[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [provision] Working Group call 20040727.
Gary, 1. Here are relationship attributes examples for account provisioning : a. SAP - User membership in roles carries expiration date b. Oracle Database - Membership of users in groups contains the 'default' attribute which means that that connection is active at login time. Connections that are not marked default are not in effect until explicit definition by the user c. CA-Top Secret - User connections to profiles involves expiration and ordering of user profile d. IBM RACF - User authority in groups is part of the connection / membership details 2. In addition there are additional considerations : a. When you come to consider extending account provisioning to deal with fine grain resources and be able associate users with network and application resources (whether directories , printers etc...) , you get into ACLs which are in fact relationships that require attributes. b. As every provisioning service may need to expose relationships to roles, policies and meta data governed by its automation model. I think the ability to express attributes for those relations is very helpful for similar reasons of the mentioned system in the examples above. Regards Doron Doron Cohen Chief Architect, Security BU BMC Software -----Original Message----- From: Gary P Cole [mailto:Gary.P.Cole@Sun.COM] Sent: Tuesday, July 27, 2004 7:56 PM To: 'PSTC' Subject: [provision] Working Group call 20040727. Participants in this morning's working group call debated whether SPML 2.0 needs to support what we term "complex" relationships: relationships where the connection itself has attributes. Attendees: - Rob Sherwood - Doron Cohen (BMC) - Jeff Bohren (Open Networks) - Gary Cole (Sun) Mr. Cohen took the position that the ability to express relationships in SPML 2.0 should include the ability to express complex relationships. Mr. Bohren explained that he will oppose support for complex relationships--and indeed, will oppose making relationships explicit--if this unduly complicates support for simple relationships. Mr. Bohren requires 1) the ability to search based on relationships and 2) that the search result identify each connected object. Mr. Bohren can do this today with SPML 1.0, and will not accept any added indirection that requires additional processing. Action Items: ------------- 1) Doron Cohen and Gary Cole will seek more examples of complex relationships. The goal is to demonstrate that the need to manage complex relationships is general--and not specific to RACF. 2) Jeff Bohren and Gary Cole will discuss Mr. Bohren's requirements to search based on relationships. The goal is to fully understand the behavior that Mr. Bohren feels must be preserved, and to understand where the current (strawman) proposal may fall short. The overarching goal is to see whether the proposal can be modified or extended to meet both sets of requirements. Gary To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/provision/members/leave_workgro up.php.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]