Thursday, May 12, 2005

How Many MV Entries?

I'm guilty of over designing some MIIS rules because I have misunderstood the state of MV entries when they are passed to IAF rules.

Consider a scenario like this:
CS.givenName --> MV.givenName -->
CS.department --> MV.department
CS.givenName,, CS.department --> MV.displayName

If the rule for MV.displayName evaluates uniqueness, then you will only want to fire that rule when the inputs have changed. If you do not test for this in your rule, then a full sync will always re-evaluate the uniqueness of the MV.displayName. This re-evaluation can result in a cascading uniqueness effect, where everybody's displayName will be constantly getting changed according to your uniqueness logic.

To prevent this, you need to make the rule Full-Sync safe such that it will ONLY change MV.displayName when the inputs have truly changed. For example, the MV.displayName rule now must look something like this:

//IAF MV.DisplayName
// inputs:
// CS.givenName
// CS.department
if CS.givenName has changed
if has changed
if CS.department has changed
then re-evaluate MV.displayName

If you're with me to now, you're either very trusting or have already done this correctly and are in agreement.

My confusion was regarding the state of the MV entry that was passed to each rule. Remember we have four rules:
1. CS.givenName --> MV.givenName
2. -->
3. CS.department --> MV.department
4. CS.givenName,, CS.department --> MV.displayName

How do we know that any of the CS attributes have changed? I do this:
boolGivenNameHasChanged = false
IF CS.givenName != MV.givenName then boolGivenNameHasChanged == true

But what if rule #1 has already run? Won't that test always evaluate to false? The answer is no, because every rule is passed the MV entry as it was before the current syncrhonization cycle started.

Figuring that out (thanks Ahmad) made me realize that it is much easier than I thought it was to figure out what inputs were changing.

1 comment:

Ahmad said...

You're welcome, Craig. It was, indeed a good game of metadirectory (no matter how many times we played it).

One important thing, though. You never answered the question in the title of the entry. How many MV entries?