IETF Logo Mail Archive

[scim] Meeting notes - interest group meetup April 7 2021

Pamela Dingle <Pamela.Dingle@microsoft.com> Wed, 07 April 2021 18:17 UTC

Return-Path: <Pamela.Dingle@microsoft.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50B9D3A239A for <scim@ietfa.amsl.com>; Wed, 7 Apr 2021 11:17:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CxntmUsEZGMe for <scim@ietfa.amsl.com>; Wed, 7 Apr 2021 11:17:12 -0700 (PDT)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-eopbgr640130.outbound.protection.outlook.com [40.107.64.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56F243A2360 for <scim@ietf.org>; Wed, 7 Apr 2021 11:17:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g2FJ2NEaZoxEJDO0lo+G20GEX5qbS15eoUI8fc0VRSRXMrwS/luo/+YckbvxCXtIxHT70B6zhVl7T1dXImw5Oy0Yi+CwE/9ZuVUrIIkhB9JP3x+v69L1Sn01up/GJW5JRYu95nPl5u0s1uq6AiTwAaRuIlYHDmIWbxGwUa5btATwOqcIY/514gAmliEzFX+UpFE3CISs4zS72D7TrfA+NTKGQf39udO2lNdnZcu1K0wq5mWMHgLf/ibX6WFz1pw3RXtylgzlow598quVWh/bawyATbIKXM9/RsBJJJsPKjh3rvq382Re4UAdsrEpQUzsBCZ86jPLnu33qQK8FDJv3A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nMno7/1CkU/5p6q8b2Gt7q06TA4/L1AsIGjTgLN441U=; b=aaVNY3dprEtpWMr2IS6R1Z4L8Z6pSl3ZOWcqWS3VOtXflbHUgpH3wbrOIKMZAv1JPDw7PtZ/GVOZUnjcLExMpdkgszb6PEx57SBypR2dQFPXIlKCEXkZA9x1gptZbVZ9NkIb7d3Blra7P2bU56ZzfrNQxvr5/GAU7ghIEpypSdJdk7g3wLkUCKB09DpV5GB0TuiARxs2S+xg9hqaSc3xf+mLKDjA7EeGNzf25lhenNQrCMRbJBZYvMMqzvEsDbDf53BQqwt32aNlIumjXiWkbXCAzhypLTNfNqCfGaq0OjfD+2m4uBNFGWWAfa4QAJt7HPTZRgTiC8zmYx+mU9/9KQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nMno7/1CkU/5p6q8b2Gt7q06TA4/L1AsIGjTgLN441U=; b=RpTibHOwSndPz9zUbh1duJ6SMceOWE7rXvxA6uxDmDfFb5Ih+0lnSP5BbOOS2T2iKwqwSQx1InTDhUhupGOdMB4QUuRoLOelbmM2wzL2PlBxjrPgS8UIDAGbcBe0jVM3X5jJUQnGkJw2iRWKVQ2/Km/JOO5S94KEHiNxcXcEjLw=
Received: from DM5PR00MB0437.namprd00.prod.outlook.com (2603:10b6:4:a0::38) by DM5PR00MB0343.namprd00.prod.outlook.com (2603:10b6:4:9f::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4056.0; Wed, 7 Apr 2021 18:17:00 +0000
Received: from DM5PR00MB0437.namprd00.prod.outlook.com ([fe80::9472:2f73:878a:bbc0]) by DM5PR00MB0437.namprd00.prod.outlook.com ([fe80::9472:2f73:878a:bbc0%5]) with mapi id 15.20.4061.000; Wed, 7 Apr 2021 18:17:00 +0000
From: Pamela Dingle <Pamela.Dingle@microsoft.com>
To: "scim@ietf.org" <scim@ietf.org>
Thread-Topic: Meeting notes - interest group meetup April 7 2021
Thread-Index: AQHXK9hnopXbLn3Mbk2XcqhjlFuX+A==
Date: Wed, 07 Apr 2021 18:16:59 +0000
Message-ID: <DM5PR00MB04370885EF29ACB94C2391A2F6759@DM5PR00MB0437.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2021-04-07T18:16:59.650Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [135.180.32.30]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f08c2ba2-7cbb-4013-efb5-08d8f9f1561b
x-ms-traffictypediagnostic: DM5PR00MB0343:
