IRC log of ws-arch on 2002-06-13

Timestamps are in UTC.

07:03:42 [RRSAgent]
RRSAgent has joined #ws-arch
07:04:02 [hugo]
hugo has changed the topic to: WSAWG face-to-face meeting; IRC log at:
07:04:08 [Heather]
good morning
07:04:23 [hugo]
good morning Heather
07:05:09 [dbooth]
Yowzer, you're up earlier Heather! (Or late!)
07:05:22 [Heather]
early.... yawn
07:05:43 [Heather]
how was dinner???
07:06:53 [dbooth]
I actually skipped the group dinner, cuz i had more work to do on my slides for today. But I had a nice quiet dinner at a cafe in front of my laptop.
07:07:56 [Heather]
you are too dedicated :-)
07:08:17 [chris]
chris has joined #ws-arch
07:12:37 [soliton]
soliton has joined #ws-arch
07:12:45 [soliton]
morning, Heather
07:13:01 [soliton]
Did you get the message yesterday?
07:13:23 [MChapman]
MChapman has joined #ws-arch
07:13:33 [Heather]
about a requirements meeting after the meeting today?
07:14:06 [soliton]
we try to have a reliability meeting after 5:00 pm
07:14:23 [soliton]
so, just stay tuned
07:14:37 [Heather]
07:16:54 [TomCarrol]
TomCarrol has joined #ws-arch
07:16:59 [Roger]
Roger has joined #ws-arch
07:17:15 [Roger]
Hi Heather. Is it 3 AM there?
07:18:17 [TomCarrol]
It feels like 3 am here
07:19:26 [Heather]
yes... its 3am
07:19:47 [mikem]
mikem has joined #ws-arch
07:19:47 [Heather]
I haven't seen 3am since my last child was born!
07:19:49 [chris]
07:19:54 [chris]
scribe: tomc
07:20:14 [Heather]
Tom...must have been a good dinner :-)
07:20:16 [shishir]
shishir has joined #ws-arch
07:20:34 [yinleng]
yinleng has joined #ws-arch
07:20:51 [yinleng]
yinleng has left #ws-arch
07:20:52 [AllenBr]
AllenBr has joined #ws-arch
07:20:54 [jdmunter]
jdmunter has joined #ws-arch
07:21:43 [dougb]
dougb has joined #ws-arch
07:25:23 [TomCarrol]
Comments on the rewording of D-AC002.3.1
07:27:33 [Heather]
i don't see an ac002.3.1....
07:29:43 [TomCarrol]
dougs email is listed above
07:31:08 [Daniel]
Daniel has joined #ws-arch
07:31:57 [Heather]
I'm not sure I understand the wording still....
07:32:07 [Daniel]
which wording? old or new?
07:32:09 [Heather]
and what happened to the superset concept?
07:32:10 [Heather]
07:32:39 [Daniel]
I don't understand the new either, I support the old wording
07:32:55 [Daniel]
we are trying to get at modularization
07:35:26 [TomCarrol]
D-AC002.3.1 tabled for further thought
07:36:29 [Heather]
subsets of what??? the architecture? the end user interface? Is this like a wsi profile?
07:36:49 [Daniel]
technologies developed for the arch.
07:38:05 [Roger]
Roger has joined #ws-arch
07:38:06 [Daniel]
ws-i profile is very similar idea
07:38:37 [TomCarrol]
Suggestion to drop "intended audience" from D-AC005
07:40:41 [Heather]
seems ok...
07:41:07 [dougb]
what was KIS^5 (simple, scalable, ...)?
07:42:02 [TomCarrol]
Roger: moves to accept it as is
07:44:13 [TomCarrol]
D-AC005 accepted.
07:44:28 [TomCarrol]
Comments on D-AC005.1
07:45:08 [Heather]
what is the gist of the comments?
07:45:38 [Daniel]
basically, ppl are arguing over the words, not the meaning
07:45:47 [Daniel]
it needs some wordsmithing
07:46:07 [Heather]
07:47:18 [Daniel]
we are going to explicitly modify the statements with the "should" qualifier
07:47:45 [TomCarrol]
JeffM: proposed to drop.
07:49:22 [Heather]
07:50:18 [Daniel]
Jeff sez: it isn't enforceable
07:50:43 [Daniel]
David O advocates specialized jargon
07:50:43 [TomCarrol]
DaveO: its all jargon and we will use jargon to describe web services
07:52:58 [TomCarrol]
Those who care will resolve independantly.
07:53:24 [TomCarrol]
those who care: Daniel and Alan
07:53:32 [jeffm]
jeffm has joined #WS-Arch
07:54:05 [TomCarrol]
Comments on D-AC005.10
07:54:26 [TomCarrol]
07:54:39 [chris]
resolved: d-ac005.10 accepted
07:55:20 [Heather]
what happened to 5.5-5.8?
07:55:22 [TomCarrol]
Comments on D-AC005.13
07:55:51 [omh]
omh has joined #ws-arch
07:55:51 [Heather]
what are exotic constructions?
07:55:56 [dbooth]
Can someone give me the requirements doc URL again?
07:56:11 [Heather]
07:56:15 [chris]
resolved: remove d-ac005.13
07:56:21 [dbooth]
Thanks heather!
07:56:24 [Heather]
07:56:50 [Roger]
Roger has joined #ws-arch
07:57:16 [TomCarrol]
Comments on D-AC005.14
07:58:08 [Heather]
i think this one has no relationship to simpleness or completeness of the architecture
07:58:14 [Daniel]
*wonders how to tell if 5.14 makes any sense at all*
07:58:57 [Heather]
i propose to drop (if someone hasn't beaten me to it)
07:59:29 [Daniel]
we could specify the maximum cyclomatic complexity I guess
07:59:34 [Daniel]
07:59:43 [Heather]
08:00:08 [TomCarrol]
DaveO: the goal as stated sounds good but there is no clear definition of what large amounts of code.
08:01:44 [Heather]
even a simple arch can require large amounts of code depending on how the vendor choses to implement it
08:01:49 [shishir]
shishir has joined #ws-arch
08:01:54 [TomCarrol]
Roger: thinks it is important
08:02:24 [Daniel]
I just don't care how much code it uses...more != bad code
08:02:46 [Daniel]
the amount of code is not a measure of its quality
08:02:50 [Heather]
i don't want us to NOT add valid components because they require large amounts of code
08:02:58 [Daniel]
08:03:22 [Heather]
i.e. security - there is NO way that bugger is NOT going to require HUGE amounts of code (by anyones definition)
08:03:36 [Daniel]
security = ugh
08:03:57 [Heather]
(I agree Daniel)
08:04:05 [TomCarrol]
JeffM: the union of all participants causes the size to increase
08:05:24 [TomCarrol]
Roger: Its important that simple things must be able to be done in simple ways avoiding unessary complexity and size.
