Re: [scim] User extension for not valid before / after ?
Danny Mayer <mayer@pdmconsulting.net> Wed, 07 September 2022 20:27 UTC
Return-Path: <mayer@pdmconsulting.net>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9753DC1526E2 for <scim@ietfa.amsl.com>; Wed, 7 Sep 2022 13:27:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.104
X-Spam-Level:
X-Spam-Status: No, score=-1.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, RDNS_NONE=0.793, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_PERMERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TzVgi-1LgxIL for <scim@ietfa.amsl.com>; Wed, 7 Sep 2022 13:27:11 -0700 (PDT)
Received: from chessie.everett.org (unknown [IPv6:2001:470:1:205::234]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA024C15258B for <scim@ietf.org>; Wed, 7 Sep 2022 13:27:08 -0700 (PDT)
Received: from [192.168.1.156] (pool-108-26-202-2.bstnma.fios.verizon.net [108.26.202.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by chessie.everett.org (Postfix) with ESMTPSA id 4MNDLt1hgDzMPm9; Wed, 7 Sep 2022 20:27:02 +0000 (UTC)
Message-ID: <686539d5-871d-7682-801f-7346c9bf78cf@pdmconsulting.net>
Date: Wed, 07 Sep 2022 16:26:59 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.13.0
Content-Language: en-US
To: Yoann Gini <y@bravas.io>, scim@ietf.org
References: <CAKzrJhZ=soh18bXSn7sR=q66mqG=vK0q5ebj4Efx_a2H26V1jQ@mail.gmail.com>
From: Danny Mayer <mayer@pdmconsulting.net>
In-Reply-To: <CAKzrJhZ=soh18bXSn7sR=q66mqG=vK0q5ebj4Efx_a2H26V1jQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/3FxqW-6g_houyzzD9nMXA_YXa4A>
Subject: Re: [scim] User extension for not valid before / after ?
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Sep 2022 20:27:17 -0000
This gets into the issue of what's confidential information for HR systems. I did send out a message about some of that but it hasn't really been discussed. I can probably dig it back out. You also really need to understand the privacy requirements of different countries and the EU. Danny On 9/7/22 9:56 AM, Yoann Gini wrote: > Hello, > > I'm new to this mailing list so I will quickly introduce myself. I'm > Yoann Gini, CTO of a french startup called Bravas who just raised > money to build an MDM+IDP all in once, with a big focus on > passwordless and modern management for SMBs. > > One of our main work will be to work with SCIM as server to get > identities from HRIS and as client to push them in cascade to all > federated services. > > One of the issues we have right now is the need for us to know the > validity window of an EnterpriseUser. > > For audit purposes and identity lifecycle we consider that all > EnterpriseUser in our solution need to have a some attributes defining > the contract start date and end date. Some kind of "not valid before" > and "not valid after". > > Which can also be extended in depth with hold window, for example with > birth vacations, when someone is not supposed to work for a long > period of time but still employed, the not valid before/after dates > does not change, but we may want to add an "on hold" overlay for that > vacation time. > > This is not covered by User or EnterpriseUser scheme, and I do not see > other scheme at all here https://www.iana.org/assignments/scim/scim.xhtml > > Is this kind of need already covered by a Draft? If yes, where to find > it/them? If not, do some people here want to collaborate on something? > > And since I'm new to this list, if this is not the correct way to > question existing work in progress on specific topics like that, let > me know how and where I should ask. > > Best regards > Yoann Gini > > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim
- [scim] User extension for not valid before / afte… Yoann Gini
- Re: [scim] User extension for not valid before / … Phillip Hunt
- Re: [scim] User extension for not valid before / … Danny Mayer
- Re: [scim] User extension for not valid before / … Radovan Semancik
- Re: [scim] User extension for not valid before / … Yoann Gini
- Re: [scim] User extension for not valid before / … Phillip Hunt