Re: [scim] Question regarding multiple User Stores
Kelly Grizzle <kelly.grizzle@sailpoint.com> Tue, 14 February 2017 18:44 UTC
Return-Path: <kelly.grizzle@sailpoint.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 869D5129547 for <scim@ietfa.amsl.com>; Tue, 14 Feb 2017 10:44:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.788
X-Spam-Level:
X-Spam-Status: No, score=-3.788 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1.887, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sailpoint.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FI-QBhB3weBA for <scim@ietfa.amsl.com>; Tue, 14 Feb 2017 10:44:29 -0800 (PST)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0132.outbound.protection.outlook.com [104.47.41.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87889129570 for <scim@ietf.org>; Tue, 14 Feb 2017 10:44:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sailpoint.onmicrosoft.com; s=selector1-sailpoint-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Gxl7D6PSNlPhIFb2BfPhaBx7kDbM7/eF71nSiIdUFzI=; b=kLFSNNBX/p1Ceon6KowaXmFJQa4SuSHs2hpIw7wRVVtyKDJbLFcRReCZZOOPettBJ3yb7dNcqvzIJrnHdb4py2vBZem1UZlJMW1FUwwkO+2xYMyOF0kPqFeW88cVukuoGwypQhqUaQ+g+OFSq2WxEJW7HQe+cc8UHyw/3Y9NKRY=
Received: from CY1PR04MB2363.namprd04.prod.outlook.com (10.167.10.143) by CY1PR04MB2362.namprd04.prod.outlook.com (10.167.10.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.888.16; Tue, 14 Feb 2017 18:44:27 +0000
Received: from CY1PR04MB2363.namprd04.prod.outlook.com ([10.167.10.143]) by CY1PR04MB2363.namprd04.prod.outlook.com ([10.167.10.143]) with mapi id 15.01.0888.030; Tue, 14 Feb 2017 18:44:27 +0000
From: Kelly Grizzle <kelly.grizzle@sailpoint.com>
To: Gayan Gunawardana <gayan@wso2.com>, "scim@ietf.org" <scim@ietf.org>, Phil Hunt <phil.hunt@oracle.com>
Thread-Topic: [scim] Question regarding multiple User Stores
Thread-Index: AQHSg3KyBjFlMBvWp0+GQNL0wlRiGaFlCMUAgAPT5CA=
Date: Tue, 14 Feb 2017 18:44:27 +0000
Message-ID: <CY1PR04MB2363E529EB9A3C99874440F4E2580@CY1PR04MB2363.namprd04.prod.outlook.com>
References: <CALzgRAD+3WomcF0DwDMimHbMYBbH0io2wNT57A9UbGrD8uK2Jw@mail.gmail.com> <CALzgRAApToje8GrJdkVzw=_ZkMXq546RNvW=Rx7qEVFjzx4ODQ@mail.gmail.com>
In-Reply-To: <CALzgRAApToje8GrJdkVzw=_ZkMXq546RNvW=Rx7qEVFjzx4ODQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kelly.grizzle@sailpoint.com;
x-originating-ip: [2605:ed00:f006:716:19ef:fb08:91bb:1d42]
x-ms-office365-filtering-correlation-id: d105fdf8-1abc-4524-7020-08d455098102
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:CY1PR04MB2362;
x-microsoft-exchange-diagnostics: 1; CY1PR04MB2362; 7:gcUsye4AEpBwXeASPQjj5fc5Y8bd9ZtxiCmVr7pZJYK+SFFvlMSfbxpqfcn1OIgvlrEYjdOff0OEBdIJcCaMhoO7KhA/Q1MrL70IdsEeYJOJW4jaD1E9lA687IQACm7gFgRnxTr3d6g7oV1b9Rm2UY918IKI63ICkh/rGAKigH9jFNy/8VN1nGr2Eqi7lvU/DJkM7bIGLJ2Q1pmpENkrpZAqKFvvsYtUEcADCZPDb0s1VGRYvYXwm4P9z6Xlvpde6eKK0hX0QdcITBnHWs3ghZg1dDO8RduKCZlagzgkpGg/VEiLgtFBcsAS1gD4ysbmQ+lX7gazHlR0TLMnBDv+M+76/L7WJ3FGv3Mlh7x0q0j7Dc7Gc/VHCOAWOQQLGVCMLFRsUcAC2n+j9CMZYDoEh6Kw6d2Erbz9IynolT2Paiw8+7By3yi2OQnPhIyCc5LEy1BfCU5PsvvkVUZfJH8e9QHAv3C8pWCBEnb7YVF4fwn4nqW9ONOA56HPHnbva2DxhWzrNNWCyphL4PfjuQgphg==
x-microsoft-antispam-prvs: <CY1PR04MB23628D4955201621FAF22651E2580@CY1PR04MB2362.namprd04.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(139090996175007)(21748063052155)(146099531331640);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6041248)(20161123562025)(20161123564025)(20161123555025)(20161123558025)(20161123560025)(6072148); SRVR:CY1PR04MB2362; BCL:0; PCL:0; RULEID:; SRVR:CY1PR04MB2362;