x-microsoft-antispam-prvs: <DM5PR00MB0343101D87B51FDAF5BF483CF6759@DM5PR00MB0343.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: bNWMape8KY9ydf90x7Keyv9Ysx4fcvjPl5omcZgrXkzw6jYaecNHkagAS+4sUYhZSDj/YY8H1psQSAKCFbWA0r5MLLerGQyFmCFMGzvajxTtY8EgZ4ADC2sZMeciwm8QgaPc3cr1mTtCJmU7/1k8J9u+PgZxSceJMY8h2zz/GNqQs8AwsyZ9mR6IK440rl0alolB/CTUWICtIukGNvBGBrP6XLWb+LzkpzvjK8g5cFc1PzwzC0h20QiUE8a7BV64ksDcE/Cq6ZwSBpCewzUKO1HK+LIbjFh8yKm8fLUjYnBXgg1SL8ytq7Drut13kt6cVZCnZN+FMTZbMqaFPm7bbX15pChVCV4MjQfzFPM+w76bbJ8tDF026RI36IdiLin4ZXblh5mhTZ71O1MUFbKpB/ddFTlrHyF9uSs35zW6/J2Zkeu4bjDuTPLyTiwbCdzf0UQh7yuT7wr5WsLm0T+5bJfZTF2e1v5nNvfzcGtPXt+b/CptNyNGSfNTZ9m47C9Lg+YWhb15LD5LdH9H/Ely6HUaCkira9XFLtjPVNr3P8W2r3W8ISXpeHeQyUA8cxslKUAJFnQUKc3ZRXnCZzvNQO8yVNivrAAj2sfE13UsMGwTBHkZzp1YgFvK5MMc6yhQziZ3sD5tTI3QUhHWYlpXM+po8xOS/h7ISod0MtKsatoO0rF6TpilZ5ng6W1RKuSPi6LXQG0z8/5+zqyknQ5JM9VYiLyVPR+n97FxJgYZXFrKdqmsO3fuGLsHkuCqLfkX
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM5PR00MB0437.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(9686003)(19627405001)(66476007)(66946007)(966005)(91956017)(66446008)(7696005)(10290500003)(64756008)(6506007)(76116006)(66556008)(8676002)(82960400001)(316002)(82950400001)(38100700001)(83380400001)(55016002)(52536014)(186003)(478600001)(71200400001)(2906002)(8936002)(26005)(5660300002)(86362001)(33656002)(8990500004)(6916009)(166002)(15940465004); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: dmL3Nf82KVFT41oosAtnZeQgsW8xcJBt3KWXCrpGv34NkAJI3MeqQcJrSan4Ikb4tgptdcPHW7xm5MFPauvxbEXzCGBJnB0bYJmklBjHv2wDxADo3hDkI4341g9EguihXUnYXW3Ohw4K7f+f4BcPOdGbMOxq08/8m0gofg84eVD1X4amdGiioeJitLlz+LUyXD7MsbhA+dlBgPKbivHoJqXve0062nLJm00FCchAvBll33CEdzm27kCLOlm4jXdKn9WTG/WoRSxwG9OM8pR76h+vlOa9/AIxOx401hID7nkIVDjb1VPF3n51yXsgqbH4lxJq9wJ6mLZZ+nUluAc4Bk+MvO4PpNFtbUiDoumvJJ/LvqbUMb/LoQvwA9J+wUbU0un2SB+IP1SmU1I1BWKmmW2d1TnoOGxNLpvByQbrZxQYZydnr6FBO6pm0aX6u9KlrHVq4Az/oyhDTUkXl3acLMWNGqqEv5TYltSm9epnMkBeruD97aWVjCoe0Ts//SImgLYjQS30BWKWYdYMfKIRFZd+5YZBXyBUeHOA7/2LftKznNdWAqao7ZUCxjwVcw77zSJrL1pk+FpnY1/b03EHntofd2YwAlyfTLw1ymUJGCBMjIZAGFPQI4nty25ZCarPRZ0px0pF9U8ybSF60RLw9gSqQ/g2Q1YOhspWxA7IGUsZpO83IySwYmkQ05WsRzn2K+UaLUacJou3wV8R3oFSxGE24SoBnLdPiHgXMDdUm+sNnf9IGDxK+pLwmBFt2pPo9TeKTa5h0qf2viu03QAT0H7AJsz02Sz3e0kG+se/snx/okWry5bb+lfALXeJoG67leBOa4PVYVhBb5SyVv7IpOVuRsK5bFsn32iiXffUpBSqbTCYMqUwyVK8K0qA6n28gjnAHqxFbatMUoR003achtPE4k7B3MHazOa9xI1cAcj8ONluAf6oPaHZVP1P+WkPfi6sdOGgl3ChVzrYBL9Cma5crz8DC7CJqQSUXWrfZwaI4lXI8EbHOWYXHImwnbBAjsMF4yKE3C8DFiTuirrEf8t7gFk5rhoH5tRN5+D8UiWKj/a1HqgryS6B2n+w4au5ZHOdMsJrZrDhzvtDDI60u8U4G0n5X93dL0vowqTwb7xSv68bI9rP39anPp0mg9fUH182+phWvPb+liBPRPhjGESh/6+lXAwVguKWqsSND8ELc7G1iS2qiZcXOKe8G+PZIXBtgtcvA18D2dYeHKYHmUJL/0EDgJb1HvUabd2RFtM2ohqqJ5kT6wZIyDuYAxz1zvg83UKtkHxKlhMw/H/St/K51uTG/bRDodq97bImbXTEy3qS/FTNUsvrvUxv/umP
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM5PR00MB04370885EF29ACB94C2391A2F6759DM5PR00MB0437namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM5PR00MB0437.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f08c2ba2-7cbb-4013-efb5-08d8f9f1561b
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Apr 2021 18:16:59.9161 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: DGSSoLe5NSbiXTvt3iPT10ed4jChXjgK5VA9LauT8Vmpug15hPHeCMk0zFqHUtsb1SrHsbB80gKO+pNSTeJNrg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR00MB0343
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/7VMlXI6YkPyT5OCYBwBdXyqfaAI>
Subject: [scim] Meeting notes - interest group meetup April 7 2021
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Apr 2021 18:17:17 -0000

