Hi all,
I went through the email from the list and made a short summary here of the use cases and other ideas that have been discussed so far
for moving SPML forward. We can go through these on the call tomorrow to prioritize what we will work on as a committee in 2011 and hopefully flesh out some of these in more detail. I think we need to start making some non-normative examples of some of the ideas we have to start bringing our discussions into the details. I hope that by doing this we can start to see the ideas coalesce into actual semantics and then we’ll be able to decide how to move forward turning them into reality.
· "Simple" Profile (from discussion from Burton SIG)
o Require only minimal CRUD operations
o Focus on the use case of 1 target (e.g. makes listTargets unnecessary)
o Simple searches
o Simple update (synchronization) capability
· Standard Schema
o One or multiple?
· Read-only profile (Anil John)
· Synchronization capabilities (brought up by use cases submitted by Anil John and use cases submitted by Richard Sand)
o Use of "revision number" as synchronization token
o Bi-directional synchronization
· Additional / better typed search operations
o Search operations are pretty unbounded (simple searches would address this?)
o "Give me the unique id's of all users with Attribute X"
o "For all users (whose unique id's I just got), give me listing of attributes for each (in one shot)"
o Anil referenced Federal ICAM Backend Attribute Exchange (BAE) specification
· Extend schema-related capabilities data
o Ability to advertise which operations are permitted on which attributes
o [Gary asked for clarification as to what is missing from the existing listTargetsResponse to meet this - perhaps its just needs to be typed stricter?]
o Example from Anil: "When using Search, you are allowed to use only AND and OR operations against Attributes X, Y and Z and nothing more".
o Possibility of using SAML2 metadata for this purpose
· Better specify "immutable" aspects of PSOID
o Comment from Anil: I think the choice in this scenario would lean more towards the client trusting that the modification of the PSO will never change its PSOID rather than allowing the provider to specify the PSOID
· Profiles / convergence with other standards
o XACML profile of SPML
o SAML's Change Notify proposal
· Federation provisioning use cases (Tom Zeller)
o "federated provisioning" is more accurately "the provisioning of federation", which I'll further summarize as "the provisioning of linkages between objects in a federation".
o "federated group provisioning" is more accurately "the provisioning of federated groups", and more precisely "the provisioning of linkages between groups in a federation".
· Operational metadata (Dan Perry)
o All requests can have the typed metadata linked to it
o Can be used for audit & compliance purposes, controlling the“flow” of a request, e.g. tagging a request as “high-priority”
· Forgotten password reset/recover (e-mail from me coming before the meeting)
Richard Sand | CEO
239 Kings Highway East | Haddonfield | New Jersey 08033 | USA
Mobile: +1 267 984 3651| Office: +1 856 795 1722| Fax: +1 856 795 1733