RE: [provision] Liberty Identity Personal Profile example...

[Gearard Woods <gewoods@us.ibm.com>]

Jeff,
Well, I should have read all of your message before rushing off a reply
shouldn't I?  If you want to get into the argument about identifying
elements in a document using XPath again that's fine.  I have to admit that
it seems pretty straightforward to me.  If you need to identify a specific
item in a collection then you need to use more than just the type in the
identifying expression.  The statement that you have reproduced from the
spec indicates that the expression used in the example is not specific
enough in the case where there are multiple addresses.  This does not mean,
as you seem to think it does, that a specific expression cannot be
formulated.  You've been clear that you are unwilling to accept this as an
answer when we have talked about this issue before and I doubt that any
measure of reasonable argument will distract you from that position at this
point.

In any event, it's not enough to say that the SPML allows each sub-element
to be uniquely identified.  Imagine that the Liberty example that you
included here was to be communicated in SPML and that there are three
addresses.  How exactly would I use the SPML to indicate which one?  I
would, of course, have to have knowledge of each address and manage an
associated generated identifier for each element based on its position in
the XML representation.  You'll have to forgive me, but I'd prefer to come
up with a specific XPath expression rather than have to manage mapping
identifiers for every single component of every single data item in my user
database.  Just from a practical point of view, forgetting any argument
about how cumbersome this is compared to just communicating the actual XML,
consider what this means for a database of 100,000 users with an average of
2 addresses, a common name and a single federal identification number.
That's a lot of superfluous information and it doesn't even allow for the
possibility that my user database can be manipulated by other tools that do
not generate an identifier for me and can cause my whole mapping to get out
of synch.
Gerry



|---------+---------------------------->
|         |           "Jeff Bohren"    |
|         |           <jbohren@opennetw|
|         |           ork.com>         |
|         |                            |
|         |           07/31/2003 01:25 |
|         |           PM               |
|---------+---------------------------->
  >------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                              |
  |       To:       <provision@lists.oasis-open.org>                                                                             |
  |       cc:                                                                                                                    |
  |       Subject:  RE: [provision] Liberty Identity Personal Profile example...                                                 |
  >------------------------------------------------------------------------------------------------------------------------------|




Gerry,

To be precise, the example I posted shows how SPML could be used to
provision the data that could also be represented by the below XML
document. That is a subtle, but important difference. As a provisioning
protocol the XML document does not serve very well, as indicated in the
Liberty spec itself.

Provisioning this information is not as simple as just consuming a WSDL
file and generating a stub. For instance in the Liberty ID-WSF Data
Serice Template
(http://www.projectliberty.org/specs/draft-lib-svc-dst-v1.0-16.pdf) line
706 the XML to replace a Postal Address is:

<Modify>
  <Resource>
    <saml:NameIdentifier>d8ddw6dd7m28v628</saml:NameIdentifier>
  </Resource>
  <Modification overrideAllowed="True">

<Select>/IDPP/IDPPAddressCard[IDPPAddressType='urn:liberty:idpp:addrType
:home']</Select>
    <NewData>
      <IDPPAddressCard id='98123'>
        <IDPPAddressType>urn:liberty:idpp:addrType:home<IDPPAddressType>

        <Address>
          <PostalAddress>c/o Carolyn Lewis$2378 Madrona Beach
Way</PostalAddress>
          <PostalCode>98503-2342</PostalCode>
          <L>Olympia</L>
          <ST>wa</ST>
          <C>us</C>
        </Address>
      </IDPPAddressCard>
    </NewData>
  </Modification>
</Modify>

Note that there logic involved that would not be represented in a WSDL
file. Further note that this  can not be safely used to modify the
postal address anyway. Line 701 reads:

"Following example replaces current home address with a new home address
in the personal profile of a Principal. Please note that this request
will fail, if there are two or more home addresses in the profile,
because it is not clear in this request, which out of those addressed
should be replaced by this address."

The SPML approach can safely modify any of the profile data structures
because each sub element can be uniquely identified.



Jeff Bohren
Product Architect
OpenNetwork Technologies, Inc



-----Original Message-----
From: Gearard Woods [mailto:gewoods@us.ibm.com]
Sent: Thursday, July 31, 2003 2:39 PM
To: Jeff Bohren
Cc: provision@lists.oasis-open.org
Subject: Re: [provision] Liberty Identity Personal Profile example...






These examples show how the SPML might communicate this XML document::

  <InformalName>theWanderer</InformalName>
  <CommonName>
    <CN>Zita Lopes</CN>
    <AltCN>Maria Lopes</AltCN>
  </CommonName>
  <LegalIdentity>
    <LegalName>Zita Maria Oliveira da Figueira Lopes</LegalName>
    <VAT>502677123</VAT>
  <LegalIdentity>

I urge the committee members to examine the documents that Jeff has
worked up and consider them against this and in the light of previous
issues raised on this list.  Some important points to consider in my
view are:

1. The examples introduce a naming system to relate hierarchical
elements that are naturally related in the simple XML document.  This
naming system exists only for the benefit of the SPML and is not present
in the target document. 2. The examples force the implementor to perform
a quite complex mapping of request structures to the XML document 3.
It's still not clear how attributes (as opposed to elements) in the
target document are conveyed clearly in the SPML 4. The sheer complexity
of the SPML approach

And there are additional problems associated with the schema.  We have
not yet seen how an SPML schema might look for these documents but there
is some form of mapping required to transform the schema from XML Schema
to SPML schema.  Also, if I use the native Liberty XML Schema as
published, I can use tools such as XMLSpy to analyse, validate or create
instance documents whereas with the SPML schema I have no such tool
support.  I can include or reference the XML Schema in a WSDL document
verbatim to allow consumers to generate client libraries to talk to my
service.  These tools are not available for SPML schema.

These examples illustrate to me that there is a very large penalty to
pay with the SPML.  The hoops that implementors of the SPML will have to
jump through to communicate a simple XML document represent the tip of
the iceberg.  Along with the document transformations are schema
transformations and the inability to use off-the-shelf tools.  The fact
that schemas and documents published by almost all Web Services and
toolkits available today will need these complex transformations to be
used with the SPML at all is a fundamental problem.

There are still unanswered questions about aspects of this problem, but
without going any deeper into this argument it seems to me that the SPML
approach must be viewed as an unsatisfactory solution.  I will certainly
not stand in front of my management, technical review boards, and
ultimately IBM customers, and suggest that this is the best way to
communicate their XML data and provide access to their Web Services.