| [higgins-dev] Notes from Higgins Developers call on July 3, 2008 |
Notes from the Higgins Developers call on Thursday, July 3
Attendees
=========
Paula Austel -
Jeff Broberg
CA
* Duane Buss -
Novell
Anthony Bussani -
* Greg Byrd -
NCSU/
* Brian Carrol -
Serena
* Tom Doman -
Novell
Andy Hodgkinson - Novell
* David Kuehr-Mclaren -
Mike McIntosh -
* Tony Nadalin -
Ernst Plassmann -
Uppili Srinivasan -
Oracle
*
Bruce Rich -
*
* Markus Sabedello -
Parity
* Jim Sermersheim -
Novell
* George Stanchev -
Serena
Daniel
Sanders
* Paul Trevithick -
Parity/SocialPhysics
*
Carl Binding -
Tom Caroll -
Parity
Ernst
Plassmann -
* Mohamad -
Oracle
* Hank
Malden
* Attendees
Meeting
Notes
Agenda
. [Brian] 1.1M3 - 25 July is the target date
[Brian] Quick update. Sent an email out last night. M3 is the next milestone. Targeted for July 25. You can go to the project page and get a link to the bugzilla candidates. If you know that an item is not getting done, move it off to M4. Monday July 23rd is the lock down point. If not done by then you or I will push it off. I will keep the wiki page updated and accurate to reflect what is planned for inclusion in M3.
2. [Brian] Nightly
Auto-test
[Brian] We had a call a few
minutes ago with Thomas H. from Buckminster as well as Valery and Peter in
1) Continue to roll our own
and build test on that. Or
2) Collaborate further on
that and extend the Buckminster build process and leverage the test tools used
by some other projects. This would
be more of a community approach.
The next step is to
follow-up with Mike to see if from a build perspective we could do a scoping
exercise on the
3. [Brian &
David] Internationalization
[Mary] We have both Brian
and David on the line for the next topic.
[Brian] David and I met on
Wednesday to see where he is on his specific project deliverable. And about what the next steps (phases) we
should go through. We will start
with David’s IdAS as pilot. Once we
are through with that pilot and have discerned the learnings, then we will go
into phase 2 and identify several other Higgins based components and apply a
similar or revised process to the next round of prioritized Higgins components.
I outlined this in a wiki page update.
[Brian] Need to make sure people review the
notes and speak up during this phase.
The intent is that we clarify what we do for the other components that
will follow. Need to speak now or
hold peace.
[David] Will do this for one of the IdAS components and post it for review with notes, and see if folks have any concerns. Then progress from there.
4. [Greg, Markus]
Adding contexts dynamically to the IdASRegistry
[Paul] Sounds good. The next thing I added to the agenda.
So Greg, you have a summary for the
group?
[Greg] There are 2 parts of
this. The first is to have a
configurable component tell you what its parameters are. The next step for that is if you know
what they are you can change them.
So making this writable is the next step.
We had some nice discussions, in the archive. If people, want to reawaken this topic,
we could open it up.
[David] What we are tying
to accomplish is to write a
management interface; to be able to change
it without having to restart a product.
We are very interested in reviving this discussion.
[David] What is the best
way to do that?
[Greg] Through the dev
list. To restart by saying what the
requirements are. I will try to
resuscitate what I had said about the settings before.
We just need to kick start this.
There is the description, making dynamic changes, and writing out a
configuration to some sort of persistent, human readable form. Those are the three pieces of the
process.
[Paul] Greg it might be
helpful to put that on the list to get people headed in the right
direction.
[Greg] I will find the
stuff and get this moving again.
[David] I may send you notes off line to get this
together…….
5. [Paul] Versioned
solution pages
[Paul] A polite reminder, to update your Solution wiki pages. As we get an increasing number of users, having good wiki doc will keep them off your back while you are trying to work. Want to thank Paula for updating her Solution. It is now versioned. That is the format that we are using. Just a gentle reminder to those named to update their solutions…so they re versioned accurately
6. [Paul] Revised
representation of access control policy
[Paul] I created a wiki
page to talk about a proposal. Lets take a look at the wiki page together… I
hope everyone can see the pictures.
The two at the top are examples of what we are proposing to do. E1 is granting E3 permission to do an
operation. The idea is you can add
more subjects and more resources to the operation but that all need to
apply. From a simplicity point of
view you can express the same thing with just 2 arcs (rather than 3) by
sub-classing the operation – see bottom picture.. This was motivated by the simple
example, and is simpler. So it
seemed to have merit. I want to
open this up [for discussion]. Is
this a good direction? Or does this
just look good because the examples are simple…
[David] Can the E3 subject be a group?
[Paul] Yes, it can be any kind of agent. It allows RBAC by letting E3 be a group.
[David] The E1 can it also be a group?
[David] Jim was asking that same question.
[Paul] My quick reaction, is would need to qualify the arcs that come out of E1. I think what David was talking about is a natural aggregation relationship. In the case of E3 being a group, there would be a specific arc over which the policy would be transitive. If we desire to do what David says allow aggregation on the E1 side, we need to be explicit about the arcs that it is transitive over…
[David] There are hierarchies on both sides. Organization and resource hierarchies and groups…Those are both scaling mechanisms.
