From katkav at evolveum.com Tue Apr 7 11:26:02 2015 From: katkav at evolveum.com (Katka Valalikova) Date: Tue, 7 Apr 2015 11:26:02 +0200 (CEST) Subject: [midPoint] Ad-hoc Reconciliation In-Reply-To: References: <551A90E0.9040608@evolveum.com> Message-ID: <744028893.3722.1428398762359.JavaMail.zimbra@evolveum.com> Hello Martin, if I understand right, you need to link users comming from DB with users in LDAP according to email address, not DN. If you want midPoint to automatically decide if the user should be created or linked to the existed one, you need to do following steps. 1. In your LDAP server, set email address as unique attribute. 2. In midPoint: * set email address as secondary identifier in your schemaHandling - this will provide that if the account already exists in the LDAP, midPoint will try to find an owner and link them together ri:email Email address true ...... * set your correlation rule to match users according to the emailAddress - during already exists situation discovery, correlation rule will be used to match user in midPoint (according to your settings of action-reaction, account should be linked to the existing user or new user will be created). emailAddress * run reconciliation for DB resource (this scenario expects that you have configured object template which will provide creation of accoun in your LDAP) If you have some other questions or something does not work as expected, please let me know. Hope this will help you, with kind regards, Katarina Valalikova ----- Original Message ----- From: "Martin Lízner - AMI Praha a.s." To: "midPoint General Discussion" Sent: Tuesday, March 31, 2015 2:24:05 PM Subject: Re: [midPoint] Ad-hoc Reconciliation Hi Ivan, I would say that most of the users coming from DB will have account in LDAP. Yes, email would be pairing attribute. This sounds like perfect scenario for correlation via synchro or reconc, but again I need to lookup in the resource (in order to get DN), not in midPoint :-) Martin Lízner solution architect gsm: [+420] 737 745 571 e-mail: martin.lizner at ami.cz AMI Praha a.s. Pláničkova 11 162 00 Praha 6 tel.: [+420] 274 783 239 web: www.ami.cz Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s. jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu. 2015-03-31 14:19 GMT+02:00 Ivan Noris < ivan.noris at evolveum.com > : Hi Martin, is every user that is being synced from DB and created in midPoint expected to have existing account in LDAP? Do you have the same value of email attribute in midPoint and LDAP? I. On 03/31/2015 02:13 PM, Martin Lízner - AMI Praha a.s. wrote:
Hi guys, Im in situation that I have one really big LDAP with no changelog, which can be full reconciled e.g. every 24 hours. I got new identities being synced from DB resource every minute or so. Right after new DB user is created in midPoint I need to adhoc reconcile this user with LDAP resource. I can lookup user via email attribute, dont know LDAP DN yet. I guess that typical correlation logic in synchronization wont help me here, since I need to query resource, not IdM. I came to these two solutions, but I dont know how to implement them in midPoint. And maybe there is better way... 1. Query resource objects in LDAP connector. Using standard ldap filter with email=XXX and fetching DN => linking to midpoint User. Im not sure if midPoint can do these queries yet. 2. Query shadow objects in midPoint repo. These would have been loaded in last reconc. It wouldnt be 100% online, but might work for my business case. Unfortunatelly, I havent found how to extend shadow schema in the doc :-( Please help, if you can :-) Regards, Martin Martin Lízner solution architect gsm: [+420] 737 745 571 e-mail: martin.lizner at ami.cz AMI Praha a.s. Pláničkova 11 162 00 Praha 6 tel.: [+420] 274 783 239 web: www.ami.cz Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s. jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu. _______________________________________________ midPoint mailing list midPoint at lists.evolveum.com http://lists.evolveum.com/mailman/listinfo/midpoint -- Ing. Ivan Noris Senior Identity Management Engineer & IDM Architect evolveum.com evolveum.com/blog/ ___________________________________________________ "Semper Id(e)M Vix." _______________________________________________ midPoint mailing list midPoint at lists.evolveum.com http://lists.evolveum.com/mailman/listinfo/midpoint
