OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

provision message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [provision] SPML identifier issues for the interop ...

Title: Message
Wouldn't it be fair to assume that PSFT has a unique identifier for employee that can be used (since the HR system itself needs to distinguish between two employees with the same name) ? 
-----Original Message-----
From: Jeff Bohren [mailto:jbohren@opennetwork.com]
Sent: Wednesday, June 11, 2003 11:11 PM
To: provision@lists.oasis-open.org
Subject: RE: [provision] SPML identifier issues for the interop ...

 
The problem is what if two users named John Smith both use the common RA. For the first one there is no problem. For the second one, a request will be made to add a user with the GUID of an already existing user. For our system that is an error and the second add request will fail. Since we are not supporting status, the second user won't know why his user ID/password combination that he entered will not allow him to log onto our system.
 
Now I could add special logic to make true GUID out of the GUID passed to our system to get around this, but since all of the PSPs should have similar issues, it makes sense to solve this in one place (the common RA). Can the common RA be configured to make sure that the CN is not reused? It would probably be a good idea to make sure the uid is not reused as well, if possible. We could also set the GUID id to the uid instead of the CN and just make sure that the uid is unique.
 
BTW, if you think having two CNs the same is unlikely, what if one user wants to run through the demo twice from two different vendors?
 
Jeff Bohren
Product Architect
OpenNetwork Technologies, Inc
 
-----Original Message-----
From: Kevin Boyce [mailto:kevin.boyce@entrust.com]
Sent: Wednesday, June 11, 2003 3:56 PM
To: Jeff Bohren; provision@lists.oasis-open.org
Subject: RE: [provision] SPML identifier issues for the interop ...

it would be nice if the RA generated unique ids for the duration of the demo but since we are not supporting status or any other requests for the interop, it should not functionally matter
-----Original Message-----
From: Jeff Bohren [mailto:jbohren@opennetwork.com]
Sent: June 11, 2003 12:59 PM
To: provision@lists.oasis-open.org
Subject: [provision] SPML identifier issues for the interop ...

For the interop we are using the SPML add request where the identifier is specified. Therefor the RA must ensure that the specified identifier is unique. In the examples in the interop spec the GUID identifier type is used with the user's CN as the guid. Obviously the CN is not guaranteed to be unique. I would suggest that we either use the email identifier (would require users to enter their real email) or we use the GUID identifier with an autogenerated GUID.
 
Jeff Bohren
Product Architect
OpenNetwork Technologies, Inc
 
 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]