08:06:20 [Heather]
I agree with a csf of 'avoid unnecessary complexity and size'
08:06:28 [TomCarrol]
Roger: Cut it
08:06:32 [jeffm]
More precisely: the process of getting everyone to remove their "lie down in the road objections" often causes lots of extra complexity
08:06:45 [chris]
resolved: d-ac005.13 removed
08:07:01 [chris]
08:07:01 [Heather]
13? or 14?
08:07:05 [soliton]
Artifacts in the reference architecture should be defined in UML where applicable.
08:07:19 [TomCarrol]
Comments on D-AC005.15
08:07:41 [Daniel]
dear soliton: no bloody way
08:07:42 [TomCarrol]
Daniel: Drop it
08:08:28 [hugo]
hugo has joined #ws-arch
08:08:38 [Heather]
having a goal to allow simple invocation styles may be something we don't want to lose
08:08:43 [Daniel]
Uml bears the same relation to architecture that theology bears to religion, that is, none at all
08:08:52 [soliton]
why? UML is well estabilished.
08:09:11 [TomCarrol]
Glenn: this refers to clean modularity
08:09:14 [soliton]
most programmers now are used to UML
08:09:18 [MChapman]
and is excellent to defnng architectures
08:09:23 [soliton]
it helps the spec to be adopted.
08:09:36 [GlenD]
GlenD has joined #ws-arch
08:09:50 [Daniel]
I love UML, I teach UML, I don't abuse UML by attempting to do something with it that it is not good at i.e. architecture
08:09:53 [yinleng]
yinleng has joined #ws-arch
08:10:11 [Heather]
what would you use instead Daniel?
08:10:16 [MChapman]
define architecture
08:10:20 [TomCarrol]
Gle to reword D-AC005.15
08:10:32 [MChapman]
blobs that interconnect
08:10:35 [TomCarrol]
Glen to Reword D-AC005.15
08:10:55 [jeffm]
From my perspective: UML is simply a language
08:10:55 [soliton]
soliton is puzzled by Daniel.
08:10:55 [Heather]
Glen to reword to capture what gist?
08:10:55 [Daniel]
I like SDML personally
08:11:32 [soliton]
how many of us know SDML?
08:11:40 [Heather]
i never even heard of it....
08:11:42 [Daniel]
UML is okay, for software applications
08:11:50 [soliton]
let alone average programmers
08:11:57 [jeffm]
What's SDML - Structured Data Manipulation Language ???
08:11:59 [Daniel]
but which of the 10 class 1 UML diagrams is good for architecture?
08:12:11 [jeffm]
#'s 3 and 7
08:12:27 [soliton]
component diagram
08:12:34 [soliton]
use cases
08:12:53 [soliton]
and so on ..
08:13:04 [Daniel]
hmmm...Jeff sez, collaboration and component...nowhere do I get to specify the messaging
08:13:09 [TomCarrol]
Glen: the rewording will worded along the lines of "every one can play".
08:14:01 [Daniel]
I am willing to give gound on this one, up to the point where we *require* UML to be used
08:14:01 [TomCarrol]
Chris: anyother low hanging fruit????????
08:14:03 [soliton]
where, in most cases you can specify the messaging
08:14:11 [MChapman]
wots messaging to do with architcture
08:14:18 [soliton]
note that I said "where applicable"
08:14:19 [TomCarrol]
Zula: did we dicuss 21??????
08:14:26 [Daniel]
architecture us *all* about messaging
08:14:33 [Daniel]
us = is sorry
08:14:54 [soliton]
I don't quite agree on that one.
08:15:22 [soliton]
problem partitoning and use cases are also large part
08:15:35 [jeffm]
Daniel: will you allow UML to be used if someone wants to use it in a spec?
08:15:41 [Daniel]
08:15:53 [Daniel]
so long as it is not *required*
08:16:21 [MChapman]
it ceratinly should mean anything w.r.t conformance
08:16:23 [MChapman]
should not i mean
08:16:31 [soliton]
did the word "should" qualify as your not *required* ?
08:16:39 [jeffm]
I think you're trying to stand up in front of tidal wave, but that's your choice
08:16:43 [MChapman]
yes sorry fingers to fast
08:16:49 [Daniel]
I'll go for "may"
08:17:21 [soliton]
I guess we can have a vote on the choice here.
08:17:26 [TomCarrol]
DaveO: He and Hugo discussed the XML schema (10.1) issue and found the usage of "should' would be acceptable.
08:18:05 [Daniel]
as Jon Bosak would say (about UML) "I want my data back"
08:18:15 [soliton]
how come 10.1 is not in the editor's copy?
08:18:21 [Daniel]
the business comics are not data, pictures are not data
08:18:29 [dougb]
because it's underneath 011
08:18:44 [MChapman]
pictures say a 1000 words:)
08:18:44 [soliton]
thanks, dougb
08:18:55 [soliton]
totally agree with MChapman
08:19:01 [jeffm]
I've seen these fights about requiring UML in other forums. What I've observed is that eventually everything starts showing up as UML, and pretty soon it becomes established in the culture. To the point where discussions of whether to make it mandatory or not becomes irrelvant.
08:19:01 [Daniel]
yeah but you can't get your 1K words back
08:19:34 [Daniel]
actually Jeff, I'm pushing it hard in my org.
08:19:35 [Daniel]
for the software devs
08:19:56 [GlenD]
Proposed rewording of D-AC005.15:
08:20:02 [GlenD]
It shall follow the principles of well-modularized design to allow both extremely simple and more complex participants in Web Service interactions.
08:20:46 [omh]
that appears to work ok...
08:20:57 [jeffm]
Sure, like all new shiny "cool" toys (...err I mean tools ;-) people start trying to use it for everything. Eventually they settle down, and stop using the pliers to bang in nails (except when they've lost their hammer.)
08:22:40 [Heather]
where are the 'principles of well-modularized design found'?
08:22:42 [Daniel]
rephrase of Geln's proposal: "It will follow the principles of modularized design in order to allow interactions at different levels of complexity among Web Services"
08:23:27 [Daniel]
You can read them here Heather:
08:23:47 [TomCarrol]
Resolution AC0010.1 accepted
08:23:48 [Daniel]
Jeff: I agree
08:23:48 [chris]
resolved: glen resolved: AC010.1 Each new architectural area that has a representation SHOULD be normatively defined using XMLSchema
08:23:48 [Heather]
the interactions are simple->complex... not the participants, right?