_______________________________________________ midPoint mailing list midPoint at lists.evolveum.com http://lists.evolveum.com/mailman/listinfo/midpoint -------------- next part -------------- An HTML attachment was scrubbed... URL: From oleksandr.bodriagov at polystar.com Fri Apr 10 16:37:28 2015 From: oleksandr.bodriagov at polystar.com (Oleksandr Bodriagov (Polystar)) Date: Fri, 10 Apr 2015 14:37:28 +0000 Subject: [midPoint] roles, objects and permissions in midPoint Message-ID: Hi, I have a question about roles, permissions, and objects in midPoint. According to NIST, "a role is essentially a collection of permissions", and permissions are relationships between operations and objects. MidPoint gives ability to define users, roles, and resources. It is not clear though how to define objects. Our use case is as follows. We have a few RESTful web services to which we would like to control access using midpoint and our own access control server. Our permissions in this case would be something like: - read data from https://server1.com/whateever - modify report at https://server2.com/profile/whatever - read report at https://server2.com/profile/whatever So, we have operations {read, modify, delete, ...} and objects {https://server1.com/whateever, https://server2.com/profile/whatever, ...}. We do not want midpoint to retrieve any information out of server1 or server2 whatsoever. Let's say that server1 and serever2 contain only financial information. Our access control server receives a question if a user is allowed to perform some operation over some object. To answer this question the server should get user's permissions from midPoint using its REST API. We have setup a midPoint server with an embedded database. We have added users and roles, but we have no idea how to add our objects (simple URLs). There is a notion of Resource in midPoint. It seems that resources are only used for propagation of users and roles from external databases or directories. Consequently, resource is not the same as RBAC object. How should RBAC permission and objects be defined? Thank you in advance for your help. Best regards, Alex -------------- next part -------------- An HTML attachment was scrubbed... URL: From radovan.semancik at evolveum.com Mon Apr 13 08:41:20 2015 From: radovan.semancik at evolveum.com (Radovan Semancik) Date: Mon, 13 Apr 2015 08:41:20 +0200 Subject: [midPoint] roles, objects and permissions in midPoint In-Reply-To: References: Message-ID: <552B6510.4060807@evolveum.com> Hi, The crucial issue here is that midPoint is not an authorization server. MidPoint is a provisioning system. Therefore the primary goal of roles in midPoint is to manage access control mechanisms in other system (e.g. LDAP groups, SAP roles, etc.) MidPoint is NOT designed to make access control decisions for other systems. Side note: midPoint is not designed to make access control decisions for other systems. But it is designed to make access control decisions for its own data structures. And it does that well. Which perhaps caused this confusion. And this brings a simple answer to your first question: Object in midPoint is in fact any midPoint object (resource, role, org, user, etc.). But it has to be a midPoint object. It cannot be external object. It also does not make much sense for midPoint to act as an authorization server for other systems directly. Provisioning systems are quite complex and therefore they have performance limits. It is bast to keep provisioning systems to do what they does best: manage data. And let other systems to store, replicate and provide the data. E.g. directory servers. If you want to make access control decisions for other systems that you need to add authorization server to your IAM solution (see https://wiki.evolveum.com/display/midPoint/Enterprise+Identity+Management). If your case is simple then any LDAP server could play this role. Just express the authorization statements in an LDAP attribute, e.g. in a form: dn: uid=foo,ou=people,dc=example,dc=com ... myAutz: server1:read:data myAutz: server1:modify:report myAutz: server2:read:report In this simple case your applications can act as policy enforcement points. E.g. they will check the value of myAutz attribute and decide if the user is authorized or not. And midPoint can manage this attribute. E.g. there may be a midPoint role "Report administrator" that will set value "*:modify:report" to the myAutz attribute. The LDAP directory will add performance and reliability to the solution. MidPoint will add manageability (e.g. who has permission to assign "Report administrator" role? and to whom? for how long? who has to approve?). This is the usual way IAM systems are built. Simple, but efficient. If you need something more complex then your best chance is to look for a fully-blown authorization system and add that to the solution as well. E.g. Apache Fortress might be a good choice: https://directory.apache.org/fortress/ -- Radovan Semancik Software Architect evolveum.com On 04/10/2015 04:37 PM, Oleksandr Bodriagov (Polystar) wrote: > > Hi, > > > I have a question about roles, permissions, and objects in midPoint. > According to NIST, “a role is essentially a collection of > permissions”, and permissions are relationships between operations and > objects. MidPoint gives ability to define users, roles, and resources. > It is not clear though how to define objects. > > Our