-----Original Message-----
From: Gearard Woods [mailto:gewoods@us.ibm.com]
Sent: Wed 3/3/2004 4:29 PM
To: Jeff Bohren
Cc: provision@lists.oasis-open.org
Subject: RE: [provision] One or many data models?Jeff,
In the version of your proposal that I have (Post 1.0 enhancement...) it looks to me that I still have to deal with SPML 1.0 schema and data in all cases. The XML Schema definitions only apply to attributes within the context of an SPML schema. Are you saying that your proposal already has this dual binding or is there some way that SPML 1.0 schema would not be required?
Gerry"Jeff Bohren" <jbohren@opennetwork.com>
"Jeff Bohren" <jbohren@opennetwork.com>
03/03/2004 12:10 PM
To: <provision@lists.oasis-open.org>
cc:
Subject: RE: [provision] One or many data models?
The "Attribute/Value" binding (or profile) would work the same as SPML 1.0 (and would support backwards compatibility). There is an example of how an "XSD" binding would work in the ONT SPML 2.0 Proposal in section 4.2.1.
Jeff Bohren
Product Architect
OpenNetwork Technologies, Inc
Try the industry's only 100% .NET-enabled identity management software. Download your free copy of Universal IdP Standard Edition today. Go to www.opennetwork.com/eval.
-----Original Message-----
From: Gearard Woods [mailto:gewoods@us.ibm.com]
Sent: Wednesday, March 03, 2004 2:39 PM
To: Jeff Bohren
Cc: provision@lists.oasis-open.org
Subject: RE: [provision] One or many data models?
Jeff,
I'm not certain I understand how the dual "binding" idea would work. Perhaps an example might clarify what you mean here. For the sake of comparison, I'm attaching a WS-Provisioning example that shows how SPML 1.0 schema might be supported using the strategy that I'm proposing. I may have some of the details of the SPML 1.0 schema wrong but you get the general idea.
<wsp:ProvisioningTarget xmlns:wsp="urn:ibm:names:ws:provisioning:0.1:core">
<wsp:identifier name="simplePerson"/>
<wsp:schema>
<spml:schema majorVersion="1" minorVersion="0" xmlns:spml="urn:oasis:names:tc:SPML:1:0">
<spml:providerIdentifier providerIDType="urn:oasis:names:tc:SPML:1:0#URN">
<spml:providerID>urn:oasis:names:tc:SPML</spml:providerID>
</spml:providerIdentifier>
<spml:schemaIdentifier schemaIDType="urn:oasis:names:tc:SPML:1:0#GenericString">
<schemaID>standard</schemaID>
</spml:schemaIdentifier>
<spml:attributeDefinition name="cn" description="Full name, or common name."/>
<spml:attributeDefinition name="email" description="E-mail address."/>
<spml:attributeDefinition name="description" description="Description."/>
<spml:objectclassDefinition name="person" description="Sample standard person.">
<spml:memberAttributes>
<spml:attributeDefinitionReference name="cn" required="true"/>
<spml:attributeDefinitionReference name="email" required="true"/>
<spml:attributeDefinitionReference name="description"/>
</spml:memberAttributes>
</spml:objectclassDefinition>
</spml:schema>
</wsp:schema>
</wsp:ProvisioningTarget>
While it might be true in general that directory schema might be better represented using SPML 1.0 or DSMLv1 schema, it's not outside the bounds of possibility to use XML Schema. The following is an example that I used at the F2F to represent groupOfUniqueNames:
<wsp:ProvisioningTarget xmlns:wsp="urn:ibm:names:ws:provisioning:0.1:core">
<wsp:identifier name="ldap://9.38.215.169:389/ou=Groups,dc=ibm,dc=com??sub?(objectclass=groupOfUniqueNames)"/>
<wsp:schema>
<xsd:schema targetNamespace="urn:jndi:adapter:test:entry" elementFormDefault="qualified"
xmlns:ns1="urn:jndi:adapter:test:entry" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<xsd:element type="ns1:groupOfUniqueNamesType" name="groupOfUniqueNames"/>
<xsd:complexType name="groupOfUniqueNamesType">
<xsd:sequence>
<xsd:element name="uniqueMember" type="ns1:uniqueMember" minOccurs="1" maxOccurs="unbounded"/>
<xsd:element name="cn" type="ns1:cn" minOccurs="1" maxOccurs="unbounded"/>
<xsd:element name="businessCategory" type="ns1:businessCategory" minOccurs="0" maxOccurs="unbounded"/>
<xsd:element name="seeAlso" type="ns1:seeAlso" minOccurs="0" maxOccurs="unbounded"/>
<xsd:element name="owner" type="ns1:owner" minOccurs="0" maxOccurs="unbounded"/>
<xsd:element name="ou" type="ns1:ou" minOccurs="0" maxOccurs="unbounded"/>
<xsd:element name="o" type="ns1:o" minOccurs="0" maxOccurs="unbounded"/>
<xsd:element name="description" type="ns1:description" minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:complexType>
<xsd:simpleType name="uniqueMember">
