Re: [scim] SCIM v3?
Paul Logston <paul.logston@gmail.com> Tue, 09 June 2020 15:49 UTC
Return-Path: <paul.logston@gmail.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEA333A097D for <scim@ietfa.amsl.com>; Tue, 9 Jun 2020 08:49:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1XGVG6qtya3Z for <scim@ietfa.amsl.com>; Tue, 9 Jun 2020 08:49:28 -0700 (PDT)
Received: from mail-il1-x131.google.com (mail-il1-x131.google.com [IPv6:2607:f8b0:4864:20::131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20E5D3A08E5 for <scim@ietf.org>; Tue, 9 Jun 2020 08:49:28 -0700 (PDT)
Received: by mail-il1-x131.google.com with SMTP id 9so20752244ilg.12 for <scim@ietf.org>; Tue, 09 Jun 2020 08:49:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=LLc1ju4AVY9fOIMHuu81CJRzOVoZaXYR+VoDg2VvyWY=; b=BjZ2nB6RS/t8ziraMD+UG1Gp8IJs410BQ28pOHkOBP9vIXZEnT0V+RARfBg8D5R+K9 1joh5NY690fZjfdBW7AHZYnTETU0vUbeoS3U4knL8Gbm1xzUj/I7RmGylM0oMsDlUMaW byNOHfW/mFIEySgdoj804zX1Rr+TUWaBSBYG/JO83YMKCTwBeU0ikoeQHZI9IodaR1a9 amp/bVKXpxMZj+g3s6Iqd433JW7NEQC/AZHmjMTDGOt98l3vbqUC0tpsleZt0uK2hDXv 09XgeGYcwrZMMm2bUMpZgprQCxQ048/eWJ0WgEBebUZuyLcXcYi5G9RaDrI/vkoH3lN8 UHyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LLc1ju4AVY9fOIMHuu81CJRzOVoZaXYR+VoDg2VvyWY=; b=aQdtJEdCJihCLzWz0feZyVUkpC4hBjszUfJbxZ07Bhtt7Q0hwxgn/hn/xKhFNq8rA/ Bdg/zXoAi8utw9RxU4WGhIcAfhVJjnUbggXP5u17N3ZuxqBoMKiMEP22q7ortoXQJ36M I6EzEuk6awcMK2C0QBEcrfiBDLESZoB5HYE7NksUCEStSnFivaYfOTEncsYNgVQxZhrB 0tz3mSwQIeR0/IuPxwQNlT7tKymiz3Fd36lpcZrqMcAQVx9YxCV5u6NKb4DS4/yRmo3p xln2tq3ORvvmF3gY9tFISZgCz6Qjrx9E4jC/RT6VyPFsGN9RpMbl3/y3egg2IFV1UB2t Pzcg==
X-Gm-Message-State: AOAM533RoZI8hY+WmAK1/MBMGz/irxrIKPUHe80uU6IfnWpMUbja2+sr nOvIy3aXyRcqJdTiYp7iT61UHNQrzCArcbwEgaY=
X-Google-Smtp-Source: ABdhPJwYMxCaSJhPuWmldC0X2frgEb5NLCqybZ+8JD4hsQQ264l2UP0wX4/YYDOtmC0S4jKaByDEP+8szjf6s+K8vEA=
X-Received: by 2002:a92:508:: with SMTP id q8mr26156751ile.298.1591717767004; Tue, 09 Jun 2020 08:49:27 -0700 (PDT)
MIME-Version: 1.0
References: <F4D06C51-8D39-4AA3-83B0-6D6982C451C7@cisco.com> <A9824A60-BFB0-4047-8C09-6328CE497E36@independentid.com> <CA+7VvRZ0HVo_hTk_zx+bt+d5T9T0gue2VeY5tN1haSwG_xA-bg@mail.gmail.com> <21CF422B-4F2F-41E6-AC48-9B37929A5E25@darranrolls.com> <DM6PR00MB0666B2889D8D37FDC01316C3A6820@DM6PR00MB0666.namprd00.prod.outlook.com>
In-Reply-To: <DM6PR00MB0666B2889D8D37FDC01316C3A6820@DM6PR00MB0666.namprd00.prod.outlook.com>
From: Paul Logston <paul.logston@gmail.com>
Date: Tue, 09 Jun 2020 23:49:15 +0800
Message-ID: <CAJPJM9+T6GE_zLgfctZ2=anqCmqj0dC8q38xyG7Dtytd50JYuw@mail.gmail.com>
To: Anthony Nadalin <tonynad=40microsoft.com@dmarc.ietf.org>
Cc: Darran Rolls <me@darranrolls.com>, "scim@ietf.org" <scim@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000015c89305a7a8acc3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/SVGxWz5heLYsK-YtTeR4Zmoj9hE>
Subject: Re: [scim] SCIM v3?
