[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
[higgins-dev] What is a relationship? (was whoami (was [IdAS] Context open/close semantics))
|
What is the semantic intent of the "relationship" construct between
IDigitalSubjects? Is it:
1. Meant to convey some association to other distinct IDigitalSubjects?
As in, Jim has a coworker relationship with Tom.
2. Meant to associate distinct personas of a single IDigitalSubject?
As in, Tom has a "work" persona and a "home" persona.
3. Both?
I ask for this clarification for a follow to the ContextRef+CUID
discussion which is right in line with my e-mails about "Unique
Identfication of Amalgamated Digital Subjects". I see this discussion
as just another case where we have to work out unique identification
issues.
Thanks,
Tom
>>> "Jim Sermersheim" <jimse@xxxxxxxxxx> 8/11/2006 6:15 PM >>>
>>> Greg Byrd <gbyrd@xxxxxxxx> 8/11/06 1:07 PM >>>
>
>Yes, I (mostly) agree. (It's possible in some cases to detected this
>hijacking -- e.g., using the
>JAAS getSubject call -- but in general it's not possible. So passing
>IContext instances around
>should be avoided.)
>
>I looked through the API to see if there were places where we return
an
>IContext:
>
>IContextFactory.createContext -- of course
>IDigitalSubject.getContext -- this is supposed to "return the Context
>that contains this DigSub"
>
>Should this second one return:
>(a) the actual Context instance that created this DigitalSubject
object?
>(b) a new (unopened) Context instance?
>(c) a ContextRef?
Safest (and probably easiest to implement) would be a (c). (a)
exposes
the security risk, and (b) causes IDigitalSubject to act a bit like a
context factory. I think (c) is manageable from a consumer's POV.
>We do have methods that return IDigitalSubjects, via
>SubjectRelationships. These DigitalSubjects
>may be from different contexts. Should the relationship instead
return
>a reference to a DigitalSubject,
>as in ContextRef+CUID?
I mentioned (or meant to mention) this once before as something that
seemed like it needed to change. IContext has relationships with other
IContexts via their contextRef (extends hasRelationships<URI>),
whereas
IDigitalSubject extends hasRelationships<IDigitalSubject>. I prefer
what
you said above (IDigitalSubject having relationships to
ContextRef+CUID
pairs).
>In other words, if I follow a relationship from a Subject in my
opened
>Context to a Subject that
>belongs to a different (unopened) Context, and then do getContext on
>that Subject, what should I get?
Right, and do you even get the DS back? I mean, without an open
context, how is it obtained (using what identity for authN/authZ?)
>My opinion is that getSubject should return a ContextRef,
Typo? Do you mean "getContext should return a ContextRef"?
>and that
>SubjectRelationship should return
>Iterable<IDigitalSubjectRef>.
I still prefer the ContextRef+CUID pair.
Jim
