| [higgins-dev] Notes from Higgins developer's call on April 24th |
Notes from the Higgins Developers
call on Thursday, April 24.
Attendees
=========
Paula Austel -
Jeff Broberg
CA
* Duane Buss -
Novell
Anthony Bussani -
Greg Byrd -
NCSU/
* Brian Carrol -
Serena
Tom Doman -
Novell
* Andy Hodgkinson -
Novell
David Kuehr-Mclaren -
* Mike McIntosh -
* Tony Nadalin -
Dale Olds -
Novell
Ernst Plassmann -
Uppili Srinivasan -
Oracle
*
Bruce Rich -
*
* Markus Sabedello -
Parity
Jim Sermersheim -
Novell
* George Stanchev -
Serena
* Daniel
Sanders
*
* Brian Walker -
Parity
* Carl Binding -
Tom Caroll -
Parity
Ernst Plassmann -
*
Attendees
Meeting
Notes
=====================_
1)
[Mary] Higgins website update. Continued fine tuning of navigation
(more bugzilla items were entered for wiki nav control mechanism).
Started streamlining of other background text.
[Mary] We are
continuing to fine tune the navigation. There were problems with
the handling of multi-tiered navigation in the Wiki
navigation (two Eclipse bugzilla items have been entered to cover this.
Again as a reminder, the wiki navigation cache seems to be refreshed only
once a day on week days. We have also been working on cleaning up the web
text: making it more consistent and removing redundancies and evolving our
messaging.
2) [Mary] The Higgins
and Bandit projects were given an award at the European Identity Conference
(EIC) 2008 this week for path breaking initiatives for identity
management based on open source.
[Mary] For those of you who
were not at the European Identity Conference (EIC) this week: Bandit and Higgins
won an award for path breaking initiatives for identity management in open
source. Novell
3) [Brian] Please review your 1.1M1
items, if you haven't already done so. Still 55 items
Wednesday evening. See [1] More items are on 1.0.2
list.
[Brian] So some quick
updates relating to the release date. We had planned the milestone
for May 2, but there are national holidays in a key country. So we
have critical resource out. So we
are proposing to push it out. If there are any strong objections. Let me know.
It will give us time to clean up the list. Working with folks to encourage
and facilitate the reviews of the open items.
Hopefully by the end of the week will get all the reviews done We are identifying what can be done in
M1 or moved to M2. So I
encourage others to please go through that list, by end of day Friday if at all
possible. Then I will update the wiki page accordingly to reflect the
revised list. Any comments? requests related to
M1?
[Brian] A
quick comment on the 1.0.2 bug fix release. Right now there are a couple
of interop bugs parked there. There is no release date yet. Goal is to
drive its contents according to the criteria. In the meantime keeping it as
a placeholder. May leave the release date TBD for the next month or
so.
4) [Jim, Paul] Next steps
for “Access Control in IdAS work area”
[Paul]
At the F2F, we talked about a new approach to access control where we would
build the access control policy and model it as entities in the same data model
as regular entities we are trying to protect. S we would start from scratch and
define the semantics we want. We had put out a request earlier for
someone who would take over this kind of work area. Jim had
volunteered and I wanted to pass the baton to Jim.
[Jim] Yes.
This seems like it is going in the right direction. So next steps
are to get feedback on using entities as the policy statements. Then as
long as everyone is good with that, we can start talking about how this actually
looks. (i.e. how the relationships are set up etc.) Paul had mentioned in
a thread that it might be nice to also segregate policy entities from normal
data entities. That reminded me that as we talk about moving to this, we need to talk about the most natural way
for people to view different planes of contexts (e.g. just administration of access
control or administration of the model, or seeing all the people.) So
these need to be hammered out along the way. So I suppose this is the kind
of thing that will need a lot of side discussion so we will need to have several
focused phone calls as part of the design phase. So we need to gather ideas and
when we have enough, schedule an hour phone call. Make sense?
[Paul] That
makes sense for me. We had a wiki page. Need to revisit
it.
[Jim]
Definitely. It gives us history of why we made certain decisions. So that
is my plan - make use of the wiki, keep discussions moving along and keep
momentum by having a weekly phone call or in the area of once a week. Do people prefer Doodle (for scheduling
calls)? Does that work for people or should we just ask for people’s
preferences. Like following the
Higgins developers call.
[Drummond]
(Right after the Higgins call) doesn't work for those on the XDI
TC.
[Jim] Then I
will do a Doodle pole.
[Paul] I have
a bunch of thoughts on this. Seems we would be definitely making some
sub classes, but mostly new attribute types. We were thinking these
would be augmented to the base Higgins model. As opposed as
making it an optional additional profile.
[Jim] That is
what I would assume, but interesting. The only reason I can see for making it
optional is if we have one access control profile. Don’t want to have too many choices and
complications from the application writer's point of view. So I'm in favor of
defining those attributes in the base HOWL.
[Paul]
I can't help noticing when I was doodling about this, the interesting parallels
of link contracts. I began to see access control is really unilateral
statements and they could be thought of as in the future, they could be
generalized, to be bi-lateral and binding. For example: I'm
[Jm} So what we need right
now are simple authorization statements.
But we don’t want to preclude opening it up for more general statements.
There may be just a few architectural decisions that provide for a better path
for more symmetrical statements between Alice and Bob.