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jun 2020 15:49:35 -0000
These times work for me: 10am Central US Wednesday 24th 11am Central US Wednesday 24th --- 10am Central US Thursday 25th 11am Central US Thursday 25th Paul Logston (510) 755 - 4474 paul.logston@gmail.com linkedin.com/in/paullogston <https://www.linkedin.com/in/paullogston/> On Tue, Jun 9, 2020 at 10:39 PM Anthony Nadalin <tonynad= 40microsoft.com@dmarc.ietf.org> wrote: > It may be better to have a bof for ietf 108. I think there are some > updates that could be made to SCIM as we have some things on our list, but > I’m not sure that another directory protocol is what is needed > > > > *From:* scim <scim-bounces@ietf.org> *On Behalf Of * Darran Rolls > *Sent:* Tuesday, June 9, 2020 5:27 AM > *To:* scim@ietf.org > *Subject:* [EXTERNAL] Re: [scim] SCIM v3? > > > > So, I read lots of interest to restart and contribute – excellent. > > > > In the interest of rapidly moving towards a strawman charter, I’ll take a > first pass at what that charter might look like and send it out here for > comment. If no one has any objection, I propose we set a time for an > “interest-group call” mid/late next week? I know it’s tricky and a little > unfair to throw out call times without more prior planning BUT if we can > move this along quickly we can catch the IETF 108 train. > > > > So, is there support to hold one of the following times next week for a > conversation on that (to be sent) strawman charter? LMK if anyone feels > that’s too tight or unfair for folks that are interested but can’t make it > and we can stick to a list-only conversation. > > > > 10am Central US Wednesday 24th > > 11am Central US Wednesday 24th > > --- > > 10am Central US Thursday 25th > > 11am Central US Thursday 25th > > --- > > 10am Central US Friday 26th > > 11am Central US Friday 26th > > > > Thanks > > Darran > > > > *From: *Paul Lanzi <paul@remediant.com> > *Date: *Monday, June 8, 2020 at 11:30 AM > *To: *Darran Rolls <me@darranrolls.com>, "scim@ietf.org" <scim@ietf.org> > *Subject: *Re: [scim] SCIM v3? > > > > Darran, all -- > > > > I think a relook at some of the items you mentioned would be great -- > count me in! > > > > On this topic: > > > Ratification of extension to address Privilege Account Management user > cases > > > We've had some discussions with the SailPoint folks (most notably: David > Lee, Matt Domsch and more recently, Adam C) that the current SCIM-PAM API > is very specifically focused on supporting password-vault use cases, and > doesn't have an allowance for the Just-In-Time PAM approach. Both the > Identity Defined Security Alliance (IDSA) and Gartner have recently > recognized this approach, and I think it would make sense to further extend > the SCIM-PAM proposal to also include the use cases around JIT PAM. I'm > happy to help contribute towards the technical work needed to do so. > > Thanks, > > --Paul > > --Co-Founder @ Remediant > > [image: Image removed by sender.]ᐧ > > > > On Mon, Jun 8, 2020 at 8:59 AM Phillip Hunt <phil.hunt@independentid.com> > wrote: > > Thanks Elliot. > > > > A number of these features including MVA filtering and paging are based on > a desire to build front end IDM management UIs to SCIM API providers. > > > > One could say this would begin to move SCIM from a provisioning protocol > to a “directory” protocol. Is SCIM Directory a theme that would drive > interest in a new charter? > > Phil > > > > On Jun 8, 2020, at 2:38 AM, Eliot Lear <lear@cisco.com> wrote: > > Hi Paul, > > > > As a hanger-on, I like your list. I don’t see the value in paging, but > clearly a great many others do, so I have something to learn. > > > > Eliot > > > > On 8 Jun 2020, at 10:34, Paul Logston <paul.logston@gmail.com> wrote: > > > > Hi Darran and Phil, > > > > I am interested in being part of this discussion. I work for a > company that regularly uses the SCIM protocol and we have a use for a > number of the extensions Darran suggested above. > > > > Best, > > Paul > > > Paul Logston > (510) 755 - 4474 > > paul.logston@gmail..com <paul.logston@gmail.com> > > linkedin.com/in/paullogston > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fpaullogston%2F&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386708033&sdata=7M3nM2ir6U%2BCgYbZOed6DGSflQc4jy7%2FxOE5Bqqpyu0%3D&reserved=0> > > > > > > > > On Sun, Jun 7, 2020 at 3:32 AM Phillip Hunt <phil.hunt@independentid.com> > wrote: > > Darran > > > > Good to hear! > > > > I am not sure these items require a v3. I believe these all can be done > via extensions thus maintaining backwards compatibility. > > > > For example I did submit a proposal for paged attributes based on the > current drafts. > > > > https://tools..ietf.org/html/draft-hunt-scim-mv-paging-00 > <https://tools.ietf..org/html/draft-hunt-scim-mv-paging-00> > > > > I think we have to see if there is sufficient interest to charter a WG and > determine interest in specific items. > > > > Another long term issue compliance issues. For this we to find an > independent organization to develop and host an interop test suite as > compliance testing is not something the IETF does. This will likely > require direct donation of funds and time. This is how things happened for > OIDC testing. > > Phil Hunt > > > > On Jun 6, 2020, at 10:15 AM, Darran Rolls <me@darranrolls..com > <me@darranrolls.com>> wrote: > > Hello SCIM folks, > > > > To introduce myself to the group, up until March of this year I was the > CTO at SailPoint and worked with Kelly Grizzle and Matt Domsch on all > things identity standards. I'm now consulting and engaging on various > projects around the IAM space. > > > > Having chatted with Leif and Morteza directly, I wanted to bring a > discussion back here to the full WG alias. As several of you will already > know, I’d like to formally make a request to re-chartering this WG. The > goal of the WG would be to address the ratification of the following work > items: > > > > - Protocol /operational enhancements > > > - Multi-value paging & cursor pagination > - Relying party user provisioning > - Soft Delete > - Interop and testing capabilities > > > - New schema to address > > > - Extended HR /user data and related action events > - Ratification of extension to address Privilege Account Management > user cases > > > > I therefore seek your comments and input on this proposal. Are you > interested to participate? What is missing from the above list of work > items? Is there support for an informal interest-group call sometime in > the next two weeks? > > > > Thanks > > Darran > > > > -- > > https://www.darranrolls.com > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.darranrolls.com%2F&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386718036&sdata=rCp7YeXBYLgKG8yDmT0IZxp0bcddlPV8JIZNht9mgrY%3D&reserved=0> > > LinkedIn > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdarran-rolls-068b84&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386728031&sdata=oLPoy3%2BnrAeO5GMFkP2RVn8WpskrxP7fNIwJx6tCbH8%3D&reserved=0> > @djrolls > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fdjrolls&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386728031&sdata=sQK%2B0BI5bKQjCFt78zCeGmd3UIN5QmOfqFuqEmX4ncA%3D&reserved=0> > > > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > <https://www.ietf..org/mailman/listinfo/scim> > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386738025&sdata=6jbsd0ErjL%2Ba2UbnN3mUTJ2m%2BfE6P7c2pNG1XMxlBJw%3D&reserved=0> > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386748018&sdata=ZTOfVOy18FxvswVRRQvqLkdR3QprxTOSud8T%2BxgkdBs%3D&reserved=0> > > > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386748018&sdata=ZTOfVOy18FxvswVRRQvqLkdR3QprxTOSud8T%2BxgkdBs%3D&reserved=0> > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim >
- [scim] SCIM v3? Darran Rolls
- Re: [scim] SCIM v3? Phillip Hunt
- Re: [scim] SCIM v3? Paul Logston
- Re: [scim] SCIM v3? Eliot Lear
- Re: [scim] SCIM v3? Phillip Hunt
- Re: [scim] SCIM v3? Darran Rolls
- Re: [scim] SCIM v3? Anthony Nadalin
- Re: [scim] SCIM v3? Paul Logston
- Re: [scim] SCIM v3? Matt Peterson (mpeterso)
- Re: [scim] SCIM v3? Matt Domsch
- Re: [scim] SCIM v3? Darran Rolls
- Re: [scim] SCIM v3? Paul Logston
- Re: [scim] SCIM v3? Matt Domsch
- Re: [scim] SCIM v3? Paul Logston
- Re: [scim] SCIM v3? Darran Rolls