UMI XML document model
The Universal Management Infrastructure XML document model (or UMI XML model) is a set of restrictions placed on the XSL/XML model by the user mapping rules implementation, which enables the interface to be simple and yet functional for certificate purposes. The model constrains the certificate rules to function within a predetermined XML document format, with the same top-level XML document element for all rules. The XML UMI that is imported by the rules evaluator from certificate attributes must be inserted into this XML document before the data can be used by the certificate. Similarly, to simplify the process of defining rules, the certificate rules must operate within the confines of the UMI XML model.
The UMI XML model
requires the XML document to contain the following
top-level XML element, into which all target UMI for a particular
rule evaluation is inserted. The XMLUMI
element is
created automatically as part of the rule evaluation process by the
user mapping engine.
<XMLUMI>
<!--XML formatted UMI are inserted here. -->
</XMLUMI>
As a result of this restriction,
the XPath to the data used in
a Certificate User Mapping Rule must include the prefix /XMLUMI
in
order to access a particular data element within the model. For
example, if a UMI item of stsuuser:STSUniversalUser
is
added to the document, you must specify the XPath /XMLUMI/stsuuser:STSUniversalUser
in
order to access the data contained in the XML object stsuuser:STSUniversalUser
.
An XPath is the path to a particular child element within the hierarchy
of a structured XML data object. Much like a directory path on a hard
drive is used to access a specific file, an XPath designation starts
from the root of the document (in this case /XMLUMI
)
and traces a path from this root down through its child elements
to the specific element that is being referenced. For example, using
the example entitlement stsuuser:STSUniversalUser
in
the XML certificate model as
a reference, you would use the following XPath to access the Version
element
of /XMLUMI/stsuuser:STSUniversalUser
:
"/XMLUMI/stsuuser:STSUniversalUser/stsuuser:AttributeList/stsuuser:
Attribute[@name='Version']/stsuuser:Value"
XPaths like this example are the means by which user mapping rules access the UMI data values that are needed to make attribute-based user mapping decisions.
Because all data elements are restricted
to work within the UMI
XML model, the user mapping rules must also be restricted to operate
on or match XPaths within the model. Therefore, XSL template match
statements are also restricted to matching XPaths starting from /XMLUMI
within
the UMI XML document. For additional information,
see Format and constraints of rules.