There are two tags to specify on which data source a principal should be created, <homeFor> and <notHomeFor>. The <homeFor> section defines the objects for which the data source is the home data source . The <notHomeFor> section defines the objects for which the data source is not the home data source.
The allowed substructure of the <homeFor> section describes the principals and the namespace-attribute-value triples that distinguish them.
If the sub element <principal type="..."> contains no further sub elements, the data source is home for all principals of this type.
Example: Data source is home for all principals of type USER
<homeFor> <principals> <principal type="user"/> </principals> </homeFor>
You can restrict which principals the data source is home for by specifying a namespace-attribute-value hierarchy as sub element(s) of the principal.
All data sources which are home data sources for this principal type are asked to create a unique id for this principal, but only one data source is allowed to create a unique id for the given principal with its initial attributes. If no data source, or more than one data source return a unique id for a principal that should be created, an error is raised.
Example: Data source is home only for principals of type user in the namespace $serviceUser$ which have the value IS_SERVICEUSER for attribute SERVICEUSER_ATTRIBUTE
<homeFor> <principals> <principal type="USER"> <!--Substructure specified...means home for all principals of type "USER" if they have the namespace attribute value triple ($serviceUser$,SERVICEUSER_ATTRIBUTE,IS_SERVICEUSER) in their initial values --> <nameSpace name="$serviceUser$"> <attribute name="SERVICEUSER_ATTRIBUTE"> <values> <value>IS_SERVICEUSER</value> </values> </attribute> </nameSpace> </principal> </principals> </homeFor>
For examples of how to use the <homeFor> and <notHomeFor> tags, see the following examples: