Dick Hardt wrote:
> If there was something out there already, I would propose we used it.
> There is not.
>
> Just like the SAML crowd has accused the OpenID crowd of reinventing an
> identity protocol (AKA reinventing the wheel) -- the AX proposal has
> some unique concepts that people like Paul and Mark think are quite
> innovative. Other schemas don't support them.
>
> I have cc'ed Paul and Mark in case they can point to some new work that
> we can take advantage of today.
FYI if you are carrying attribuets in OpenID AX that are equivalent to
LDAP attributes with attribute types being standardized in the IETF, then
you could use our LDAP schema definition metadata. We have resolvable
HTTP URIs for each of the widely-deployed attributes, such as givenName.
Background:
In order to get some test data for developing our Schemat 'reference
implementation' of identity metasystem schema management tools, we
(Informed Control) have been generating metadata for the LDAP/X.500 schema
definitions that are in IETF RFCs.
For our first cut, we took the definitions from these RFCs:
2079 Definition of an X.500 Attribute Type and an Object Class to Hold
Uniform Resource Identifiers (URIs). M. Smith. January 1997. (Format:
TXT=8757 bytes) (Status: PROPOSED STANDARD)
2798 Definition of the inetOrgPerson LDAP Object Class. M. Smith.
April 2000. (Format: TXT=32929 bytes) (Updated by RFC3698, RFC4519,
RFC4524) (Status: INFORMATIONAL)
4512 Lightweight Directory Access Protocol (LDAP): Directory
Information Models. K. Zeilenga, Ed.. June 2006. (Format: TXT=108377
bytes) (Obsoletes RFC2251, RFC2252, RFC2256, RFC3674) (Status:
PROPOSED STANDARD)
4519 Lightweight Directory Access Protocol (LDAP): Schema for User
Applications. A. Sciberras, Ed.. June 2006. (Format: TXT=64996 bytes)
(Obsoletes RFC2256) (Updates RFC2247, RFC2798, RFC2377) (Status:
PROPOSED STANDARD)
4524 COSINE LDAP/X.500 Schema. K. Zeilenga, Ed.. June 2006. (Format:
TXT=11245 bytes) (Obsoletes RFC1274) (Updates RFC2247, RFC2798)
(Status: PROPOSED STANDARD)
and generated RDF/XML files with metadata translated into OWL from the
LDAP representation.
(We picked those RFCs since there was already a change control and
standardization process for them, they represented rough concensus
as a minimum interoperable set of definitions, the objectclasses in
them are stable, these schemas are widely supported by many LDAP servers
as a native schema, and contained the schema used in example LDIF/DSML
files. There are certainly other non-obsolete RFCs containing LDAP
schemas, which we'll address later as there's interest; I don't think
there's any technical limitations that would have prevented us from
extracting metadata from them).
For each LDAP attribute type definition in those RFCs, the schemat
tool generated an OWL DatatypeProperty and a OWL Class.
The URI of the OWL class generated from an LDAP attribute type
is currently of the form
http://www.ldap.com/1/schema/rfcNNNN.owl#AttributeType_OID
where NNNN is the number of the RFC, and OID is the string encoding
of the attribute's object identifier. (We chose to use the OID in the
URI, rather than a string, since LDAP allows an attribute to have
multiple string names, and does not have a 'primary' string name.
Having to equivalentClass between multiple Classes for a single
LDAP attribute type definition seemed worse than having one Class
with an identifier already known to be unique). We chose the ldap.com
domain name as we have it :-) and these are LDAP-developed definitions;
I'm not wedded to the ldap.com domain name, and considered two alternatives:
- using an 'oid' URI form
This would be a suitable alternative URI, however, this
would introduce a dependency on a oid URN namespace
resolver, which isn't yet operational.
- using an ietf.org or iana.org domain name
This would be our preferred long-term strategy, as the IETF
has change control for these definitions; however,
at present I'm not aware if IANA provides RDF document
hosting.
