[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: RE: [provision] Basic operations (that should be explicit)
I had in mind mainly the first: SUSPEND and RESUME. Probably should have called them that (rather than enable and disable). Many platforms treat "lock-out" as a separate thing, and sometimes lockout is transient (an account is only locked out for a configurable period of time). I think of an identity or account *staying* suspended until it is explicitly resumed, but I'm not really hardcore about that. What do you think? Gary ----- Original Message ----- From: "Sodhi, Gavenraj S" <Gavenraj.Sodhi@ca.com> Date: Monday, May 3, 2004 1:55 pm Subject: RE: [provision] Basic operations (that should be explicit) > I am assuming the enable/disable functions are the same as the cross > domain actions associated with User account provisioning > suspension and > restoration of account access and privileges as well as 'lock-out' of > account based on incorrect password entry(s). > > > Gavenraj Sodhi > Product Manager, eTrust > Computer Associates > > > -----Original Message----- > From: Jeff Bohren [jbohren@opennetwork.com] > Sent: Monday, May 03, 2004 11:31 AM > To: provision@lists.oasis-open.org > Subject: RE: [provision] Basic operations (that should be explicit) > > > I agree that we need to add an explicit rename. > > On the enable/disable and password operations I still have the same > concerns as before. Specifically how does a client know for which PSOs > those operations make sense. For instance our SPML service can be used > to provision user accounts as well as organizations units and other > object types. Obviously reset password does not make sense for > oraganizational units. > > Since it is too limiting to only support account provisioning in SPML, > it does not make sense to me to include account specific > operations in > the protocol. > > Jeff Bohren > Product Architect > OpenNetwork Technologies, Inc > > Try the industry's only 100% .NET-enabled identity management > software.Download your free copy of Universal IdP Standard Edition > today. Go to > www.opennetwork.com/eval. > > > > -----Original Message----- > From: Gary Cole [Gary.P.Cole@Sun.COM] > Sent: Monday, May 03, 2004 2:06 PM > To: provision@lists.oasis-open.org > Subject: [provision] Basic operations (that should be explicit) > > > I believe that certain basic operations should be explicit in the SPML > protocol. For one thing, this helps the protocol reflect the > provisioning domain. > For another, it reduces dependence on schema. > > The most basic operations are CRUD: > - Create > - Rename > - Update > - Delete > > We already have Add, Modify, and Delete, but I think that we > should call > out Rename explicitly. Renaming has significant implications for the > namespace and for references. > > I think we should also have: > - Enable > - Disable > - SetPassword > - ResetPassword > - ExpirePassword > > I realize that one could almost perform an equivalent update by: 1) > looking up the schema; and 2) finding the appropriate element or > attribute; and 3) specifying an appropriate value. However, that > methodwill differ for each PSP or target. Basic operations should > be simple, > and should not require schema knowledge. > > What say you, grand mavens of provisioning? > > Gary > > > To unsubscribe from this mailing list (and be removed from the > roster of > the OASIS TC), go to > http://www.oasis- > open.org/apps/org/workgroup/provision/members/leave_workgroup.php. > > > To unsubscribe from this mailing list (and be removed from the > roster of > the OASIS TC), go to > http://www.oasis- > open.org/apps/org/workgroup/provision/members/leave_workgroup.php. > > > > > > To unsubscribe from this mailing list (and be removed from the > roster of the OASIS TC), go to http://www.oasis- > open.org/apps/org/workgroup/provision/members/leave_workgroup.php. >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]