Notes from the Higgins Developers
call on Thursday, July 10
Attendees
=========
Charles
Andres
Paula Austel -
IBM
Jeff Broberg
CA
Duane Buss -
Novell
Anthony Bussani -
IBM Zurich
* Greg Byrd -
NCSU/IBM
* Brian Carrol -
Serena
* Tom Doman -
Novell
* Andy Hodgkinson -
Novell
Valery
Kokhan
- Parity Ukraine
* David Kuehr-Mclaren -
IBM
* Mike McIntosh -
IBM
* Tony Nadalin -
IBM
Dale
Olds -
Novell
Ernst Plassmann -
IBM
Uppili Srinivasan -
Oracle
*Drummond
Reed -
Cordance
* Bruce Rich -
IBM
* Mary
Ruddy
- Meristic/SocialPhysics
Markus Sabedello -
Parity
* Jim Sermersheim -
Novell
* George Stanchev -
Serena
Daniel
Sanders
* Paul
Trevithick -
Parity/SocialPhysics
* Brian
Walker
- Parity
Jeesmon
Jacob -
Parity
Carl Binding -
IBM
Tom Caroll -
Parity
Ernst
Plassmann - IBM
Mohamad - Oracle
Hank Malden -
Cicco
He Yuan Huang (York) -
IBM
* Attendees
Meeting
Notes
Time: noon
EDT (1700
London; 1800
Vienna,
Paris, Berlin)
Dial-in:
1-866-362-7064 / 892048#
1. [Brian] 1.1M3 (25 July
Target Date, July 23 Lock Down Point)
[Brian] No major
updates. Still pushing to target
the 25th of July with lockdown on July 23. Over the next few weeks will drill down
hard on the list. No major updates
since last week.
2. [Brian] Nightly
Auto-Test
- Met with Buckminster
again.
- Now looking for
support for using the Higgins STS as a guinea
pig.
[Brian] Had a good meeting
last week with Buckminster to compare notes on the auto build process. Summarized these points on the wiki
page. The net-net is to go through
a scoping exercise to see if we can leverage the Buckminster auto build platform
and see what extensions might be needed.
Since Mike had volunteered to have the first component tested, the next
step is to have Thomas H. engage with Mike.
[Mike] No link to wiki page
in agenda. What am I supposed to do
to get engaged?
[Brian] If you give us the
thumbs us. I will
arrange.
[Mike] The thumbs are
up.
[Mike] Are we limiting this
to testing or build stuff as well?
[Brian] The long term is
auto test on top of the build platform.
[Mike] I would prefer to
leverage someone else’s.
[Brian] 100% agree. So if we are going to
leverage the Buckminster base line…
[Mike] Milestone 3 is in
two week, and we might break things. It looks like a branch may have to happen
so I can do the Buckminster work without breaking current
stuff.
[Mike] I don’t fully have a
grip on what we need to do to have the Buckminster related test to work. Before we get off the ground, we may
need to have a Buckminster related build.
I doubt it will be backwards compatible with the Valery
build.
[Brian] If we are gong to leverage a broader
tool, we need to know what we would need to do to use their build tool. The end goal is to move more rapidly on
to using auto test.
[Mike] Another goal is to
get out of the build and test tool business from a Higgins
perspective.
[Paul] Definitely, if
possible.
[Brian] I will take it as a next step to get
you and Thomas together.
[Mike] I try to stay on IRC. Or you can send me an email.
3. [Brian &
David] Internationalization
[Mary] Next is Brian and
David on Internationalization. Both
are on the call.
[Brian] I’ve been keeping
the wiki status up to date. Last
week we talked about the proposed phased plan. Prakash sent out a note on some JNDI CP
internationalization work he did.
[Brian] David, any
additional commentary?
[David] This does introduce
a dependence on the OSGI jar file. Can do without it , but it provides a
performance improvement. At this
point we are looking for feedback from other folks.
[Paul] I would be
interested to know what the Novell guys think about that dependence. A lot of
the need to build without Eclipse jars was driven by
Novell.
[Mary] There are Novell
folks on the line.
[Jim] I’ve never been
excited about having Eclipse dependencies. There are many audiences. One
downloads Higgins code and builds it.
Another audience is those who just need to download jar files and consume
Higgins components. For those people there are already a lot of dependencies
anyway. I guess it doesn’t matter anyway for deployment. Does it require an install of
Eclipse or just to have other Eclipse libraries present? What is the overhead if
someone is staring from nothing? What is the experience?
