Subject: RE: Model review time!
I agree. We raised security as a ??? question in our requirements document coming out of Orlando - dependency from the Arch project team . I can easily show is as an inheritance in the Domain Package diagram with services such as Security inheriting from an ebXML Architecture Security package. SO Authentication is a specialization for sure, potentially as an XML attribute in the XML stream. Any more services inherited from an overall ebXML architecture - messaging? I can add in one session with Rose. AuthenticationError it is... Scott Nieman -----Original Message----- From: firstname.lastname@example.org [mailto:email@example.com] Sent: Friday, March 17, 2000 5:07 PM To: Yutaka Yoshida Cc: firstname.lastname@example.org Subject: Re: Model review time! Yutaka, >+ We might want to separate the authentication process, or > the authentication process for SO registering could be an inheritance > of the regular authentication. I agree that authentication sequence should/will be a [potentially specialized] StandardProtocol in ebXML. Further, the LoginError [I would suggest AuthenticationError] should be common across ebXML. I have brought up (and suggesting here) that we should include Versioned and nonVersioned StandardBusinessProtocols and StandardErrors defined in the ebXML overall architecture. Thanks, Scott R. Hinkelman IBM Austin SWG Java Solutions XML/Java Standards Architecture Office: 512-823-8097 TL793-8097 Home: 512-930-5675 Cell: 512-940-0519 email@example.com Fax: 512-838-1074 Yutaka Yoshida <Yutaka.Yoshida@eng.sun.com> on 03/16/2000 02:16:18 PM Please respond to Yutaka Yoshida <Yutaka.Yoshida@eng.sun.com> To: firstname.lastname@example.org cc: Subject: Re: Model review time! Scott, thanks a lot for this. > From: "Nieman, Scott" <Scott.Nieman@NorstanConsulting.com> > > 1) determining if people can actually view via the web the model I had to download the zipped one because the online version had an applet which my browser didn't allow to run due to a security reason. I don't know what's wrong with it, though. > 2) helping review and complete the model. > > Authentication Use Case > Authentication Workflow Activity Diagram + I like the following Terry's idea, but I'm not sure what kind of 'software screening' Scott and Terry are thinking of. || "Submit anything in any form" could be made to apply to related || data for something in one of the formats the registry is set up to || handle. Then if the submission's "principal registered item" (see || attached) is in one of those formats the software check would pass it. + We might want to separate the authentication process, or the authentication process for SO registering could be an inheritance of the regular authentication. + The actor "ebXML-Compliant Business Application" says "may interface with a repository...". Is it not suppose to interface with registry? > > Register Submitting Organization Workflow + Probably, SO needs to view the status of registration. + Needs a start point for RA. The current start could be used for both SO and RA, but it needs another diverging point in that case. Maybe all RAs' actions in this diagram can be put into "Authorize Submitting Organization" Workflow because when I think about the sequence diagram and the collaboration diagram, SO registering workflow and RA authentication workflow could be ubiquitous. General question: Most of the workflows do not look like business-specific procedures, but do like regular flows. Do we really need to describe non- business specific flows in detail? Or, are we trying to figure out what and where the critical point is to satisfy business requirements? yuta
eList eXpress LLC