diff --git a/person-identifiers.adoc b/person-identifiers.adoc index f7124a6..0d7a4eb 100644 --- a/person-identifiers.adoc +++ b/person-identifiers.adoc @@ -47,22 +47,22 @@ mp: OID is permanent, not shared name is a name-based identifier (other could be internal id: No ==== opaque (not name-based or otherwise recognizable) Y/N -- permanent (changes are rare or non-existent) +==== permanent (changes are rare or non-existent) can be merged if necessary. -- re-assignable (once assigned, a given identifier value will never be reused and assigned to another person) +==== Non re-assignable (once assigned, a given identifier value will never be reused and assigned to another person) -- pairwise (formerly called targeted): A person has a different identifier for each service or resource provider with which they interact +==== Pairwise (formerly called targeted): A person has a different identifier for each service or resource provider with which they interact -==== What is the primary, wholly internal person identifier in your package? +=== What is the primary, wholly internal person identifier in your package? COmanage: identifier modules to generate identifiers with the desired characteristics; KeithL: If you make a REST call: here's user, get the OID, use that in the actual REST call -==== What identifier(s) do you expose to other packages? Internal ID plus tuple source/identifier +=== What identifier(s) do you expose to other packages? Internal ID plus tuple source/identifier generate anything you want, configurable; DO NOT USE OID; mP API is a case where you could use OID, - Do you maintain a crosswalk between each external system identifier and your internal identifier? @@ -75,9 +75,8 @@ connectors can work w opaque: UID (used to link to the midPoint user, and anothe If UID link breaks, correlation can relink. -- - - -Hypothetical Precondition: +=== Issue: Timing of unique identifier assignment in IAM system A person was just now added to a System of Record, midPoint has not yet processed this, so has no record of their existence