08:24:19 [soliton]
I like Daniel's rewording.
08:24:26 [Daniel]
08:26:17 [Heather]
how about 'in order to allow both simple and complex interactions with Web Services'
08:26:23 [GlenD]
+1 to Daniel's rewording.
08:26:51 [GlenD]
Heather: I don't think that's general enough
08:26:52 [Heather]
but the participants are not always web services... so among web services doesn't seem right...
08:27:16 [soliton]
the complexity is about interactions, bot participants
08:27:29 [GlenD]
By "participants" I was trying to get at the idea that you can build simple or complex programs to do simple or complex interactions...
08:27:40 [TomCarrol]
Comments on D-AR011.1
08:27:49 [GlenD]
i.e. both design and runtime have a smooth spectrum of complexity if we do this right
08:27:53 [Heather]
so... complexity is about participants?????
08:27:55 [soliton]
so i'd stick with Danel's wording.
08:28:11 [Roger]
Roger has joined #ws-arch
08:28:12 [Daniel]
we could change "among" -> "with"
08:28:19 [GlenD]
Or we can be more explicit
08:28:28 [Heather]
daniel's applies to complex interactions... not participants
08:28:51 [TomCarrol]
DaveO: The process takes care of this requirement.
08:29:10 [GlenD]
"It will follow the principles of modularized design in order to allow programs and web service interactions to smoothly scale in complexity."
08:29:26 [Heather]
i can live with this as daniel has it with 'among'->'with'
08:29:27 [soliton]
not as good as the previous one
08:29:32 [TomCarrol]
Resolved D-AR011.1 removed
08:29:32 [Heather]
not a lie down in the road
08:29:37 [chris]
resolved: d-ac011.1 removed
08:29:49 [Daniel]
whoohoo break time!
08:29:51 [soliton]
word such as smoothly will only cause confusing
08:30:07 [Daniel]
*participants retreat to their corners, breathing hard*
08:30:27 [Heather]
08:30:29 [soliton]
round 2 will start in 15 mintures
08:30:44 [Heather]
i'm just going to close my eyes for one minute....
08:30:47 [TomCarrol]
After the break the draft out line of the Arch. Doc
08:31:11 [omh]
see you in 4 hours then heather :)
08:31:19 [Heather]
08:31:20 [Daniel]
08:31:58 [chris]
20 minute break
08:36:07 [Roger]
Roger has joined #ws-arch
08:37:05 [dbooth]
dbooth has joined #ws-arch
08:46:07 [GlenD]
"It will follow the principles of modularized design in order to allow interactions with Web Services at different levels of complexity"
08:46:25 [GlenD]
That's my final offer. :)
08:46:42 [jdmunter]
jdmunter has joined #ws-arch
08:47:06 [joe]
joe has joined #WS-ARCH
08:47:38 [David]
David has joined #ws-arch
08:47:44 [joe]
Hello wsa world!
11:40:01 [RRSAgent]
RRSAgent has joined #ws-arch
11:47:51 [mikem]
mikem has joined #ws-arch
11:51:48 [Eric]
Eric has joined #ws-arch
11:52:48 [MChapman]
just about to begin again
11:54:00 [hugo]
TAP demo:
11:54:15 [quit]
quit has joined #ws-arch
11:54:41 [quit]
quit has left #ws-arch
11:55:06 [zulah]
zulah has joined #ws-arch
11:57:49 [dougb]
dougb has joined #ws-arch
11:58:02 [chris]
chris has joined #ws-arch
11:58:56 [shishir]
shishir has joined #ws-arch
11:59:12 [hugo]
Meeting resumed
11:59:22 [jdmunter]
jdmunter has joined #ws-arch
11:59:34 [jeffm]
jeffm has joined #WS-Arch
11:59:50 [dbooth]
dbooth has joined #ws-arch
12:00:32 [Roger]
dbooth, take a look at
12:00:52 [dbooth]
Roger, here is the TAP site, the project at Stanford that has the demo of a semantic search:
12:01:19 [TomCarrol]
Review of the Glossary
12:02:24 [Heather]
ok I'm ready
12:02:32 [zulah]
zulah has joined #ws-arch
12:02:33 [Heather]
anyone else out there remote from the F2F?
12:03:03 [zulah]
Tom, I can't take notes due to poor connection over here. Will fix and then take over
12:03:49 [quit]
quit has joined #ws-arch
12:03:52 [Eric]
I'm remote
12:03:56 [mchampion]
I'm remote
12:04:33 [Eric]
I've dialed into the concall number but it says I'm the only one on it
12:04:34 [quit]
tom, I can take over with notes. WOuld you like this?
12:04:43 [Dave]
Dave has joined #ws-arch
12:04:59 [Heather]
the phone in the room does not work
12:05:06 [quit]
quit has left #ws-arch
12:05:10 [Heather]
as far as i know there isn't any phone support... just IRC
12:05:13 [TomCarrol]
AllenBr: The glossary only contains the lexicon and as the document goes foward what structure should the glossary have? where do we draw the boundries of the document? ihow are the ilities incorporated into the glossary?
12:05:23 [zulah]
zulah has joined #ws-arch
12:05:27 [Heather]
so we are at their mercy for details...
12:05:28 [Dave]
zakim, Dave is DaveO
12:05:29 [Zakim]
sorry, Dave, I do not recognize a party named 'Dave'
12:05:39 [Dave]
zakim, Dave is known as DaveO
12:05:40 [Zakim]
I don't understand 'Dave is known as DaveO', Dave. Try /msg Zakim help
12:06:07 [Dave]
zakim help
12:06:07 [TomCarrol]
Daniel: are we going to share this glosary with the rest of the web services activity?
12:06:20 [Dave]
12:06:45 [dbooth]
zakim, help
12:06:46 [Zakim]
Please refer to for more detailed help.