Calendar ICS for this SCIM Interest Group is here: https://outlook.live.com/owa/calendar/00000000-0000-0000-0000-000000000000/25ef962b-555f-4781-b533-bfe7be451be8/cid-95C8043F862EFECA/calendar.ics. Next meeting is April 21, 2021.

Meeting Notes - 7 April 2021
 Comment

Github link for these notes: meetings/2021-04-07.md at main · SCIM-Interest-Group/meetings (github.com)<https://github.com/SCIM-Interest-Group/meetings/blob/main/2021/2021-04-07.md>


<https://hackmd.io/7slTTtbGQvyXx5GR5A3JKg#Attendees>
Agenda

  *   Paul/Matt P go through SCIM-PAM draft
  *   Matt D to go through the actions from previous group surveys (a spreadsheet we are calling the SCIM IG Interest List)

<https://hackmd.io/7slTTtbGQvyXx5GR5A3JKg#SCIM-PAM-ietf-draft-Summary>SCIM PAM ietf draft Summary

  *   Paul/Matt note that they are not original authors and hope they do justice to the original draft spec, with apologies and thanks to Kelly Grizzle, et al

     *   Spec link: https://tools.ietf.org/html/draft-grizzle-scim-pam-ext-01
     *   Spec Github page: https://github.com/kelly-grizzle-sp/scim-pam
     *   Presentation link: https://docs.google.com/presentation/d/1qd6pewmf_DXVydtg9siHeQvC5xhnJ4OmqEQcJzoyf9E/edit#slide=id.gc83ee66d31_0_265
  *   Usage: SCIM PAM is in active use in the SCIM PAM Sailpoint connector

     *   Lots of SailPoint customers are using it already
  *   Purpose: The draft helps IGA+PAM solutions to do two things together:

     *   use SCIM to read Privileged Data
     *   Use SCIM to read and modify the access rights to Privileged Data (ACLs)
  *   Paper Cuts

     *   The draft needs a statement of purpose. The draft does 2 things but nobody ever summarizes those things
     *   Reading/writing ACLs is done in a very specific way - opportunity for us as a group is to make this a more generalized standardized SCIM-esque standard
        *   Because there is no authorization in SCIM the draft had to build that functionality
           *   We have the opportunity to build that into SCIM core which would make this draft much more concise
     *   There is no SCIM concept of linking objects.
        *   We have the opportunity to make that pattern more standardized
        *   Linked objects is a generically useful concept that we could make easy
        *   A way to canonically address the authority
           *   Need some kind of way to designate who the canonical authority is for an attribute
     *   Difficult to determine when something has changed in SCIM
        *   Notifications are a problem
           *   Matt D would love to see a webhook-style change mechanism

<https://hackmd.io/7slTTtbGQvyXx5GR5A3JKg#SCIM-2021-Interest-List>SCIM 2021 Interest List

  *   Matt overviewed the items in the list - a combination of existing drafts (including the SCIM-PAM draft we just reviewed today) and also additional ideas
     *   The tentative plan is
        *   Matt to get the list into a format that we can collectively iterate on
        *   We will make topics out of all the items in this meeting

<https://hackmd.io/7slTTtbGQvyXx5GR5A3JKg#Persistent-Questions-for-Future-Meetings-or-to-go-to-the-group>Persistent Questions for Future Meetings (or to go to the group)

* Is multi-value pagination a special case for groups only or a more generic concern?
* Do we need to address only object pagination or is cursor pagination as important?


<https://hackmd.io/7slTTtbGQvyXx5GR5A3JKg#Next-Meeting>Next Meeting:

  *   April 21, 3pm PT
     *   Pam to ask Mark Wahl if he will summarize his draft
     *   More work on the Interest List
     *   Pam to get the plan for sorting videos figured out

v2.14.0 | Report a Bug | By Email