Notes from the Higgins
Developers call on Thursday, July 17
Attendees
=========
Charles
Andres
Paula Austel -
IBM
Jeff Broberg
CA
* Duane Buss -
Novell
Anthony Bussani -
IBM Zurich
* Greg Byrd -
NCSU/IBM
* Brian Carrol -
Serena
Tom Doman -
Novell
Andy Hodgkinson -
Novell
Valery
Kokhan
- Parity Ukraine
* David Kuehr-Mclaren -
IBM
Mike McIntosh -
IBM
Tony Nadalin -
IBM
Dale
Olds -
Novell
Ernst Plassmann -
IBM
Uppili Srinivasan
- Oracle
*Drummond
Reed -
Cordance
Bruce Rich -
IBM
* Mary
Ruddy
- Meristic/SocialPhysics
* Markus Sabedello
- Parity
* Jim Sermersheim
- Novell
George Stanchev -
Serena
* Daniel
Sanders
* Paul
Trevithick -
Parity/SocialPhysics
* Brian
Walker
- Parity
Jeesmon
Jacob -
Parity
Carl Binding -
IBM
Tom Caroll -
Parity
Ernst
Plassmann - IBM
Mohamad - Oracle
* Hank Malden - Cicco
He Yuan Huang (York) -
IBM
*
Attendees
Meeting Notes
Agenda
1. [Brian] 1.1M3 (25 July
Target Date, July 23 Lock Down Point)
[Brian] The M3 milestone:
went through and did some scrubbing and updated the wiki pages. Sent out a note to remind folks to clean
up their full list of candidate items.
Keep that list as fresh as possible. 71 items, 11-12 are committed and
fixed.
2. [Brian] Nightly Auto-Test
Next step was getting Mike together with
Thomas H. of Buckminster
[Brian]
Next step is to get Mike and Thomas H. together. Haven’t been able to schedule yet,
hopefully Friday or Monday. The
point is to see what specific Buckminster build extensions would be needed to
[use Buckminster to] do this for auto test for STS {as beta
test.]
3. [Brian & David]
Internationalization
[Brian] David do you want
update us?
[David] Stuck on how to
package [the required OSGi dependency] so least amount of impact. Prakash posted two options. One fits
with [Apache] Commons Logging better. Not sure how to pursue. Not sure what has been done in the past.
So we need to accept advice.
[Mary] We need to get
approval to reuse any EPL code that is not already part of our project. It would be great if we could just use
the subset of the jar that we actually need. We would need to get approval from
the project to make changes to the code.
[David] One option is to fork their code. The other is to extract their class
file….
[Mary] I will get a contact in the project. Then they can supply the
details.
[David] Need to figure out
how to work with community to get changes. And how make work for the rest of the
[Higgins] components.
4. [David, Greg, Markus, Rajalakshmi] Adding contexts dynamically
to the IdASRegistry
[Paul] Next topic: can you summarize where we are on that
one.
[David] Rajalakshmi has been consulting with Greg and going down the path
of the first option and being able to use the map to change the values and
update the XML file. There is a configuration handle for doing the update. Greg was providing questions and
advice… I responded to the notes
today. Greg how does it
look?
[Greg] Option1 is the one I prefer.
[David} We can post to the configuration management page the latest state
of that prototype.
[Paul] OK. Sounds good, if no other
comments…
[Jim] I don’t want to throw a wrench in, [but] Daniel and I were talking
about how the configuration of at least the XML files look. How come every element is a setting
element, and they have a name and type? Maybe [we should] have a setting section
and then name and type dictates what kind of element it is. Then we could have
an XML schema that could be used by tools. Then there may be existing tools that
allow people to build UI’s. Some of
the past discussions are how could we build a generic mgt tool to update the
configuration values. I don’t know
if that is something that we want to start thinking about? Or we could defer, and maybe refactor
later.
[David] That idea, there is some concern that that would lock us into an
XML schema. So Greg proposed a more
simplified way. I’m used to XML
schema. But there was some thought
that that would be too complex.
[Jim] I wanted to make sure it had been considered. Can you explain?
[Greg] I don’t know that there is an explicit objection. I would need to
ask Mike. I don’t particularly object to it. I don’t know XML schema.
[David] I can try to follow up with Mike and Greg and get
back.
[Jim] Great. Sounds good.
5. [Paul] IdAS Access Control
[Paul] Next item: I was
going to take another pass on this. I’ve provided two links. I’ve switched the style of the picture:
more packed in. In terms of
material changes: We added the word group to qualify subject. That now says group subject. This is in
response to Jim’s question [last week]. The big thing I fixed: I can edit my own
full name and email attribute values. What we did to implement that, is see the
stack in the middle - the top gives read access to everything, the next one
gives read and modify access to members of the managers group. Notice that employee 3 is a member of
the everyone group and the HR mangers group. There is an assumption of additive
access. Employee 3 is simultaneously a member of 2 groups. Where things get more complicated are
the bottom two Myself policies.
These apply to any instance of the class employee that happens to match
the consumer making the request. At
the left there is a new kind of attribute: self interest subject. The subjects that apply to that Myself
policy are, see insert below, only the instance that is currently logged
in.
[Jim] So the semantics are any instance of that class, whose entityID
matches the consumer identity.
[Paul] So this is a mouth full.
I also added a completely new
dimension.
[Paul] So the first three policy objects they all don’t have the
attribute I’m about to talk about. They only have group subject or self interest
group and modify/read. That points
to a class of objects that we are talking about. It doesn’t point to an instance of an
entity but to a class of identity - i.e. every instance of employee. A manager can modify any instance of
employee.
