Maybe "points out" isn’t the right word, but James is challenging Pat Patterson, Kim Cameron, Dick Hardt and myself to provide feedback on Oracle’s CARML (links to PDF) specification. Can’t not take this bait, can I?

My first impression is that the goals behind it are very laudable: as the Oracle web page on the Identity Governance Framework (IGF) states:

CARML API enables developers to write applications that use identity-related data in a way that conforms to the policies guarding the use of that data.

What I’m not so sure about is that actual (draft) spec lives up to that promise. There seems to be a lot of repetition in terms of how to express identity attributes (the basic concept, of a set of name-value pairs, that I have disagreed with in the past but unfortunately seems to be the self-inflicted state of the art, here and elsewhere in identity land); I see no reason why CARML can’t reuse a lot of other definitions that accomplish that same feature.

And the stuff that’s new is relatively thin. For example, LegalUseRef (on an attribute-level, rather than all-or-nothing level), is just an informal link "for documentation purposes only". Same for QualityStatement.

Having said that, the version of the spec I have looked at it only Draft 3. Let’s see where this goes …