On 17-Mar-06, at 12:15 PM, Robert Yates wrote:
The reason that dmd1 doesn't yet fulfill our requirements is that
it moves it too late in this process for it to be useful to us. We
need the data moved the moment that a space owner adds a new user
to the space.
Why is that? So that other members of the space can browse the
details of the other members before those members have actually
entered the space for the first time?
Do you also agree that DIX should allow the identity data to be
moved at this point?
I'm not sure it needs to be.
do you envision a future draft with the "lookup" capability? in the
use case, as described, the identity data is needed and the user is
not around to present it.
SPML comes to mind for pushing provisioning data from a directory out
to an application.
(Although I should state that I haven't looked at SPML for a couple
of years now.)
3 is not quite covered as we need more than just e-mails, we need
a display name, their jabber id so they can be instant messaged
and also their phone number.
Do you want those verified by a third party as well, or are you
ok that the user asserts those? If verified, then they would be
need be in an assertion. If not, then it is easy to move. Either
case, I think your problem statement is in scope for DIX.
Am a little confused here. If our application is installed by
Company X who wants to collaborate with members of Partner Y then
it is important that when we get identity information about a user
from Partner Y that it is Partner Y's homesite that is making the
assertions.
Your solution above sounds like X pushes a statement about user
A having some attributes to Partner Y.
Dick's suggesting that X creates that same statement but that it
digitally signs it (perhaps making a SAML assertion), then User A
can move the assertion themselves to Partner Y when they first
enter the space. User A can't modify the statement in any way,
so Y is assured that X is making the statement. In the scenario
X is serving as A's Homesite and Y is the Membersite.
John
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
