UMI XML document model

The Universal Management Infrastructure XML document model (or UMI XML model) is a set of restrictions placed on the XSL/XML model by the user mapping rules implementation, which enables the interface to be simple and yet functional for certificate purposes. The model constrains the certificate rules to function within a predetermined XML document format, with the same top-level XML document element for all rules. The XML UMI that is imported by the rules evaluator from certificate attributes must be inserted into this XML document before the data can be used by the certificate. Similarly, to simplify the process of defining rules, the certificate rules must operate within the confines of the UMI XML model.

The UMI XML model requires the XML document to contain the following top-level XML element, into which all target UMI for a particular rule evaluation is inserted. The XMLUMI element is created automatically as part of the rule evaluation process by the user mapping engine.

<XMLUMI>
<!--XML formatted UMI are inserted here.    -->
</XMLUMI>

As a result of this restriction, the XPath to the data used in a Certificate User Mapping Rule must include the prefix /XMLUMI in order to access a particular data element within the model. For example, if a UMI item of stsuuser:STSUniversalUser is added to the document, you must specify the XPath /XMLUMI/stsuuser:STSUniversalUser in order to access the data contained in the XML object stsuuser:STSUniversalUser.

An XPath is the path to a particular child element within the hierarchy of a structured XML data object. Much like a directory path on a hard drive is used to access a specific file, an XPath designation starts from the root of the document (in this case /XMLUMI) and traces a path from this root down through its child elements to the specific element that is being referenced. For example, using the example entitlement stsuuser:STSUniversalUser in the XML certificate model as a reference, you would use the following XPath to access the Version element of /XMLUMI/stsuuser:STSUniversalUser:

"/XMLUMI/stsuuser:STSUniversalUser/stsuuser:AttributeList/stsuuser:
Attribute[@name='Version']/stsuuser:Value"

XPaths like this example are the means by which user mapping rules access the UMI data values that are needed to make attribute-based user mapping decisions.

Because all data elements are restricted to work within the UMI XML model, the user mapping rules must also be restricted to operate on or match XPaths within the model. Therefore, XSL template match statements are also restricted to matching XPaths starting from /XMLUMI within the UMI XML document. For additional information, see Format and constraints of rules.