Re: [provision] SPML 2.0 Data Model Proposal...

[Gearard Woods <gewoods@us.ibm.com>]

Jeff,
I think this is a move in the right direction. Obviously, as both you and Jesus have pointed out, this needs more detail. I have a couple of comments:
- It might be useful to include an identifier for the schema namespace in the schema element to allow the client to determine if it can proces the schema language.
- I'd like to be able to associate a schema with a target. I would prefer that we not propagate the problems that LDAP imposes with one overall schema to the SPML2. I'm not sure if this is what is meant by "providerIdentifier" but as I think we have already discussed, I'd like to see these identifiers streamlined. Also, if this is the case then I should be able to determine what the providers are. Is there a facility to do that?

It'll be important to see what the other operations look like with these changes.
Gerry


"Jeff Bohren" <jbohren@opennetwork.com>

"Jeff Bohren" <jbohren@opennetwork.com> 12/09/2003 06:50 AM

To: <provision@lists.oasis-open.org> cc: Subject: [provision] SPML 2.0 Data Model Proposal...

My proposal is that SPML 2.0 be expanded to support two data models which I will refer to as the “DSML Data Model” and the “XSD Data Model”. The DSML Data Model is the one currently used in SPML 1.0. There is no reason that additional data models could not also be added if there seems to be if value (i.e. a “SAML Data Model”, or “Liberty Data Model” could also be added). This would support the data model that IBM wants as well as being backwards compatible with the existing SPML 1.0 specification.

In my proposal each of the SPML verbs would be expanded to support both data models. For instance in response to a schema request, the schema response could look like the current SPML model:

<schemaResponse>
<schema>
<schemaIdentifier>…
<attributeDefinition>…
<objectClassDefinition>…
<schema>
</schemaResponse>

Or it could use the XSD Data Model be either including the XSD directly:

<schemaResponse>
<schema>
<xsd:schema> ….
<schema>
</schemaResponse>

Or by referring to an XSD document externally:

<schemaResponse>
<schema externalURL=”http://www.acme.com/schemas/provisioning.xsd” />
</schemaResponse>

Likewise the add request could be modified to contain the current DSML attribute/values as in the current spec or it could include arbitrary XML as defined by the XSD returned in the schema response. For example:

<spml:addRequest>
<acme:account>
<acme:id>jsmith</acme:id>

<acme:phoneNumbers>

                                    <acme:homePhone>555-1212</acme: homePhone >
                                    <acme:cellPhone>555-1212</acme: cellPhone >

</acme:phoneNumbers>

            </acme:account>
</spml:addRequest>
 
Likewise the modify, delete, and search verbs could all be expanded to fit this concept. The identifier element could be expanded to include XPath reference to the appropriate place in the XML data that corresponds to the identity of the object. 
 
I am glossing over a lot of details, but I wanted to get some feedback to the basic idea before I put any more time into this.
 
Comments?

Jeff Bohren
Product Architect
OpenNetwork Technologies, Inc

Try the industry's only 100% .NET-enabled identity management software. Download your free copy of Universal IdP Standard Edition today. Go to www.opennetwork.com/eval.