12:06:47 [Zakim]
Some of the commands I know are:
12:06:48 [Zakim]
xxx is yyy - establish yyy as the name of unknown party xxx
12:06:51 [Zakim]
if yyy is 'me' or 'I', your nick is substituted
12:06:52 [Zakim]
xxx may be yyy - establish yyy as possibly the name of unknown party xxx
12:06:54 [Zakim]
I am xxx - establish your nick as the name of unknown party xxx
12:06:56 [Zakim]
xxx holds yyy [, zzz ...] - establish xxx as a group name and yyy, etc. as participants within that group
12:06:58 [Zakim]
xxx also holds yyy - add yyy to the list of participants in group xxx
12:07:01 [Zakim]
who's here? - lists the participants on the phone
12:07:02 [Zakim]
who's muted? - lists the participants who are muted
12:07:04 [Zakim]
mute xxx - mutes party xxx (such that 60# will not work)
12:07:06 [Zakim]
unmute xxx - reverses the effect of "mute" and of 61#
12:07:08 [Zakim]
is xxx here? - reports whether a party named like xxx is present
12:07:10 [Zakim]
list conferences - reports the active conferences
12:07:11 [Zakim]
this is xxx - associates this channel with conference xxx
12:07:12 [Zakim]
excuse us - disconnects from the irc channel
12:07:13 [Zakim]
I last learned something new on $Date: 2002/06/10 13:18:51 $
12:07:27 [Dave]
zakim, I am DaveO
12:07:28 [Zakim]
sorry, Dave, I do not see a party named 'DaveO'
12:07:42 [hugo]
Dave, try /nick DaveO
12:07:48 [TomCarrol]
Chris: there is no cononical way to organize the glossary?
12:07:54 [mchampion]
Open the pod bay door, Zakim ... I can't do that Dave, you're planning to unplug me :-)
12:08:03 [DaveO]
12:08:25 [hugo]
Zakim, only knows about people connected to the phone bridge
12:08:26 [Zakim]
I don't understand 'only knows about people connected to the phone bridge', hugo. Try /msg Zakim help
12:08:48 [DaveO]
*double sigh*
12:09:41 [scribe]
Chris: how self contained is this document (what is the scope of the glossary).
12:10:09 [cgi-irc]
cgi-irc has joined #ws-arch
12:13:09 [zulah]
Tom, would you like me to take over scribing now? I seem to have my connect problems fixed.
12:13:22 [omh]
omh has joined #ws-arch
12:14:29 [scribe]
What do we do with terms that have multiple definitions?
12:15:01 [scribe]
Allen: Each definition must be able to reference the author.
12:16:27 [scribe]
Joe: Once the term is in the glossary. the term would then be reserved.
12:17:18 [Heather]
words in dictionaries have multiple meanings in differnet context's, wouldn't that be true for glossarys as well?
12:17:27 [scribe]
Joel: The glossary should have as much detail to clearly identify the definition of the term given its context.
12:18:34 [scribe]
Chris: a singular glossary provides single reference point for the associated working groups.
12:19:23 [scribe]
Roger: is the keeping one glossary feasible? given the differences between the working groups.
12:19:43 [Heather]
i would think it would be feasible and NECESSARY within the web services activity
12:20:20 [scribe]
DavidB: Multiple definitions are possible and may be necesary. It the nmultiple def. case the context must be defined.
12:20:36 [Heather]
12:20:47 [chris]
source, context, owner/authorship, multiple definitions allowed, but not preferred
12:20:59 [Roger]
Heather - look at "Service" in the existing glossary.
12:21:17 [dbooth]
Another term for "context" is "field of use"
12:21:30 [Heather]
i'm looking at Service...
12:21:37 [Heather]
it says 'collection of endpoints'
12:21:41 [Roger]
There are two.
12:22:13 [scribe]
Chris: comments on the glossary should go to the list along with additions.
12:22:37 [Heather]
it would help if this were in alphabetical order
12:22:43 [scribe]
AllenBr: Please provide sources with your additions.
12:23:11 [Roger]
Stylesheets are envisaged yielding different organizations.
12:23:15 [dbooth]
Heather, Allen said he can generate aphabetical in the next pass.
12:23:27 [JensM]
JensM has joined #ws-arch
12:23:36 [Heather]
so there are 3 definitions for service... 2 in that one and 1 on the first page
12:23:53 [Heather]
thankyou allen
12:25:14 [Roger]
I just thought that they were amazingly different.
12:25:15 [scribe]
We are now talking about WS security working group
12:25:29 [Heather]
how are we reviewing the glossary? Term by term?
12:26:01 [scribe]
chris: How big is the WS security WG? what do we need to see in the group?
12:26:21 [scribe]
Joe: Lets start with the requirements that we already have.
12:26:48 [scribe]
Glen: We should be framing the security problem.
12:27:05 [zulah]
I am scribe
12:27:15 [zulah]
zakim, I am scribe
12:27:17 [Zakim]
sorry, zulah, I do not see a party named 'scribe'
12:28:06 [scribe]
Chris: the question is, do we see a ws working group as the working group that solves world hunger for mankind or a specific targeted focused WG?
12:28:20 [DaveO]
12:28:21 [scribe]
Chris: somewhere between the two extremes?
12:28:23 [Daniel]
q+ daniel
12:28:29 [jeffm]
q+ jeffm
12:28:29 [Roger]
12:28:36 [Heather]
q+ heather
12:28:49 [scribe]
DaveO: I made a pitch in email about what a rough starting set of requirements would be.
12:29:09 [joe]
12:29:26 [scribe]
DaveO: Let's have a security group talk about a framework, details of a trust model, task it with specific technological soluntions to authentication, integrity
12:29:35 [scribe]
DaveO: encryption
12:29:57 [scribe]
DaveO: knowing that there are others (e.g., Authorization, non repudiation),
12:30:13 [scribe]
DaveO: This is a starting point pitch
12:30:19 [mchapman]
12:30:40 [scribe]
Daniel: Just in terms of the scope the ideas are good. We should confine the cope to not include world hunger. Confine it to security problems specific to WS architecture.
12:30:59 [scribe]
Daniel: Confine the scope as much as we can. Take advantage of others work
12:31:14 [scribe]
Chris: Just as a baseline, the WS activity is not charter to go beyond the bounds of WS
12:31:32 [scribe]
Chris: So you are saying not world hunger even for web services?
12:31:36 [scribe]
Daniel: yes
12:32:00 [tomCarrol]
12:32:04 [scribe]
JeffM: We have requirements, we should pick a subset of generally useful requirements (relevant subset)
12:32:29 [scribe]
JeffM: pick pieces and fill in terra incognito. Whatever set of requirements that we choose it must address and end to end case.
12:32:48 [scribe]
JeffM: it doesn't have to be all cases but one in depth
12:33:26 [scribe]
Roger: question? is there another axis? On one extremem you make up new languages and syntaxes, on the other there are existing solns. with recommednations on how to put them together.
12:33:35 [scribe]
Roger: Which is our job?
