PROPOSAL schema.openid.net for AX (and other extensions)

Dick Hardt dick at sxip.com
Mon Apr 9 02:18:03 UTC 2007 

Hi Mark

The URL mapping of LDAP attributes below looks pretty useful. Some of  
those overlap with attributes we defined for AX, but many of the  
attributes in AX are not defined, or don't have the same granularity.

Given that LDAP attributes were defined per the needs of enterprise,  
and AX attributes reflect the attributes commonly requested on public  
web forms, this is to be expected.

With a goal of making it easy for people to use AX, I'd like to have  
a list of common web oriented attributes readily available for  
developers to work with.

What do you think of using the equivalence mechanisms to map common  
attributes between the two sets, but allowing the two sets  to  
maintain their focus on solving the problems for their separate  
communities? ... or do you think we should try and come up with a  
master set of core attributes?

-- Dick

On 8-Apr-07, at 1:01 PM, Mark Wahl wrote:

> Dick Hardt wrote:
>
>> If there was something out there already, I would propose we used  
>> it.  There is not.
>> Just like the SAML crowd has accused the OpenID crowd of  
>> reinventing  an identity protocol (AKA reinventing the wheel) --  
>> the AX proposal  has some unique concepts that people like Paul  
>> and Mark think are  quite innovative. Other schemas don't support  
>> them.
>> I have cc'ed Paul and Mark in case they can point to some new  
>> work  that we can take advantage of today.
>
> FYI if you are carrying attribuets in OpenID AX that are equivalent to
> LDAP attributes with attribute types being standardized in the  
> IETF, then
> you could use our LDAP schema definition metadata.   We have  
> resolvable
> HTTP URIs for each of the widely-deployed attributes, such as  
> givenName.
>
> Background:
>
> In order to get some test data for developing our Schemat 'reference
> implementation' of identity metasystem schema management tools, we
> (Informed Control) have been generating metadata for the LDAP/X.500  
> schema
> definitions that are in IETF RFCs.
>
> For our first cut, we took the definitions from these RFCs:
>
> 2079 Definition of an X.500 Attribute Type and an Object Class to Hold
>      Uniform Resource Identifiers (URIs). M. Smith. January 1997.  
> (Format:
>      TXT=8757 bytes) (Status: PROPOSED STANDARD)
>
> 2798 Definition of the inetOrgPerson LDAP Object Class. M. Smith.
>      April 2000. (Format: TXT=32929 bytes) (Updated by RFC3698,  
> RFC4519,
>      RFC4524) (Status: INFORMATIONAL)
>
> 4512 Lightweight Directory Access Protocol (LDAP): Directory
>      Information Models. K. Zeilenga, Ed.. June 2006. (Format:  
> TXT=108377
>      bytes) (Obsoletes RFC2251, RFC2252, RFC2256, RFC3674) (Status:
>      PROPOSED STANDARD)
>
> 4519 Lightweight Directory Access Protocol (LDAP): Schema for User
>      Applications. A. Sciberras, Ed.. June 2006. (Format: TXT=64996  
> bytes)
>      (Obsoletes RFC2256) (Updates RFC2247, RFC2798, RFC2377) (Status:
>      PROPOSED STANDARD)
>
> 4524 COSINE LDAP/X.500 Schema. K. Zeilenga, Ed.. June 2006. (Format:
>      TXT=11245 bytes) (Obsoletes RFC1274) (Updates RFC2247, RFC2798)
>      (Status: PROPOSED STANDARD)
>
> and generated RDF/XML files with metadata translated into OWL from the
> LDAP representation.
>
> (We picked those RFCs since there was already a change control and
> standardization process for them, they represented rough concensus
> as a minimum interoperable set of definitions, the objectclasses in
> them are stable, these schemas are widely supported by many LDAP  
> servers
> as a native schema, and contained the schema used in example LDIF/DSML
> files.  There are certainly other non-obsolete RFCs containing LDAP
> schemas, which we'll address later as there's interest; I don't think
> there's any technical limitations that would have prevented us from
> extracting metadata from them).
>
> For each LDAP attribute type definition in those RFCs, the schemat
> tool generated an OWL DatatypeProperty and a OWL Class.
>
> The URI of the OWL class generated from an LDAP attribute type
> is currently of the form
>
> http://www.ldap.com/1/schema/rfcNNNN.owl#AttributeType_OID
>
> where NNNN is the number of the RFC, and OID is the string encoding
> of the attribute's object identifier.  (We chose to use the OID in the
> URI, rather than a string, since LDAP allows an attribute to have
> multiple string names, and does not have a 'primary' string name.
> Having to equivalentClass between multiple Classes for a single
> LDAP attribute type definition seemed worse than having one Class
> with an identifier already known to be unique).  We chose the ldap.com
> domain name as we have it :-) and these are LDAP-developed  
> definitions;
> I'm not wedded to the ldap.com domain name, and considered two  
> alternatives:
>  - using an 'oid' URI form
> 	This would be a suitable alternative URI, however, this
> 	would introduce a dependency on a oid URN namespace
> 	resolver, which isn't yet operational.
> 	
>  - using an ietf.org or iana.org domain name
> 	This would be our preferred long-term strategy, as the IETF
>         has change control for these definitions; however,
>      	at present I'm not aware if IANA provides RDF document
> 	hosting.
>
> The OWL class definitions currently contain just an rdfs:label
> predicate, and, in some cases, an rdfs:comment predicate, as well
> as some subClassOf refinements.  As the URIs for predicates for
> metadata of attributes are defined by the ID Schemas WG, we'll add
> those to the OWL classes for those attributes, where the data is
> available in the RFCs.  (Some of the purely LDAP specific
> aspects of attributes may also be translated into RDF predicates with
> an informed-control.com or ldap.com domain in their predicate URIs,
> but these are not going to be of interest to OpenID, they're
> primarily for testing and research).  We'll also add predicates
> to these classes for metadata that's defined by the ID Schemas WG,
> required for interoperability, and non-controversial (e.g., a
> display name having the same value as an attribute type name). We'll
> also be generating 'commentary' RDF files that add descriptive
> information to these classes for research purposes, but will be
> separate from those RDF files generated from the RFC files, at least
> until the IANA has a process for standardizing and publishing such
> definitions.
>
> Here are the URIs we generated for the standards-track LDAP  
> attributes:
>
> aliasedObjectName http://www.ldap.com/1/schema/ 
> rfc4512.owl#AttributeType_2.5.4.1
> altServer http://www.ldap.com/1/schema/ 
> rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.6
> associatedDomain http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.37
> associatedName http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.38
> attributeTypes http://www.ldap.com/1/schema/ 
> rfc4512.owl#AttributeType_2.5.21.5
> buildingName http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.48
> businessCategory http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.15
> c http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.6
> carLicense http://www.ldap.com/1/schema/ 
> rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.1
> cn http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.3
> co http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.43
> dc http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_0.9.2342.19200300.100.1.25
> departmentNumber http://www.ldap.com/1/schema/ 
> rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.2
> description http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.13
> destinationIndicator http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.27
> displayName http://www.ldap.com/1/schema/ 
> rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.241
> distinguishedName http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.49
> dITContentRules http://www.ldap.com/1/schema/ 
> rfc4512.owl#AttributeType_2.5.21.2
> dITStructureRules http://www.ldap.com/1/schema/ 
> rfc4512.owl#AttributeType_2.5.21.1
> dnQualifier http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.46
> documentAuthor http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.14
> documentIdentifier http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.11
> documentLocation http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.15
> documentPublisher http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.56
> documentTitle http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.12
> documentVersion http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.13
> drink http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.5
> employeeNumber http://www.ldap.com/1/schema/ 
> rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.3
> employeeType http://www.ldap.com/1/schema/ 
> rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.4
> enhancedSearchGuide http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.47
> facsimileTelephoneNumber http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.23
> generationQualifier http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.44
> givenName http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.42
> homePhone http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.20
> homePostalAddress http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.39
> host http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.9
> houseIdentifier http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.51
> info http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.4
> initials http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.43
> internationalISDNNumber http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.25
> jpegPhoto http://www.ldap.com/1/schema/ 
> rfc2798.owl#AttributeType_0.9.2342.19200300.100.1.60
> l http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.7
> labeledURI http://www.ldap.com/1/schema/ 
> rfc2079.owl#AttributeType_1.3.6.1.4.1.250.1.57
> ldapSyntaxes http://www.ldap.com/1/schema/ 
> rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.16
> mail http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.3
> manager http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.10
> matchingRules http://www.ldap.com/1/schema/ 
> rfc4512.owl#AttributeType_2.5.21.4
> matchingRuleUse http://www.ldap.com/1/schema/ 
> rfc4512.owl#AttributeType_2.5.21.8
> member http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.31
> mobile http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.41
> name http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.41
> nameForms http://www.ldap.com/1/schema/ 
> rfc4512.owl#AttributeType_2.5.21.7
> namingContexts http://www.ldap.com/1/schema/ 
> rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.5
> o http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.10
> objectClass http://www.ldap.com/1/schema/ 
> rfc4512.owl#AttributeType_2.5.4.0
> objectClasses http://www.ldap.com/1/schema/ 
> rfc4512.owl#AttributeType_2.5.21.6
> organizationalStatus http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.45
> ou http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.11
> owner http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.32
> pager http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.42
> personalTitle http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.40
> physicalDeliveryOfficeName http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.19
> postalAddress http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.16
> postalCode http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.17
> postOfficeBox http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.18
> preferredDeliveryMethod http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.28
> preferredLanguage http://www.ldap.com/1/schema/ 
> rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.39
> registeredAddress http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.26
> roleOccupant http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.33
> roomNumber http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.6
> searchGuide http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.14
> secretary http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.21
> seeAlso http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.34
> serialNumber http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.5
> sn http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.4
> st http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.8
> street http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.9
> supportedControl http://www.ldap.com/1/schema/ 
> rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.13
> supportedExtension http://www.ldap.com/1/schema/ 
> rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.7
> supportedFeatures http://www.ldap.com/1/schema/ 
> rfc4512.owl#AttributeType_1.3.6.1.4.1.4203.1.3.5
> supportedLDAPVersion http://www.ldap.com/1/schema/ 
> rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.15
> supportedSASLMechanisms http://www.ldap.com/1/schema/ 
> rfc4512.owl#AttributeType_1.3.6.1.4.1.1466.101.120.14
> telephoneNumber http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.20
> teletexTerminalIdentifier http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.22
> telexNumber http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.21
> title http://www.ldap.com/1/schema/rfc4519.owl#AttributeType_2.5.4.12
> uid http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_0.9.2342.19200300.100.1.1
> uniqueIdentifier http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.44
> uniqueMember http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.50
> userClass http://www.ldap.com/1/schema/ 
> rfc4524.owl#AttributeType_0.9.2342.19200300.100.1.8
> userPassword http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.35
> userPKCS12 http://www.ldap.com/1/schema/ 
> rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.216
> userSMIMECertificate http://www.ldap.com/1/schema/ 
> rfc2798.owl#AttributeType_2.16.840.1.113730.3.1.40
> x121Address http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.24
> x500UniqueIdentifier http://www.ldap.com/1/schema/ 
> rfc4519.owl#AttributeType_2.5.4.45
>
>
> Mark Wahl
> Informed Control Inc.
>
>

More information about the specs mailing list