OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

provision message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [provision] SPML Interop Storyboard.

Some comments about Gary's and Kent's feedback on the interop:

- The schema does not necessarily need to be returned by inclusion in
the list targets response. The schema could be defined by reference and
the referred to schema could be exchanged by the client and server
- For the DSML Profile the PSO object class is determined by setting the
reserved attribute "objectclass". This is the same as now SPML 1.0
- I would be careful about assuming that if a service supports both the
DSML profile and the XSD Profile, the same ID in both profiles would
mean the same underlying PSO. That is not a valid assumption.
- In the user self-service use case, the assumption is made that the
user is logging into an IdM system that will do password maintenance
using SPML to other provisioned resources.
- For the "DA Grants Roles Use Case" it is not required that the client
search for roles to grant. The roles that are granted and revoked for
this use case can be negotiated out-of-band by the participants. This
better reflects reality anyway.
- No call to closeIterator is ever required unless the client does not
wish to fetch all of the search results. When the last batch of data is
returned, there will be an iterate response that returns only with
search results and not an iterator. When that happens, the iterator
should be closed automatically with no prompting from the client.
- we should assume that "deprovision" for the interop means a delete
request not a suspend request.
- the "Administrative Reconciliation Use Case" is intended for an client
to discover accounts created out-of-band. Showing this would be done an
ad-hoc basis. For instance if the SPML service provider front-ends an
IdM system, then the provider can expose the web interface to create
account out-of-band. 

Jeff Bohren

-----Original Message-----
From: Gary P Cole [mailto:Gary.P.Cole@Sun.COM] 
Sent: Tuesday, June 21, 2005 6:36 PM
To: Jeff Bohren; Kent Spaulding
Subject: [provision] SPML Interop Storyboard.


I tried to expand the Interop doc into an actionable set of operations 
for Kent.  I'm not sure that what I've written is correct, but even the 
places where I'm wrong or confused may prove helpful to you and to other

participants in the Interop.

Kent will be working on the Interop while I'm out the rest of this 
week.  He's already got some questions I cannot answer (noted in the 
attached), and I'm sure he'll have more.
If you have time to help Kent clarify the Interop scenario, I would 
really appreciate it.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]