Dick Hardt wrote: > If there was something out there already, I would propose we used it. > There is not. > > Just like the SAML crowd has accused the OpenID crowd of reinventing an > identity protocol (AKA reinventing the wheel) -- the AX proposal has > some unique concepts that people like Paul and Mark think are quite > innovative. Other schemas don't support them. > > I have cc'ed Paul and Mark in case they can point to some new work that > we can take advantage of today.
FYI if you are carrying attribuets in OpenID AX that are equivalent to LDAP attributes with attribute types being standardized in the IETF, then you could use our LDAP schema definition metadata. We have resolvable HTTP URIs for each of the widely-deployed attributes, such as givenName. Background: In order to get some test data for developing our Schemat 'reference implementation' of identity metasystem schema management tools, we (Informed Control) have been generating metadata for the LDAP/X.500 schema definitions that are in IETF RFCs. For our first cut, we took the definitions from these RFCs: 2079 Definition of an X.500 Attribute Type and an Object Class to Hold Uniform Resource Identifiers (URIs). M. Smith. January 1997. (Format: TXT=8757 bytes) (Status: PROPOSED STANDARD) 2798 Definition of the inetOrgPerson LDAP Object Class. M. Smith. April 2000. (Format: TXT=32929 bytes) (Updated by RFC3698, RFC4519, RFC4524) (Status: INFORMATIONAL) 4512 Lightweight Directory Access Protocol (LDAP): Directory Information Models. K. Zeilenga, Ed.. June 2006. (Format: TXT=108377 bytes) (Obsoletes RFC2251, RFC2252, RFC2256, RFC3674) (Status: PROPOSED STANDARD) 4519 Lightweight Directory Access Protocol (LDAP): Schema for User Applications. A. Sciberras, Ed.. June 2006. (Format: TXT=64996 bytes) (Obsoletes RFC2256) (Updates RFC2247, RFC2798, RFC2377) (Status: PROPOSED STANDARD) 4524 COSINE LDAP/X.500 Schema. K. Zeilenga, Ed.. June 2006. (Format: TXT=11245 bytes) (Obsoletes RFC1274) (Updates RFC2247, RFC2798) (Status: PROPOSED STANDARD) and generated RDF/XML files with metadata translated into OWL from the LDAP representation. (We picked those RFCs since there was already a change control and standardization process for them, they represented rough concensus as a minimum interoperable set of definitions, the objectclasses in them are stable, these schemas are widely supported by many LDAP servers as a native schema, and contained the schema used in example LDIF/DSML files. There are certainly other non-obsolete RFCs containing LDAP schemas, which we'll address later as there's interest; I don't think there's any technical limitations that would have prevented us from extracting metadata from them). For each LDAP attribute type definition in those RFCs, the schemat tool generated an OWL DatatypeProperty and a OWL Class. The URI of the OWL class generated from an LDAP attribute type is currently of the form http://www.ldap.com/1/schema/rfcNNNN.owl#AttributeType_OID where NNNN is the number of the RFC, and OID is the string encoding of the attribute's object identifier. (We chose to use the OID in the URI, rather than a string, since LDAP allows an attribute to have multiple string names, and does not have a 'primary' string name. Having to equivalentClass between multiple Classes for a single LDAP attribute type definition seemed worse than having one Class with an identifier already known to be unique). We chose the ldap.com domain name as we have it :-) and these are LDAP-developed definitions; I'm not wedded to the ldap.com domain name, and considered two alternatives: - using an 'oid' URI form This would be a suitable alternative URI, however, this would introduce a dependency on a oid URN namespace resolver, which isn't yet operational. - using an ietf.org or iana.org domain name This would be our preferred long-term strategy, as the IETF has change control for these definitions; however, at present I'm not aware if IANA provides RDF document hosting. The OWL class definitions currently contain just an rdfs:label predicate, and, in some cases, an rdfs:comment predicate, as well as some subClassOf refinements. As the URIs for predicates for metadata of attributes are defined by the ID Schemas WG, we'll add those to the OWL classes for those attributes, where the data is available in the RFCs. (Some of the purely LDAP specific aspects of attributes may also be translated into RDF predicates with an informed-control.com or ldap.com domain in their predicate URIs, but these are not going to be of interest to OpenID, they're primarily for testing and research). We'll also add predicates to these classes for metadata that's defined by the ID Schemas WG, required for interoperability, and non-controversial (e.g., a display name having the same value as an attribute type name). We'll also be generating 'commentary' RDF files that add descriptive information to these classes for research purposes, but will be separate from those RDF files generated from the RFC files, at least until the IANA has a process for standardizing and publishing such definitions. Here are the URIs we generated for the standards-track LDAP attributes: aliasedObjectName http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.4.1 altServer http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.6 associatedDomain http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.37 associatedName http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.38 attributeTypes http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.21.5 buildingName http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.48 businessCategory http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.15 c http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.6 carLicense http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.1 cn http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.3 co http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.43 dc http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_0.9.2342.19200300.100.1.25 departmentNumber http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.2 description http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.13 destinationIndicator http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.27 displayName http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.241 distinguishedName http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.49 dITContentRules http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.21.2 dITStructureRules http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.21.1 dnQualifier http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.46 documentAuthor http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.14 documentIdentifier http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.11 documentLocation http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.15 documentPublisher http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.56 documentTitle http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.12 documentVersion http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.13 drink http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.5 employeeNumber http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.3 employeeType http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.4 enhancedSearchGuide http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.47 facsimileTelephoneNumber http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.23 generationQualifier http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.44 givenName http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.42 homePhone http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.20 homePostalAddress http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.39 host http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.9 houseIdentifier http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.51 info http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.4 initials http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.43 internationalISDNNumber http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.25 jpegPhoto http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_0.9.2342.19200300.100.1.60 l http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.7 labeledURI http://www.ldap.com/1/schema/rfc2079.owl#AttributeType_1.3.6.1.4.1.250.1.57 ldapSyntaxes http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.16 mail http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.3 manager http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.10 matchingRules http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.21.4 matchingRuleUse http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.21.8 member http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.31 mobile http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.41 name http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.41 nameForms http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.21.7 namingContexts http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.5 o http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.10 objectClass http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.4.0 objectClasses http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.21.6 organizationalStatus http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.45 ou http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.11 owner http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.32 pager http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.42 personalTitle http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.40 physicalDeliveryOfficeName http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.19 postalAddress http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.16 postalCode http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.17 postOfficeBox http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.18 preferredDeliveryMethod http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.28 preferredLanguage http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.39 registeredAddress http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.26 roleOccupant http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.33 roomNumber http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.6 searchGuide http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.14 secretary http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.21 seeAlso http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.34 serialNumber http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.5 sn http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.4 st http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.8 street http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.9 supportedControl http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.13 supportedExtension http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.7 supportedFeatures http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_1.3.6.1.4.1.4203.1.3.5 supportedLDAPVersion http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.15 supportedSASLMechanisms http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.14 telephoneNumber http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.20 teletexTerminalIdentifier http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.22 telexNumber http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.21 title http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.12 uid http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_0.9.2342.19200300.100.1.1 uniqueIdentifier http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.44 uniqueMember http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.50 userClass http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.8 userPassword http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.35 userPKCS12 http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.216 userSMIMECertificate http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.40 x121Address http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.24 x500UniqueIdentifier http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.45 Mark Wahl Informed Control Inc. _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs