Re: [provision] Can Modify change PSO-ID?

[Gary P Cole <Gary.P.Cole@Sun.COM>]

Doron,

I think you've got me there.  I was thinking that we still had a 
'setParent' operation, but I had somehow forgotten that containment is 
now part of the core. Containment is no longer a Capability, and there 
is no 'setParent' operation.

If a 'modify' operation may not change an object's PSO-ID, then one of 
the following must be true:
- the provider exposes an internal identifier such as a guid (rather 
than exposing DN) as an object's PSO-ID
- the provider exposes neither CN nor DN as a modifiable attribute

The second approach does not seem very functional.

HOWEVER, if a 'modify' operation SHOULD be able to change the PSO-ID of 
the modified object, then the ModifyResponseType must be able to return 
a PSOIdentifier. (AddResponseType does this by returning a <pso> that 
contains an <id>).  The core XSD currently defines ModifyResponseType as 
an empty extension of SpmlResponseType, which does not contain an 
PSOIdentifier element.

Cohen, Doron wrote:

>Gary, 
>
>In that case, assuming the restriction is in place, how would one implement
>via SPML the ability to rename an LDAP user DN?  
>
>Doron
>
>-----Original Message-----
>From: Gary P Cole [mailto:Gary.P.Cole@Sun.COM] 
>Sent: Friday, November 05, 2004 6:28 PM
>To: Darran Rolls
>Cc: PSTC
>Subject: Re: [provision] Can Modify change PSO-ID?
>
>Well, we said that PSO-IDs can be mutable.  Jeff Bohren went so far as 
>to say that a provider SHOULD use an immutable identifier for each 
>object--but we don't say "MUST".
>
>In the draft I use the example of moving a User to a new OU.  If the 
>provider exposes DN as the PSO-ID, then the move (i.e., setParent) 
>changes the PSO-ID.  The 'setParentResponse' must therefore return the 
>modified PSO-ID.
>
>My question is whether a 'modify' operation (and not just 'setParent') 
>may modify the PSO-ID.  (I don't like this, but I don't recall 
>participants being too crisp on this point in the last Face-to-Face.)  
>Suppose that someone exposes DN as a modifiable attribute (or imagine 
>any  scenario in which a modifiable attribute is exposed as (part of) 
>the identifier.
>
>I would *like* to specify that
>    A 'modify' operation MUST NOT change the PSO-Identifier of the 
>modified object.
>
>Is there any objection to this?
>
>Darran Rolls wrote:
>
>  
>
>>Gary
>>
>>What are the issues that lead you to believe immutable PSO-ID's will 
>>not hold?
>>
>>Thx
>>
>>Gary P Cole wrote:
>>
>>    
>>
>>>Can a modify operation change an object's PSO-ID?
>>>I think we tried to say during the Face-to-Face that 'modify' could 
>>>NOT change PSO-ID (and that 'setParent' could), but I'm not sure 
>>>whether this was generally agreed (and I'm not sure that this will 
>>>hold).
>>>
>>>
>>>To unsubscribe from this mailing list (and be removed from the roster 
>>>of the OASIS TC), go to 
>>>
>>>      
>>>
>http://www.oasis-open.org/apps/org/workgroup/provision/members/leave_workgro
>up.php. 
>  
>
>>>      
>>>
>>To unsubscribe from this mailing list (and be removed from the roster 
>>of the OASIS TC), go to 
>>
>>    
>>
>http://www.oasis-open.org/apps/org/workgroup/provision/members/leave_workgro
>up.php. 
>  
>
>>    
>>
>
>
>
>To unsubscribe from this mailing list (and be removed from the roster of the
>OASIS TC), go to
>http://www.oasis-open.org/apps/org/workgroup/provision/members/leave_workgro
>up.php.
>
>To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/provision/members/leave_workgroup.php.
>
>  
>