use case is as follows. We have a few RESTful web services to > which we would like to control access using midpoint and our own > access control server. Our permissions in this case would be something > like: > > - read data from https://server1.com/whateever > > - modify report at https://server2.com/profile/whatever > > - read report at https://server2.com/profile/whatever > > So, we have operations {read, modify, delete, …} and objects > {https://server1.com/whateever, https://server2.com/profile/whatever, > …}. We do not want midpoint to retrieve any information out of server1 > or server2 whatsoever. Let’s say that server1 and serever2 contain > only financial information. Our access control server receives a > question if a user is allowed to perform some operation over some > object. To answer this question the server should get user's > permissions from midPoint using its REST API. We have setup a midPoint > server with an embedded database. We have added users and roles, but > we have no idea how to add our objects (simple URLs). There is a > notion of Resource in midPoint. It seems that resources are only used > for propagation of users and roles from external databases or > directories. Consequently, resource is not the same as RBAC object. > > > How should RBAC permission and objects be defined? Thank you in > advance for your help. > > > Best regards, > > Alex > > > > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > http://lists.evolveum.com/mailman/listinfo/midpoint -------------- next part -------------- An HTML attachment was scrubbed... URL: From oleksandr.bodriagov at polystar.com Thu Apr 16 10:09:20 2015 From: oleksandr.bodriagov at polystar.com (Oleksandr Bodriagov (Polystar)) Date: Thu, 16 Apr 2015 08:09:20 +0000 Subject: [midPoint] roles, objects and permissions in midPoint In-Reply-To: <552B6510.4060807@evolveum.com> References: <552B6510.4060807@evolveum.com> Message-ID: Hi Radovan, Thank you very much for your profound answer! As you say, MidPoint is so good at identity management that I mixed it up with an IAM server :) Best regards, Oleksandr From: Radovan Semancik > Reply-To: midPoint General Discussion > Date: Monday 13 April 2015 08:41 To: "midpoint at lists.evolveum.com" > Subject: Re: [midPoint] roles, objects and permissions in midPoint Hi, The crucial issue here is that midPoint is not an authorization server. MidPoint is a provisioning system. Therefore the primary goal of roles in midPoint is to manage access control mechanisms in other system (e.g. LDAP groups, SAP roles, etc.) MidPoint is NOT designed to make access control decisions for other systems. Side note: midPoint is not designed to make access control decisions for other systems. But it is designed to make access control decisions for its own data structures. And it does that well. Which perhaps caused this confusion. And this brings a simple answer to your first question: Object in midPoint is in fact any midPoint object (resource, role, org, user, etc.). But it has to be a midPoint object. It cannot be external object. It also does not make much sense for midPoint to act as an authorization server for other systems directly. Provisioning systems are quite complex and therefore they have performance limits. It is bast to keep provisioning systems to do what they does best: manage data. And let other systems to store, replicate and provide the data. E.g. directory servers. If you want to make access control decisions for other systems that you need to add authorization server to your IAM solution (see https://wiki.evolveum.com/display/midPoint/Enterprise+Identity+Management). If your case is simple then any LDAP server could play this role. Just express the authorization statements in an LDAP attribute, e.g. in a form: dn: uid=foo,ou=people,dc=example,dc=com ... myAutz: server1:read:data myAutz: server1:modify:report myAutz: server2:read:report In this simple case your applications can act as policy enforcement points. E.g. they will check the value of myAutz attribute and decide if the user is authorized or not. And midPoint can manage this attribute. E.g. there may be a midPoint role "Report administrator" that will set value "*:modify:report" to the myAutz attribute. The LDAP directory will add performance and reliability to the solution. MidPoint will add manageability (e.g. who has permission to assign "Report administrator" role? and to whom? for how long? who has to approve?). This is the usual way IAM systems are built. Simple, but efficient. If you need something more complex then your best chance is to look for a fully-blown authorization system and add that to the solution as well. E.g. Apache Fortress might be a good choice: https://directory.apache.org/fortress/ -- Radovan Semancik Software Architect evolveum.com On 04/10/2015 04:37 PM, Oleksandr Bodriagov (Polystar) wrote: Hi, I have a question about roles, permissions, and objects in midPoint. According to NIST, "a role is essentially a collection of permissions", and permissions are relationships between operations and objects. MidPoint gives ability to define users, roles, and resources. It is not clear though how to define objects. Our use case is as follows. We have a few RESTful web services to which we would like to control access using midpoint and our own access control server. Our permissions in this case would be something like: - read data from https://server1.com/whateever - modify report at https://server2.com/profile/whatever - read report at https://server2.com/profile/whatever So, we have operations {read, modify, delete, ...