[David] The dependency jar
needs to be shipped and used in the build.
Doesn’t require anything else.
[Jim] It is the same issue
with any other dependency jar.
Can’t build our other components without the dependency jar.
[David] An open question is
how easy it is to get that jar.
[Jim] Can we just
distribute it?
[Mike] We’ve never had to
think about this before. When we do
ship this, do we mention that Eclipse provided this?
[Mary] We need to declare
everything and where it came from.
[Mary] It might not come
from Orbit. It may come from
another project.
[Jim] If the user experience is that I
download stuff, and boom use the ant scrip. I don’t have a problem with
that..
[David] We will go back and check and report back
if that is not the experience. The
trade off is a performance hit to pay if we don’t use this.
4. [Greg, Markus]
Adding contexts dynamically to the IdASRegistry
[Paul] Mary, are the people
on the call?
[Mary] Greg is, Markus
isn’t
[Greg] I had a conference call. Other then the email I sent to the dev
list, nothing more has been done
[Jim] No more to
contribute. I like the
idea.
5. [Paul] IdAS
Access Control
[Paul] Next topic. As
agreed on the last call, I’m supposed to take some real use cases and model
them. Imagine an HR directory where ordinary people can read 3 attributes. And
special people, members of HR, can edit all three. Regular people can edit the
first two but not their employee ID.
[Paul] I added a link to
the picture.
[Paul] The blue nodes are
the various people in the directory.
The lower left blue node….
..Actually only 3 managers in the HR manager’s group. In the upper left, one blue entity, that
is Alice. Alice has her full name,
literally a simple attribute. The
Alice entry is an employee. Full
name, email and employee ID are the black dots. I drew the picture. It is interesting to
note that it is largely not necessary for them to be instantiated like that.
What is important is the policy node P1.
It consists of subject pointing to this group. Anyone who is in the employee group is
the subject through extension.
[Jim] How does the node get
enforced? How does the policy know
that it applies to the members of the group rather than the group itself? What makes that logical
link?
[Paul] Great question. One of the things we talked about, want
to have the ability to aggregate resources. So here we’re looking at the example of …
When an operation comes into the IdAS layer it has to examine the available
policies. It identifies P1 and it
evaluates that node. It finds that
the subject of that policy is all employees. Then the code would have to take
the authenticated client, the consumer of IdAS and see if that entity is one of
the members in that group.
[Jim] How did it know that
the subject is all employees? Is there something special about
group?
[Mike] I think Jim is
asking should we have group and subject access policy.
[Jim] That is one way. You have different types that point to a
resource. You could instead of having a single subject, have a group subject,
etc.
[Paul I like that. I think Mike is saying a similar
thing. So we qualify
it.
[Mike] There is one subject per policy. Are these potential lists?
[Paul] Yes. We have been thinking that there can
be multiple subject links. There are subclasses of operations. Obviously the
reason we didn’t connect P1 to all the dots is that would be tedious work and
would need to be maintained. But we
had talked about there being multiple subject links. I like the idea of sub classing the
subject link.
[Jim] Then I think the obvious next link would be
a lot of systems allow for a semantic group where the membership is dictated by
a filter, rather than manually.
[Paul] So that is exactly right. We are just at
the beginning of a long journey. I just took one link off and see how
interesting that discussion is. As I was working on this, there were so many
questions. Are they going to be Turing Complete, etc. I’m trying to put in as little as
possible.
[Jim] What I just mentioned, we could add
later.
[Paul] I was just trying to make a meta point. We
are exploring use cases, and exploring a meta point. For example the resources are attribute
typed. I had to go back and keep track of all the requirements that fall out of
the use cases
[Jim] So I think the only thing we really added is
the notion of doing to the subject pointer what we did.
[David] So you would envision an evaluation or
filer subject later. Needed to make
sure we can accommodate this from a scaling perspective. There could be
thousands of things.
[Paul] For performance purposes we may want some
of these to be inverses. For example I introduced member of… We can talk about invert
rules.
[Drummond] So could go from individual to
group.
[Paul] So I defined in the data model the member
of attribute is the inverse of member.
They are reciprocal.
[Paul] I hope it is self evident. The lower
picture is pretty much the same except that there are 3 arcs.
