PROPOSAL schema.openid.net for AX (and other extensions)
Mark Wahl
Mark.Wahl at informed-control.com
Sun Apr 8 20:01:22 UTC 2007
Dick Hardt wrote:
> If there was something out there already, I would propose we used it.
> There is not.
>
> Just like the SAML crowd has accused the OpenID crowd of reinventing an
> identity protocol (AKA reinventing the wheel) -- the AX proposal has
> some unique concepts that people like Paul and Mark think are quite
> innovative. Other schemas don't support them.
>
> I have cc'ed Paul and Mark in case they can point to some new work that
> we can take advantage of today.
FYI if you are carrying attribuets in OpenID AX that are equivalent to
LDAP attributes with attribute types being standardized in the IETF, then
you could use our LDAP schema definition metadata. We have resolvable
HTTP URIs for each of the widely-deployed attributes, such as givenName.
Background:
In order to get some test data for developing our Schemat 'reference
implementation' of identity metasystem schema management tools, we
(Informed Control) have been generating metadata for the LDAP/X.500 schema
definitions that are in IETF RFCs.
For our first cut, we took the definitions from these RFCs:
2079 Definition of an X.500 Attribute Type and an Object Class to Hold
Uniform Resource Identifiers (URIs). M. Smith. January 1997. (Format:
TXT=8757 bytes) (Status: PROPOSED STANDARD)
2798 Definition of the inetOrgPerson LDAP Object Class. M. Smith.
April 2000. (Format: TXT=32929 bytes) (Updated by RFC3698, RFC4519,
RFC4524) (Status: INFORMATIONAL)
4512 Lightweight Directory Access Protocol (LDAP): Directory
Information Models. K. Zeilenga, Ed.. June 2006. (Format: TXT=108377
bytes) (Obsoletes RFC2251, RFC2252, RFC2256, RFC3674) (Status:
PROPOSED STANDARD)
4519 Lightweight Directory Access Protocol (LDAP): Schema for User
Applications. A. Sciberras, Ed.. June 2006. (Format: TXT=64996 bytes)
(Obsoletes RFC2256) (Updates RFC2247, RFC2798, RFC2377) (Status:
PROPOSED STANDARD)
4524 COSINE LDAP/X.500 Schema. K. Zeilenga, Ed.. June 2006. (Format:
TXT=11245 bytes) (Obsoletes RFC1274) (Updates RFC2247, RFC2798)
(Status: PROPOSED STANDARD)
and generated RDF/XML files with metadata translated into OWL from the
LDAP representation.
(We picked those RFCs since there was already a change control and
standardization process for them, they represented rough concensus
as a minimum interoperable set of definitions, the objectclasses in
them are stable, these schemas are widely supported by many LDAP servers
as a native schema, and contained the schema used in example LDIF/DSML
files. There are certainly other non-obsolete RFCs containing LDAP
schemas, which we'll address later as there's interest; I don't think
there's any technical limitations that would have prevented us from
extracting metadata from them).
For each LDAP attribute type definition in those RFCs, the schemat
tool generated an OWL DatatypeProperty and a OWL Class.
The URI of the OWL class generated from an LDAP attribute type
is currently of the form
http://www.ldap.com/1/schema/rfcNNNN.owl#AttributeType_OID
where NNNN is the number of the RFC, and OID is the string encoding
of the attribute's object identifier. (We chose to use the OID in the
URI, rather than a string, since LDAP allows an attribute to have
multiple string names, and does not have a 'primary' string name.
Having to equivalentClass between multiple Classes for a single
LDAP attribute type definition seemed worse than having one Class
with an identifier already known to be unique). We chose the ldap.com
domain name as we have it :-) and these are LDAP-developed definitions;
I'm not wedded to the ldap.com domain name, and considered two alternatives:
- using an 'oid' URI form
This would be a suitable alternative URI, however, this
would introduce a dependency on a oid URN namespace
resolver, which isn't yet operational.
