Re: [scim] SCIM v3?

Paul Logston <paul.logston@gmail.com> Tue, 09 June 2020 15:49 UTC

Return-Path: <paul.logston@gmail.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEA333A097D for <scim@ietfa.amsl.com>; Tue, 9 Jun 2020 08:49:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1XGVG6qtya3Z for <scim@ietfa.amsl.com>; Tue, 9 Jun 2020 08:49:28 -0700 (PDT)
Received: from mail-il1-x131.google.com (mail-il1-x131.google.com [IPv6:2607:f8b0:4864:20::131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20E5D3A08E5 for <scim@ietf.org>; Tue, 9 Jun 2020 08:49:28 -0700 (PDT)
Received: by mail-il1-x131.google.com with SMTP id 9so20752244ilg.12 for <scim@ietf.org>; Tue, 09 Jun 2020 08:49:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=LLc1ju4AVY9fOIMHuu81CJRzOVoZaXYR+VoDg2VvyWY=; b=BjZ2nB6RS/t8ziraMD+UG1Gp8IJs410BQ28pOHkOBP9vIXZEnT0V+RARfBg8D5R+K9 1joh5NY690fZjfdBW7AHZYnTETU0vUbeoS3U4knL8Gbm1xzUj/I7RmGylM0oMsDlUMaW byNOHfW/mFIEySgdoj804zX1Rr+TUWaBSBYG/JO83YMKCTwBeU0ikoeQHZI9IodaR1a9 amp/bVKXpxMZj+g3s6Iqd433JW7NEQC/AZHmjMTDGOt98l3vbqUC0tpsleZt0uK2hDXv 09XgeGYcwrZMMm2bUMpZgprQCxQ048/eWJ0WgEBebUZuyLcXcYi5G9RaDrI/vkoH3lN8 UHyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LLc1ju4AVY9fOIMHuu81CJRzOVoZaXYR+VoDg2VvyWY=; b=aQdtJEdCJihCLzWz0feZyVUkpC4hBjszUfJbxZ07Bhtt7Q0hwxgn/hn/xKhFNq8rA/ Bdg/zXoAi8utw9RxU4WGhIcAfhVJjnUbggXP5u17N3ZuxqBoMKiMEP22q7ortoXQJ36M I6EzEuk6awcMK2C0QBEcrfiBDLESZoB5HYE7NksUCEStSnFivaYfOTEncsYNgVQxZhrB 0tz3mSwQIeR0/IuPxwQNlT7tKymiz3Fd36lpcZrqMcAQVx9YxCV5u6NKb4DS4/yRmo3p xln2tq3ORvvmF3gY9tFISZgCz6Qjrx9E4jC/RT6VyPFsGN9RpMbl3/y3egg2IFV1UB2t Pzcg==
X-Gm-Message-State: AOAM533RoZI8hY+WmAK1/MBMGz/irxrIKPUHe80uU6IfnWpMUbja2+sr nOvIy3aXyRcqJdTiYp7iT61UHNQrzCArcbwEgaY=
X-Google-Smtp-Source: ABdhPJwYMxCaSJhPuWmldC0X2frgEb5NLCqybZ+8JD4hsQQ264l2UP0wX4/YYDOtmC0S4jKaByDEP+8szjf6s+K8vEA=
X-Received: by 2002:a92:508:: with SMTP id q8mr26156751ile.298.1591717767004; Tue, 09 Jun 2020 08:49:27 -0700 (PDT)
MIME-Version: 1.0
References: <F4D06C51-8D39-4AA3-83B0-6D6982C451C7@cisco.com> <A9824A60-BFB0-4047-8C09-6328CE497E36@independentid.com> <CA+7VvRZ0HVo_hTk_zx+bt+d5T9T0gue2VeY5tN1haSwG_xA-bg@mail.gmail.com> <21CF422B-4F2F-41E6-AC48-9B37929A5E25@darranrolls.com> <DM6PR00MB0666B2889D8D37FDC01316C3A6820@DM6PR00MB0666.namprd00.prod.outlook.com>
In-Reply-To: <DM6PR00MB0666B2889D8D37FDC01316C3A6820@DM6PR00MB0666.namprd00.prod.outlook.com>
From: Paul Logston <paul.logston@gmail.com>
Date: Tue, 9 Jun 2020 23:49:15 +0800
Message-ID: <CAJPJM9+T6GE_zLgfctZ2=anqCmqj0dC8q38xyG7Dtytd50JYuw@mail.gmail.com>
To: Anthony Nadalin <tonynad=40microsoft.com@dmarc.ietf.org>
Cc: Darran Rolls <me@darranrolls.com>, "scim@ietf.org" <scim@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000015c89305a7a8acc3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/SVGxWz5heLYsK-YtTeR4Zmoj9hE>
Subject: Re: [scim] SCIM v3?
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jun 2020 15:49:35 -0000