} and objects {https://server1.com/whateever, https://server2.com/profile/whatever, ...}. We do not want midpoint to retrieve any information out of server1 or server2 whatsoever. Let's say that server1 and serever2 contain only financial information. Our access control server receives a question if a user is allowed to perform some operation over some object. To answer this question the server should get user's permissions from midPoint using its REST API. We have setup a midPoint server with an embedded database. We have added users and roles, but we have no idea how to add our objects (simple URLs). There is a notion of Resource in midPoint. It seems that resources are only used for propagation of users and roles from external databases or directories. Consequently, resource is not the same as RBAC object. How should RBAC permission and objects be defined? Thank you in advance for your help. Best regards, Alex _______________________________________________ midPoint mailing list midPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint -------------- next part -------------- An HTML attachment was scrubbed... URL: From radovan.semancik at evolveum.com Fri Apr 24 11:32:41 2015 From: radovan.semancik at evolveum.com (Radovan Semancik) Date: Fri, 24 Apr 2015 11:32:41 +0200 Subject: [midPoint] MidPoint 3.1.1 "Sinan Update 1" released Message-ID: <553A0DB9.2020001@evolveum.com> The Evolveum team is proud to announce the release of midPoint version 3.1.1. The version family 3.1.x code-named Sinan follows in the same spirit as the previous release to establish MidPoint as a feature-complete and comprehensive IDM system. The "Sinan" releases are primarily aimed at usability and performance. MidPoint 3.1.1 brings quality improvements and a couple of minor features. It introduces support for Python scripting, user interface improvements and schema improvements. But the most important feature is the support for lookup tables. The values of individual fields can be constrained to a set of pre-defined values. This feature is properly supported in user interface which provides a value selection to the user. For more information about the Sinan Update 1 release please see release notes at http://wiki.evolveum.com/display/midPoint/Release+3.1.1 About MidPoint MidPoint is a comprehensive open-source identity provisioning system. It is a system that synchronizes several identity repositories, manages them and makes them available in unified form. It handles identity provisioning, identity synchronization, identity workflow automation, it implements advanced access control models, enforces policies and provides numerous features in the field of enterprise and Internet identity management. The development process of midPoint is pragmatic and open, it focuses on usability and solutions to the practical identity management challenges. For more information please see http://midpoint.evolveum.com/ About Evolveum Evolveum is a company committed to develop creative, open and - most importantly - working software. We work hard to continually improve the software in a creative way. All software that we develop is open-source using completely open development process. The software is created with one critical goal in mind: usability. The software must work, it must be efficient solution to an existing problem, the software must provide value. Evolveum works in a close cooperation with partners and volunteer contributors to make this possible. For more details please see http://evolveum.com/ -- Radovan Semancik Software Architect evolveum.com From jeverling at bshp.edu Tue Apr 28 17:12:04 2015 From: jeverling at bshp.edu (Jason Everling) Date: Tue, 28 Apr 2015 10:12:04 -0500 Subject: [midPoint] Multiple filters for notification Message-ID: So into my final setup and 3.1.1 looks like it will be the one we move to production and when I was setting up notifications I totally forgot about faculty/staff and how they would be notified. I have my general new account notifiers filtered out already but I was looking at the new type that Pavol had created for itemPath specific, So here is my notification and I need to only make sure this goes out for a person with a