12:33:37 [DaveO]
12:34:02 [scribe]
Chris: In making our recommendation we have the option to propose putting pieces together or additions, changes
12:34:27 [scribe]
Roger: No, will this group in the process of creating the architecture specify which pieces to make security work (specifically).
12:34:39 [scribe]
Chris: we cannot dictate soln. We can provide baseline.
12:35:01 [scribe]
Roger: No, will there be components of security solutions in the architecture?
12:35:16 [Daniel]
q+ Allen
12:35:50 [scribe]
Roger: DaveO: Say we decide that we should have auser name/password for authentication then we will say this in architecture and charter.
12:36:06 [scribe]
DaveO: If a WG tells us that we a re wrong, we will fix it in the document.
12:36:35 [scribe]
Roger: If I am trying to implement WS and I use the arch document, will there be any answers in there for how I implement security?
12:36:49 [scribe]
Joe: General guidelines but more specific will come from security group.
12:37:06 [scribe]
Glen: In other words, not really just like we don't say specific things about implementing transactions.
12:37:25 [scribe]
Chris: But we can provide starting points (e.g., XML digital signatures exists, use it).
12:38:17 [scribe]
DaveO: What I think is being asked is what is the authority of the arch group in binding things? So if we say use Dig sign. is this authorotative.
12:38:22 [scribe]
Chris: At best we can influence.
12:38:37 [Daniel]
Heather you're up
12:38:46 [Heather]
12:38:48 [hugo]
I think that it depends on how our recommendations are phrased
12:39:09 [Heather]
I'm a little nervous about giving a new security wg carte blanche to develop a new security framework
12:39:26 [Heather]
it smacks of architecture groups having baby architecture groups
12:39:54 [Heather]
should we provide a 'broad framework' as part of our work
12:40:12 [Heather]
leaving them to figure out how to implement those components w/ existing specs and new specs?
12:40:33 [scribe]
Joe: Would like to help move the process along by returning to the six items from the requirements doc. 1) authentication, integrity, encryption, 2) authorization, 3) NR, 4) accessibility (DOS), 5) rest of the stuff in CSF and requirements. He suggests that this is the prioritization.
12:40:35 [Heather]
ok.. thats it
12:41:19 [scribe]
DaveO: I agree
12:41:43 [tomCarrol]
+1 on the framework
12:41:53 [Roger]
Heather, what did you mean by
12:41:56 [jeffm]
heather, you're stuff is up on the board
12:41:58 [scribe]
DaveO: I think that heather is getting at the fact that the framework has to have some detail to provide constraints. We are not writing a blank check.
12:42:01 [Roger]
"OK, that's it".
12:42:05 [jeffm]
12:42:07 [chris]
12:42:16 [chris]
ack heather, joe
12:42:25 [Heather]
by 'ok thats it' i meant </Heather>
12:42:28 [scribe]
Joe: We need to supply detail? Yes because this lends credibility>
12:42:32 [Heather]
or end of tirade
12:42:40 [Roger]
12:43:18 [scribe]
TomC: I was wondering if when we send a WG off to work, are we also going to privide a well defined process for making changes back into the architecture
12:43:38 [tomCarrol]
Mchapman your up
12:44:03 [Daniel]
12:44:08 [scribe]
Summary: We own framework, set context, but offer a process for feedback into changing the architecture.
12:44:43 [scribe]
Martin: Question is, when we charter the security group, do we pre-phase them or only charter them for a specific phase?
12:44:52 [tomCarrol]
q- TomCarrol
12:45:01 [scribe]
Daniel: this is how SOAP works today.
12:45:20 [scribe]
Summary: One working group with phasing (or re-chartering for each phase).
12:45:29 [scribe]
Martin: So what we should be debating is phase 1
12:45:32 [chris]
ack tomcarrol, mchapman
12:45:49 [Heather]
+1 for rechartering for phases
12:46:17 [dougb]
12:46:25 [scribe]
OIsio: Point of process, needs to be some life after wreck process so that there is some formal manner to make changes.
12:46:29 [chris]
ack daveo
12:47:33 [scribe]
DaveO: How convenient. I asked TBL how ammenable the director is to us rechartering in mid flight. HE said go for it, no blank check but time to market is important. I interpret this as a broad endorsment to get this stuff out there.
12:48:01 [chris]
ack allen
12:48:12 [scribe]
DaveO:No change to the process document. Its the willingness of the AC.
12:48:43 [joe]
12:48:46 [scribe]
DaveO: Process does not mean that we have to do things slowly
12:49:43 [scribe]
AllanB: There is another kind of structuering that comes from the overall architecture. YOu can imagine doing security at the messaging level. You can imagine role security at the orchestration level. These offer a basis for constraining what kinds of things are considered in each phase.
12:49:54 [scribe]
AllenB: So phase 1 could be messaging security.
12:50:28 [jeffm]
12:50:33 [chris]
ack daniel
12:50:34 [scribe]
Joe: Good point. For his priorities, these can be done in multiple ways: messaging, etc.
12:50:45 [Heather]
define messaging security for me...
12:51:22 [GlenD]
security on a per-message basis
12:51:28 [scribe]
AllenB: So there is more than one dimension to this and we can look at the matrix and determine what we want to fill in.
12:51:30 [GlenD]
as opposed to securing a channel (ssl)
12:52:12 [chris]
ack dougb
12:52:15 [Heather]
could also match phase.... define their phase one in corresspondence with our phase one
12:52:32 [mchapman]
12:52:34 [GlenD]
phase-locked groups
12:52:36 [scribe]
Daniel: following martins earlier suggestion that we iterate on phases. We should pick the highest priority probelms and ask the security group to address them in the first pass (and so on). Dave has identified the high priority items. We should phase as probelm in priority (as opposed to as solutnions).
12:52:54 [DaveO]
I think Allen proposed that there is another aspect of security, that there are the styles of security: message, connection, role based (e.g. for orchestration)
12:53:05 [scribe]
DougB: Have the security WG recognize the boxes that we provide them mapped to existing standards. Is that our job or some WGs job?
12:53:18 [scribe]
DaveO: Great.
12:53:45 [scribe]
DougB: Does the security group recognize existing standards and fill them intoboxes or does the arch team do this (clarifiation)
12:54:13 [chris]
12:54:35 [scribe]
DaveO: this came up on the tag. They felt that it was disirable for the arch group to provide details in fleshing out the scope of the box.
12:54:56 [scribe]
Chris: Again, all we can do is hope to influence.
12:55:43 [scribe]
Joe: Are we going to do the threat model in WSA or by the new WG?
