JS suggested each participant read through the POC use case to see how or whether roles play a part in how the web services are executed within the service flow. All agreed to do so.

 

Shaw asked whether ALF roles should trump tool permissions, and this started a discussion about how or whether ALF roles in any way relate to permission sets within the tools.

 

In the end we came to no conclusions about the role of roles within ALF. We will reopen this subject again during the next call and will hold discussions through the alf-req mailing list.

 

Action Item: All tool vendors will review the POC to see how or if roles play any part in the web service invocation, and whether a trusted relationship could exist between ALF and the tool. All committee members will hold discussions through the alf-req mailing list.

 

Decision: ALF is not in the business of managing tool-level permissions. Runtime roles in ALF, whatever they end up being, have a strict boundary starting at the event broker and ending in the service flow.

Next Meeting

The next requirements meeting will be from 10:00 - 11:00 Pacific on Wednesday, 7 September. Shaw will send the meeting announcement to alf-events and alf-req. Shaw will send an agenda to the mail group alf-req.

 

Kelly Shaw

Sr. Product Marketing Manager

Serena Software

719-457-8811

**********************************************************************

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.