OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

provision message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [provision] Multiple targets with the ONT proposal

Title: Message
The ONT Proposal did not address the issue of multiple targets because it was not an explicitly a requirement. If this is something that the committee feels should be supported in SPML 2.0, it would probably be a good idea to add it to the requirements. Since SPML is designed to support RA->PSP and PST->PST provisioning, explicit targets really only apply to the RA->PSP case. For RA->PSP provisioning, it should be considered optional since not all PSPs expose underlying PSTs via the SPML service.
 
For the RA->PSP case where the PSP exposes the underlying PSTs to the RA, there are at least three ways this could be handled in the ONT SPML 2.0 Proposal:
 
1) By adding an optional target element to the add, modify, delete verbs as well as the search results (this could be done similar to what is in the IBM proposal). An optional "list target" verb could be added to get a list of targets for the service.
 
2) By adding the target as an optional component of the SPML Identifier. Again, an optional "list target" verb could be added to get a list of targets for the service.
 
3) By treating targets as containers within the namespace of the provisioned object. For instance an account jbohren provisioned to an underlying RACF system could be named as "uid=jbohren, ou=racf1, dc=acme.com" where "ou=racf1, dc=acme.com" would be the RACF target. This approach is supportable in the SPML 1.0 spec, assuming that DN identifiers are used. By coincidence, this was also the approach used in the recent SAML 1.1 interop event that I participated in at the RSA conference last week.
 
 
Jeff Bohren
Product Architect
OpenNetwork Technologies, Inc
 
Try the industry's only 100% .NET-enabled identity management software. Download your free copy of Universal IdP Standard Edition today. Go to www.opennetwork.com/eval.
 
-----Original Message-----
From: Gearard Woods [mailto:gewoods@us.ibm.com]
Sent: Tuesday, March 02, 2004 1:17 AM
To: provision@lists.oasis-open.org
Subject: [provision] Multiple targets with the ONT proposal

I didn't want to muddle up the other discussion with this question but since we're not having a call tomorrow, I still haven't seen any clarification of the question of single/multiple targets with the ONT proposal. Gary raised the issue in his data model document and I echoed the concern in a follow-up e-mail. Jeff, can you offer some insights on this question?
Thanks,
Gerry

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]