OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

provision message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Groups - Bi-weekly PSTC meeting modified


CORRECTION: Karsten Huneycutt (and not Tom Zeller, as I originally wrote)
asked how complex attributes would appear in the DSML binding and asked
about privacy attributes.

 -- Gary Cole


Bi-weekly PSTC meeting has been modified by Gary Cole

Date:  Monday, 29 August 2011
Time:  02:00pm - 03:00pm ET

Event Description:
1-866-682-4770 conference: 1938387 passcode: 123456

Agenda:
1) Call Roll.
2) Approve minutes from July 18 meeting.
3) Approve minutes from Aug 15 meeting.
4) Review "SIMPLEST" draft:
   - Basic Identity Management (Person)
   - Enterprise Identity Management (adds Org, Role, Group)
   - Account Management (adds Target and Account)
   - Provisioning and Compliance (Access-Policy and -Priv)
5) Discuss priorities for work yet to do on draft:
   - Examples of minimal implementation
   - Examples of supporting User only
6) AOB

Minutes:
Chair: Gary Cole

Attendees:
Tom Zeller (Internet2)
Gary Cole (Oracle)
Shyam Mankala (Oracle)
Kent Spaulding (Oracle)
Karsten Huneycutt (UNC Chapel Hill)

Agenda:
1) Call Roll
2) Approve minutes from July 18 meeting
3) Approve minutes from Aug 15 meeting
4) Review "SIMPLEST" draft:
   - Basic Identity Management (Person)
   - Enterprise Identity Management (adds Org, Role, Group)
   - Account Management (adds Target and Account)
   - Provisioning and Compliance (Access-Policy and -Priv)
5) Discuss priorities for work yet to do on draft:
   - Examples of minimal implementation
   - Examples of supporting User only
6) AOB

1) Call Roll
- Gary took roll.
- Quorum was achieved (7 of 8 voting members attended)
- Voting status changes: None.
- New member: Shyam Mankala (Oracle)


2) Approve minutes from July 18 meeting
3) Approve minutes from Aug 15 meeting.
- Gary Cole moves to approve the minutes of both meetings as recorded in the PSTC Calendar Events.
- No objection.

4) Review "SIMPLEST" draft:

Gary presented the "layers" of the schema, from most general interest to most narrow interest:
- Basic Identity Management (Person)
- Enterprise Identity Management (adds Org, Role, Group)
- Account Management (adds Target and Account)
- Provisioning and Compliance (Access-Policy and -Priv)

Gary presented the notion of Complex Attributes and the current overlap with some Scalar Attributes of each entity:
- Motivations for complex attributes:
  -- structured value (e.g., address)
  -- meta-data on value (e.g., "isPrimary" and "type")

Karsten Huneycutt asked how complex attributes would appear to a requester in the DSML binding:
- the Reference Capability connects two objects with PSOIDs.

Gary acknowledged this as an issue, asked for input, and suggested several approaches:
- (mis-)use the Reference Capability (e.g., to connect an object to itself).
- Specify that complex attributes automagically appear in the DSML binding as string-format JSON objects or XML objects.
- Define a new Capability (e.g., Complex Attribute Capability) so that complex attributes appear as Capability-Specific Data.


Karsten asked about "privacy" attributes:
- Individual values of email or address can be private.
- Entire Person record can be private.

Gary asked what is the default:
- Private is the default (if not specified)?
- Public is the default (if not specified)?
- Provider determines the value of 'isPrivate' (if not specified)?
- Require specification of a value for 'isPrivate' attribute (would preclude update to corresponding scalar attribute)?

Gary suggested that we add 'isPrivate" boolean to complex attributes such as 'hasEmail' and 'hasAddress':
- scalar attributes would not include privacy tags.
- default is false (isPrivate=false).


Gary suggested that we add 'isPrivate' boolean to Person:
- does this make sense for other entities as well?


Gary mentioned potential trouble-spots with SIMPLEST:
- Person belongsTo only one Organization.
  -- Some enterprises have matrix organizations.
  -- Many persons have dotted-line relationships to multiple orgs.
  -- Gary suggested defining another type of relationship to suit each such use-case.
- Distinction between Group and Role:
  -- These are often conflated.
  -- Gary suggests Role have enterprise-role semantics.
  -- Gary suggests Group have collection semantics.

