SPML includes an object ID that is called a PSOIdentifier (PsoID).
OASIS SPML 2.0 specifications recommend that PsoIDs be opaque to a requestor (client). Consequently, Identity Manager uses repository IDs (repoIDs) as PsoIDs when adding PSOs to the system.
A repoID is distinct and it is not meant for presentation to a user. When displaying a PSO to a user, the requestor should use the equivalent of the waveset.accountid or whatever attributes are used in the Identity template to present the object’s ID.
When identifying the PSO (as in a ModifyRequest), the requestor should use the repoID and not the waveset.accountId. Although the requestor can use the waveset.accountId as a PsoID, doing so is not recommended and it might change in a future release. Requestors should try to keep the PsoID opaque.
PSOs use an objectclass attribute to specify the object type. If this attribute is not present when a request is made, Identity Manager allows you to specify and use a “default” object class, such as SPMLUser. Internally, the objectclass value is maintained as an spml2ObjectClass attribute for users. For Identity Manager this attribute must be a user extended attribute. You might not see an spml2ObjectClass attribute for users that existed before you enabled SPML 2.0.