These times work for me:


10am Central US Wednesday 24th

11am  Central US Wednesday 24th

---

10am Central US Thursday 25th

11am  Central US Thursday 25th



Paul Logston
(510) 755 - 4474
paul.logston@gmail.com
linkedin.com/in/paullogston <https://www.linkedin.com/in/paullogston/>



On Tue, Jun 9, 2020 at 10:39 PM Anthony Nadalin <tonynad=
40microsoft.com@dmarc.ietf.org> wrote:

> It may be better to have a bof for ietf 108. I think there are some
> updates that could be made to SCIM as we have some things on our list, but
> I’m not sure that another directory protocol is what is needed
>
>
>
> *From:* scim <scim-bounces@ietf.org> *On Behalf Of * Darran Rolls
> *Sent:* Tuesday, June 9, 2020 5:27 AM
> *To:* scim@ietf.org
> *Subject:* [EXTERNAL] Re: [scim] SCIM v3?
>
>
>
> So, I read lots of interest to restart and contribute – excellent.
>
>
>
> In the interest of rapidly moving towards a strawman charter, I’ll take a
> first pass at what that charter might look like and send it out here for
> comment.  If no one has any objection, I propose we set a time for an
> “interest-group call” mid/late next week?  I  know it’s tricky and a little
> unfair to throw out call times without more prior planning BUT if we can
> move this along quickly we can catch the IETF 108 train.
>
>
>
> So, is there support to hold one of the following times next week for a
> conversation on that (to be sent) strawman charter?  LMK if anyone feels
> that’s too tight or unfair for folks that are interested but can’t make it
> and we can stick to a list-only conversation.
>
>
>
> 10am Central US Wednesday 24th
>
> 11am  Central US Wednesday 24th
>
> ---
>
> 10am Central US Thursday 25th
>
> 11am  Central US Thursday 25th
>
> ---
>
> 10am Central US Friday 26th
>
> 11am  Central US Friday 26th
>
>
>
> Thanks
>
> Darran
>
>
>
> *From: *Paul Lanzi <paul@remediant.com>
> *Date: *Monday, June 8, 2020 at 11:30 AM
> *To: *Darran Rolls <me@darranrolls.com>om>, "scim@ietf.org" <scim@ietf.org>
> *Subject: *Re: [scim] SCIM v3?
>
>
>
> Darran, all --
>
>
>
> I think a relook at some of the items you mentioned would be great --
> count me in!
>
>
>
> On this topic:
>
> > Ratification of extension to address Privilege Account Management user
> cases
>
>
> We've had some discussions with the SailPoint folks (most notably: David
> Lee, Matt Domsch and more recently, Adam C) that the current SCIM-PAM API
> is very specifically focused on supporting password-vault use cases, and
> doesn't have an allowance for the Just-In-Time PAM approach. Both the
> Identity Defined Security Alliance (IDSA) and Gartner have recently
> recognized this approach, and I think it would make sense to further extend
> the SCIM-PAM proposal to also include the use cases around JIT PAM. I'm
> happy to help contribute towards the technical work needed to do so.
>
> Thanks,
>
> --Paul
>
> --Co-Founder @ Remediant
>
> [image: Image removed by sender.]ᐧ
>
>
>
> On Mon, Jun 8, 2020 at 8:59 AM Phillip Hunt <phil.hunt@independentid.com>
> wrote:
>
> Thanks Elliot.
>
>
>
> A number of these features including MVA filtering and paging are based on
> a desire to build front end IDM management UIs to SCIM API providers.
>
>
>
> One could say this would begin to move SCIM from a provisioning protocol
> to a “directory” protocol. Is SCIM Directory a theme that would drive
> interest in a new charter?
>
> Phil
>
>
>
> On Jun 8, 2020, at 2:38 AM, Eliot Lear <lear@cisco.com> wrote:
>
> Hi Paul,
>
>
>
> As a hanger-on, I like your list.  I don’t see the value in paging, but
> clearly a great many others do, so I have something to learn.
>
>
>
> Eliot
>
>
>
> On 8 Jun 2020, at 10:34, Paul Logston <paul.logston@gmail.com> wrote:
>
>
>
> Hi Darran and Phil,
>
>
>
> I am interested in being part of this discussion. I work for a
> company that regularly uses the SCIM protocol and we have a use for a
> number of the extensions Darran suggested above.
>
>
>
> Best,
>
> Paul
>
>
> Paul Logston
> (510) 755 - 4474
>
> paul.logston@gmail..com <paul.logston@gmail.com>
>
> linkedin.com/in/paullogston
