Rich>
Actually the roleOccupant attribute is multi-valued and is supposed to hold
ALL occupants of a role (consider a purchasing agent for example), according
to X.521.
I see that it COULD be multivalued, but how to you figure that it SHOULD be?
I certainly don't get that impression from either X.520 or X.521.
X.521, para 6.7 says "The Oragnizational Role object class is used to define
entries representing an organizational role, i.e., a position or role within an
organization. An organizational role is normally considered to be filled by
a PARTICULAR organizational person. Over its lifetime, however, an
organizational role may be filled by a number of different organizational
people IN SUCCESSION. In general, an organizational role may be filled
by a person or a non-human entity. [Emphasis added.]
I can see how it might be useful to have a list of all of the purchasing
agents in one place. but shouldn't something like the Member attribute
be used for something like this?
For my purposes, I'm now beginning to think that the organizationalRole
object class is backwards, or upside down. I'm not trying to name the
collection of ALL of the purchasing agents or payroll clerks, I'm trying
to indicate that a particular person HAS that role. The current way of
doing that within X.500/X.520 is just too awkward.
What we need is an attribute that is very similar to Title, but has
different semantics. In particular, I want to indicate by this role
whether or not the individual is authorized to bind the company
or organization, e.g., sign checks, issue purchase order, sign contracts,
etc. In other words, the individual is an AGENT of the organization.
Since some roles do not have that level of authorization, e.g.,
United Way Campaign Chairmand, the use of the work Role
for this purpose may not be appropriate, although such an
attribute would be useful for other purposes such as sending out
campaign pledge information and corresponding with the United Way
headquarters.
I would therefore suggest that the NIST OIW group consider adding
two additional attributes to those defined in X.520, both with the syntax
of Title. I would also modify the semantics of Title slightly. as follows:
5.4.3. Title
The Title attribute type specifies the designated POSITION NAME
or level of an object (generally a human) WITHIN the organization.
Example:
Title="Manager, Distributed Applications"
Title="Member of Technical Staff"
5.4.4 Role
The Role attribute type specfies the the designated FUNCTION
of an object (generally a human) WITHIN the organization.
Example:
Role="Program Manager, X.500 Project"
Role="Principle Investigator, X.520 Anomalies and Defects"
5.4.5 Agent
The Agent attribute specifies the FUNCTION of an object whose
actions have consequences OUTSIDE of the organization, and
are authorized in some sense to speak for, commit, or bind
the organization.
Esample:
Agent="Chief Financial Officer"
Agent="Corporate Spokesperson"
Agent="Purchasing Agent"
Agent="Accounts Payable Clerk"
These various attributes are not exclusive, and may be multivalued.
Hypothetical example:
C=US, O=GTE Labs,
{CN=Robert R. Jueneman
+ Title=("Mgr, Secure Systems" +
" Acting Mgr., Newly Created Dept.")
+ Role=("Program Mgr, X.500 Project" +
"United Way Campaign Representative")
+ Agent=("GTE delegate to TIA TR-45")
How does this type of a concept fit with what X9F1 is trying to do?
What other attributes might be on the table that you know of?
When and how will the list of additional "approved" attributes be distributed?
Bob