[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [provision] Can Modify change PSO-ID?
Doron, I think you've got me there. I was thinking that we still had a 'setParent' operation, but I had somehow forgotten that containment is now part of the core. Containment is no longer a Capability, and there is no 'setParent' operation. If a 'modify' operation may not change an object's PSO-ID, then one of the following must be true: - the provider exposes an internal identifier such as a guid (rather than exposing DN) as an object's PSO-ID - the provider exposes neither CN nor DN as a modifiable attribute The second approach does not seem very functional. HOWEVER, if a 'modify' operation SHOULD be able to change the PSO-ID of the modified object, then the ModifyResponseType must be able to return a PSOIdentifier. (AddResponseType does this by returning a <pso> that contains an <id>). The core XSD currently defines ModifyResponseType as an empty extension of SpmlResponseType, which does not contain an PSOIdentifier element. Cohen, Doron wrote: >Gary, > >In that case, assuming the restriction is in place, how would one implement >via SPML the ability to rename an LDAP user DN? > >Doron > >-----Original Message----- >From: Gary P Cole [mailto:Gary.P.Cole@Sun.COM] >Sent: Friday, November 05, 2004 6:28 PM >To: Darran Rolls >Cc: PSTC >Subject: Re: [provision] Can Modify change PSO-ID? > >Well, we said that PSO-IDs can be mutable. Jeff Bohren went so far as >to say that a provider SHOULD use an immutable identifier for each >object--but we don't say "MUST". > >In the draft I use the example of moving a User to a new OU. If the >provider exposes DN as the PSO-ID, then the move (i.e., setParent) >changes the PSO-ID. The 'setParentResponse' must therefore return the >modified PSO-ID. > >My question is whether a 'modify' operation (and not just 'setParent') >may modify the PSO-ID. (I don't like this, but I don't recall >participants being too crisp on this point in the last Face-to-Face.) >Suppose that someone exposes DN as a modifiable attribute (or imagine >any scenario in which a modifiable attribute is exposed as (part of) >the identifier. > >I would *like* to specify that > A 'modify' operation MUST NOT change the PSO-Identifier of the >modified object. > >Is there any objection to this? > >Darran Rolls wrote: > > > >>Gary >> >>What are the issues that lead you to believe immutable PSO-ID's will >>not hold? >> >>Thx >> >>Gary P Cole wrote: >> >> >> >>>Can a modify operation change an object's PSO-ID? >>>I think we tried to say during the Face-to-Face that 'modify' could >>>NOT change PSO-ID (and that 'setParent' could), but I'm not sure >>>whether this was generally agreed (and I'm not sure that this will >>>hold). >>> >>> >>>To unsubscribe from this mailing list (and be removed from the roster >>>of the OASIS TC), go to >>> >>> >>> >http://www.oasis-open.org/apps/org/workgroup/provision/members/leave_workgro >up.php. > > >>> >>> >>To unsubscribe from this mailing list (and be removed from the roster >>of the OASIS TC), go to >> >> >> >http://www.oasis-open.org/apps/org/workgroup/provision/members/leave_workgro >up.php. > > >> >> > > > >To unsubscribe from this mailing list (and be removed from the roster of the >OASIS TC), go to >http://www.oasis-open.org/apps/org/workgroup/provision/members/leave_workgro >up.php. > >To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/provision/members/leave_workgroup.php. > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]