Re: [scim] User extension for not valid before / after ?
Phillip Hunt <phil.hunt@independentid.com> Fri, 09 September 2022 14:49 UTC
Return-Path: <phil.hunt@independentid.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC8B4C152577 for <scim@ietfa.amsl.com>; Fri, 9 Sep 2022 07:49:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=independentid-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uvbVcg_jhjhP for <scim@ietfa.amsl.com>; Fri, 9 Sep 2022 07:49:20 -0700 (PDT)
Received: from mail-pg1-x532.google.com (mail-pg1-x532.google.com [IPv6:2607:f8b0:4864:20::532]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A077C14F723 for <scim@ietf.org>; Fri, 9 Sep 2022 07:49:19 -0700 (PDT)
Received: by mail-pg1-x532.google.com with SMTP id q9so1780547pgq.6 for <scim@ietf.org>; Fri, 09 Sep 2022 07:49:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=independentid-com.20210112.gappssmtp.com; s=20210112; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date; bh=DyS873A+w5Une17iVsW98/hCQPrYaR9Ust4icGlJoSo=; b=bCC+9fvAj2w130pmiQ6iDj2jktMu1Vb15ai6IyslaYK2aFYoHgoVIe7kvlRQgUE2tK QxqYq+VE8GgkfRFELhZ2bDytu8kHeJ4Safbz/7mLSyPM2kNTlBE03sTH0BBrewl6Co2M ez1DR6YU55iU9QZWiqIOoUSX4s9Up6P7L45kSjJ2Fxt3j1f1qemuFhOpcsct/kh42JaX 9bo/3ADGISdv2acANnowY8M6/1mlp1r4J5luWMF0cgEdb2WMfYqzroj9CNW8E+gxraKM N7noCNv+uWbvZLylDeXoXOaqLFSiGniFVJglOzFYCHTQy/VDE8A78anUGqqW2Pc+qE47 Q23g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date; bh=DyS873A+w5Une17iVsW98/hCQPrYaR9Ust4icGlJoSo=; b=MIT7K8Gfud1BCjnO3LGHqV0N9okC6Uk2ELZs+B1oe5RGhDFBM9dXJco5gxlZ5VE7OK IRdd61VBp2y72Lk+SHrJOM8WsAFDimmB9S3aUtJaxClML6z0i2Gem78ptkEAzmXnoO6d EgWhWBDhdLwBv/0O3bXh4LMsXVt7DAQByvahq+c6eW8N096QzxorOhK1CFOjxbcQ7clv lssVFAQoMcmlBzRkI6SaSW9mii/oniGNx80/OXeFStp2sxGcwQCbHTa06BRS6P5LqJzJ zjz9DoyxR+GaOMNx2ZVWEdDf6hVSfrD5OShLQAzQ0VNsslh8uZ6ObK0ZTs0iUaq3SkQ6 Y6lg==
X-Gm-Message-State: ACgBeo05WJw0O0IfLiegHnfgEwCrp24NCPcXwymTrM+OJr1cN51Z7B4C eRWJuyUpBxzYt+6okxN0ZLpYninwOJsL2g==
X-Google-Smtp-Source: AA6agR7w+8+y3pkMAfnSMdieQfijWq6cb6nnFL/y536nVZB6Hl9Ut9cBUSctUtQRC8ZrHDqGc/6Ayg==
X-Received: by 2002:a05:6a00:e16:b0:537:40a7:b095 with SMTP id bq22-20020a056a000e1600b0053740a7b095mr14731688pfb.64.1662734959125; Fri, 09 Sep 2022 07:49:19 -0700 (PDT)
Received: from smtpclient.apple (d207-6-202-204.bchsia.telus.net. [207.6.202.204]) by smtp.gmail.com with ESMTPSA id l4-20020a170903244400b00172fc5b0764sm532214pls.270.2022.09.09.07.49.18 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 09 Sep 2022 07:49:18 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Phillip Hunt <phil.hunt@independentid.com>
Mime-Version: 1.0 (1.0)
Date: Fri, 09 Sep 2022 07:49:10 -0700
Message-Id: <CBE6D84B-CDA9-4579-8F7E-5606A879D839@independentid.com>
References: <686539d5-871d-7682-801f-7346c9bf78cf@pdmconsulting.net>
Cc: Yoann Gini <y@bravas.io>, scim@ietf.org
In-Reply-To: <686539d5-871d-7682-801f-7346c9bf78cf@pdmconsulting.net>
To: Danny Mayer <mayer@pdmconsulting.net>
X-Mailer: iPhone Mail (19G82)
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/JU6W2m9oN41DmlMM3iguLvN44kA>
Subject: Re: [scim] User extension for not valid before / after ?
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Sep 2022 14:49:23 -0000
Danny Thanks. What has not been clear to me is how “privacy” is enforced in scim… Are we talking about a spec for access control? Or, simply about data that scim makes available to other systems for their use? I know many implementers like i2scim use a variation of ldap acis to enforce access at the attribute level. Phil > On Sep 7, 2022, at 1:27 PM, Danny Mayer <mayer@pdmconsulting.net> wrote: > > This gets into the issue of what's confidential information for HR systems. I did send out a message about some of that but it hasn't really been discussed. I can probably dig it back out. You also really need to understand the privacy requirements of different countries and the EU. > > Danny > >> On 9/7/22 9:56 AM, Yoann Gini wrote: >> Hello, >> >> I'm new to this mailing list so I will quickly introduce myself. I'm Yoann Gini, CTO of a french startup called Bravas who just raised money to build an MDM+IDP all in once, with a big focus on passwordless and modern management for SMBs. >> >> One of our main work will be to work with SCIM as server to get identities from HRIS and as client to push them in cascade to all federated services. >> >> One of the issues we have right now is the need for us to know the validity window of an EnterpriseUser. >> >> For audit purposes and identity lifecycle we consider that all EnterpriseUser in our solution need to have a some attributes defining the contract start date and end date. Some kind of "not valid before" and "not valid after". >> >> Which can also be extended in depth with hold window, for example with birth vacations, when someone is not supposed to work for a long period of time but still employed, the not valid before/after dates does not change, but we may want to add an "on hold" overlay for that vacation time. >> >> This is not covered by User or EnterpriseUser scheme, and I do not see other scheme at all here https://www.iana.org/assignments/scim/scim.xhtml >> >> Is this kind of need already covered by a Draft? If yes, where to find it/them? If not, do some people here want to collaborate on something? >> >> And since I'm new to this list, if this is not the correct way to question existing work in progress on specific topics like that, let me know how and where I should ask. >> >> Best regards >> Yoann Gini >> >> >> _______________________________________________ >> scim mailing list >> scim@ietf.org >> https://www.ietf.org/mailman/listinfo/scim > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim
- [scim] User extension for not valid before / afte… Yoann Gini
- Re: [scim] User extension for not valid before / … Phillip Hunt
- Re: [scim] User extension for not valid before / … Danny Mayer
- Re: [scim] User extension for not valid before / … Radovan Semancik
- Re: [scim] User extension for not valid before / … Yoann Gini
- Re: [scim] User extension for not valid before / … Phillip Hunt