RE: [provision] SPML identifier issues for the interop ...

[Yoav Kirsch <Yoav.Kirsch@businesslayers.com>]

 This should be the RA responsibity if the RA send the indentifier. For the
interop we should assume that the RA will create a unique identifier either
by using People Soft ID or by custom code writen on the RA
Yoav

-----Original Message-----
From: Cohen, Doron
To: Jeff Bohren; provision@lists.oasis-open.org
Sent: 6/11/03 5:33 PM
Subject: RE: [provision] SPML identifier issues for the interop ...

Wouldn't it be fair to assume that PSFT has a unique identifier for
employee that can be used (since the HR system itself needs to
distinguish between two employees with the same name) ?  

-----Original Message-----
From: Jeff Bohren [mailto:jbohren@opennetwork.com] 
Sent: Wednesday, June 11, 2003 11:11 PM
To: provision@lists.oasis-open.org
Subject: RE: [provision] SPML identifier issues for the interop ...


 
The problem is what if two users named John Smith both use the common
RA. For the first one there is no problem. For the second one, a request
will be made to add a user with the GUID of an already existing user.
For our system that is an error and the second add request will fail.
Since we are not supporting status, the second user won't know why his
user ID/password combination that he entered will not allow him to log
onto our system.
 
Now I could add special logic to make true GUID out of the GUID passed
to our system to get around this, but since all of the PSPs should have
similar issues, it makes sense to solve this in one place (the common
RA). Can the common RA be configured to make sure that the CN is not
reused? It would probably be a good idea to make sure the uid is not
reused as well, if possible. We could also set the GUID id to the uid
instead of the CN and just make sure that the uid is unique.
 
BTW, if you think having two CNs the same is unlikely, what if one user
wants to run through the demo twice from two different vendors?
 
Jeff Bohren
Product Architect
OpenNetwork Technologies, Inc
 

-----Original Message-----
From: Kevin Boyce [mailto:kevin.boyce@entrust.com] 
Sent: Wednesday, June 11, 2003 3:56 PM
To: Jeff Bohren; provision@lists.oasis-open.org
Subject: RE: [provision] SPML identifier issues for the interop ...


it would be nice if the RA generated unique ids for the duration of the
demo but since we are not supporting status or any other requests for
the interop, it should not functionally matter

-----Original Message-----
From: Jeff Bohren [mailto:jbohren@opennetwork.com] 
Sent: June 11, 2003 12:59 PM
To: provision@lists.oasis-open.org
Subject: [provision] SPML identifier issues for the interop ...


For the interop we are using the SPML add request where the identifier
is specified. Therefor the RA must ensure that the specified identifier
is unique. In the examples in the interop spec the GUID identifier type
is used with the user's CN as the guid. Obviously the CN is not
guaranteed to be unique. I would suggest that we either use the email
identifier (would require users to enter their real email) or we use the
GUID identifier with an autogenerated GUID.
 
Jeff Bohren
Product Architect
OpenNetwork Technologies, Inc