[scim] Plan for distribution draft for IETF99 Prague
Phil Hunt <phil.hunt@oracle.com> Sun, 07 May 2017 21:49 UTC
Return-Path: <phil.hunt@oracle.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DDE212773A; Sun, 7 May 2017 14:49:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.021
X-Spam-Level:
X-Spam-Status: No, score=-1.021 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QiKm96_fAqNJ; Sun, 7 May 2017 14:49:52 -0700 (PDT)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0CFB5126B7F; Sun, 7 May 2017 14:49:50 -0700 (PDT)
Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v47Lnlbu014621 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 7 May 2017 21:49:48 GMT
Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id v47Lnk0h001186 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 7 May 2017 21:49:47 GMT
Received: from abhmp0015.oracle.com (abhmp0015.oracle.com [141.146.116.21]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id v47LnknK022473; Sun, 7 May 2017 21:49:46 GMT
Received: from [10.0.1.7] (/24.86.190.97) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sun, 07 May 2017 14:49:46 -0700
From: Phil Hunt <phil.hunt@oracle.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_76C4B00E-8E65-49CE-B103-85C8304D3B12"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Message-Id: <AFEAF7F3-A140-4293-934B-9172F4A00BEA@oracle.com>
Date: Sun, 07 May 2017 14:49:44 -0700
Cc: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, "scim@ietf.org WG" <scim@ietf.org>
To: ID Events Mailing List <id-event@ietf.org>
X-Mailer: Apple Mail (2.3273)
X-Source-IP: userv0022.oracle.com [156.151.31.74]
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/95YpuF97m1_zWq9krh1K3Efd0j0>
Subject: [scim] Plan for distribution draft for IETF99 Prague
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 May 2017 21:49:53 -0000
Hi all, Marius and I have been doing a lot of discussion since the last IETF meeting and with various folks. Going forwards, Marius and I plan to do the following: 1. Data Plane - The distribution draft will be cut down to cover the data plane - delivery of events (ietf-hunt-secevents-delivery). It will be expanded to include polling of one or more events via HTTP GET to address firewall use cases. Marius and I believe there is reasonably consensus on this (though some are confused). The distribution draft will cover all cases from SCIM, RISC, and Backchannel Logout. The Data plane will define and describe the Verification event, how it is used and validated for both push and poll. The spec will not cover how or when a transmitter decides to initiate verification as this is assumed to be part of the control plane. Important: The data plane is not and will not be based on SCIM. The objective of this draft is to allow near term implementation and piloting to move forward. Monitoring and automated provisioning will be part of a new draft…. 2. Control Plane - new alternate proposal Marius has offered to produce a new draft (e.g. ietf-scurtescu-secevent-stream-mgmt) as a brand new Control Plane proposal. Since part of the problem with the original proposal was a lack of consensus on the requirements for the control plane, I would encourage discussion on the features of the control plane now. For example: * How a stream is registered/defined (CREATE) * How a stream is validated (verification) * How a stream is monitored including indication of transmission problems (READ) * How a stream configuration can be updated (e.g. credential rotation or endpoint change) (UPDATE) * How a stream can be paused or stopped (UPDATE) * How to delete a stream- (DELETE) * Meta data including issuer and receiver public key sets (e.g. jwks_Uri) * Some generic discussion of credentials for HTTP authentication * From a data perspective: - what event types are in a stream? - what subjects are part of a stream and how are they managed (see use cases) - how is this modelled and managed? - can a receiver inquire if a subject is enrolled? - what are the different identifiers that can be used: subject, email, telephone, etc? * How is the control api extensible to support the various profiling specs that will use the SEC EVENTS control plane draft? ps. I am stepping down from participating as an author or editor in the control plane draft going forwards. Regards, Phil Oracle Corporation, Identity Cloud Services Architect & Standards @independentid www.independentid.com <http://www.independentid.com/>phil.hunt@oracle.com <mailto:phil.hunt@oracle.com>