12:56:38 [dougb]
higher level question Joe and I are getting at: Are we writing the security portions of our architecture document (referencing existing standards and the threat model) or is the Security WG doing that?
12:56:47 [scribe]
Chris: The order of the requirements document did not imply that we had prioritized.
12:56:47 [Heather]
if we are going to lay out the high level framework and boxes, we may have do some level of threat model
12:56:52 [chris]
ack joe
12:57:02 [chris]
ack jeffm
12:58:00 [scribe]
JeffM: As part of this discussion, will we consider the end to end case. Pick a couple of scenarios as examples and do the analysys so that we scope this by end-to-end for specific technologies as opposed to just stating messaging security.
12:58:15 [scribe]
Chris: Did you mean use cases?
12:58:22 [scribe]
JeffM: yes, the high level ones.
12:58:40 [DaveO]
12:58:59 [chris]
ack mchapman
12:59:17 [Daniel]
Dave loved that :)O
12:59:24 [Heather]
12:59:35 [scribe]
martin: even though we work at the same company ;) I want to really support this. Working solutions are importnat...
13:00:05 [scribe]
Chris: in our current scenarios we describe stack type stuff. Are you going vertical or horizontal?
13:00:11 [Daniel]
Dave and I used to be friends! that was back in XML-CORE days tho
13:00:14 [Daniel]
13:00:16 [scribe]
Martin: All the way down and then back up again.
13:01:32 [scribe]
Jeffm: When some people think end-to-end they think multiple hops, routing, etc. and that's not what I mean. What I mean is that whatever use case we pick, we do it end-to-end.
13:01:43 [scribe]
Chris: Do we care about multiple hops or is this phase 2?
13:01:51 [scribe]
Martin: What is multiple hopS?
13:02:06 [DaveO]
It was the large trout aspect, not so much the recipient ;-). I do prefer salmon, but I'm from the west coast of Canada...
13:02:17 [DaveO]
13:02:26 [scribe]
Martin: My point is that I want to see a full working solution between client and server as opposed to chunks of security that don't fit together.
13:02:29 [Heather]
security info propogation is going to be an immediate problem...
13:02:42 [Heather]
+1 to martin
13:02:59 [scribe]
DaveO: suggestion to deal with this is to do a use case and soe usage scenarios that treat particular aspects of the end-to-end.
13:04:03 [dougb]
+1 to DaveO, subject seems to depend upon use case chosen to frame security WG / also appreciate Martin's extreme programming (extreme architecture?), continuously working process.
13:04:52 [maa-in]
+ extreme UML :-)
13:04:58 [Daniel]
it's nothing to do with extreme anything, it's basic UP iteration
13:05:04 [scribe]
Chris: Here's what I hear: Not boiling the ocean. Targeted. We have suggestions for different approaches or synergisitc approaches for how we might determine prioritization. I sense a stronglevel of rough agreement as to end-to-end solutions. We have a notion of phases. that we start something off and it evolves. We may need overlap of working groups due to market forces.
13:06:09 [tomCarrol]
To be complete would we not need a complete set of use case that describe a web service and use those for the context of the security WG??
13:06:12 [scribe]
chris: break at 3:30. Afternoon for use cases. Right now, could we given this ... pick a prioritized subset of joes and allens suggestions for a phase 1 charter? Can we do that now?
13:06:39 [scribe]
DaveO: We have atleast one use case already - Hugo wrote it. Why don't we look at it and work the process?
13:06:58 [scribe]
martin: Let's narrow the use case for securiyt aspects.
13:07:50 [scribe]
Chris: We have Joe's onion, let's focus on the core of the onion. and thinking about phase 1 only.
13:07:52 [tomCarrol]
Would we want to narrow the use case or would that be delegated to the security WG
13:08:27 [scribe]
Chris: How do we want to break up?
13:08:39 [scribe]
Daniel: want to tackle high priority stuff.
13:08:51 [scribe]
Roger: You could also (in parallel?) tackle the EDI use case
13:09:29 [scribe]
Chris: Of #1 (auth, integrity, confidentiality), what would go into a phase 2?
13:09:41 [scribe]
Joe: It is useless to do integrity and confidentiality alone.
13:10:23 [scribe]
Chris: So is #1 too broad, do we want to further narrow it?
13:10:28 [Daniel]
13:10:37 [DaveO]
13:11:42 [scribe]
Daniel: Maybe there is some low hanging fruit here because a great deal of work has been done on some of this (e.g., auth and authorization).
13:11:47 [chris]
ack daniel
13:12:38 [scribe]
DaveO: The solutions and how they deal with XML and the web have not been around. We are just starting to see first proposals on some of these.
13:13:41 [scribe]
Joe: More critical problem for XML encryption is key districution. All we have talked about is message level security but channel level security has been around and that's low hanging fruit.
13:13:58 [scribe]
Daniel: I would rather talk about problems that solutions.
13:14:16 [scribe]
DaveO: but solutions introduce problems. So which of the new problems do we wish to tackle.
13:15:05 [scribe]
DaveO: the process model one is really interesting. This has come up with XML. Can or should an author be able to indicate the steps a recipient should do with a particular message...
13:15:36 [scribe]
DaveO: default processing model, explicit one... clearly in WS we have the same issue. How does a reciever specify the processing model that it will publish to the world.
13:15:53 [Daniel]
do we think we want to adopt/s[pecify a particular processing model?
13:16:24 [scribe]
DaveO: e.g., i will do integrity checks after confidentiality. So sender mus invert this. Security clearly introduces a processing model. We should stay away from tackling this right up front ("there be dragons").
13:16:45 [scribe]
Joe: true for message based but channel based already solved.
13:17:05 [scribe]
DaveO: Missed point, the order that you do things is either the canonical order or you have to publish processing orer.
13:18:02 [scribe]
Chris: Okay, how are we going to divide up this work?
13:18:29 [scribe]
DaveO: suggest taking hugo's use case and then breaking it up around 3 scenarios (auth, integrity, and confidentiality.
13:18:42 [scribe]
Chris: Hugo, do you want to walk us through the use case?
13:18:45 [hugo]
Travel agent use case:
13:20:17 [scribe]
Chris: 15- 20 break...
13:21:43 [Heather]
13:35:48 [dougb]
dougb has joined #ws-arch
13:46:45 [scribe]
Hugo: Will present travel agent use case.
13:47:38 [scribe]
Hugo: There is a customer that wants to use travel agents service to book vacation package. Travel agent service will use hotel and irline, credit card co. web services.
