[cap-talk] distributed capabilities for models?

Liang Fang lifang at indiana.edu
Sat May 1 12:59:15 EDT 2004 

Hi John,

I am not sure whether there is any impl exactly what you want, but what 
you described absolutely fits the capability model. As I understand, the 
models are resources for different users to access, according to their 
assigned capabilities. What you are asking is a detailed impl plan of 
the capability model.

Considering what I have done, I would wrap up the model resource access 
as a Web service. The web service is run by the resource owner. The 
resource owner issues capabilities which contain different detailed 
accessing policies, signed with the credential of the resource owner. 
The capabilities can be distributed in any way -- copy and paste, email, 
even fax and scan :), though a seperate manager is prefered. Upon 
invoking the web service, the capability token is inserted in the SOAP 
message which is signed again with the user's credential. At the service 
side, the policy is extracted and checked for the final accessing 
decision. The capability injection and verification work is done by the 
underlying SOAP engine and thus mostly transparent to the service 
itself. As the resource owner, you can have your own groups or roles for 
the administrative convinience.

Hope it helps. For other capability gurus, correct me if I am wrong.

Liang


John Carlson wrote:

> Definition:  A model is something that can be defined with the Unified 
> Modeling Language
> (UML) or other modeling language.
>
> XMI is used to store (and maybe communicate) UML models.
> These models can get quite complex.  Some of the model may be 
> proprietary.
>
> I would like to share a piece of my model with my partner company.
> I don't want to share the whole thing.  What is the best way to
> do this?  Copy and paste a piece of the UML drawing?  What if we
> want to modify the shared piece?  How do we bring it back into
> our individual proprietary systems?  Wouldn't it be better to
> link the models into a single model, for maximum compatibility?
> Wouldn't this be a lot better than writing a bunch of requirements
> and design documents?
>
> So where do capabilities fit in?  Here's what I see:  Each piece
> of the model, whether it be a class, an object, a relationship or
> a connection has one or more capabilities.  These capabilities can
> be shared with your partners.  There are rules about what the
> partners can do stored in the capabilities, so when a partner
> employs a tool to manipulate the model, they can only do
> what they were given the right to do.
>
> What I've seen done:   Users, Groups and Roles have privileges
> to do certain actions to a class of objects in a given state.  This
> is stored in a single database.  I'm not even sure two databases
> from the same vendor can communciate with each other (they
> can incorporate and feed other databases).
>
> If we can define a good interface for exchanging model capabilities,
> we can help companies who only want to release pieces of their models.
>
> Perhaps this has been done?
>
> John Carlson
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
>
>

More information about the cap-talk mailing list