In my first post on AX models I showed that models provide parity functionality with AOD files. Models goes several steps further, and addresses some of the shortcomings of AOD files. Have you ever been in a situation where you had several AOD files, but couldn’t quite remember which was which, and where they came from? Models solve this problem by containing a manifest. A manifest contains attribute values describing the model.
AX models support these manifest attributes:
Name of the model.
Friendly name to be presented in user interfaces.
A longer text describing the model.
Publisher of the model, e.g. “Microsoft Corp.”
Four part version number, e.g. 220.127.116.11.
ID of the layer from which this model was exported and hence target layer during import.
The manifest can be inspected for models in the model store by using AxUtil:
To modify a model’s manifest you can use AxUtil:
Now we have a model with a manifest. This mean we can track structured information about the model. The next thing you want to do is to ensure the receivers of your model file can trust the model – or at least be able to judge if the model comes from a trustworthy source. To achieve this you can sign the model. We support two ways of signing a model. Strong name signing and Authenticode signing. Here is a post that explains the details and use scenarios of each.
Strong Name Signing
When you are importing a strong name signed model; you are guaranteed the model file hasn’t been tampered with since it was exported. To strong name sign an model, you need to use the Strong Name Tool: SN.exe to generate a key pair file. When you export your model to an .axmodel file you can specify the key to sign the model with:
AxUtil export /Model:”My Model” /file:MyStrongNameSignedModel.axmodel /key:mykey.snk
If you are a publisher of models, like an ISV that provides models e.g. for download, you should consider authenticode signing your model. If you do, then your customers are guaranteed the file hasn’t been tampered with, and that you created the model.
When you are importing an authenticode signed model; the model’s publisher is authenticated. Depending on the certificates, the model is either imported silently (if the publisher is one you trust), or you will be prompted to ensure you trust the publisher. If the model isn’t authenticode signed, you will always be prompted (to accept importing a model where the publisher can’t be authenticated).
To authenticode sign a model file you need to export it first using AxUtil. After this you use the SignTool to perform the actual signing.
The features around deployment and manageability of models by far exceed what was possible for AOD files. Having this solid foundation enables many new scenarios and drives down TCO. It is also a solid foundation for us to add more capabilities. For example; dependency management between models is high on our list of things to consider next.
More on models…
This post is a part of a series on models:
This posting is provided “AS IS” with no warranties, and confers no rights.