| [higgins-dev] Notes for July 10th Higgins Developers Call |
Notes from the Higgins Developers call on Thursday, July 10
Attendees
=========
Paula Austel -
Jeff Broberg
CA
Duane Buss -
Novell
Anthony Bussani -
* Greg Byrd -
NCSU/
* Brian Carrol -
Serena
* Tom Doman -
Novell
* Andy Hodgkinson - Novell
* David Kuehr-Mclaren -
* Mike McIntosh -
* Tony Nadalin -
Ernst Plassmann -
Uppili Srinivasan -
Oracle
*
* Bruce Rich -
*
Markus Sabedello -
Parity
* Jim Sermersheim -
Novell
* George Stanchev -
Serena
Daniel
Sanders
*
*
Carl Binding -
Tom Caroll -
Parity
Ernst
Plassmann -
Mohamad - Oracle
Hank Malden -
Cicco
He Yuan Huang (York) -
* Attendees
Meeting
Notes
Agenda
Time:
Dial-in:
1. [Brian] 1.1M3 (25 July
Target Date, July 23 Lock Down Point)
[Brian] No major
updates. Still pushing to target
the 25th of July with lockdown on July 23. Over the next few weeks will drill down
hard on the list. No major updates
since last week.
2. [Brian] Nightly
Auto-Test
[Brian] Had a good meeting
last week with Buckminster to compare notes on the auto build process. Summarized these points on the wiki
page. The net-net is to go through
a scoping exercise to see if we can leverage the Buckminster auto build platform
and see what extensions might be needed.
Since Mike had volunteered to have the first component tested, the next
step is to have Thomas H. engage with Mike.
[Mike] No link to wiki page
in agenda. What am I supposed to do
to get engaged?
[Brian] If you give us the
thumbs us. I will
arrange.
[Mike] The thumbs are
up.
[Mike] Are we limiting this
to testing or build stuff as well?
[Brian] The long term is
auto test on top of the build platform.
[Mike] I would prefer to
leverage someone else’s.
[Brian] 100% agree. So if we are going to
leverage the Buckminster base line…
[Mike] Milestone 3 is in
two week, and we might break things. It looks like a branch may have to happen
so I can do the Buckminster work without breaking current
stuff.
[Mike] I don’t fully have a
grip on what we need to do to have the Buckminster related test to work. Before we get off the ground, we may
need to have a Buckminster related build.
I doubt it will be backwards compatible with the Valery
build.
[Brian] If we are gong to leverage a broader
tool, we need to know what we would need to do to use their build tool. The end goal is to move more rapidly on
to using auto test.
[Mike] Another goal is to
get out of the build and test tool business from a Higgins
perspective.
[Paul] Definitely, if
possible.
[Brian] I will take it as a next step to get you and Thomas together.
[Mike] I try to stay on IRC. Or you can send me an email.
3. [Brian &
David] Internationalization
[Mary] Next is Brian and
David on Internationalization. Both
are on the call.
[Brian] I’ve been keeping
the wiki status up to date. Last
week we talked about the proposed phased plan. Prakash sent out a note on some JNDI CP
internationalization work he did.
[Brian] David, any
additional commentary?
[David] This does introduce
a dependence on the OSGI jar file. Can do without it , but it provides a
performance improvement. At this
point we are looking for feedback from other folks.
[Paul] I would be
interested to know what the Novell guys think about that dependence. A lot of
the need to build without Eclipse jars was driven by
Novell.
[Mary] There are Novell
folks on the line.
[Jim] I’ve never been
excited about having Eclipse dependencies. There are many audiences. One
downloads Higgins code and builds it.
Another audience is those who just need to download jar files and consume
Higgins components. For those people there are already a lot of dependencies
anyway. I guess it doesn’t matter anyway for deployment. Does it require an install of
Eclipse or just to have other Eclipse libraries present? What is the overhead if
someone is staring from nothing? What is the experience?