[Drummond] Agree with
Paul. I told others at XRI TC. Markus and I and Paul want to see
these things aligned as close as we can to make it easier for everyone. So I
will bring all the thinking we have so far for linked
contracts.
[Jim] Ok. Is there a
definition of a linked contract?
[Drummond] I can send
a link to the list. Will send.
[Jim] I will get organized
and try to shoot for a phone call early next week.
5) [Mary]
[Mary] Now that Mike J is
back from vacation, I have more information on the plan. Microsoft is having a CardSpace event on
the May 22 and the morning of May 23.
They would also like to have a separate CardSpace Higgins meeting either
on the afternoon of May 23rd or on May 21st in which
Higgins and the CardSpace engineers can have a more detailed drill down
discussion of things we would like changed in CardSpace. The CardSpace engineers
at a place in the project plan where they can still make changes. We have talked about having this Higgins
CardSpace meeting be run as a Higgins meeting. Microsoft lawyers are looking into where
they can participate under these rules. Current estimate is there is a 50-50
chance.
[Mike] Even if they aren’t
able to do this, people could still participate as
individuals.
[Mary] Yes, and we will
continue to work on approval for it being a Higgins
meeting...
[Drummond] That is a good.
[Mary] So the question is
whether it is better to have this meeting on Friday afternoon or Wednesday. Microsoft suggested that Friday would be
better as it would be after the discussion in the other meeting (estimated to
have ~60 people.)
[Drummond] Completely agree. But flying out late
Friday may be difficult for some.
[Mike] I was thinking about
Wednesday and also thinking about a separate Higgins F2F.
[Drummond] We don’t want to
conflict with the Microsoft meeting.
[Mary] We could have the general Higgins meeting before the Microsoft meeting. So we could run that on Tuesday and Wednesday. It has been a long time since we has a general Higgins F2F meeting. Some organization we know should be able to find us meeting space in the area.
[Jim] So no overlap between
the Higgins and Microsoft meeting.
[Mike] We could start
Monday afternoon. It is a long way to go for some people.
[Mike] We have an office in
[Mary] I will retire the
last Doodle and create two new ones.
[Jim] We will know today
who we can send. Will also check if we have sales
facilities.
[Mary] I will send out two
doodles. One for the timing of a
general Higgins F2F and the other for the timing of the Higgins-CardSpace
meeting which will be either Wednesday or Friday afternoon.
[Mary] Any other
topics?
[Tony] We
need to discuss the data model again. I don't believe everything is
globally addressable.
[Jim] Don't
think it has to be.
[Paul] We
agree on that one.
[Tony] That
is not what is coming across in any of the notes so far. A context doesn’t need
to have a globally unique identifier. I may have something that I don’t want to
share globally.
[Mary]
Right.
[Paul] We are
in agreement in principle. I will go back and review the wiki to make sure
it is consistent. I will take the task to go through all the wiki pages
again.
[Drummond]
That brings up the issue that these may not be
[Tony] Some
things may already have identifiers. Don’t want to have to rename
them.
[Drummond] We
discussed the in the XRI TC. As long as the syntax is broad enough, allow for
relative identifiers.
[Paul] Can we
just talk about entity id's?
Closely related to context id's. In the data model, which in my
mind is distinct from IdAS, entities have an identifier that is created by a
concatenation of a context id and relative position.
[Tony] Stands
on its own and if want to concatenate them you can. That is how a context
can keep things local.
[Drummond]
That would be a relative
[Paul] Tony
is saying it is up to the context entirely. It could just be a
string.
[Tony]
Yes.
[Paul] Do we
loose ability to discover?
[Tony] Maybe
that is what we want.
[Paul] I
almost wish for a special character to know if it is resolvable. So don’t
have to do a test. Semantic web people have been slamming their heads against a
wall on this issue.
[Paul] So the
first part we agree. Entity id doesn't need to be global or
resolved
[Tony] I
think this is true for contexts.
[Paul]
Contexts need not be globally resolvable. Are you also saying a context id
could just be a string as well?.
[Drummond] I
would argue you want to use the same structure.
[Tony] Could
just be a country code.
[Drummond] Is
the type of the identified just a string so you know the
encoding?
[Paul]
We will need to change IdAS if we want the context string to be just
foo.
[Markus]
Today a context id can be just a string, in which case you look it up from the
configuration file.
[Paul] So
Tony you are proposing a string to be able to represent existing identifiers
today.
[Jim] Would
we describe a parse-able format that I would know as a consumer if this is a
relative or globally resolvable string?
[Paul]That is
exactly the issue.
[Jim] If we
extend the discussion down to the attribute id, it could be relative to the
entity it is on or could name the entity and attribute id, but not the
context. There are various levels
of relative.
[Drummond]
Attribute id could follow the same rules as entity and
context.
[Paul] Tony
is saying a string with no syntax.
[Paul] Tony
is it acceptable to be able to encode +1 512 as a
[Mike] Tony
is traveling.
[Paul] I will
take an action item for the next meeting, I will go through all the wiki pages
and correct for the bias of making it all discoverable. Still talking about using the phrase
Global Graph – taking the lead from Tim Berners-Lee.
-
end...
[2] http://wiki.eclipse.org/CardSpace_wish_list
[3] http://doodle.ch/participation.html?pollId=b52vz6iz2pna3eqq
– now obsolete