13:48:02 [scribe]
Hugo: I divided the use case into 4 usage scenarios. which are basically the steps that the whole thing will go through to book the vacation package.
13:48:18 [scribe]
Hugo: Of course I made simplifications - security is not considered at all.
13:48:29 [scribe]
Hugo: If you want to go step by step, its complicated.
13:49:08 [scribe]
Roger: Wants to quibble. In talking to people who wanted to use web services. When dealing with credit card service, you are dealing with something that is already firmly in place and is not going to change.
13:49:20 [scribe]
Martin: So there are definitely actors, either people or external systems.
13:49:34 [scribe]
Roger: My point is that it is unlikely that these will operate as ws in the new future.
13:49:46 [scribe]
DaveO: Point is what things would look like using ws technology.
13:50:34 [scribe]
Roger: make this point because if you are prioritizing, some legs of a use case are unlikely to change in the near future so they are low priority.
13:50:51 [scribe]
Hugo: Even though parts of the use case won't be used for a very long time, they are still illustrative.
13:52:18 [scribe]
Hugo: User requests travel for some travel dates. Hugo has a complex diagram for this in his document. The customer provide the travel agent some travel dates and the service discovers airlines and then gets descriptions of how to interact with those. So the ontology thing means that the descriptions made sense to everyone (magic).
13:53:04 [scribe]
Hugo: So queries are made, results are returned, merged and sent to the customer. The ustomer chooses and the travel agent service books the flight.
13:53:34 [scribe]
Hugo: Then moves to the hotel reservation (which works much like the airline situation).
13:55:42 [scribe]
Hugo: From here, (purple stuff), when consumer boks hotel, the trravel service gives the cutsomer payment options. The travel agent service interfaces with the credit company to get a guarantee of payment.
13:56:49 [scribe]
Hugo: At this point (Next diagram), the travel company has confirmation and then books the hotel with the credit information. Travel agent company creates vacation package and bill.
13:57:54 [scribe]
Hugo: Security wise, there is confidentiality, credit card company stuff (certificates and guarantee) - identity, encryption for credit card number.
13:58:25 [scribe]
Joe: Integrity cwould come into play since you don't want someone to change your data (london to paris) in transit. Authorization as well.
13:59:13 [scribe]
Roger: We havea system in our company that works exactly like this today. If we want to make this realistic, we could determine exactly how these work. There are sll sorts of elaboration that happen in reality. For example people doing travel on behalf of another person.
13:59:45 [scribe]
DaveO: this is a great start. There are issues of communication, QOS, Orchestration, etc. I love the travel service kind of use case.
13:59:51 [jeffm]
14:00:06 [scribe]
Joe: You can build this up. So you could add NR, etc.
14:00:21 [jeffm]
jeffm: +1
14:00:41 [scribe]
Martin: So, what's the end-toend minimal thing that we need to do to make this secure. The customer looks up something and books, how do we make this minimally secure.
14:01:11 [scribe]
JeffM: Instead of taking the whole thing as and end-toend we could take "little t" transactions and deal with each.
14:01:46 [scribe]
Jeffm: security group might be chartered for little enchilada as apposed to the whoole thing (presumably staging).
14:02:09 [soliton]
soliton has joined #ws-arch
14:02:34 [scribe]
Roger: The odering has to do with what gets done first and what is needed first. There are portions of this that are cast in stone (the real world). Some of the example doesn't need to be dealt with in the near future.
14:03:32 [scribe]
TomC: I tend to agree with the Oracle crowd. At a certain level of abstraction, in order to identify the meaningfl parts for a security WG we have to get to lower level parts of the use case.
14:04:07 [scribe]
Jeffm: explicitly not trying to determine which things have to be done first.
14:05:31 [omh]
omh has joined #ws-arch
14:05:40 [jeffm]
To clarify: I'm suggesting that what is done first is the end-to-end security for the entire steel thread(s).
14:05:42 [scribe]
Chris: So if I want to pull this apart: How do we know that its hugo, integrity, confidentiality,
14:05:44 [tomCarrol]
14:05:48 [maa-in]
14:05:52 [Roger]
14:06:00 [scribe]
Thanks Jeff ;)
14:06:37 [chris]
ack tom
14:06:54 [chris]
14:07:04 [DaveO]
14:07:09 [jeffm]
Clarify(cont): The prioritzation task is picking the "right set" of steel threads to scope the first phase.
14:07:53 [scribe]
Tom: familiar with the eprocirement scenario. You have to look at the small use cases one at a time. That is you don't get to pull the security areas out one at a time (integrity, authorization,etc.). Must find pertinent use cases in order to define a domain.
14:08:24 [scribe]
martin: You didn't mention authorization or permissions.
14:08:30 [scribe]
Chris: They are all there.
14:09:06 [JensM]
JensM has joined #ws-arch
14:10:04 [scribe]
Chris: Key point is getting to the point that roger was making, we could do all of the security things (1-5) or...
14:10:16 [Martin]
14:10:30 [tomCarrol]
14:11:00 [scribe]
CHris: we could do them all, we can parallelize based on specific aspects. In terms of encryption where you have only a credit card number, did you really need XML encryption?
14:11:15 [scribe]
Joe: You could do this two ways (SSL is option).
14:12:36 [scribe]
Chris: Integrity is fundamental (due to multiple), authentication is fundamental, and confidentiality. can we focus on just these three.
14:13:05 [chris]
ack maa
14:13:12 [scribe]
Martin: The scenario has to touch on all of them otherwise you will miss something. The steel thread must address all points.
14:13:21 [hugo]
14:13:29 [scribe]
Joe: This is what he was refering earlyier to the minimal set.
14:13:40 [chris]
ack roger
14:13:56 [scribe]
Roger: Does not like the use case because he doesn't see the business driver.
14:14:31 [scribe]
Roger: sees apples and oranges of existing systems of different types. He really wants to show the EDI use case because it is different and the business drivers are clearly displayed.
14:14:33 [joe]
14:14:42 [chris]
ack daveo
14:15:50 [scribe]
DaveO: In terms of the break up, another way to tease out requirements is to look at what is going on in terms of the channel (e.g., email). So this type of variability might be another way to go in terms of structuring this.
14:15:55 [chris]
ack martin
14:16:11 [scribe]
Martin: This use case represents 80% of what the web is used for.
14:16:18 [chris]
q+ jeffm
14:16:34 [chris]
ack tom
14:18:06 [scribe]
TomC: On rogers point, views the use case as an abstraction (that is that you can abstract out the business portion - the travel agent). The trust model varies based on what side of the travel agent service I belong to. I have trust with suppliers that is completely different that with the general public. So security may be completely different and require completely different technical implementations.