[David] The dependency jar
needs to be shipped and used in the build.
Doesn’t require anything else.
[Jim] It is the same issue
with any other dependency jar.
Can’t build our other components without the dependency jar.
[David] An open question is
how easy it is to get that jar.
[Jim] Can we just
distribute it?
[Mike] We’ve never had to
think about this before. When we do
ship this, do we mention that Eclipse provided this?
[Mary] We need to declare
everything and where it came from.
[Mary] It might not come
from Orbit. It may come from
another project.
[Jim] If the user experience is that I
download stuff, and boom use the ant scrip. I don’t have a problem with
that..
[David] We will go back and check and report back if that is not the experience. The trade off is a performance hit to pay if we don’t use this.
4. [Greg, Markus]
Adding contexts dynamically to the IdASRegistry
[Paul] Mary, are the people
on the call?
[Mary] Greg is, Markus
isn’t
[Greg] I had a conference call. Other then the email I sent to the dev
list, nothing more has been done
[Jim] No more to
contribute. I like the
idea.
5. [Paul] IdAS
Access Control
[Paul] Next topic. As
agreed on the last call, I’m supposed to take some real use cases and model
them. Imagine an HR directory where ordinary people can read 3 attributes. And
special people, members of HR, can edit all three. Regular people can edit the
first two but not their employee ID.
[Paul] I added a link to
the picture.
[Paul] The blue nodes are
the various people in the directory.
The lower left blue node….
..Actually only 3 managers in the HR manager’s group. In the upper left, one blue entity, that
is
[Jim] How does the node get
enforced? How does the policy know
that it applies to the members of the group rather than the group itself? What makes that logical
link?
[Paul] Great question. One of the things we talked about, want
to have the ability to aggregate resources. So here we’re looking at the example of …
When an operation comes into the IdAS layer it has to examine the available
policies. It identifies P1 and it
evaluates that node. It finds that
the subject of that policy is all employees. Then the code would have to take
the authenticated client, the consumer of IdAS and see if that entity is one of
the members in that group.
[Jim] How did it know that
the subject is all employees? Is there something special about
group?
[Mike] I think Jim is
asking should we have group and subject access policy.
[Jim] That is one way. You have different types that point to a
resource. You could instead of having a single subject, have a group subject,
etc.
[Paul I like that. I think Mike is saying a similar
thing. So we qualify
it.
[Mike] There is one subject per policy. Are these potential lists?
[Paul] Yes. We have been thinking that there can be multiple subject links. There are subclasses of operations. Obviously the reason we didn’t connect P1 to all the dots is that would be tedious work and would need to be maintained. But we had talked about there being multiple subject links. I like the idea of sub classing the subject link.
[Jim] Then I think the obvious next link would be a lot of systems allow for a semantic group where the membership is dictated by a filter, rather than manually.
[Paul] So that is exactly right. We are just at the beginning of a long journey. I just took one link off and see how interesting that discussion is. As I was working on this, there were so many questions. Are they going to be Turing Complete, etc. I’m trying to put in as little as possible.
[Jim] What I just mentioned, we could add later.
[Paul] I was just trying to make a meta point. We are exploring use cases, and exploring a meta point. For example the resources are attribute typed. I had to go back and keep track of all the requirements that fall out of the use cases
[Jim] So I think the only thing we really added is the notion of doing to the subject pointer what we did.
[David] So you would envision an evaluation or filer subject later. Needed to make sure we can accommodate this from a scaling perspective. There could be thousands of things.
[Paul] For performance purposes we may want some of these to be inverses. For example I introduced member of… We can talk about invert rules.
[Drummond] So could go from individual to group.
[Paul] So I defined in the data model the member of attribute is the inverse of member. They are reciprocal.
[Paul] I hope it is self evident. The lower picture is pretty much the same except that there are 3 arcs.