- using an ietf.org or iana.org domain name
This would be our preferred long-term strategy, as the IETF
has change control for these definitions; however,
at present I'm not aware if IANA provides RDF document
hosting.
The OWL class definitions currently contain just an rdfs:label
predicate, and, in some cases, an rdfs:comment predicate, as well
as some subClassOf refinements. As the URIs for predicates for
metadata of attributes are defined by the ID Schemas WG, we'll add
those to the OWL classes for those attributes, where the data is
available in the RFCs. (Some of the purely LDAP specific
aspects of attributes may also be translated into RDF predicates with
an informed-control.com or ldap.com domain in their predicate URIs,
but these are not going to be of interest to OpenID, they're
primarily for testing and research). We'll also add predicates
to these classes for metadata that's defined by the ID Schemas WG,
required for interoperability, and non-controversial (e.g., a
display name having the same value as an attribute type name). We'll
also be generating 'commentary' RDF files that add descriptive
information to these classes for research purposes, but will be
separate from those RDF files generated from the RFC files, at least
until the IANA has a process for standardizing and publishing such
definitions.
Here are the URIs we generated for the standards-track LDAP attributes:
aliasedObjectName http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.4.1
altServer http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.6
associatedDomain http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.37
associatedName http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.38
attributeTypes http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.21.5
buildingName http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.48
businessCategory http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.15
c http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.6
carLicense http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.1
cn http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.3
co http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.43
dc http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_0.9.2342.19200300.100.1.25
departmentNumber http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.2
description http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.13
destinationIndicator http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.27
displayName http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.241
distinguishedName http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.49
dITContentRules http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.21.2
dITStructureRules http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.21.1
dnQualifier http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.46
documentAuthor http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.14
documentIdentifier http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.11
documentLocation http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.15
documentPublisher http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.56
documentTitle http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.12
documentVersion http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.13
drink http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.5
employeeNumber http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.3
employeeType http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.4
enhancedSearchGuide http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.47
facsimileTelephoneNumber http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.23
generationQualifier http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.44
givenName http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.42
homePhone http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.20
homePostalAddress http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.39
host http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.9
houseIdentifier http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.51
info http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.4
initials http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.43
internationalISDNNumber http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.25
jpegPhoto http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_0.9.2342.19200300.100.1.60
l http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.7
labeledURI http://www.ldap.com/1/schema/rfc2079.owl#AttributeType_1.3.6.1.4.1.250.1.57
ldapSyntaxes http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.16
mail http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.3
manager http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.10
matchingRules http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.21.4
matchingRuleUse http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.21.8
member http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.31
mobile http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.41
name http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.41
nameForms http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.21.7
namingContexts http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.5
o http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.10
objectClass http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.4.0
objectClasses http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_2.5.21.6
organizationalStatus http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.45
ou http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.11
owner http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.32
pager http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.42
personalTitle http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.40
physicalDeliveryOfficeName http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.19
postalAddress http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.16
postalCode http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.17
postOfficeBox http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.18
preferredDeliveryMethod http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.28
preferredLanguage http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.39
registeredAddress http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.26
roleOccupant http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.33
roomNumber http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.6
searchGuide http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.14
secretary http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.21
seeAlso http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.34
serialNumber http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.5
sn http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.4
st http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.8
street http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.9
supportedControl http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.13
supportedExtension http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.7
supportedFeatures http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_1.3.6.1.4.1.4203.1.3.5
supportedLDAPVersion http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.15
supportedSASLMechanisms http://www.ldap.com/1/schema/rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.14
telephoneNumber http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.20
teletexTerminalIdentifier http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.22
telexNumber http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.21
title http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.12
uid http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_0.9.2342.19200300.100.1.1
uniqueIdentifier http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.44
uniqueMember http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.50
userClass http://www.ldap.com/1/schema/rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.8
userPassword http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.35
userPKCS12 http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.216
userSMIMECertificate http://www.ldap.com/1/schema/rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.40
x121Address http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.24
x500UniqueIdentifier http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.45
Mark Wahl
Informed Control Inc.
More information about the specs
mailing list