Gary’s
latest draft looks like good progress. Here are my suggestions:
- Contributors
should be TBD for now.
- Remove
the “Benefits of a Standard Schema” section.
- The
Account Template object seems to Provisioning System specific. That may
well be how a specific system is modeled, but seems inappropriate for a
general purpose interface to a service.
- The
Account should not have links to generic Account Attributes.
- GUID
should not be a required attribute.
- There
are several “Roll-up” Attributes defined (orgs-indirect and
orgs-dynamic). These imply extra processing that may not be desirable or
feasible. For instance calculating the value for an orgs-dynamic attribute
when searching a 25M user service may not be advisable.
- There
are several attributes that duplicate SPML 2.0 capabilities. I dislike
this approach.
- There
should not be a Roles-excluded attribute on the Role object itself. This is
too simplistic for real SOD.
- The
Question and Answer objects don’t seem appropriate for this schema. I
understand most IdM platforms support this, but again we are not creating
an IdM platform schema.
From: Gary.P.Cole@Sun.COM [mailto:Gary.P.Cole@Sun.COM]
Sent: Tuesday, March 27, 2007 1:23
PM
To: PSTC
Subject: [provision] Standard
Schema draft 4.
Took a while, but I've attached a PDF.
- This Introduction discusses SIMPLEST only as a
schema (and not as a profile of SPML). The Protocol section has been
removed accordingly.
- The domain model is the same (although I've
tweaked the names of the two entities in the lower-right-hand corner of
the diagram: AccountTemplate and AccountAttribute).
- The Schema section now reflects the
object-classes and attributes from the spreadsheet that I sent to
(the list at the time of) the last Face-to-Face.
- The Conformance section has been
expanded. It now discusses extensions to the standard schema
as well as arbitrary (i.e., undeclared extensions) object-classes and
attributes.
Obviously, this is just a draft, but it fairly
represents the current proposal. This draft should serve as a basis for
further discussion.
- I have not incorporated anything from SAP's
submission to the Standard Schema. I intended to do that, but it
took longer than I expected merely to bring the draft up to date.
- It feels a little weird to propose a standard
schema without specifying a schema language. Perhaps we can show how
(operations using) the standard schema would look in the DSML Profile or
SAML Profile or XSD Profile.
- The language in the Conformance section is still
a bit tortuous. I can make the language clearer, given time, so what
I need first and most is comment on the *ideas* in this section.