Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[higgins-dev] Notes From July 17 Higgins Developers Call --resend with formatting tweaks
Title: Notes From July 17 Higgins Developers Call --resend with formatting tweaks
Attendees
  • Duane Buss - Novell
  • Greg Byrd - NCSU/IBM
  • Brian Carrol - Serena
  • David Kuehr-Mclaren - IBM
  • Drummond Reed - Cordance
  • Mary Ruddy - Meristic/SocialPhysics
  • Markus Sabedello - Parity
  • Jim Sermersheim - Novell
  • Daniel Sanders
  • Paul Trevithick - Parity/SocialPhysics
  • Brian Walker - Parity
  • Hank Malden  - Cicco

MEETING NOTES

1. [Brian] 1.1M3 (25 July Target Date, July 23 Lock Down Point)

2. [Brian] Nightly Auto-Test
  • Next step was getting Mike together with  Thomas H. of  Buckminster
  • [Brian] Next step is to get Mike and Thomas H. together.  Haven’t been able to schedule yet, hopefully Friday or Monday.  The point is to see what specific Buckminster build extensions would be needed to [use Buckminster to] do this for auto test for STS {as beta test.]

3. [Brian & David] Internationalization

4. [David, Greg, Markus, Rajalakshmi] Adding contexts dynamically to the IdASRegistry
  • Proposals are here: http://wiki.eclipse.org/Higgins_Configuration_Management <http://wiki.eclipse.org/Higgins_Configuration_Management>
  • [Paul] Next topic: can you summarize where we are on that one.
  • [David] Rajalakshmi has been consulting with Greg and going down the path of the first option and being able to use the map to change the values and update the XML file. There is a configuration handle for doing the update.  Greg was providing questions and advice…  I responded to the notes today.  Greg how does it look?
  • [Greg] Option1 is the one I prefer.  
  • [David} We can post to the configuration management page the latest state of that prototype.
  • [Paul] OK. Sounds good, if no other comments…
  • [Jim] I don’t want to throw a wrench in, [but] Daniel and I were talking about how the configuration of at least the XML files look.  How come every element is a setting element, and they have a name and type? Maybe [we should] have a setting section and then name and type dictates what kind of element it is. Then we could have an XML schema that could be used by tools. Then there may be existing tools that allow people to build UI’s.  Some of the past discussions are how could we build a generic mgt tool to update the configuration values.  I don’t know if that is something that we want to start thinking about?  Or we could defer, and maybe refactor later.
  • [David] That idea, there is some concern that that would lock us into an XML schema.  So Greg proposed a more simplified way.  I’m used to XML schema.  But there was some thought that that would be too complex.
  • [Jim] I wanted to make sure it had been considered. Can you explain?
  • [Greg] I don’t know that there is an explicit objection. I would need to ask Mike. I don’t particularly object to it.  I don’t know XML schema.
  • [David] I can try to follow up with Mike and Greg and get back.
  • [Jim] Great. Sounds good.