<xsd:restriction base="xsd:string"/>
</xsd:simpleType>
<xsd:simpleType name="cn">
<xsd:restriction base="xsd:string"/>
</xsd:simpleType>
<xsd:simpleType name="businessCategory">
<xsd:restriction base="xsd:string"/>
</xsd:simpleType>
<xsd:simpleType name="seeAlso">
<xsd:restriction base="xsd:string"/>
</xsd:simpleType>
<xsd:simpleType name="owner">
<xsd:restriction base="xsd:string"/>
</xsd:simpleType>
<xsd:simpleType name="ou">
<xsd:restriction base="xsd:string"/>
</xsd:simpleType>
<xsd:simpleType name="o">
<xsd:restriction base="xsd:string"/>
</xsd:simpleType>
<xsd:simpleType name="description">
<xsd:restriction base="xsd:string"/>
</xsd:simpleType>
<xsd:simpleType name="objectClass">
<xsd:restriction base="xsd:string"/>
</xsd:simpleType>
</xsd:schema>
</wsp:schema>
</wsp:ProvisioningTarget>"Jeff Bohren" <jbohren@opennetwork.com>
;)
"Jeff Bohren" <jbohren@opennetwork.com>
03/03/2004 11:11 AM
To: <provision@lists.oasis-open.org>
cc:
Subject: RE: [provision] One or many data models?
Gary,
Yes, you have summarized this nicely. The only clarification is that the SPML 1.0 schema notation should not be thought of as a separate binding for XML schema. Rather it is a means to define the schema for provisioning data. XSD could also be thought of as a means to define the schema for provisioning data. Which is better is really going to come down to the question of how that data is structured. If the data is attribute/value in nature, then using XSD as a schema notation is a poor fit, since it is designed for defining generic XML data. If the data is generic XML in nature, then the SPML 1.0 schema notation is a poor fit since it is designed for defining attribute/value data. That is why I suggested two profiles, one for attribute/value data and one for generic XML data.
Jeff Bohren
Product Architect
OpenNetwork Technologies, Inc
Try the industry's only 100% .NET-enabled identity management software. Download your free copy of Universal IdP Standard Edition today. Go to www.opennetwork.com/eval.
-----Original Message-----
From: Gary Cole [mailto:Gary.Cole@waveset.com]
Sent: Wednesday, March 03, 2004 1:48 PM
To: Jeff Bohren; Gearard Woods
Cc: provision@lists.oasis-open.org
Subject: RE: [provision] One or many data models?
I'd like to invoke newbie privilege to go where wiser men tread not. That is, between you two. :-)
I'm a little uncomfortable with the vehemence of this discussion, but I guess I'll get used to it. You two must know each other rather well. Both of you know more about standards and specifications than I do, but I'd like to try to net this out.
Analysis:
Jeff proposed an extensible root that allowed for compatibility with the 1.0 DSML model.
This came at the price of having what looks like a separate binding for XML schema.
Jeff likes the 1.0 DSML schema because it explicitly supports the data model used by directories.
However, this LDAPish model doesn't lend itself to complex data objects.
Sandy Walsh points out that much of the 1.0 spec dealt with schema definition.
Sandy suggests that leaving this to XML schema is more standard (and cleans up the spec).
Opinion:
I like the *idea* of compatibility with the 1.0 spec, but it's not worth a separate binding.
If I had to choose one, I'd choose pure XML schema for 2.0.
Gary
ps. Did I get it approximately right? Did I miss any important points?
-----Original Message-----
From: Jeff Bohren [mailto:jbohren@opennetwork.com]
Sent: Tuesday, March 02, 2004 8:50 PM
To: Gearard Woods
Cc: provision@lists.oasis-open.org
Subject: RE: [provision] One or many data models?
That is not exactly what I meant. I could see the SPML 2.0 spec being divided into a core specification that defines the basic protocol from a data agnostic point of view. Then two or more "profiles" could be defined that define the data model and schema notation to use. If we took that approach then the core specification would not include any notion of the SPML 1.0 schema notation, but an "Attribute/Value Profile" would. The "XSD Profile" and would not have any notion of the SPML 1.0 schema notation, but would define normative usage of the XSD schema notation.
Using this approach, the SPML 1.0 schema notation would be defined in the SPML 2.0 specification, but only in the "Attribute/Value Profile" and not in the core protocol. The implementors who wished to use it, could do so and know they are following and accepted standard, and those not supporting that profile need not worry about it.