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fpaullogston%2F&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386708033&sdata=7M3nM2ir6U%2BCgYbZOed6DGSflQc4jy7%2FxOE5Bqqpyu0%3D&reserved=0>
>
>
>
>
>
>
>
> On Sun, Jun 7, 2020 at 3:32 AM Phillip Hunt <phil.hunt@independentid.com>
> wrote:
>
> Darran
>
>
>
> Good to hear!
>
>
>
> I am not sure these items require a v3. I believe these all can be done
> via extensions thus maintaining backwards compatibility.
>
>
>
> For example I did submit a proposal for paged attributes based on the
> current drafts.
>
>
>
> https://tools..ietf.org/html/draft-hunt-scim-mv-paging-00
> <https://tools.ietf..org/html/draft-hunt-scim-mv-paging-00>
>
>
>
> I think we have to see if there is sufficient interest to charter a WG and
> determine interest in specific items.
>
>
>
> Another long term issue compliance issues. For this we to find an
> independent organization to develop and host an interop test suite as
> compliance testing is not something the IETF does.  This will likely
> require direct donation of funds and time. This is how things happened for
> OIDC testing.
>
> Phil Hunt
>
>
>
> On Jun 6, 2020, at 10:15 AM, Darran Rolls <me@darranrolls..com
> <me@darranrolls.com>> wrote:
>
> Hello SCIM folks,
>
>
>
> To introduce myself to the group, up until March of this year I was the
> CTO at SailPoint and worked with Kelly Grizzle and Matt Domsch on all
> things identity standards.  I'm now consulting and engaging on various
> projects around the IAM space.
>
>
>
> Having chatted with Leif and Morteza directly, I wanted to bring a
> discussion back here to the full WG alias.  As several of you will already
> know, I’d like to formally make a request to re-chartering this WG.  The
> goal of the WG would be to address the ratification of the following work
> items:
>
>
>
>    - Protocol /operational enhancements
>
>
>    - Multi-value paging & cursor pagination
>       - Relying party user provisioning
>       - Soft Delete
>       - Interop and testing capabilities
>
>
>    - New schema to address
>
>
>    - Extended HR /user data and related action events
>       - Ratification of extension to address Privilege Account Management
>       user cases
>
>
>
> I therefore seek your comments and input on this  proposal.  Are you
> interested to participate?  What is missing from the above list of work
> items?  Is there support for an informal interest-group call sometime in
> the next two weeks?
>
>
>
> Thanks
>
> Darran
>
>
>
> --
>
> https://www.darranrolls.com
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.darranrolls.com%2F&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386718036&sdata=rCp7YeXBYLgKG8yDmT0IZxp0bcddlPV8JIZNht9mgrY%3D&reserved=0>
>
> LinkedIn
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdarran-rolls-068b84&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386728031&sdata=oLPoy3%2BnrAeO5GMFkP2RVn8WpskrxP7fNIwJx6tCbH8%3D&reserved=0>
> @djrolls
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fdjrolls&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386728031&sdata=sQK%2B0BI5bKQjCFt78zCeGmd3UIN5QmOfqFuqEmX4ncA%3D&reserved=0>
>
>
>
> _______________________________________________
> scim mailing list
> scim@ietf.org
> https://www.ietf.org/mailman/listinfo/scim
> <https://www.ietf..org/mailman/listinfo/scim>
>
> _______________________________________________
> scim mailing list
> scim@ietf.org
> https://www.ietf.org/mailman/listinfo/scim
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386738025&sdata=6jbsd0ErjL%2Ba2UbnN3mUTJ2m%2BfE6P7c2pNG1XMxlBJw%3D&reserved=0>
>
> _______________________________________________
> scim mailing list
> scim@ietf.org
> https://www.ietf.org/mailman/listinfo/scim
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386748018&sdata=ZTOfVOy18FxvswVRRQvqLkdR3QprxTOSud8T%2BxgkdBs%3D&reserved=0>
>
>
>
> _______________________________________________
> scim mailing list
> scim@ietf.org
> https://www.ietf.org/mailman/listinfo/scim
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386748018&sdata=ZTOfVOy18FxvswVRRQvqLkdR3QprxTOSud8T%2BxgkdBs%3D&reserved=0>
>
> _______________________________________________
> scim mailing list
> scim@ietf.org
> https://www.ietf.org/mailman/listinfo/scim
>