IETF Logo Mail Archive

Re: [scim] SCIM v3?

Darran Rolls <me@darranrolls.com> Tue, 09 June 2020 12:27 UTC

Return-Path: <me@darranrolls.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBBEE3A0859 for <scim@ietfa.amsl.com>; Tue, 9 Jun 2020 05:27:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=netorgft6405300.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 58oxlTzPM1RR for <scim@ietfa.amsl.com>; Tue, 9 Jun 2020 05:27:05 -0700 (PDT)
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2113.outbound.protection.outlook.com [40.107.237.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 781703A085A for <scim@ietf.org>; Tue, 9 Jun 2020 05:27:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JOFClUkzxUp80+No4e6yWfR33Sl6Wga/HishWSJynb2w9p+EDT7Tp1Av1AXIqRxGxCOXJXnAjJAdpc0VG8IrzKeMgLIXZr5QaQD37oXeQK1KEjvKQyWmWdw+eMiwhuawn7nTsSOMEkmjXZFqSR5ZEhMySliSesJdk0JHtQKBLckkR5GvKXPggPxTTUUkl7rXFTeg9lesy0I/45W/kngu2YlKqPA2eGuHX5AfZZ7RrYC9iaxOQsuezhYfoiQpDhdWa75OtrW1Ek0PvSVspgtp3Q5b6xicOuze77S7MyP7quwCp1qQgru0SFuAdAvriC8+jXUEJ2ey3X8NOF8VibRxwQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yOdUEswP54zDtylr5wfhl5vZgg5I4hbE6OVc28HqlE4=; b=jgbiTMHqLsmm9y/ytGUZVi/6cJMo2gGGHEsOmFYXicTEpxser61Q7TJZ7gsxJyC2KAnQXCjfYOK5oKtHQ3oH2esxMErTEdoAFttpnUWFbT8WZ4x/auZBTPIuCB+EYiKIjLlBYiRbR2JrMziZGjQK23o4166se/FzVl2aGSCGkpW3qBxl4SOPx96Q1p89JRIA9uYxRsWs8IoHdL2USBWqSu4ocGSlbAuGS6EFny7TGIFDoHQ9I8EOAKgnd/EjoS7Fr6rNgUv3Ha3v9a+nUoV29G1uuafFZeS9zDJealWZwvCxmg8J46VrlIYFhiP4Sr2Dj1lm6Ck+abzqzMSPSsvV7g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=darranrolls.com; dmarc=pass action=none header.from=darranrolls.com; dkim=pass header.d=darranrolls.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT6405300.onmicrosoft.com; s=selector1-NETORGFT6405300-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yOdUEswP54zDtylr5wfhl5vZgg5I4hbE6OVc28HqlE4=; b=nvz3uoqeLXSkxJoVu/zio0dBVgWYKKdX2CknwlxsIqphUK5hWkZRMzq1lgDagF0mbctfRZZbAzBtTrdStp1XMu/VoPGHUP4hvUucl6dUwdZ62fDLIaH1IHIY4ni8eIJZvSoIou68Q0Wv112vWxPFHWa93a6GEXP1CHhPykBuShYb4I4+AIOgqh6pJQRm+IpA5rNownMBIcSe786A3btDdyHabDaku0jyrse8/Dm5r3HeWPzT16k7tIXYAp6y5dkdmYzJSTXvhIDliQCN/oXACR/tgOB2TYDVBk4dyd6ESaAviC4sF4EtCyOrRNUaHKvuhZAvvHh4HTEjFJNioZ782A==
Received: from DM6PR13MB3868.namprd13.prod.outlook.com (2603:10b6:5:229::13) by DM5PR13MB0988.namprd13.prod.outlook.com (2603:10b6:3:77::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3088.10; Tue, 9 Jun 2020 12:27:02 +0000
Received: from DM6PR13MB3868.namprd13.prod.outlook.com ([fe80::4d43:75e3:341c:20bb]) by DM6PR13MB3868.namprd13.prod.outlook.com ([fe80::4d43:75e3:341c:20bb%3]) with mapi id 15.20.3088.017; Tue, 9 Jun 2020 12:27:02 +0000
From: Darran Rolls <me@darranrolls.com>
To: "scim@ietf.org" <scim@ietf.org>
Thread-Topic: [scim] SCIM v3?
Thread-Index: AQHWPCYIftrO9ji/AUueiiOD1vRo+qjL+hAAgAJs2wCAABHxgIAAalKAgAAIlQCAAPqsgA==
Date: Tue, 09 Jun 2020 12:27:01 +0000
Message-ID: <21CF422B-4F2F-41E6-AC48-9B37929A5E25@darranrolls.com>
References: <F4D06C51-8D39-4AA3-83B0-6D6982C451C7@cisco.com> <A9824A60-BFB0-4047-8C09-6328CE497E36@independentid.com> <CA+7VvRZ0HVo_hTk_zx+bt+d5T9T0gue2VeY5tN1haSwG_xA-bg@mail.gmail.com>
In-Reply-To: <CA+7VvRZ0HVo_hTk_zx+bt+d5T9T0gue2VeY5tN1haSwG_xA-bg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=darranrolls.com;
x-originating-ip: [70.113.56.33]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: bc9e99c6-b394-4ce7-12ab-08d80c7069a5
x-ms-traffictypediagnostic: DM5PR13MB0988:
x-microsoft-antispam-prvs: <DM5PR13MB09885858AE491D0A1D810E94D9820@DM5PR13MB0988.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 042957ACD7
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: k9bSMnuGlT8a+TwD3KdOBK6hyXR/WHldWLCL0b3JjXplSL1d3D/a/6KhbA7Pa22YD9RoAVev3BgEa1FT+JysrEcfaHtYhZcaOESbDi+y3KbhactXS2O79zCXetyIbYFZefuGInU1ELvgDWhLDeriiWxm7SFR+6ynYrI2Ek9XLSam8BnVDRBlBN32bj2S5mk9RUT4p1UN9gfQ+Yn6KDJQYIcN9056kv4xl+dHzZKOnTAGvMLJ1rFt2WSnFCgZdicWTs8l8JKnG0lsAKm2gcJ5kjUCEBogX7Uwi2JuwacFZCAlwsofEOeP6PF10Z8/qrzWokih0aqerFjBpthAtBh4RKcGtc2Mrhi9Fafol4gZt1kFJtCfeUNCBkGxFNe/T0ZP7mH8aKW+cKGWIrnD9KakFQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR13MB3868.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(376002)(346002)(366004)(39830400003)(396003)(136003)(34096005)(45080400002)(186003)(8936002)(8676002)(316002)(83380400001)(6916009)(71200400001)(5660300002)(966005)(166002)(6486002)(26005)(66446008)(66476007)(66556008)(64756008)(66946007)(36756003)(76116006)(6512007)(33656002)(86362001)(6506007)(508600001)(2906002)(53546011)(2616005)(91956017); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: 6xsH7NoqDK04wp+I0sXGnEne7SY5aK1qReoLLuLBAxrwkvV/6QcbbVqkco5fGZsmtpEFCfH8fkzGdcYem3ApmCZ3S30rJVptE7ty17FIEZZiFDOsoUaL+ZjMrBVmcWOIpts+TR16EkDWhq1ShC0s3M05txQqZi9mFFr3gUP48akb4wT13SwVsz2dZA7jcGDGg3rj44TbdUPKy3lFvmM6c+y9hWEkjknQ1KQF/bCztbdzdfJB+i3VRpY2eOYxEK8Sza+zSBFJ15iAW01tIXWhSATm7y+mK3pjQbl968g+fGTpLNz7itiX/FNiSs3DG8uoIYZhdCQJ6lsUS+hn3vEz6J17P89uVGPb2yxDUqUO3MNhdAVkxXHUtW/xZx7BR5YBXDWgq9sEWbxCQCO4YiPvsnAqQprs5LFiV7Mi/m39NpGjXZIyYkfiXKDkHFsA70GwvT2tEAeWIH7dUrqh2QtEN+bWEKdTRtyfpO1X867wyUs=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_21CF422B4F2F41E6AC489B37929A5E25darranrollscom_"
MIME-Version: 1.0
X-OriginatorOrg: darranrolls.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bc9e99c6-b394-4ce7-12ab-08d80c7069a5
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jun 2020 12:27:01.9429 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bbf44606-e97e-4b29-8c2e-8fa2251fbe00
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: VjPbp602iimmcNjIvOmrnCp0yOErpQi4OjuT5fYl1vYape5ynWCJrpZTGZ4twQWN1D2o+1Ml9hoA3vDshsVOyA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR13MB0988
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/9ho4IKZlI-ny6PNRi24H8goqbpQ>
Subject: Re: [scim] SCIM v3?
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jun 2020 12:27:08 -0000

