[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [provision] Question about targets and PSOs...
-----Original Message-----
From: Jeff Bohren [mailto:jbohren@opennetwork.com]
Sent: Wednesday, March 24, 2004 5:51 PM
To: provision@lists.oasis-open.org
Subject: RE: [provision] Question about targets and PSOs...Gary,One more bit of clarification, this is also a ramification of requirement 4.9 in version 4 of the SPML rquirements doc:1.1. SPML V2 must allow for the representation of relationships between provisioned objects for request and response data elements. This needs to work for the data as part of the request/response and also as part of any operational attributes.
We have agreed to support a representation of relationships between provisioned objects. When objects are provisioned to a specific target, can the mechanism that represents that relationship span targets, or is it limited to other provisioned objects in the same target? It seems that it should span targets.This mechanism may or may not depend on the PrOM, depending on how it is accomplished. We currently have an SPML identifier that is used to identify all provisioned objects. If the SPML Identifier is extended to incldude the notion of the target that contains the provisioned object the the PrOM could use the SPML Identifier when references to other objects are needed.By all means, let's start a thread on account and state issues. That should be very interesting. BTW, there has been a lot of interesting discussions of state transition on the WSDM group. I would encourage everyone to look at what that TC has done is this area.Jeff BohrenProduct ArchitectOpenNetwork Technologies, IncTry the industry's only 100% .NET-enabled identity management software. Download your free copy of Universal IdP Standard Edition today. Go to www.opennetwork.com/eval.-----Original Message-----
From: Gary Cole [mailto:Gary.Cole@waveset.com]
Sent: Wednesday, March 24, 2004 10:31 AM
To: Jeff Bohren
Cc: provision@lists.oasis-open.org
Subject: RE: [provision] Question about targets and PSOs...That is an interesting question, but I'm not sure I'm ready to tackle it. AFAIK, we do not yet define (or even recommend) any schema for a PSO. Do we?PrOM proposed some attributes for an "Account" class (and I think of Account as PSO), but PrOM is just a strawman. The strawman also proposed some attributes for a "User" class (and I think of "User" as comparable to the "master record") that included references to Account instances.I'd like to discuss PSO/Account/ProvisionedState. Maybe it's time to tee that one up....Gary-----Original Message-----
From: Jeff Bohren [mailto:jbohren@opennetwork.com]
Sent: Wednesday, March 24, 2004 9:10 AM
To: provision@lists.oasis-open.org
Subject: [provision] Question about targets and PSOs...Interesting question:Can (or should) a PSO provisioned to one target be able to reference a PSO provisioned to another target? Can (or should) this reference be explict by defining the target ID and the PSO ID withen the target, or implicit by using an PSO ID naming convention that indicates what the target should be? It seems to me that this should be possible and should be explicit.The specific case I am thinking about is a White Box PSP where the PSP master record (provisioning system user identity) is a PSO on a target that represents the underlying provisioning system. If the PSP wants to expose the semantics of the provisioning system user identity owning the provisioned accounts, then the PSO for the target representing the master record would need references to PSOs in targets representing the provisioned resources.Jeff BohrenProduct ArchitectOpenNetwork Technologies, IncTry the industry's only 100% .NET-enabled identity management software. Download your free copy of Universal IdP Standard Edition today. Go to www.opennetwork.com/eval.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]