provision message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: RE: [provision] Multiple targets with the ONT proposal
- From: "Jeff Bohren" <jbohren@opennetwork.com>
- To: <provision@lists.oasis-open.org>
- Date: Tue, 2 Mar 2004 10:16:28 -0500
Title: Message
The
ONT Proposal did not address the issue of multiple targets because it was not an
explicitly a requirement. If this is something that the committee feels should
be supported in SPML 2.0, it would probably be a good idea to add it to the
requirements. Since SPML is designed to support RA->PSP and PST->PST
provisioning, explicit targets really only apply to the RA->PSP case. For
RA->PSP provisioning, it should be considered optional since not all PSPs
expose underlying PSTs via the SPML service.
For
the RA->PSP case where the PSP exposes the underlying PSTs to the RA, there
are at least three ways this could be handled in the ONT SPML 2.0
Proposal:
1) By
adding an optional target element to the add, modify, delete verbs as well as
the search results (this could be done similar to what is in the IBM proposal).
An optional "list target" verb could be added to get a list of targets for
the service.
2) By
adding the target as an optional component of the SPML Identifier. Again,
an optional "list target" verb could be added to get a list of targets for
the service.
3) By
treating targets as containers within the namespace of the provisioned object.
For instance an account jbohren provisioned to an underlying RACF system could
be named as "uid=jbohren, ou=racf1, dc=acme.com" where "ou=racf1, dc=acme.com"
would be the RACF target. This approach is supportable in the SPML 1.0 spec,
assuming that DN identifiers are used. By coincidence, this was also the
approach used in the recent SAML 1.1 interop event that I participated in at the
RSA conference last week.
Jeff Bohren
Product Architect
OpenNetwork Technologies,
Inc
Try the
industry's only 100% .NET-enabled identity management software.
Download your free copy of Universal IdP Standard Edition today. Go to
www.opennetwork.com/eval.
I didn't want to muddle up the other discussion with this question but
since we're not having a call tomorrow, I still haven't seen any clarification
of the question of single/multiple targets with the ONT proposal. Gary raised
the issue in his data model document and I echoed the concern in a follow-up
e-mail. Jeff, can you offer some insights on this
question?
Thanks,
Gerry
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]