specific attribute like eduPersonAffiliation = student . How would I add another filter on top of what is already there? Thanks Again! Account Modified success -- CONFIDENTIALITY NOTICE: This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mederly at evolveum.com Tue Apr 28 18:48:37 2015 From: mederly at evolveum.com (Pavol Mederly) Date: Tue, 28 Apr 2015 18:48:37 +0200 Subject: [midPoint] Multiple filters for notification In-Reply-To: References: Message-ID: <553FB9E5.2070803@evolveum.com> Hello Jason, I'm not sure I understand you correctly. If you want to add another condition (e.g. eduPersonAffiliation = student), you can simply add it to the section of your existing filter (via "&&" written in XML as &&). Or you can use another , just before or after the one you have there. Hope this helps, Pavol On 28. 4. 2015 17:12, Jason Everling wrote: > So into my final setup and 3.1.1 looks like it will be the one we move > to production and when I was setting up notifications I totally forgot > about faculty/staff and how they would be notified. I have my general > new account notifiers filtered out already but I was looking at the > new type that Pavol had created for itemPath specific, > > So here is my notification and I need to only make sure this goes out > for a person with a specific attribute like eduPersonAffiliation = > student . How would I add another filter on top of what is already there? > > Thanks Again! > > > > > > > Account Modified > success > > > > > > > > > > > CONFIDENTIALITY NOTICE: > This e-mail together with any attachments is proprietary and > confidential; intended for only the recipient(s) named above and may > contain information that is privileged. You should not retain, copy or > use this e-mail or any attachments for any purpose, or disclose all or > any part of the contents to any person. Any views or opinions > expressed in this e-mail are those of the author and do not represent > those of the Baptist School of Health Professions. If you have > received this e-mail in error, or are not the named recipient(s), you > are hereby notified that any review, dissemination, distribution or > copying of this communication is prohibited by the sender and to do so > might constitute a violation of the Electronic Communications Privacy > Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender > and delete this e-mail and any attachments from your computer. > > > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > http://lists.evolveum.com/mailman/listinfo/midpoint -------------- next part -------------- An HTML attachment was scrubbed... URL: From jeverling at bshp.edu Tue Apr 28 19:21:39 2015 From: jeverling at bshp.edu (Jason Everling) Date: Tue, 28 Apr 2015 12:21:39 -0500 Subject: [midPoint] Multiple filters for notification In-Reply-To: <553FB9E5.2070803@evolveum.com> References: <553FB9E5.2070803@evolveum.com> Message-ID: Hah! So simple, I think I got it, tested it and seems to be working but would like your opinion if it looks correct, event.isRelatedToItem(new com.evolveum.midpoint.prism.path.ItemPath("activation", "administrativeStatus")) && basic.getExtensionPropertyValue(requestee, ' http://www.bshp.edu/xml/ns/public/bshp', 'eduPersonAffiliation') == 'student' JASON On Tue, Apr 28, 2015 at 11:48 AM, Pavol Mederly wrote: > Hello Jason, > > I'm not sure I understand you correctly. > > If you want to add another condition (e.g. eduPersonAffiliation = > student), you can simply add it to the section of your existing > filter (via "&&" written in XML as &&). > Or you can use another , just before or after the one > you have there. > > Hope this helps, > Pavol > > > On 28. 4. 2015 17:12, Jason Everling wrote: > > So into my final setup and 3.1.1 looks like it will be the one we move to > production and when I was setting up notifications I totally forgot about > faculty/staff and how they would be notified. I have my general new account > notifiers filtered out already but I was looking at the new type that Pavol > had created for itemPath specific, > > So here is my notification and I need to only make sure this goes out > for a person with a specific attribute like eduPersonAffiliation = student > . How would I add another filter on top of what is already there? > > Thanks Again! > > > > > > > Account Modified > success > > > > > > > > > > > CONFIDENTIALITY NOTICE: > This e-mail together with any attachments is proprietary and confidential; > intended for only the recipient(s) named above and may contain information > that is privileged. You should not retain, copy or use this e-mail or any > attachments for any purpose, or disclose all or any part of the contents to > any person. Any views or opinions expressed in this e-mail are those of the > author and do not represent those of the Baptist School of Health > Professions. If you have received this e-mail in error, or are not the > named