[Mike] I guess some entity may come along and
attempt to perform an operation on a field. The arrow going to the field from
the access control policy, the way it is drawn you need to go through the rules
of each policy to find the operations that need to be allowed.
[Paul] One design criterion we have is not to
adorn actual data with access control meta data. So you have a clean separation
of policy and data. But, the down
side is you have to invert the pointer if you want that information. That is not
to say that a particular implementation may not do the inverse and store the
policy.
[Mike] That is the question. What is the usage
model?
[Mike] Do you have discretionary access control,
where you specifically exclude modify from a group?
[Paul] We believe we need that, but it wasn’t in
this use case.
[Paul] I’m only doing this work for two reasons.
Parity has a need for some of these use cases, and other people haven’t stepped
forward. I don’t believe I’m the
best person to work on this. If someone wants to step forward…
[Mike] If you have the time, you are the right
person.
[Paul] It also raised the point that every
entity has to have a type attribute. As I was looking thought the slides, it
doesn’t say that.
[Mike] I think I’m missing something from this
picture. The pointer goes from the
file name attribute. Is it possible that it will be used for enterprise full
name or some other full name.
[Paul] That is exactly right. That is the biggest learning. Because
the data model supports first class attributes that can be used on multiple
classes. You could have two different classes that both use the same attribute
type. As a consequence, just
pointing to an attribute is insufficient. You need to indicate both the type of
the attribute and the subset of entities that hold that attribute.
[Jim] I was looking back, everyone gets to edit
their own. [Rather than an employee
can edit any employee‘s full name and email.]
[Paul] You are right, that is totally
wrong.
[Jim] There are two things…
[Mike] If we expressly model as entity and have a
way of pointing as an attribute on an entity…
[Jim] You have access to edit any email
address on any person’s email.
Or your email address. You don’t want to have to make a
statement that each person can read their own email. Need a read self operation..
[Paul]That, read self, is exactly what we came up
with.
[David] If use read self, need read self for each
role type.
[Paul] We can split P1 into 2. One that is me and one that is regular
[everyone]. We can do the whole thing with just two policies.
[Jim] Why are we putting this? There is still a subject and a
resource.
[Mike] The issue is that we don’t want for each
occurrence to have to create a Jim can read Jim’s attributes.
[Jim] What is wrong with read self?
[David] Self is a type of relationship for each
self (manager, employees.) you would have to have another permission for each
type of relationship.
[Paul]
Since we are running out of time and want to leave room for Mary, I will
take this input and make a second pass. I think we learn things by actually
trying to do them.
[Jim] A third one, if had a virtual entity that
represented oneself……
[Paul] I have the feeling that it is wonderful to
have the people on the call chiming in and helping, I have the feeling that
maybe we could make some outreach to others who have expressed an interest, like
Phil Hunt. Now is the time to get
different perspectives. How do
people feel about reaching out?
[positive].
6. [Mary] New
Open Role Exchange Forum created
[Mary] Historically each
application developer has created their own roll based access control (RBAC)
approach and a segment of the software industry has developed to provision and
maintain these and make them work together. A new organization has been created called the Open Role
Exchange Forum to work with existing partial standards in this area to create a
more standard approach. See the
link to the call for participation in the agenda.
[Mary] Are any of you or your companies already
involved with or investigating this initiative?
[Paul] Is the issue here, why roles are limiting?
[Tony] Have gone to attributes which will
support roles in a certain way, they are limited. This will cause us more grief. We
already have attributes as a way.
[Tony] Roles cause all sorts of problems when you
try to aggregate them.
[Paul] That is fascinating. What do other
think?
[Drummond]
I agree. Attributes are the most powerful way to
go about it.
[Paul] So you would say let them do their
thing.
[Tony] Our’s is more powerful. Especially if get down to verified
attributes. Need to get down to that level anyway.. It won’t be at the group
level
[Paul] All the same does anyone what to listen in?
Info in the link.
[Tony] This is a pitch for SalePoint’s
technology.
[Paul] We are out of time and will continue the
next two topics next week.
7. [Mary] Home page
design update
- New MediaWiki skins
still on hold following Ganymede - will be a couple more weeks before
Eclipse can get back to this.
8. [Paul] Next
F2F?
- Suggestion: Just before
DIDW (Sept 8-10)
DIDW:
http://public.cxo.com/conferences/index.html?conferenceID=24