OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

provision message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [provision] Can Modify change PSO-ID?

And me.  Anyone else opposed? (we may carry this as a motion for 
Tuesday's meeting)...

-djr

Jeff Bohren wrote:

>That restriction seems reasonably to me.
>
>Jeff Bohren
>Product Architect
>OpenNetwork Technologies, Inc
> 
>Try the industry's only 100% .NET-enabled identity management software.
>Download your free copy of Universal IdP Standard Edition today. Go to
>www.opennetwork.com/eval.
> 
> 
>
>-----Original Message-----
>From: Gary P Cole [mailto:Gary.P.Cole@Sun.COM] 
>Sent: Friday, November 05, 2004 11:28 AM
>To: Darran Rolls
>Cc: PSTC
>Subject: Re: [provision] Can Modify change PSO-ID?
>
>Well, we said that PSO-IDs can be mutable.  Jeff Bohren went so far as 
>to say that a provider SHOULD use an immutable identifier for each 
>object--but we don't say "MUST".
>
>In the draft I use the example of moving a User to a new OU.  If the 
>provider exposes DN as the PSO-ID, then the move (i.e., setParent) 
>changes the PSO-ID.  The 'setParentResponse' must therefore return the 
>modified PSO-ID.
>
>My question is whether a 'modify' operation (and not just 'setParent') 
>may modify the PSO-ID.  (I don't like this, but I don't recall 
>participants being too crisp on this point in the last Face-to-Face.)  
>Suppose that someone exposes DN as a modifiable attribute (or imagine 
>any  scenario in which a modifiable attribute is exposed as (part of) 
>the identifier.
>
>I would *like* to specify that
>    A 'modify' operation MUST NOT change the PSO-Identifier of the 
>modified object.
>
>Is there any objection to this?
>
>Darran Rolls wrote:
>
>  
>
>>Gary
>>
>>What are the issues that lead you to believe immutable PSO-ID's will 
>>not hold?
>>
>>Thx
>>
>>Gary P Cole wrote:
>>
>>    
>>
>>>Can a modify operation change an object's PSO-ID?
>>>I think we tried to say during the Face-to-Face that 'modify' could 
>>>NOT change PSO-ID (and that 'setParent' could), but I'm not sure 
>>>whether this was generally agreed (and I'm not sure that this will 
>>>hold).
>>>
>>>
>>>To unsubscribe from this mailing list (and be removed from the roster
>>>      
>>>
>
>  
>
>>>of the OASIS TC), go to 
>>>
>>>      
>>>
>http://www.oasis-open.org/apps/org/workgroup/provision/members/leave_wor
>kgroup.php. 
>  
>
>>>      
>>>
>>To unsubscribe from this mailing list (and be removed from the roster 
>>of the OASIS TC), go to 
>>
>>    
>>
>http://www.oasis-open.org/apps/org/workgroup/provision/members/leave_wor
>kgroup.php. 
>  
>
>>    
>>
>
>
>
>To unsubscribe from this mailing list (and be removed from the roster of
>the OASIS TC), go to
>http://www.oasis-open.org/apps/org/workgroup/provision/members/leave_wor
>kgroup.php.
>
>
>To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/provision/members/leave_workgroup.php.
>
>  
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]