So, I read lots of interest to restart and contribute – excellent.

In the interest of rapidly moving towards a strawman charter, I’ll take a first pass at what that charter might look like and send it out here for comment.  If no one has any objection, I propose we set a time for an “interest-group call” mid/late next week?  I  know it’s tricky and a little unfair to throw out call times without more prior planning BUT if we can move this along quickly we can catch the IETF 108 train.

So, is there support to hold one of the following times next week for a conversation on that (to be sent) strawman charter?  LMK if anyone feels that’s too tight or unfair for folks that are interested but can’t make it and we can stick to a list-only conversation.

10am Central US Wednesday 24th
11am  Central US Wednesday 24th
---
10am Central US Thursday 25th
11am  Central US Thursday 25th
---
10am Central US Friday 26th
11am  Central US Friday 26th

Thanks
Darran

From: Paul Lanzi <paul@remediant.com>
Date: Monday, June 8, 2020 at 11:30 AM
To: Darran Rolls <me@darranrolls.com>, "scim@ietf.org" <scim@ietf.org>
Subject: Re: [scim] SCIM v3?

Darran, all --

I think a relook at some of the items you mentioned would be great -- count me in!

On this topic:
> Ratification of extension to address Privilege Account Management user cases

We've had some discussions with the SailPoint folks (most notably: David Lee, Matt Domsch and more recently, Adam C) that the current SCIM-PAM API is very specifically focused on supporting password-vault use cases, and doesn't have an allowance for the Just-In-Time PAM approach. Both the Identity Defined Security Alliance (IDSA) and Gartner have recently recognized this approach, and I think it would make sense to further extend the SCIM-PAM proposal to also include the use cases around JIT PAM. I'm happy to help contribute towards the technical work needed to do so.

Thanks,

--Paul
--Co-Founder @ Remediant
[Image removed by sender.]ᐧ

On Mon, Jun 8, 2020 at 8:59 AM Phillip Hunt <phil.hunt@independentid.com<mailto:phil.hunt@independentid.com>> wrote:
Thanks Elliot.

A number of these features including MVA filtering and paging are based on a desire to build front end IDM management UIs to SCIM API providers.

One could say this would begin to move SCIM from a provisioning protocol to a “directory” protocol. Is SCIM Directory a theme that would drive interest in a new charter?
Phil


On Jun 8, 2020, at 2:38 AM, Eliot Lear <lear@cisco.com<mailto:lear@cisco.com>> wrote:
Hi Paul,

As a hanger-on, I like your list.  I don’t see the value in paging, but clearly a great many others do, so I have something to learn.

Eliot


On 8 Jun 2020, at 10:34, Paul Logston <paul.logston@gmail.com<mailto:paul.logston@gmail.com>> wrote:

Hi Darran and Phil,

I am interested in being part of this discussion. I work for a company that regularly uses the SCIM protocol and we have a use for a number of the extensions Darran suggested above.

Best,
Paul

Paul Logston
(510) 755 - 4474
paul.logston@gmail..com<mailto:paul.logston@gmail.com>
linkedin.com/in/paullogston<https://www.linkedin.com/in/paullogston/>



On Sun, Jun 7, 2020 at 3:32 AM Phillip Hunt <phil.hunt@independentid.com<mailto:phil.hunt@independentid.com>> wrote:
Darran

Good to hear!

I am not sure these items require a v3. I believe these all can be done via extensions thus maintaining backwards compatibility.

For example I did submit a proposal for paged attributes based on the current drafts.

https://tools..ietf.org/html/draft-hunt-scim-mv-paging-00<https://tools.ietf..org/html/draft-hunt-scim-mv-paging-00>

I think we have to see if there is sufficient interest to charter a WG and determine interest in specific items.

Another long term issue compliance issues. For this we to find an independent organization to develop and host an interop test suite as compliance testing is not something the IETF does.  This will likely require direct donation of funds and time. This is how things happened for OIDC testing.
Phil Hunt


On Jun 6, 2020, at 10:15 AM, Darran Rolls <me@darranrolls..com<mailto:me@darranrolls.com>> wrote:
Hello SCIM folks,

To introduce myself to the group, up until March of this year I was the CTO at SailPoint and worked with Kelly Grizzle and Matt Domsch on all things identity standards.  I'm now consulting and engaging on various projects around the IAM space.

Having chatted with Leif and Morteza directly, I wanted to bring a discussion back here to the full WG alias.  As several of you will already know, I’d like to formally make a request to re-chartering this WG.  The goal of the WG would be to address the ratification of the following work items:


  *   Protocol /operational enhancements

     *   Multi-value paging & cursor pagination
     *   Relying party user provisioning
     *   Soft Delete
     *   Interop and testing capabilities

  *   New schema to address

     *   Extended HR /user data and related action events
     *   Ratification of extension to address Privilege Account Management user cases

I therefore seek your comments and input on this  proposal.  Are you interested to participate?  What is missing from the above list of work items?  Is there support for an informal interest-group call sometime in the next two weeks?

Thanks
Darran

--
https://www.darranrolls.com<https://www.darranrolls.com/>
LinkedIn<https://www.linkedin.com/in/darran-rolls-068b84> @djrolls<https://twitter.com/djrolls>

_______________________________________________
scim mailing list
scim@ietf.org<mailto:scim@ietf.org>
https://www.ietf.org/mailman/listinfo/scim<https://www.ietf..org/mailman/listinfo/scim>
_______________________________________________
scim mailing list
scim@ietf.org<mailto:scim@ietf.org>
https://www.ietf.org/mailman/listinfo/scim
_______________________________________________
scim mailing list
scim@ietf.org<mailto:scim@ietf.org>
https://www.ietf.org/mailman/listinfo/scim

_______________________________________________
scim mailing list
scim@ietf.org<mailto:scim@ietf.org>
https://www.ietf.org/mailman/listinfo/scim

v2.23.0 | Report a Bug | By Email