recipient(s), you are hereby notified that any review, dissemination, > distribution or copying of this communication is prohibited by the sender > and to do so might constitute a violation of the Electronic Communications > Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the > sender and delete this e-mail and any attachments from your computer. > > > _______________________________________________ > midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint > > > > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > http://lists.evolveum.com/mailman/listinfo/midpoint > > -- CONFIDENTIALITY NOTICE: This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mederly at evolveum.com Wed Apr 29 11:29:43 2015 From: mederly at evolveum.com (Pavol Mederly) Date: Wed, 29 Apr 2015 11:29:43 +0200 Subject: [midPoint] Multiple filters for notification In-Reply-To: References: <553FB9E5.2070803@evolveum.com> Message-ID: <5540A487.5060406@evolveum.com> Hello Jason, yes, it seems correct. :-) Pavol On 28. 4. 2015 19:21, Jason Everling wrote: > Hah! So simple, I think I got it, tested it and seems to be working > but would like your opinion if it looks correct, > > > event.isRelatedToItem(new > com.evolveum.midpoint.prism.path.ItemPath("activation", > "administrativeStatus")) && > basic.getExtensionPropertyValue(requestee, > 'http://www.bshp.edu/xml/ns/public/bshp', 'eduPersonAffiliation') == > 'student' > > > JASON > > On Tue, Apr 28, 2015 at 11:48 AM, Pavol Mederly > wrote: > > Hello Jason, > > I'm not sure I understand you correctly. > > If you want to add another condition (e.g. eduPersonAffiliation = > student), you can simply add it to the section of your > existing filter (via "&&" written in XML as &&). > Or you can use another , just before or after > the one you have there. > > Hope this helps, > Pavol > > > On 28. 4. 2015 17:12, Jason Everling wrote: >> So into my final setup and 3.1.1 looks like it will be the one we >> move to production and when I was setting up notifications I >> totally forgot about faculty/staff and how they would be >> notified. I have my general new account notifiers filtered out >> already but I was looking at the new type that Pavol had created >> for itemPath specific, >> >> So here is my notification and I need to only make sure this goes >> out for a person with a specific attribute like >> eduPersonAffiliation = student . How would I add another filter >> on top of what is already there? >> >> Thanks Again! >> >> >> >> >> >> >> Account Modified >> success >> >> >> >> >> >> >> >> >> >> >> CONFIDENTIALITY NOTICE: >> This e-mail together with any attachments is proprietary and >> confidential; intended for only the recipient(s) named above and >> may contain information that is privileged. You should not >> retain, copy or use this e-mail or any attachments for any >> purpose, or disclose all or any part of the contents to any >> person. Any views or opinions expressed in this e-mail are those >> of the author and do not represent those of the Baptist School of >> Health Professions. If you have received this e-mail in error, or >> are not the named recipient(s), you are hereby notified that any >> review, dissemination, distribution or copying of this >> communication is prohibited by the sender and to do so might >> constitute a violation of the Electronic Communications Privacy >> Act, 18 U.S.C. section 2510-2521. Please immediately notify the >> sender and delete this e-mail and any attachments from your >> computer. >> >> >> _______________________________________________ >> midPoint mailing list >> midPoint at lists.evolveum.com >> http://lists.evolveum.com/mailman/listinfo/midpoint > > > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > http://lists.evolveum.com/mailman/listinfo/midpoint > > > > > > CONFIDENTIALITY NOTICE: > This e-mail together with any attachments is proprietary and > confidential; intended for only the recipient(s) named above and may > contain information that is privileged. You should not retain, copy or > use this e-mail or any attachments for any purpose, or disclose all or > any part of the contents to any person. Any views or opinions > expressed in this e-mail are those of the author and do not represent > those of the Baptist School of Health Professions. If you have > received this e-mail in error, or are not the named recipient(s), you > are hereby notified that any review, dissemination, distribution or > copying of this communication is prohibited by the sender and to do so > might constitute a violation of the Electronic Communications Privacy > Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender > and delete this e-mail and any attachments from your computer. > > > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > http://lists.evolveum.com/mailman/listinfo/midpoint -------------- next part -------------- An HTML attachment was scrubbed... URL: