OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dsml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: DSML 2.0 requirements

  We discussed this message and the email discussion which followed, along with other requirements, in the DSML phone conference today (9/5/2000). These are the notes I took:

- There was agreement that the goal of DSML 2.0 is not to supplant existing LDAP protocol/API/SDK usage, but to make directory data accessible to the community of developers and applications that are or will be XML-aware.

- There was agreement that the goal of DSML 2.0 is to support access to LDAP data sources and not to be a generalized framework for access to other types of data sources (e.g. RDBMS).

- We should look into accessing a directory as a DOM, using XPath and other standard XML tools. Accessing the virtual contents of a directory as a DOM is to be distinguished from the XML serialization of directory data (as in DSML 1.0).

- For establishing authentication and also for establishing a connection to an LDAP server, Processing Instructions (PIs) were suggested. That is more for the specification than for the requirements document, though.

- The following were raised as requirements and non-requirements:

  - It is not a requirement that DSML 2.0 be backwards compatible with DSML 1.0

  - It is a requirement that there be some way to determine the version of DSML being used (but the means to determine it will be defined in the specification)

  - It is a requirement that it be possible to perform all LDAP operations and pass all LDAPv3 additional information (controls, extended operations)


  James wasn't on the line for these discussions, but hopefully the above (and below) will provide material to start writing the formal requirements document, and also to continue the discussion per email.

Rob



Rob Weltman wrote:

>   To kick off the requirements discussion, I'll summarize (and augment) some thoughts that I presented at the phone conference yesterday.
>
> - There are fairly well-established APIs and SDKs for accessing LDAP data for most of the popular programming languages: C/C++, Java, perl, TCL, python, VB. There are many applications that are LDAP-aware and are using these SDKs and APIs. Those applications and their owners are not the target audience for DSML 2.0.
>
> - There are many more applications that are clueless WRT LDAP but which would benefit from access to user (and potentially other) information stored in a directory. XML is the only real contender for a common data format for information exchange across a wide range of application areas, and I expect that most new applications with wide-ranging data interchange requirements (and even many without such strong requirements) are or will be XML-aware. These applications and their owners are the target audience for DSML 2.0.
>
> - DSML 2.0 should make it as painless as possible for non-LDAP-aware applications to access (read/create/update/delete) information which is managed by LDAP servers.
>
> - We discussed the concept of representing each LDAP protocol operation in XML. I am not convinced at this point that such an approach would provide all the benefits to non-LDAP-aware clients that the XML environment makes possible. I don't know how realistic it is, but an ideal XML view of the LDAP world would be as just another XML document, where XLink is used to identify directory entries (roots of subtrees) and XPath to query and extract entries and attributes within a subtree.
>
> - XML/DSML is not a transport protocol. One can anticipate exchanging DSML documents over HTTP, SMTP, and other transports. In many cases a user will want to take advantage of the authentication and privacy provided by the transport layer, and DSML is oblivious to the carrier.
>
> - LDAP deployments generally require some form of authentication (common methods are simple bind with username and password, SASL for mechanisms such as kerberos or digest MD5, and certificate authentication) after establishing a connection and before performing any operations. DSML 2.0 must allow for authentication of the client to the server. This can be accomplished either externally (DSML operates on an authenticated LDAP connection which has been established through some other means) or expressed in DSML as conditions/configuration for the connection.
>
> Rob

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC