[higgins-dev] JNDI CP configuration file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[higgins-dev] JNDI CP configuration file - schema confusion

From: Rajalakshmi S Iyer <iyer_rajalakshmi@xxxxxxxxxx>
Date: Wed, 28 May 2008 23:13:51 +0530
Delivered-to: higgins-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/higgins-dev>
List-help: <mailto:higgins-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=unsubscribe>

Hello,

The JNDI configuration XML file contains a multimap that maps LDAP
attributes to Cardspace claims. This is then used to do the translation
between consumer and provider attributes.

However, this means that the JNDI CP attributes can be referred using the
JNDI CP schema namespace
http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_ prefix as
well as the Cardspace claims prefix
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/<attr_name>.

When I search for entities, the results look like -

http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_objectClass
 : inetorgperson
http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_objectClass
 : organizationalPerson
http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_objectClass
 : person
http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_objectClass
 : top
http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_uid : jdoe
http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_description
 : IBM Employee
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone : 25691128
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname : Doe
http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_cn : John
Doe

As can be seen, the attributes that have a corresponding definition in the
cardspace multimap are returned with that as prefix else they are returned
with the JNDI CP schema namespace as prefix. It seems to imply that there
are two levels of translation - one between LDAP schema and JNDI CP schema
and another between LDAP schema and Cardspace claims schema.

Is there a reason why Cardspace claims namespace is used for IdAS
attributes? Is it so that an IdAS application can use common Cardspace
attributes across all context providers?

Another point to note:
If I use the attribute
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone for filter
construction during search, the search fails because this attribute maps to
multiple LDAP attributes and the nested filter construction logic doesnt
seem to work. However, if I use
http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_homePhone
it works.

Best regards,
Rajalakshmi Iyer

Follow-Ups:
- Re: [higgins-dev] JNDI CP configuration file - schema confusion
  - From: Tom Doman

Prev by Date: Re: AW: FW: [higgins-dev]Higgins configurationcode and org.eclipse.core.runtime.Platform
Next by Date: Re: [higgins-dev] JNDI CP configuration file - schema confusion
Previous by thread: [higgins-dev] SAML 2.0 support + additional questions on higgins
Next by thread: Re: [higgins-dev] JNDI CP configuration file - schema confusion
Index(es):
- Date
- Thread

Breadcrumbs