x-forefront-prvs: 0218A015FA
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(39450400003)(377454003)(189002)(24454002)(199003)(252514010)(106356001)(53936002)(966004)(76176999)(50986999)(54356999)(8936002)(19609705001)(53376002)(7906003)(6246003)(86362001)(105586002)(106116001)(25786008)(68736007)(81003)(81156014)(81166006)(38730400002)(77096006)(74316002)(7736002)(101416001)(8676002)(2950100002)(6116002)(7696004)(92566002)(790700001)(229853002)(102836003)(6436002)(6506006)(606005)(33656002)(3280700002)(55016002)(99286003)(5660300001)(2906002)(122556002)(97736004)(2501003)(6306002)(9686003)(54896002)(236005)(3660700001)(2900100001)(189998001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR04MB2362; H:CY1PR04MB2363.namprd04.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: sailpoint.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY1PR04MB2363E529EB9A3C99874440F4E2580CY1PR04MB2363namp_"
MIME-Version: 1.0
X-OriginatorOrg: sailpoint.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Feb 2017 18:44:27.2008 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9c848b2a-49ba-4c39-9749-118d06717a84
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR04MB2362
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/4jwkYvd6Wl7kzwhrr5H4ZGQ9qvs>
Subject: Re: [scim] Question regarding multiple User Stores
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Feb 2017 18:44:32 -0000
There are different options here depending on whether it is feasible for the server to present a single /Users endpoint across both stores (for example, can you query, sort, and page between both stores when someone makes a request against /Users). If possible, I would say that it would be preferable to include both under the /Users endpoint. You could define a new attribute in an extended schema that indicates which store the user is a part of. If using a single, unified /Users endpoint is not technically feasible, then you’ll probably need to create a new ResourceType for one of these. --Kelly From: scim [mailto:scim-bounces@ietf.org] On Behalf Of Gayan Gunawardana Sent: Sunday, February 12, 2017 2:13 AM To: scim@ietf.org; Phil Hunt <phil.hunt@oracle.com> Subject: Re: [scim] Question regarding multiple User Stores On Fri, Feb 10, 2017 at 1:22 PM, Gayan Gunawardana <gayan@wso2.com<mailto:gayan@wso2.com>> wrote: For given SCIM implementation if I have multiple user stores underneath. Idea of multiple user stores from organizational perspective, suppose I have LDAP for employee information and separate AD for customer information. How can I list or filter result from customer user store ? Similarly how can I add a user to customer user store ? What is the best way to specify user store domain in the SCIM request? -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: gayan@wso2.com<mailto:gayan@wso2.com> Mobile: +94 (71) 8020933 -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: gayan@wso2.com<mailto:gayan@wso2.com> Mobile: +94 (71) 8020933
- [scim] Question regarding multiple User Stores Gayan Gunawardana
- Re: [scim] Question regarding multiple User Stores Gayan Gunawardana
- Re: [scim] Question regarding multiple User Stores Kelly Grizzle
- Re: [scim] Question regarding multiple User Stores Gayan Gunawardana