[cap-talk] distributed capabilities for models?
lifang at indiana.edu
Sat May 1 12:59:15 EDT 2004
I am not sure whether there is any impl exactly what you want, but what
you described absolutely fits the capability model. As I understand, the
models are resources for different users to access, according to their
assigned capabilities. What you are asking is a detailed impl plan of
the capability model.
Considering what I have done, I would wrap up the model resource access
as a Web service. The web service is run by the resource owner. The
resource owner issues capabilities which contain different detailed
accessing policies, signed with the credential of the resource owner.
The capabilities can be distributed in any way -- copy and paste, email,
even fax and scan :), though a seperate manager is prefered. Upon
invoking the web service, the capability token is inserted in the SOAP
message which is signed again with the user's credential. At the service
side, the policy is extracted and checked for the final accessing
decision. The capability injection and verification work is done by the
underlying SOAP engine and thus mostly transparent to the service
itself. As the resource owner, you can have your own groups or roles for
the administrative convinience.
Hope it helps. For other capability gurus, correct me if I am wrong.
John Carlson wrote:
> Definition: A model is something that can be defined with the Unified
> Modeling Language
> (UML) or other modeling language.
> XMI is used to store (and maybe communicate) UML models.
> These models can get quite complex. Some of the model may be
> I would like to share a piece of my model with my partner company.
> I don't want to share the whole thing. What is the best way to
> do this? Copy and paste a piece of the UML drawing? What if we
> want to modify the shared piece? How do we bring it back into
> our individual proprietary systems? Wouldn't it be better to
> link the models into a single model, for maximum compatibility?
> Wouldn't this be a lot better than writing a bunch of requirements
> and design documents?
> So where do capabilities fit in? Here's what I see: Each piece
> of the model, whether it be a class, an object, a relationship or
> a connection has one or more capabilities. These capabilities can
> be shared with your partners. There are rules about what the
> partners can do stored in the capabilities, so when a partner
> employs a tool to manipulate the model, they can only do
> what they were given the right to do.
> What I've seen done: Users, Groups and Roles have privileges
> to do certain actions to a class of objects in a given state. This
> is stored in a single database. I'm not even sure two databases
> from the same vendor can communciate with each other (they
> can incorporate and feed other databases).
> If we can define a good interface for exchanging model capabilities,
> we can help companies who only want to release pieces of their models.
> Perhaps this has been done?
> John Carlson
> cap-talk mailing list
> cap-talk at mail.eros-os.org
More information about the cap-talk