5. [Paul] IdAS Access Control
  • Take this use case (second attempt): http://wiki.eclipse.org/Access_Control_Use_Cases#HR_directory <http://wiki.eclipse.org/Access_Control_Use_Cases#HR_directory>  
  • http://wiki.eclipse.org/HR_Directory_Access_Control_Policy <http://wiki.eclipse.org/HR_Directory_Access_Control_Policy>  
  • [Paul] Next item:  I was going to take another pass on this.  I’ve provided two links.  I’ve switched the style of the picture: more packed in.  In terms of material changes: We added the word group to qualify subject.  That now says group subject. This is in response to Jim’s question [last week].  The big thing I fixed: I can edit my own full name and email attribute values. What we did to implement that, is see the stack in the middle - the top gives read access to everything, the next one gives read and modify access to members of the managers group.  Notice that employee 3 is a member of the everyone group and the HR mangers group.  There is an assumption of additive access. Employee 3 is simultaneously a member of 2 groups.  Where things get more complicated are the bottom two Myself policies.  These apply to any instance of the class employee that happens to match the consumer making the request.  At the left there is a new kind of attribute: self interest subject.  The subjects that apply to that Myself policy are, see insert below, only the instance that is currently logged in.
  • [Jim] So the semantics are any instance of that class, whose entityID matches the consumer identity.
  • [Paul] So this is a mouth full.  I also added a completely new dimension.
  • [Paul] So the first three policy objects they all don’t have the attribute I’m about to talk about. They only have group subject or self interest group and modify/read.  That points to a class of objects that we are talking about.  It doesn’t point to an instance of an entity but to a class of identity -  i.e. every instance of employee.  A manager can modify any instance of employee.
  • [Paul] The next one down has a read.  That is redundant with the read arc (Myself is a member of the group.) For the Myself 2 one, actually, I have to restrict along the attribute dimension. The Myself can only modify two of the attributes.   It is a further restriction of the scope of the resource.  I can modify any instance of the call employee as long as I am the subject and specify the two attributes full name and email. But not the employee ID.
  • [Jim] That makes sense to me.  But I think we said you could do multiple of these there
  • [Paul]…..
  • [Jim] On attribution and modify, not paired.
  • [Paul] You put your finger on the limitation. You can’t now have….. The semantic is the cross product of all the entity scoping and attribute restrictions
  • [Jim] If you allow a complex attribute that would be cool.
  • [Paul] There is another alternative way: to use an attribute UDI.  A structured identifier with two parts: One points to an entity and from there can point to an attribute. What I have in figure 2 is two pointers.  Then have a second for attributes.
  • [Markus] In that case…
  • [Paul] I thought of that. The problem is full name could be used.  Specifying an attribute doesn’t fully qualify the attribute.  An attribute UDI simultaneously points to two things:  (two pointers in one) entity and attribute. It is a structured identifier with two separate parts. Because now it is hard to point to lots of resources.
  • [Drummond] You can only point to all attributes.
  • [Paul] In practice that is a limitation. I’d be very interested in feedback.  It is using a powerful new thing, attribute UDI, that is a more complex thing. So I tried to see what would happen with just two attributes.  It is an arc that is hard to draw visually.  One of the reasons I switched [picture] style is that I can generate the new type of picture with a program.
  • [Jim] I have this proposal, on representing all of the models /classes and attributes as entities within the context and I just pasted something in the IRC to show, if there was some way to address all the way down to a value, the identifiers of the three steps you would have to point to, if my proposal were working today, the first URI is the entity idea, person class, on this is attribute type. That describes the attributes of person. One of the values of that attribute would be the full name attribute.. that is how we tie the employee to the full name attribute.. …..
  • [David?] That is the basic idea of UDI identifier.
  • [Paul] Unpacking that, there is a natural assumption in Jim’s proposal that classes can map to what attribute types are in the class. There is a forward link to the class.  Today in the data model, that is an inference, but it is not specific. I’m following the RDF convention that the pointer is another way. Attributes imply classes.  In your proposal, the semantic is there, the issue is the way it is expressed.
  • ……
  • [Paul] David said last time sometimes want to have dynamic definition. In the model we have today, just need to make a policy and have the subject or class point to it.  It is natural to have dynamic and inferred class definitions, which you don’t get in normal Object Oriented programming.
  • [Paul]On this call we have two interrelated issue on the table.  I drew up a low tech way to scope this out. Or that could be done with an attribute UDI. Or Jim you are proposing another way.
  • [Jim] What would the attribute look like unless we had a way to point at…
  • [Paul] The attribute UDI would be a double, rather than a triple. The UDI of the employee class and of the name.  
  • [Jim] That presumes that on the employee class all we see are the potential attributes allowed for that class. But, I was thinking there would be more - an extra layer: what are the allowed attributes, what its super type is. One of the biggest reasons I started down this class is someone could subclass this notion - entity model is what says what could be on any of these classes. So people can dynamically extend these models.  I was imagining there needed to be three pieces: class, and before jumping to full name, there would be the name of the container of allowed attributes…
  • [Paul] What is on this picture is the same thing in the inverse direction. Also I realize I made another mistake, that modify pointer is wrong.  It needs to be scoped to be self instance modify. Just because you are logged in, you don’t [necessarily] have update access. Allow ID modify only if the entity is me.
  • [Jim] Modify is the data type.  If what you are saying is you would add a new attribute type: self interest modify.
  • [Jim] If we used my proposal, we would need a value UDI.  I need to draw pictures also.  
  • [Paul] I agree the way you modeled it, it is three hops, or two with an attribute UDI.
  • [Paul] This one simple use case turned out to be more interesting than I thought.  I will fix the bugs and we can continue discussing this on the list.  I want to move on to other use cases so we don’t over curve fit to this one.
  • [Jim] How did you draw this?
  • [Paul] I was following the style of Topcomposer.  If use attribute UDI’s, can’t use the tool.
  • [Paul] … The book is life changing: Semantic web for the working ontologist.   I will put the link on the list.
  • [David] Just confirmed the book title via the web.  

6 [Paul] Next F2F?
  • Suggestion: Just  before DIDW (Sept 8-10)
  • DIDW: http://public.cxo.com/conferences/index.html?conferenceID=24 <http://public.cxo.com/conferences/index.html?conferenceID=24>
  • [Paul] The next topic is should we have a Face-to-Face meeting.  We haven’t had one in a while.  If we think it is a good idea.
  • [Drummond] Good idea.
  • [Mary] It has been too long. We have a lot of stuff to talk about.
  • [Jim] I think it is great idea.  My boss doesn’t think so.   
  • [Paul] We were thinking of having it right after DIDW (Which is September 8-10)
  • [Jim] Where is it? San Francisco?
  • [Mary] Anaheim, CA.
  • [Paul] There are other options, I bet Novell would play host.
  • [Paul] The current suggestion is just after DIDW: midday on Wednesday through Friday.
  • [Paul] Maybe we can make a doodle.

7. [Mary] Home page design update
  • New MediaWiki skins still on hold following Ganymede - will  be a  couple more  weeks before Eclipse can get back to  this.  
  • [Mary] So we are still waiting to hear back from Eclipse on enabling the wiki skins.
  • [Mary] We have been thinking about the next steps for the home page.  Paul suggested that after we introduce information Card, we talk about Higgins software for issuing cards, and for accepting cards and managing cards.  Then we can drill further down into the IdAS layer that underpins everything. That way the home page starts with a high level user experience and then drills down all the way to developer tools.
  • [Paul]  That is all for today.

Attachment: ATT00001.c
Description: Binary data

Back to the top