The OWL class definitions currently contain just an rdfs:label
predicate, and, in some cases, an rdfs:comment predicate, as well
as some subClassOf refinements. As the URIs for predicates for
metadata of attributes are defined by the ID Schemas WG, we'll add
those to the OWL classes for those attributes, where the data is
available in the RFCs. (Some of the purely LDAP specific
aspects of attributes may also be translated into RDF predicates with
an informed-control.com or ldap.com domain in their predicate URIs,
but these are not going to be of interest to OpenID, they're
primarily for testing and research). We'll also add predicates
to these classes for metadata that's defined by the ID Schemas WG,
required for interoperability, and non-controversial (e.g., a
display name having the same value as an attribute type name). We'll
also be generating 'commentary' RDF files that add descriptive
information to these classes for research purposes, but will be
separate from those RDF files generated from the RFC files, at least
until the IANA has a process for standardizing and publishing such
definitions.
Here are the URIs we generated for the standards-track LDAP attributes:
aliasedObjectName http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.4.1
altServer
http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.6
associatedDomain
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.37
associatedName
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.38
attributeTypes http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.21.5
buildingName
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.48
businessCategory http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.15
c http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.6
carLicense
http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.1
cn http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.3
co
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.43
dc
http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_0.9.2342.19200300.100.1.25
departmentNumber
http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.2
description http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.13
destinationIndicator
http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.27
displayName
http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.241
distinguishedName
http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.49
dITContentRules http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.21.2
dITStructureRules
http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.21.1
dnQualifier http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.46
documentAuthor
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.14
documentIdentifier
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.11
documentLocation
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.15
documentPublisher
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.56
documentTitle
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.12
documentVersion
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.13
drink
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.5
employeeNumber
http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.3
employeeType
http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.4
enhancedSearchGuide
http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.47
facsimileTelephoneNumber
http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.23
generationQualifier
http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.44
givenName http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.42
homePhone
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.20
homePostalAddress
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.39
host
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.9
houseIdentifier http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.51
info
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.4
initials http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.43
internationalISDNNumber
http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.25
jpegPhoto
http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_0.9.2342.19200300.100.1.60
l http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.7
labeledURI
http://www.ldap.com/1/schema/rfc2079.owl#AttributeType_1.3.6.1.4.1.250.1.57
ldapSyntaxes
http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.16
mail
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.3
manager
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.10
matchingRules http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.21.4
matchingRuleUse http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.21.8
member http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.31
mobile
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.41
name http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.41
nameForms http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.21.7
namingContexts
http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.5
o http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.10
objectClass http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.4.0
objectClasses http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.21.6
organizationalStatus
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.45
ou http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.11
owner http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.32
pager
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.42
personalTitle
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.40
physicalDeliveryOfficeName
http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.19
postalAddress http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.16
postalCode http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.17
postOfficeBox http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.18
preferredDeliveryMethod
http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.28
preferredLanguage
http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.39
registeredAddress
http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.26
roleOccupant http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.33
roomNumber
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.6
searchGuide http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.14
secretary
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.21
seeAlso http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.34
serialNumber http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.5
sn http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.4
st http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.8
street http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.9
supportedControl
http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.13
supportedExtension
http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.7
supportedFeatures
http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_1.3.6.1.4.1.4203.1.3.5
supportedLDAPVersion
http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.15
supportedSASLMechanisms
http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.14
telephoneNumber http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.20
teletexTerminalIdentifier
http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.22
telexNumber http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.21
title http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.12
uid
http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_0.9.2342.19200300.100.1.1
uniqueIdentifier
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.44
uniqueMember http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.50
userClass
http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.8
userPassword http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.35
userPKCS12
http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.216
userSMIMECertificate
http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.40
x121Address http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.24
x500UniqueIdentifier
http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.45
Mark Wahl
Informed Control Inc.
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
