New Feature Proposal: Improvements to Schema

12 views
Skip to first unread message

Tony Tkacik

unread,
Jul 23, 2025, 6:57:04 AMJul 23
to conni...@googlegroups.com

Dear ConnId community,


at Evolveum, we identified a need to expand current schema support in ConnId framework, which improves end-user experience and performance when processing schema:

  1. Support for description attribute for objectClass and attribute definition
  2. Support for schema generation constraints - allows client to request only a subset of full schema

We at Evolveum are very interested in these features, and would like to develop it, if it makes sense to you. What do you think?

Below you can find more detailed proposals for each of these features.


1. Support for description attribute for objectClass and attribute definition

The addition of a “description” parameter to ObjectClassInfo and AttributeInfo objects.


Rationale: The “description” parameters would provide information about the intended usage of the Object Classes and the attributes right in the schema.


Examples:

  • "User" Object Class description: "A User object is a digital identity object that represents a single human user or a non-human agent (e.g., service account) authorized to access digital resources."

  • "User" Object class "member_of" attribute description: "Unique identifiers of groups represented as a list of memberships for policy inheritance."

Design and Implementation

Extension of the ObjectClassInfo class and addition of "Description" field with accessor methods. Similar approach for the AttributeInfo class.
(Also builder classes, encoder/decoder and other updated accordingly.)

2. Support for schema generation constraints

A set of new features enabling the client to request from the connector only a part of the full schema provided by the resource


Rationale: The schema of some remote systems can contain a large number of object classes, which can also contain numerous information regarding attributes.
This information has to be handled by the connector client, even if there are often use cases when only a small subset of the object classes present in the resource schema is actually needed.
This could be mitigated by providing the connector client with a list of Object class information objects, the client would then request the schema with only a handful of object classes, which were selected from the list.


Example: LDAP servers and AD contain large schemas, out of which only a couple of object classes tend to be managed by IAM systems, usually those representing some sort of group or account. Also, large numbers of cloud services provide API endpoints, which quite often have a large number of Object classes to choose from.


Design and Implementation

The feature consists of a new API class containing two methods. One would provide the connector client with a set of “Lightweight” ConnectorObjectInfo objects, which would be lacking Attribute information. This is to make the amount of data reasonably small, yet provide other information that might be needed by the client. A second method would then return a Schema object constructed based on the list of Object classes chosen by the client, provided by the client as an input parameter.




As mentioned earlier, we at Evolveum are very interested in these features and would like to develop them if it makes sense to you. What do you think?

Thanks for your feedback.


---
Anton Tkáčik
Backend Technical Leader and Developer
evolveum.com


Francesco Chicchiriccò

unread,
Aug 4, 2025, 4:40:05 AMAug 4
to conni...@googlegroups.com
Hi Tony,
I apologize for late reply.

About your two proposals below, I think they are worth of considerations and I would consider both as improvements.

Regarding #2, however, I'd rather go with the second option you mention. I suppose the idea would be to change the SchemaApiOp interface to become something like as

public interface SchemaApiOp extends APIOperation {

    Schema schema();

    Schema schema(String... objectClasses) ;
}

where the new method would return an instance of Schema containing only the ObjectClassInfo instances matching the parameter values provided, correct?

Regards.
--
You received this message because you are subscribed to the Google Groups "connid-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to connid-dev+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/connid-dev/2122219629.2312764.1753268218186.JavaMail.zimbra%40evolveum.com.


-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA
https://about.me/ilgrosso

Tony Tkacik

unread,
Aug 4, 2025, 6:50:59 AMAug 4
to connid-dev
Hi,
Sorry for the confusion, maybe the original wording was a bit off, feature #2 meant to introduce two methods to SchemaApiOp:

 - `Collection<ObjectClassInfo> getObjectClasses()` - list of all object classes with basic info only (without attributes and other details)
 - `Schema schema(String... objectClass)` - schema with only enumerated list of object classes to be included, as you mentioned.

The list of object classes without attributes is helpful during the configuration steps of the connector to obtain the available set of object classes without the need to construct a complete schema.
The filtered set (constructed by the client) can then be passed to `Schema schema(String... objectClass)` to return a schema with only these object classes.

Regards,

---
Anton Tkáčik
Backend Technical Leader and Developer
evolveum.com


From: "Francesco Chicchiriccò" <ilgr...@apache.org>
To: "connid-dev" <conni...@googlegroups.com>
Sent: Monday, August 4, 2025 10:39:56 AM
Subject: [Spam]  Re: [connid-dev] New Feature Proposal: Improvements to Schema

Francesco Chicchiriccò

unread,
Aug 4, 2025, 6:53:52 AMAug 4
to conni...@googlegroups.com
I understand.

Honestly I am not a big fun of returning incomplete objects: why not having

Collection<String> getObjectClasses();

instead?

Regards.
-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence

Tony Tkacik

unread,
Aug 4, 2025, 8:09:22 AMAug 4
to connid-dev
Considering the other proposed updates, and extended information object class name may not be sufficient, since (as of now) object class can be container / embedded / auxiliary, and also description could be useful. In that case, maybe using a separate class `BasicObjectClassInfo` could be beneficial.

From: "Francesco Chicchiriccò" <ilgr...@apache.org>
To: "connid-dev" <conni...@googlegroups.com>
Sent: Monday, August 4, 2025 12:53:43 PM
Subject: Re: [connid-dev] New Feature Proposal: Improvements to Schema

--
You received this message because you are subscribed to the Google Groups "connid-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to connid-dev+...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages