[scim] New charter - strawman draft

Darran Rolls <me@darranrolls.com> Mon, 15 June 2020 12:11 UTC

Return-Path: <me@darranrolls.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C9C03A0D1E for <scim@ietfa.amsl.com>; Mon, 15 Jun 2020 05:11:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=netorgft6405300.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O3rYqCjmmVTu for <scim@ietfa.amsl.com>; Mon, 15 Jun 2020 05:11:56 -0700 (PDT)
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2108.outbound.protection.outlook.com [40.107.94.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 325A23A0D1D for <scim@ietf.org>; Mon, 15 Jun 2020 05:11:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DsyTu7Kzw9ODXwUJ/+BiAS4C1b35IroZwk/dzIwjL8XTrir83Bk5qMF7n2EVyt5LxBq3xdRsMZq7kzZgVQPnGLv4RDTk+mEjSsEGBbp9iVXl2bvcYyq6ReB7R2J/5FzMinFfGhS6MBMSt3o1MaeI1/ecnHIllSmydOP/bo5IdCWeSOab8FOJMgmndN9uAgTIX8fivkW65if7alDyKEdWnB0pOVR0w++GWdtVRqeOTmm7/zBodjroDoJkkHMmkGLZyJ7XrC1QaobuQnm3Oe9+Sg32E0x7F2a9CnjMfMO9MLBloRru9v+NSQIO+UutmneXTNWiP61QRvSrjPas01L5iA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BSdfKYf7AKmc9YyLxaXlZeyFn/xy9GJmWl5oGahHpjk=; b=NrKFKtsRWnxmoNSrDAcIcxsOk1vv7RCkT3cojGK94KB2gxY8e/cmuOmZdkpQQ2vjEqLqnE7DVMGB/QGyrlhCLANbDIddkBA8aMooTIixe3Izvbg9DWDKw9aMXFEBtk5IvVU/Emv6qI6HwvjfoatiK4K97m+UAkI+C8S26sz2G4dxQzZvvhN2+Gs0iL1qT0HG+PuyLgC1ZjEt4DS+e2ld2scPRurtsZwDNGZGcr8ao7JjQvf9JOLEsjZQjRdfFo361XFbgS+P7qaS5pzk0n+k7BKVR5ZWai2jCu2vsMpR9f+NNBKqW1qWsHNNhJcnbhmk23EG4QiHre/O7MH6OPvOEQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=darranrolls.com; dmarc=pass action=none header.from=darranrolls.com; dkim=pass header.d=darranrolls.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT6405300.onmicrosoft.com; s=selector1-NETORGFT6405300-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BSdfKYf7AKmc9YyLxaXlZeyFn/xy9GJmWl5oGahHpjk=; b=LyKlcgf+Y7V8BbYzSRIKEcswmDjdW1Qs94buU7TrisaJlpdsjPAF/0iyNphkHKdXrBpnxNOI8qF4Y9zjo/7l8jfxyIxHaas2nL7POq9NLwshhqOczBKc4p+CsF1S21nebnEvzhk+BkZitB3s4ln2Z9r7BwbBr6yuU6GCoTUwqVDCT7QlHYm1IF4zD/EJiyR7/qEdc14UrV2A1Ctiv3y1n9VvOiMqDESPl75WgRQHUzF9D+XiUA1cZDHZBm5GvNh4mUi7TFqAxD4yJ0SlIgkgiLK58VQDAjSKzCmxN+pZisCgfmhfGqN14OnKlpXiC+PHdoV0VTF1MyFombbwNErR9w==
Received: from DM6PR13MB3868.namprd13.prod.outlook.com (2603:10b6:5:229::13) by DM6PR13MB2619.namprd13.prod.outlook.com (2603:10b6:5:140::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.9; Mon, 15 Jun 2020 12:11:53 +0000
Received: from DM6PR13MB3868.namprd13.prod.outlook.com ([fe80::4d43:75e3:341c:20bb]) by DM6PR13MB3868.namprd13.prod.outlook.com ([fe80::4d43:75e3:341c:20bb%3]) with mapi id 15.20.3109.018; Mon, 15 Jun 2020 12:11:53 +0000
From: Darran Rolls <me@darranrolls.com>
To: "scim@ietf.org" <scim@ietf.org>
Thread-Topic: New charter - strawman draft
Thread-Index: AQHWQw4nnR745/ycdE+Ih5WtBrWJ7Q==
Date: Mon, 15 Jun 2020 12:11:53 +0000
Message-ID: <0A13B544-F6AF-4C7E-99E8-B8DAED528C14@darranrolls.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=darranrolls.com;
x-originating-ip: [70.113.56.33]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ab51a6f3-a5b2-4214-83c5-08d811254a9a
x-ms-traffictypediagnostic: DM6PR13MB2619:
x-microsoft-antispam-prvs: <DM6PR13MB26191246ADA894F8804F4548D99C0@DM6PR13MB2619.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 04359FAD81
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 7kZHcWVo9etFqDgTM+4bsv3AFpTx0AGarzqQT53BTRoavIJmny/sHowWyPPv45QLto9JarrcfJNEs8EuWSzwapQ25qwD7W8tnEa21i4vKNLzY3VTR0728MNlt2AS5wes7DG5KhEx53J8PoFKbaVrmaBGy4/2MIrzj08dhYx6o1FZg2ip/3LGStrz5Mcm51YFQmtcHAzXIcA02A5EsejTybEXowSs3mjKXH1WI1HoSmuYQ1qGSfFZDsy7TY6F2uJoh9/aT0ZHygUpwk8IgGppve9L+9ra+FiQpUlrrciMISbPm6Ur0jqkIKPeOo89CNPcbB1NmKcx7QsG/vr1TKNgYlyQOkfJt/DYEKc4fWLUhGPWpte6wKc1kPdwx8NQwPIWZlDZ7vlBnhmoXNyHpnS4mQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR13MB3868.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(34096005)(376002)(346002)(366004)(396003)(136003)(39830400003)(71200400001)(166002)(26005)(66556008)(66946007)(66476007)(76116006)(91956017)(186003)(316002)(66446008)(64756008)(45080400002)(86362001)(8936002)(6506007)(508600001)(8676002)(6486002)(6512007)(36756003)(2906002)(83380400001)(33656002)(966005)(6916009)(2616005)(5660300002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: v2B2BbmrkSBceiEzV6Pf4qI3rwmGca76S1FjKoEcxlQOkWM8/8crMS2ZnILzljqARpMJVV6UukygVELM2gLLRruU5ht1i/J0kP36/N71MgX7O0Tjmob+RN/A1Q+kVPIDmOJ/7U9fNSBNbDAQOgpLiuS3NkFs/tsBtWv0+k08jHKBwTu65kt3RJ7zcJcaljWCUsShu6kJ+R2lX3gXib1OpKi0FXIdPzRvXE2CKZMQcFxRUdQvyBG82z5tpGJ7g5AtOhmBLAkLSZ49sCxpZ4KkXS0mf6HyeivQN71aLu9JlYmVBTw0jAYMgr+Sl84uNJscSo5Ck4U8SdKKQg9+XFh7FCo98xznpZuuq7HibP9C7TEbagPB8o6v6+fHLfH+MLpLv/2vGoeV3VYkIV2fe89jamy1AJnRa/2SZo6heIrP1xQ3b+Erg8nnvbWA5mtGvP5OOSOZq8t1i0uYKpVxQChnf7xrIJg65TO+jGxT03wz1t4=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_0A13B544F6AF4C7E99E8B8DAED528C14darranrollscom_"
MIME-Version: 1.0
X-OriginatorOrg: darranrolls.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ab51a6f3-a5b2-4214-83c5-08d811254a9a
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jun 2020 12:11:53.3667 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bbf44606-e97e-4b29-8c2e-8fa2251fbe00
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1LOxHBqqtbdMKBMwXK3L0P+/IeNZLrFnmsnWdt3ZKIrxVIdh7levBIfOzb6cwfnexYTTojjMOHRn+6w2szb5QA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR13MB2619
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/LssJ9zdEAz4ROz_dXL41k919Hkk>
Subject: [scim] New charter - strawman draft
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jun 2020 12:11:58 -0000

