[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [provision] Can Modify change PSO-ID?
And me. Anyone else opposed? (we may carry this as a motion for Tuesday's meeting)... -djr Jeff Bohren wrote: >That restriction seems reasonably to me. > >Jeff Bohren >Product Architect >OpenNetwork Technologies, Inc > >Try the industry's only 100% .NET-enabled identity management software. >Download your free copy of Universal IdP Standard Edition today. Go to >www.opennetwork.com/eval. > > > >-----Original Message----- >From: Gary P Cole [mailto:Gary.P.Cole@Sun.COM] >Sent: Friday, November 05, 2004 11:28 AM >To: Darran Rolls >Cc: PSTC >Subject: Re: [provision] Can Modify change PSO-ID? > >Well, we said that PSO-IDs can be mutable. Jeff Bohren went so far as >to say that a provider SHOULD use an immutable identifier for each >object--but we don't say "MUST". > >In the draft I use the example of moving a User to a new OU. If the >provider exposes DN as the PSO-ID, then the move (i.e., setParent) >changes the PSO-ID. The 'setParentResponse' must therefore return the >modified PSO-ID. > >My question is whether a 'modify' operation (and not just 'setParent') >may modify the PSO-ID. (I don't like this, but I don't recall >participants being too crisp on this point in the last Face-to-Face.) >Suppose that someone exposes DN as a modifiable attribute (or imagine >any scenario in which a modifiable attribute is exposed as (part of) >the identifier. > >I would *like* to specify that > A 'modify' operation MUST NOT change the PSO-Identifier of the >modified object. > >Is there any objection to this? > >Darran Rolls wrote: > > > >>Gary >> >>What are the issues that lead you to believe immutable PSO-ID's will >>not hold? >> >>Thx >> >>Gary P Cole wrote: >> >> >> >>>Can a modify operation change an object's PSO-ID? >>>I think we tried to say during the Face-to-Face that 'modify' could >>>NOT change PSO-ID (and that 'setParent' could), but I'm not sure >>>whether this was generally agreed (and I'm not sure that this will >>>hold). >>> >>> >>>To unsubscribe from this mailing list (and be removed from the roster >>> >>> > > > >>>of the OASIS TC), go to >>> >>> >>> >http://www.oasis-open.org/apps/org/workgroup/provision/members/leave_wor >kgroup.php. > > >>> >>> >>To unsubscribe from this mailing list (and be removed from the roster >>of the OASIS TC), go to >> >> >> >http://www.oasis-open.org/apps/org/workgroup/provision/members/leave_wor >kgroup.php. > > >> >> > > > >To unsubscribe from this mailing list (and be removed from the roster of >the OASIS TC), go to >http://www.oasis-open.org/apps/org/workgroup/provision/members/leave_wor >kgroup.php. > > >To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/provision/members/leave_workgroup.php. > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]