[Mike] I guess some entity may come along and attempt to perform an operation on a field. The arrow going to the field from the access control policy, the way it is drawn you need to go through the rules of each policy to find the operations that need to be allowed.
[Paul] One design criterion we have is not to adorn actual data with access control meta data. So you have a clean separation of policy and data. But, the down side is you have to invert the pointer if you want that information. That is not to say that a particular implementation may not do the inverse and store the policy.
[Mike] That is the question. What is the usage model?
[Mike] Do you have discretionary access control, where you specifically exclude modify from a group?
[Paul] We believe we need that, but it wasn’t in this use case.
[Paul] I’m only doing this work for two reasons. Parity has a need for some of these use cases, and other people haven’t stepped forward. I don’t believe I’m the best person to work on this. If someone wants to step forward…
[Mike] If you have the time, you are the right person.
[Paul] It also raised the point that every entity has to have a type attribute. As I was looking thought the slides, it doesn’t say that.
[Mike] I think I’m missing something from this picture. The pointer goes from the file name attribute. Is it possible that it will be used for enterprise full name or some other full name.
[Paul] That is exactly right. That is the biggest learning. Because the data model supports first class attributes that can be used on multiple classes. You could have two different classes that both use the same attribute type. As a consequence, just pointing to an attribute is insufficient. You need to indicate both the type of the attribute and the subset of entities that hold that attribute.
[Jim] I was looking back, everyone gets to edit their own. [Rather than an employee can edit any employee‘s full name and email.]
[Paul] You are right, that is totally wrong.
[Jim] There are two things…
[Mike] If we expressly model as entity and have a way of pointing as an attribute on an entity…
[Jim] You have access to edit any email address on any person’s email. Or your email address. You don’t want to have to make a statement that each person can read their own email. Need a read self operation..
[Paul]That, read self, is exactly what we came up with.
[David] If use read self, need read self for each role type.
[Paul] We can split P1 into 2. One that is me and one that is regular [everyone]. We can do the whole thing with just two policies.
[Jim] Why are we putting this? There is still a subject and a resource.
[Mike] The issue is that we don’t want for each occurrence to have to create a Jim can read Jim’s attributes.
[Jim] What is wrong with read self?
[David] Self is a type of relationship for each self (manager, employees.) you would have to have another permission for each type of relationship.
[Paul] Since we are running out of time and want to leave room for Mary, I will take this input and make a second pass. I think we learn things by actually trying to do them.
[Jim] A third one, if had a virtual entity that represented oneself……
[Paul] I have the feeling that it is wonderful to have the people on the call chiming in and helping, I have the feeling that maybe we could make some outreach to others who have expressed an interest, like Phil Hunt. Now is the time to get different perspectives. How do people feel about reaching out?
[positive].
6. [Mary] New
Open Role Exchange Forum created
[Mary] Historically each
application developer has created their own roll based access control (RBAC)
approach and a segment of the software industry has developed to provision and
maintain these and make them work together. A new organization has been created called the Open Role
Exchange Forum to work with existing partial standards in this area to create a
more standard approach. See the
link to the call for participation in the agenda.
[Mary] Are any of you or your companies already involved with or investigating this initiative?
[Paul] Is the issue here, why roles are limiting?
[Tony] Have gone to attributes which will support roles in a certain way, they are limited. This will cause us more grief. We already have attributes as a way.
[Tony] Roles cause all sorts of problems when you try to aggregate them.
[Paul] That is fascinating. What do other think?
[Drummond] I agree. Attributes are the most powerful way to go about it.
[Paul] So you would say let them do their thing.
[Tony] Our’s is more powerful. Especially if get down to verified attributes. Need to get down to that level anyway.. It won’t be at the group level
[Paul] All the same does anyone what to listen in? Info in the link.
[Tony] This is a pitch for SalePoint’s technology.
[Paul] We are out of time and will continue the next two topics next week.
7. [Mary] Home page
design update
8. [Paul] Next
F2F?