[Paul]Great. I will take an action item to explore this, and what kinds of attribute arcs this would apply to.
[David] My last question then: is there a way to create a policy with multiple operations?
[Paul] Just put this up as a possible framework, We can define sub-attributes like subclasses.. We could define combinations. You could define an attribute that is for an example: read and modify. Then with one attribute, you have chosen a fixed combination. Maybe you had something more elaborate in mind?
[David] Need to think about that, i.e. having a set of permissions
[?] Paul is talking about the need to have negative assertion. Lack of an arc is lack of permission..
[Paul] Normally to do CRUD, you would have 4 arcs. Create, Read, Update and Delete.
[?] That would also allow us to have new permissions.
[David] If I wanted to have an editor’s policy, it would have two arcs. Read and Update.
[Paul] We reserve the right to revert if it turns out that this doesn’t scale.
[Jim] I never saw the first approach as having 3 arcs. I saw it as two arcs, and operation listed as attribute values.
[Paul] That is the upper picture approach.
[Jim] I never though of the attribute value being an arc.
[Greg/David] It is.
[Hank] In the second picture, what do you loose by not referring to the resource specifically?
[Paul]…..
[Hank] You obviously need to in some way define resources. Do you look…
[Paul] I believe them to be semantically equivalent.
[Drummond] So are triples both ways. Top has 3 triples. Bottom has 2 triples. My feedback is the two triple approach is more efficient to process
[Hank] Thank you.
[Jim] When I look at this, I have an assumption. On the top picture one policy would govern one subject and one resource and allow N statements. So for example I can see very easy how to say Bob has read access to Mary’s attribute. Now I’m supposed to create two policies?
[Paul] One policy. Multiple subjects, operations and resources,
[Jim] So I could have one policy that covers everything.
[Drummond] Could have multiple arcs with different permissions on the same or different resources. I like that having established a policy that covers a lot of resources, you can add more subjects.
[Jim] Bob and Frank have Read access to Mary’s hat size and write access to Joe’s phone number. When you think about allow and deny arcs, all these are operation arcs are either granting or denying to a subject.
[Drummond] The assumption was that this was all “allow”, but it could also be “deny”.
[Paul] I thought we would have “not read”.
[Drummond] That is deny.
[Jim] There are two ways to do that. Not sure which is more natural.
[Paul] Semantically the pictures are the same. But it gets more complicated, when the example gets more complicated. Maybe I need to provide more examples for people to give feedback on the differences.
[Jim] We should have a list of natural language policies. I wonder if we had a list of those to use as list to be applied…
[Paul] Are there any volunteers for next week? This could be 10 minutes of work.
[Jim] I can try to stub this out using the access control wiki.
[David] I have some use cases I can put up.
[Paul]Send your use case to Jim. We should stop now. We should continue this after we have the use cases. Question: how do you know who has management rights to which policy object? I roughed out a managed by property. Jim, I think you have thoughts on that too.
[Jim] It looks so easy, why can I not just have a “readable by x”?
[Paul] We actually started there, but when I read up on XCAML, it is really nice to separate policy form data. It frees the implementers from needing to express the policy stuff.
[Jim] Why are we not just reusing policy on policy?
[Paul] Ah, recursion. Just wanted to surface…. Not using policy to manage policy.
[Paul] I will try to work on that for next week.
[Jim] The email I sent out was a walk through from time zero.
[Jim] I can commit to participating, but not to writing this up.
[Paul] I will try to draw more pictures for next week.
7. [Mary] Home page
design update
[Mary] Based on last week’s
discussion, we published the revised banner. Then we had a discussion on the dev list
about adding new text at the top, and
published this new text. We have
also continued to make fixes to formatting and address browser
specific issues as they are
identified. Please keep providing
feedback when you find things.
[Mary] We are also working
on 3 longer term areas: Developing additional content for the
Iceberg section, coming up with a plan for upgrading the download pages, and
supporting a wiki skin that looks like our new web look and feel.
[Mary] Paul, Brian: do you
have an update on the download pages?
[Brian] We are taking an
iterative approach. There is more
work to be done before bringing the next iteration
forward.
[Mary] The new wiki skin is on hold until the Eclipse wiki/web master resurfaces following Ganymede.
8. [Paul] Higgins
and FC2 Consortium
[Paul] I finally wrote up
my notes from the meeting. They are
published. It was a whirl wind
tour. It was a lot of ground to
cover. Everything was discussed at
a very high level and [therefore] imprecisely. Their use cases are fairly complex. They
want to use Higgins as the integration framework for French citizens for
anything from registering to vote, to changing a bank balance. There are three constituencies:
Governments, Banks and Telco’s. Some use SAML. Some are more attracted to using
WS-trust. The consortium is funded,
and up and running. They are
evaluating Higgins as a potential technology to make a consistent user experience under
the hood. I’m hoping they reengage
with us to figure out how to go forward.
[Paul] We’re at the end of
the agenda. Any other
items?
[Silence]
[Paul] Have a good holiday
for those in the
[Paul] Mary, thanks for
taking the notes.
-End