In readiness for our interest group call on Thursday at 11am central US time, I wanted to throw out a strawman charter statement.  Please review and comment here first:

The System for Cross-domain Identity Management (SCIM) working group is being re-chartered to extend the current SCIM 2.0 specification, further refine its operational capabilities, and enhance the standardization of methods for creating, reading, searching, modifying, and deleting user identities and identity-related objects across
administrative domains.  The goal of this renewed effort is to further the operational simplification of an expanded set of common tasks related to user identity management in services and applications in a growing ecosystem.

The word "Standardize" does not mean that the working group will develop new technologies.  Specifically this working group with look to build upon the existing SCIM 2.0 specification rather than defining any new protocol elements.  The groups new work will be focused on delivering operational protocol enhancements and extending the schema definitions to cover more managed objects and endpoints.  To better support the growing number of commercial and open source implementations of SCIM 2.0, this effort will also focus on delivering new capabilities targeted at  promoting interoperability and enabling the verification and testing of different implementations.
The SCIM working group will initially be directed towards operational protocol enhancements and new schema definitions in the following areas:


  *   Multi-value paging & cursor pagination
  *   Relying party user provisioning
  *   Soft Delete
  *   Extended HR /user data and related action events
  *   Ratification of extensions to address Privilege Account Management user cases

It will follow this work by considering extensions to the protocol and operational model that address the verification the establishment and interoperability between implementations.  When and where necessary, the group will modify and enhance the existing SCIM 2.0 schema and REST-based protocol, but will do so with a focus on backwards compatibility and the goal of adding to rather than breaking an existing SCIM 2.0 implementation.  However, where enhanced interoperability and streamlined operations are necessary, changes may be specified that require updates to an implementation to remain interoperable with this new work.

Finally, the working group will continue to ensure that the SCIM protocol embodies good security practices. Given both the sensitivity of the information being conveyed in SCIM messages and the regulatory requirements regarding the privacy of personally identifiable information, the working group will continue to pay particular attention to issues around authorization, authenticity, and privacy and consider new features targeted at enhanced security for the protocol.
--
Darran Rolls
https://www.darranrolls.com
LinkedIn<https://www.linkedin.com/in/darran-rolls-068b84> @djrolls<https://twitter.com/djrolls>