Configurations by UML
Configurations by UML
Øystein Haugen & Birger Møller-Pedersen
University of Oslo
{oysteinh | birger}@ifi.uio.no
EWSA 2006
6-Sep-06
Øystein Haugen & Birger Møller-Pedersen
1
Configuration and Architecture
ƒ Configuration
– the relative arrangement of parts
ƒ (Merriam-Webster's, Online Dictionary)
– binding of free variables and deciding the number of objects
Configurations by UML
ƒ Architecture
– often described in similar terms as configuration
– more general than a configuration
– therefore: an architecture may describe a set of configurations
6-Sep-06
Øystein Haugen & Birger Møller-Pedersen
2
The access control system
ƒ
ƒ
Configurations by UML
ƒ
User Access: The user will enter an access zone through an access
point. The authentication of a user shall be established by some
means for secret personal identification (PIN code).
New User: A supervisor will have the ability to insert new users into
the system.
PIN change: Users shall be able to change their personal code.
Console
ACSystem
Panel
1..2
AccessPoint
Door
Authorizer
*
controls
1
controls
1
1
*
1
1
governsAccess
access
AccessZone
*
6-Sep-06
Øystein Haugen & Birger Møller-Pedersen
3
ACSystem common architecture
class
ACSystem
composite
structure
c:Console
Configurations by UML
ap.:AccessPoint[2...100]
Supervisor
User
part
(property)
Door
aut:Authorizer[2]
multiplicity
6-Sep-06
Øystein Haugen & Birger Møller-Pedersen
port
4
More general characteristics
value constraints
AccessPoint
User
floor: Integer {0..10}
seclev:Integer {1..4}
Door
Authorizer
Configurations by UML
AccessPoint
BlockingAccessPoint
6-Sep-06
Øystein Haugen & Birger Møller-Pedersen
LoggingAccessPoint
5
The Challenges
ƒ
The number of access points on each floor may differ,
and within each floor the access points will have the
same security level
ƒ
The access points on the ground floor are connected to
one specific authorizer, while the other access points are
connected to another authorizer.
– The reason for this is due to the difference in security level.
6-Sep-06
Øystein Haugen & Birger Møller-Pedersen
6
Configurations by UML
– On the ground floor the security level is high and the access
points will be LoggingAccessPoints.
– On all other floors the security level is lower, and the access
points are BlockingAccessPoints.
Two attempts that do not quite make it
ACSystem
ACSystem
AccessPoint
Authorizer
MyACSystem
ap.:LoggingAccessPoint[2...100]
Supervisor
ACSystemWithLoggingAccessPoint
User
LoggingAccessPoint
redefines
AccessPoint
Configurations by UML
aut:SpecialAuthorizer[2]
Door
SpecialAuthorizer
redefines
Authorizer
ƒ Both of these specialized architectures are legal in UML 2
ƒ Neither of them satisfy the challenges
ƒ In both of these attempts, all objects of the set of AccessPoints are
described as being the specialized LoggingAccessPoints
ƒ There is no place for BlockingAccessPoints
6-Sep-06
Øystein Haugen & Birger Møller-Pedersen
7
Discovering a UML 2 mechanism: subset
ACSystem
ap
ACSystem
AccessPoint
role name
MyACSystem
top {subsets ap}
MyACSystem
BlockingAccess
Point
ground {subsets ap}
ground/ap.:LoggingAccessPoint[1...25]
{floor==0 and seclev==4}
constraint
Configurations by UML
LoggingAccess
Point
Supervisor
ACSystem
User
top/ap.:BlockingAccessPoint[2...99]
{floor>0 and seclev <4}
MyACSystem
Door
aut:Authorizer[2]
ground:LoggingAccessPoint[1...25]
{subsets ap}
Supervisor
User
top:BlockingAccessPoint[2...99]
{subsets ap}
Door
aut:Authorizer[2]
6-Sep-06
• On the ground floor the security level is high and
the access points will be LoggingAccessPoints.
• On all other floors the security level is lower, and
the access points are BlockingAccessPoints.
Øystein Haugen & Birger Møller-Pedersen
8
Architectural diversity
• The access points on the ground floor are
connected to one specific authorizer,
• while the other access points are connected
to another authorizer.
ACSystem
User
ground/ap.:LoggingAccessPoint[1...25]
{floor==0 and seclev==4}
Configurations by UML
MyACSystem
secure/aut:SpecialAuthorizer[1]
Supervisor
c:Console
top/ap.:BlockingAccessPoint[2...99]
{floor>0 and seclev <4}
/aut:Authorizer[1]
Door
connections
a snapshot?
6-Sep-06
Øystein Haugen & Birger Møller-Pedersen
9
How long is the Norwegian coast?
ACSystem
every single
access point
MyACSystem
Configurations by UML
MyACSnapshot
User
zero/ground/ap.:LoggingAccessPoint
{floor==0 and seclev==4}
secure/aut:SpecialAuthorizer[1]
c:Console
Supervisor
first/top/ap.:BlockingAccessPoint
{floor==1 and seclev==3}
Door
/aut:Authorizer[1]
second/top/ap.:BlockingAccessPoint
{floor==2 and seclev==3}
all values bound
a snapshot?
6-Sep-06
Øystein Haugen & Birger Møller-Pedersen
10
Constructor – a generalized snapshot?
MyACSnapshot
MyACSystem
«create»
User
zero/ground/ap.:LoggingAccessPoint
{floor==0 and seclev==4}
first/top/ap.:BlockingAccessPoint
{floor==1 and seclev==3}
Supervisor
/aut:Authorizer[1]
second/top/
ap.:BlockingAccessPoint
{floor==2 and seclev==3}
Configurations by UML
Door
initMyACS()
secure/aut:SpecialAuthorizer[1]
«snapshot»
c:Console
ƒ A snapshot has a lifespan of sedom more than one time instant
– thus it is not really a configuration being a system over time
ƒ Therefore we replace inheritance by a «snapshot» dependency
ƒ But a snapshot may also have information about the behavioral
continuation
– and can serve as a constructor directly
6-Sep-06
Øystein Haugen & Birger Møller-Pedersen
11
Conclusions
ƒ UML 2 has mechanisms for modeling of configurations
– combining inheritance with property subsetting and constraints
– Our notions of snapshot and of constructor are more expressive
than that of the instance model since also the behavioral
continuations are included in our concept.
6-Sep-06
Øystein Haugen & Birger Møller-Pedersen
12
Configurations by UML
ƒ Notation: The slash notation for instances playing roles
represented by parts is used for naming subsets of parts:
different subsets play different roles.
ƒ Generalized definitions of snapshot and constructor
based on a special «snapshot» dependency make
classes defining configurations replace the UML instance
model