14:18:14 [chris]
ack hugo
14:18:44 [scribe]
Hugo: Martin said that we should have a look at everything rather than limiting to the 3. If we have a look at everything, everything will be large (e.g., privacy).
14:18:48 [chris]
ack joe
14:19:47 [scribe]
Joe: Responds to Roger's use case comment. Can cover all of the security aspects with buying a book from The EID use case could be different because it is intranet.
14:19:56 [scribe]
Roger: Not intranet, its an internet example!
14:20:09 [omh]
omh has left #ws-arch
14:20:10 [GlenD]
14:20:32 [DaveO]
14:20:49 [chris]
ack jeffm
14:21:23 [scribe]
Glend: two tiny comments. Regardless of whether the use case is connected to reality, it is still a useful scenario. Can we ask Roger to do a short description of his use case.
14:21:55 [chris]
ack glend
14:22:02 [chris]
q close
14:22:10 [scribe]
Roger:EDI like interacteraction betweek big and small company to to purchase widgets it is interesting because small company has different capabilityies and security aspects and guts happens when things go wrong.
14:22:56 [dbooth]
14:23:02 [scribe]
Mike: How does this use case differ from the travel agent?
14:23:03 [chris]
ack daveo
14:23:06 [chris]
ignore q
14:23:22 [scribe]
Roger: Assumption here is that you have trusted partners.
14:23:24 [Martin]
q martin
14:23:31 [Martin]
14:23:45 [chris]
zakim, ignore q
14:23:46 [Zakim]
I don't understand 'ignore q', chris. Try /msg Zakim help
14:23:53 [chris]
zakim, ignore queue
14:23:56 [Zakim]
ok, chris, I will ignore the speaker queue
14:23:59 [Martin]
14:24:03 [jeffm]
14:24:10 [scribe]
DaveO: I have built SOAP systems doing exactly this. If you take how vendors talk about ws. IBM developer site is example. They use travel, others use this example. This is a connonical exmple for doing WS.
14:24:26 [dbooth]
q+ jeffm
14:24:28 [jeffm]
jeffm wonders where chris is
14:24:46 [scribe]
chris: we don't have time to do the break outs. Suggests that we let Roger present his use case for 5-10 minutes.
14:27:15 [scribe]
Roger: I talked to our EDI people about what they actually do and how they would be interested in useing web services and here's the scenario. You havea big company trying to buy widgets from a small mom and pop co with a big technology difference. We actually want to do this.
14:28:04 [scribe]
Roger: Actors: Engineer, business analyst, lots of people. mom and pop and uncle on weekends.
14:29:17 [scribe]
Roger: Request for purchase, purchase order, request for invoice, purchase, payment.
14:29:39 [hugo]
EDI use case:
14:29:45 [scribe]
Roger: Focus is technical infrastrcutre not the buisiness process. Payments are explicitly out of scope. Because banks have their own processes.
14:30:29 [scribe]
Roger: This is how process works when it works. This is less intereesting than when it doesn't. He has a list of requirements, check the use case for details. It is required that messages are ordered and identified with unique ID but not sequenced.
14:31:25 [scribe]
Roger: Security problem: NR, accessibility, authentication. NR is a lower level than NR but higher than auditing because it is a trusted business parter. No one is going to court over a failure. You just need somewhay to determine what happened.
14:32:35 [scribe]
Roger: So you need to reconciliate. So, the problems in the process are the real meat. This is where people spend their time. Transactio n log mismatch. At the end of each moth the big co will send a list of messages received to small co. The response is checked against the back office to see if there is message agreement.
14:32:50 [dbooth]
14:33:08 [dbooth]
14:33:12 [scribe]
Roger: Second scenario is that small co thinks that they weren't payed. (incorrectly). They didn't get a payment advise(?). So they got paid bu they don't know it.
14:33:54 [scribe]
Roger: Big purchasing department ... big co sends copies of purchase information to little co, and then little co matches and determines that they were payed.
14:34:15 [scribe]
Roger: Finally, example where small co gets payed and this is similar to former.
14:34:27 [chris]
zakim, track queue
14:34:29 [Zakim]
ok, chris, I will track the speaker queue
14:34:31 [tomCarrol]
14:34:33 [scribe]
Roger: Real important thing is to be able to determine what happened in the past.
14:34:37 [GlenD]
14:34:53 [omh]
omh has joined #ws-arch
14:35:00 [scribe]
Martin: This type of scenario is invaluable. Some things are not in the scope of web services. Alot of the use case is human use case.
14:36:19 [scribe]
Roger: I disagree. Ddifferentiates (human from machine) based on log information needed vs. actual reconcilliation.
14:36:33 [scribe]
Martin: What extra do we need to do to be able to prove that a payment was made (for example).
14:36:39 [chris]
ack martin
14:37:00 [scribe]
Roger: It is important that there is an agreed upon method for identifying messages (in time).
14:37:10 [chris]
ack tom
14:37:12 [scribe]
Roger: A standards query for getting digest of messages would be great.
14:37:51 [scribe]
TomC: Looks at the abstraction. The activity being performed is ... missed it
14:37:56 [dbooth]
Hmm, it sounds like he's talking about "unambiguously identifying things". Sounds a lot like URIs to me!
14:38:42 [chris]
ack tom
14:38:47 [scribe]
JeffM: If the requirement is to have a logging service, and the service has to support a DB query service then that is all that you need to say - that's a solution to the problem.
14:38:50 [chris]
ack glen
14:38:59 [tomCarrol]
14:39:09 [scribe]
JeffM: doesn't see how the use case adds more to security.
14:39:25 [scribe]
Roger: I think that it is significant that the financial transactions are out of scope.
14:39:45 [Heather]
why are the financial transactions out of scope?
14:40:17 [chris]
q+ jeffm
14:41:05 [chris]
q+ zulah
14:41:13 [dboo-scri]
GlenD: There are lots of scenarios. I suggest we do something to move forward. We've chosen to drill through a use case. We'll do (1) vote for one of these use cases; or (2) tonight you guys can combine them.
14:41:20 [dboo-scri]
Roger: Or we could split and do both.
14:41:27 [DaveO]
14:41:50 [dboo-scri]
Heather: why are the financial transactions out of scope?
14:42:05 [dboo-scri]
Roger: Because EDI people told me they were'nt interested in it.
14:42:14 [dboo-scri]
s/EDI/my EDI/
14:42:16 [Heather]
14:42:37 [Heather]
is there no interest from the financial industry to move to web services?