5) Discuss priorities for work yet to do on draft:

(Did not discuss.)


6) AOB

Tom Zeller asked what forces had caused past efforts at Standard Schema to fail.
Gary suggested several possible reasons:
- Value of differentiation (i.e. proprietary lock-in) to participating company exceeds value of standard (i.e., interoperability) to same participating company.
- Specifically, SPMLv2 Standard Schema would have commoditized provisioning (and reduced the competitive value of proprietary connectors offered by IAM vendors.
- Proposed model of standard "offends" (i.e., does not suit) a participating member company.

Tom Zeller asks: has the situation has changed sufficiently that a Standard Schema can succeed?

Gary says that he is not certain, but that the business environment has now shifted in favor of a Standard Schema:
- Oracle has acquired Sun.  These two no longer battle over adapters/connectors.
- Many IAM solutions now emphasize disconnected resources (which reduces somewhat the market-value of adapters/connectors).
- Compliance solutions require integration with provisioning solutions--these use many of the same entities & relationships.
- Many vendors have challenges with respect to intra-suite integration and interoperability that might benefit from a standard schema.

This event is one in a list of recurring events.
Other event dates in this series:

Monday, 04 July 2011, 02:00pm to 03:00pm ET
Monday, 18 July 2011, 02:00pm to 03:00pm ET
Monday, 01 August 2011, 02:00pm to 03:00pm ET
Monday, 15 August 2011, 02:00pm to 03:00pm ET
Monday, 12 September 2011, 02:00pm to 03:00pm ET
Monday, 26 September 2011, 02:00pm to 03:00pm ET
Monday, 10 October 2011, 02:00pm to 03:00pm ET
Monday, 24 October 2011, 02:00pm to 03:00pm ET
Monday, 07 November 2011, 02:00pm to 03:00pm ET
Monday, 21 November 2011, 02:00pm to 03:00pm ET
Monday, 05 December 2011, 02:00pm to 03:00pm ET
Monday, 19 December 2011, 02:00pm to 03:00pm ET
Monday, 02 January 2012, 02:00pm to 03:00pm ET
Monday, 16 January 2012, 02:00pm to 03:00pm ET
Monday, 30 January 2012, 02:00pm to 03:00pm ET
Monday, 13 February 2012, 02:00pm to 03:00pm ET
Monday, 27 February 2012, 02:00pm to 03:00pm ET
Monday, 12 March 2012, 02:00pm to 03:00pm ET
Monday, 26 March 2012, 02:00pm to 03:00pm ET
Monday, 09 April 2012, 02:00pm to 03:00pm ET
Monday, 23 April 2012, 02:00pm to 03:00pm ET
Monday, 07 May 2012, 02:00pm to 03:00pm ET
Monday, 21 May 2012, 02:00pm to 03:00pm ET
Monday, 04 June 2012, 02:00pm to 03:00pm ET
Monday, 18 June 2012, 02:00pm to 03:00pm ET
Monday, 02 July 2012, 02:00pm to 03:00pm ET

View event details:
http://www.oasis-open.org/apps/org/workgroup/provision/event.php?event_id=30845

PLEASE NOTE:  If the above link does not work for you, your email
application may be breaking the link into two pieces.  You may be able to
copy and paste the entire link address into the address field of your web
browser.

BEGIN:VCALENDAR
METHOD:PUBLISH
VERSION:2.0
PRODID:-//Kavi Corporation//NONSGML Kavi Groups//EN
X-WR-CALNAME:My Calendar
BEGIN:VEVENT
CATEGORIES:MEETING
STATUS:TENTATIVE
DTSTAMP:20110829T000000Z
DTSTART:20110829T180000Z
DTEND:20110829T190000Z
SEQUENCE:15
SUMMARY:Bi-weekly PSTC meeting
DESCRIPTION:1-866-682-4770 conference: 1938387 passcode: 123456\n\nGroup: OASIS
  Provisioning Services TC\nCreator: Gary Cole
URL:http://www.oasis-open.org/apps/org/workgroup/provision/event.php?event_id=30845
UID:http://www.oasis-open.org/apps/org/workgroup/provision/event.php?event_id=30845
END:VEVENT
END:VCALENDAR


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]