[Paul] The next one down has a read. That is redundant with the read arc
(Myself is a member of the group.) For the Myself 2 one, actually, I have to
restrict along the attribute dimension. The Myself can only modify two of the
attributes. It is a further
restriction of the scope of the resource.
I can modify any instance of the call employee as long as I am the
subject and specify the two attributes full name and email. But not the employee
ID.
[Jim] That makes sense to me.
But I think we said you could do multiple of these
there
[Paul]…..
[Jim] On attribution and modify, not
paired.
[Paul] You put your finger on the limitation. You can’t now have….. The
semantic is the cross product of all the entity scoping and attribute
restrictions
[Jim] If you allow a complex attribute that would be
cool.
[Paul] There is another alternative way: to
use an attribute UDI. A structured identifier
with two parts: One points to an entity and
from there can point to an attribute. What I have in figure 2 is two
pointers. Then have a second for
attributes.
[Markus] In that case…
[Paul] I thought of that. The problem is
full name could be used. Specifying
an attribute doesn’t fully qualify the attribute. An attribute UDI simultaneously points to two things: (two pointers in one) entity and attribute. It is a structured identifier with
two separate parts. Because now it is hard to point to lots of
resources.
[Drummond] You can only point to all
attributes.
[Paul] In practice that is a
limitation. I’d be very interested in feedback. It is using a powerful new
thing, attribute
UDI,
that is a more complex thing. So I tried to see what would happen with just two
attributes. It is an arc that is
hard to draw visually. One of the
reasons I switched [picture] style is that I can generate the new type of
picture with a program.
[Jim] I have this proposal, on representing all of the models /classes
and attributes as entities within the context and I just pasted something in the
IRC to show, if there was some way to address all the way down to a value, the
identifiers of the three steps you would have to point to, if my proposal were
working today, the first URI is the entity
idea, person class, on this is attribute type. That describes the attributes of
person. One of the values of that attribute would be the full name attribute..
that is how we tie the employee to the full name attribute.. …..
[David?] That is the basic idea of UDI
identifier.
[Paul] Unpacking that, there is a natural assumption in Jim’s proposal
that classes can map to what attribute types are in the class. There is a
forward link to the class. Today in
the data model, that is an inference, but it is not specific. I’m following the
RDF convention that the pointer is another way. Attributes imply classes. In your proposal, the semantic is there,
the issue is the way it is expressed.
……
[Paul] David said last time sometimes want to have dynamic definition. In
the model we have today, just need to make a policy and have the subject or
class point to it. It is natural to
have dynamic and inferred class definitions, which you don’t get in normal
Object Oriented programming.
[Paul]On this call we have two interrelated issue on the table. I drew up a low tech way to scope this
out. Or that could be done with an attribute
UDI. Or Jim you are proposing another
way.
[Jim] What would the attribute look like unless we had a way to point
at…
[Paul] The attribute UDI would be a
double, rather than a triple. The UDI of the
employee class and of the name.
[Jim] That presumes that on the employee class all we see are the
potential attributes allowed for that class. But, I was thinking there would be
more - an extra layer: what are the allowed attributes, what its super type is.
One of the biggest reasons I started down this class is someone could subclass
this notion - entity model is what says what could be on any of these classes.
So people can dynamically extend these models. I was imagining there needed to be three
pieces: class, and before jumping to full name, there would be the name of the
container of allowed attributes…
[Paul] What is on this picture is the same thing in the inverse
direction. Also I realize I made another mistake, that modify pointer is
wrong. It needs to be scoped to be
self instance modify. Just because you are logged in, you don’t [necessarily]
have update access. Allow ID modify only if the entity is me.
[Jim] Modify is the data type.
If what you are saying is you would add a new attribute type: self
interest modify.
[Jim] If we used my proposal, we
would need a value UDI. I need to draw pictures
also.
[Paul] I agree the way you
modeled it, it is three hops, or two with an attribute
UDI.
[Paul] This one simple use case turned out to be more interesting than I
thought. I will fix the bugs and we
can continue discussing this on the list. I want to move on to other use cases so
we don’t over curve fit to this one.
[Jim] How did you draw this?
[Paul] I was following the style of
Topcomposer. If use attribute
UDI’s, can’t use the
tool.
[Paul] … The book is life changing: Semantic web for the working
ontologist. I will put the link on the
list.
[David] Just confirmed the book title via the web.
6 [Paul] Next F2F?
[Paul] The next topic is should we have a Face-to-Face meeting. We haven’t had one in a while. If we think it is a good idea.
[Drummond] Good idea.
[Mary] It has been too long. We have a lot of stuff to talk
about.
[Jim] I think it is great idea.
My boss doesn’t think so.
[Paul] We were thinking of having it right after DIDW (Which is September
8-10)
[Jim] Where is it? San
Francisco?
[Mary] Anaheim,
CA.
[Paul] There are other options, I bet Novell would play host.
[Paul] The current suggestion is just after DIDW: midday on Wednesday through Friday.
[Paul] Maybe we can make a doodle.
7. [Mary] Home page design update
- New MediaWiki skins still on hold following Ganymede - will be a
couple more weeks before Eclipse can get back to this.
[Mary] So we are still waiting to hear back from Eclipse on enabling the
wiki skins.
[Mary] We have been thinking about the next steps for the home page. Paul suggested that after we introduce
information Card, we talk about Higgins software for issuing cards, and for
accepting cards and managing cards.
Then we can drill further down into the IdAS layer that underpins
everything. That way the home page
starts with a high level user experience and then drills down all the way to
developer tools.
[Paul] That is all for
today.
-end