Jeff Bohren
OpenNetwork Technologies
-----Original Message-----
From: Gearard Woods [mailto:gewoods@us.ibm.com]
Sent: Tue 3/2/2004 5:57 PM
To: Jeff Bohren
Cc: provision@lists.oasis-open.org
Subject: RE: [provision] One or many data models?Jeff,
This is exactly what I've been arguing, that any proposal for a 2.0 should not build in a reliance on the 1.0 schema. I've agreed with you already that in terms of communicating the schema there is no functional difference. The difference is in building in the dependency.
Gerry
"Jeff Bohren" <jbohren@opennetwork.com>
"Jeff Bohren" <jbohren@opennetwork.com>
03/02/2004 02:47 PM
To: <provision@lists.oasis-open.org>
cc:
Subject: RE: [provision] One or many data models?
Again, there is no functional difference. The ONT Proposal could easily accomodate that model, although I did not call it out in the proposal. The schema response could be defined without any explicit dependencies on the spml:schema or the xsd:schema elements. Any schema notation could be used.
If the proposal was clarified to make the schema notation as well as the schema detemined at runtime, would you still have an objection on this issue?
Jeff Bohren
Product Architect
OpenNetwork Technologies, Inc
Try the industry's only 100% .NET-enabled identity management software. Download your free copy of Universal IdP Standard Edition today. Go to www.opennetwork.com/eval.
-----Original Message-----
From: Gearard Woods [mailto:gewoods@us.ibm.com]
Sent: Tuesday, March 02, 2004 5:29 PM
To: Jeff Bohren
Cc: provision@lists.oasis-open.org
Subject: RE: [provision] One or many data models?Jeff,
You're missing my point, or perhaps you're just ignoring my point. It might help to review the approach used in the schema-related aspects of the WS-Provisioning document to see what I mean. It is probably not worth repeating again, but against my better judgement I will say this: WS-Provisioning does not require that target schema be defined using XML Schema. The actual schema language used by the target is not codified into the specification, as it obviously is in the ONT proposal. There is a simple, but nonetheless profound, and apparently confusing, difference here.
Gerry
"Jeff Bohren" <jbohren@opennetwork.com>
"Jeff Bohren" <jbohren@opennetwork.com> < p>03/02/2004 01:05 PM
To: <provision@lists.oasis-open.org>
cc:
Subject: RE: [provision] One or many data models?
In one method an spml:schema element is returned and in another an xsd:schema element is returned. The fact that the spml:schema element is defined in the spml specification and the xsd:schema is defined in the XML Schema specification does not make any functional difference. They are both standard schema notations.
Jeff Bohren
Product Architect
OpenNetwork Technologies, Inc
Try the industry's only 100% .NET-enabled identity management software. Download your free copy of Universal IdP Standard Edition today. Go to www.opennetwork.com/eval.
-----Original Message-----
From: Gearard Woods [mailto:gewoods@us.ibm.com]
Sent: Tuesday, March 02, 2004 3:52 PM
To: Jeff Bohren
Cc: provision@lists.oasis-open.org
Subject: RE: [provision] One or many data models?I think I'm still being unclear. What I'm referring to is the inclusion and reference to the specific schema language in the spec. Specifically, the ONT proposal includes the notion of an "spml" attributeDefinition and objectClassDefinition. These include specific references to the SPML 1.0 dsml-based model. This is not a runtime construct, it's embedded in the schema for the proposal. The WS-Provisioning approach is to leave the schema language definition out of the specification and have it be described at runtime. Simply because in the ONT proposal the schema is delivered using a runtime request does not mean that it is the same thing at all. Surely you see the distinction here.
I'm obviously repeating myself but the point is that by embedding the SPML1.0 constructs, through inclusion of the schema and use of the types, you are now "bound" to that legacy.
Gerry
"Jeff Bohren" <jbohren@opennetwork.com>
"Jeff Bohren" <jbohren@opennetwork.com>
03/02/2004 10:32 AM
To: <provision@lists.oasis-open.org>
cc:
Subject: RE: [provision] One or many data models?
Under the ONT Proposal the SPML client may issue a schema request to the spml service. The response will indicate whether the provisioning schema is defined using SPML schema notation, or XSD schema notation, and will include either the provisioning schema itself, or a reference to an external XSD document. In both cases both the schema notation and the schema are determined at call time (i.e. late binding).
The only difference would be in who defined the schema notation. In one case the schema notation would be defined by the SPML 2.0 specification itself, and in the other the schema notation is defined by the XML Schema speciciation.
Jeff Bohren
Product Architect
OpenNetwork Technologies, Inc
Try the industry's only 100% .NET-enabled identity management software. Download your free copy of Universal IdP Standard Edition today. Go to www.opennetwork.com/eval.
-----Original Message-----
From: Gearard Woods [mailto:gewoods@us.ibm.com]
Sent: Tuesday, March 02, 2004 1:05 PM
To: Jeff Bohren
Cc: provision@lists.oasis-open.org
Subject: RE: [provision] One or many data models?I disagree that the two proposals look the same from the point of view of the "late-binding" idea that I brought up. Perhaps I'm not making it clear. What I'm saying is that, for example, the DSMLv2 schema is "bound" into SPML 1.0 by virtue of its being imported into the schema. I'm suggesting that the SPML 1.0 not be "bound" into SPML 2.0 but rather that the client can determine the schema language at runtime based on providing them with adequate namespace information. The key is the difference between this runtime behaviour and the inclusion of the specifics of the schema language in the specification.
That the two approaches can be made to be functionally the same is of course my argument. There is, however, a big difference between the writing of a specific schema language into the spec, and the ability to offer support for it without such a tight coupling. As for two bindings, we could certainly discuss it, but the SPML 1.0 is already defined and the schema is already available, so it can be used as is in my opinion.
None of the three reasons you propose negate this argument.
Gerry
"Jeff Bohren" <jbohren@opennetwork.com>
"Jeff Bohren" <jbohren@opennetwork.com> 03/02/2004 06:53 AM
To: <provision@lists.oasis-open.org>
cc:
Subject: RE: [provision] One or many data models?
There are good reasons why the SPML 1.0 schema language should be carried forward into the 2.0 specification:
1) This approach was approved by 15% of the OASIS members at the time (over 40 members)
2) It is being using by existing commercial software products
3) It explicitly supports the data model used by all LDAP directories, virtual directories, and meta-directories
Perhaps the best approach would be to define the SPML 2.0 spec in terms of a core protocol and two "profiles" or "bindings". One "profile" could define attribute/value data model and associated schema language and one could define the xsd data model. Implementors could decide whether to support one or both of the profiles and we could let the market decide which is better.
One point of clarification, the ONT SPML 2.0 Proposal also supports the notion of late binding as described below. Whether a specific SPML service uses the SPML 1.0 schema langauge, xsd, or a mixture of the two is returned in the schema response. In that sense there is little functional difference between the two proposals.
Jeff Bohren
Product Architect
OpenNetwork Technologies, Inc
Try the industry's only 100% .NET-enabled identity management software. Download your free copy of Universal IdP Standard Edition today. Go to www.opennetwork.com/eval.-----Original Message-----
From: Gearard Woods [mailto:gewoods@us.ibm.com]
Sent: Tuesday, March 02, 2004 1:14 AM
To: Darran Rolls
Cc: provision@lists.oasis-open.org
Subject: Re: [provision] One or many data models?I should clarify what my argument is here because it really has less to do with supporting two data models than it has to do with building the 1.0 schema language and data model into the 2.0 spec. I am all in favour of allowing the transport of SPML 1.0 schema and data within 2.0 messages. What I don't think is a good idea is making it part of the spec. Once it becomes part of the spec then any implementation will have to support it and it will be perpetuated into all of the future work on the SPML. I would prefer that the means to use the schema language and SPML 1.0 data within the 2.0 framework should be done as was suggested in WS-Provisioning and as I demonstrated at the F2F, i.e. by allowing clients to discover the schema language in use by namespace, a "late-binding" approach if you will. This breaks the tight coupling between the schema language and the spec, and allows 2.0 to progress without having to carry the restrictions of 1.0 with it forever more.
Gerry
"Darran Rolls" <Darran.Rolls@waveset.com>
"Darran Rolls" <Darran.Rolls@waveset.com> 03/01/2004 09:17 PM
To: <provision@lists.oasis-open.org>
cc:
Subject: [provision] One or many data models?
As discussed, the committee has to decide on the data model for the 2.0 specification. On the one hand, as prototyped by Jeff Bohren at the last F2F meeting, we can devise a solution that keeps the 1.0 DSML data model by adding an extensible schema "root" that allowed for its coexistence with a new "XML Schema" data model. The "cost" of this model is increased complexity. On the other hand we can take a single data model solution as proposed by Gerry Woods at the F2F and base 2.0 on a pure XML Schema data model at the "expense" of 1.0/ 2.0 compatibility and backwards support for 1.0 in a 2.0 compliant service.Please consider this issue and ask questions/state preferences now. I propose we hold a ballot on this issue around the next committee con-call 3/16/04.
Thanks
Darran
<<pic05633.gif>>
<<pic04084.gif>>
