Re: [scim] [EXTERNAL] Re: Feedback and adoption readiness for draft-zollner-scim-roles-entitlements-extension
Brian Demers <brian.demers@gmail.com> Wed, 09 November 2022 00:57 UTC
Return-Path: <brian.demers@gmail.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 145F8C152712 for <scim@ietfa.amsl.com>; Tue, 8 Nov 2022 16:57:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.993
X-Spam-Level:
X-Spam-Status: No, score=-1.993 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oPdy3vdSmpik for <scim@ietfa.amsl.com>; Tue, 8 Nov 2022 16:57:14 -0800 (PST)
Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42F22C15271A for <scim@ietf.org>; Tue, 8 Nov 2022 16:57:14 -0800 (PST)
Received: by mail-ej1-x629.google.com with SMTP id q9so43011652ejd.0 for <scim@ietf.org>; Tue, 08 Nov 2022 16:57:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=6r36E3pWhcyxleOyMl//i5X6WNDbdaMjMBRmZ7HTnJ4=; b=P8lzi374bnlizm3LNQm2ojMnlrxF1Qh3V3+FmZ/KxvDyLue/L30XvduOLUhOZ+gJtK 6Qah3WRtRBpRZkumrj84zfjoyjZc+hUYcGOAABI2RjTaxxZAhviJ+owx3chriOERZj5t bVvxqIwqmjrtUwxsqf/4ByeXaylJCEICsKK5djdoMDTBC56UmP5KgYRyKuiuql4212KF v6EkaN/DPIIWOFLLnDhecwDuMUCIh7tZ5wUV2ipvHM3GJryQWt+ZlK5clfv1l5lWlbc8 rMrurZXd6GTkpA4EvjvdZSVxDOFwptvfyoOjNgyDR9Wigl6f9u4jYC61MQBl7UeGMPoA YeDg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=6r36E3pWhcyxleOyMl//i5X6WNDbdaMjMBRmZ7HTnJ4=; b=P0HaWyMRnrsfwglFyBH7fdtLBFoXj4o4hrwxiHDzW3obyIMqCGjROr+Qh/oVdJoydc JbdAhzp3uNBPlt9EGRkjPWN9JK2L2fViYQ9rJEo8nUC4H0S9NVNvSfoYBHEFN18DkKq4 7ZU6rmSNnoMZqoZDjDAgPezQiHYAsQrZ941oWhFftLNXgbC4CQ/5VIZNKwzMzxlsmvCS EPlE/VHddxNZ5d/JSzD1fZlkwYN7v8f7rsSeVGlhcR03fcgbio/2O42Y7lEImS8k1L/v ajzYSIqJgxWTdshi/b5pl5LmCMSYiCAJiH58AIAAtn3ZVbSISWQVG+Z+A4F+uR+xsc2Z WSXQ==
X-Gm-Message-State: ANoB5pmYcu174pCz/9WchkTHYiacIsatuk+wp+uW4f3JlMEctjNRBDMh NhU1FytLOA0KK9Rkm03KzKZEXUinPyRBDHbug0bucpzQTHc=
X-Google-Smtp-Source: AA0mqf486VjC/PK4Ul3m17PdjZ69VuexuRTTzkkW/Gju2aTgTHhI/lxWV7VGlCJZlI/q7/VpLFNJWCKZCWx/pbe3z0w=
X-Received: by 2002:a17:906:cd28:b0:7ae:63a8:5310 with SMTP id oz40-20020a170906cd2800b007ae63a85310mr14181049ejb.741.1667955431661; Tue, 08 Nov 2022 16:57:11 -0800 (PST)
MIME-Version: 1.0
References: <mailman.116.1667502003.4654.scim@ietf.org> <CAKXu=h99keXizyyikOfnnoN-ziEF_Rh5rkxo26n6DdijKJb=5g@mail.gmail.com> <CH2PR00MB07111FF49E3258F4DD5B936DFF389@CH2PR00MB0711.namprd00.prod.outlook.com>
In-Reply-To: <CH2PR00MB07111FF49E3258F4DD5B936DFF389@CH2PR00MB0711.namprd00.prod.outlook.com>
From: Brian Demers <brian.demers@gmail.com>
Date: Tue, 08 Nov 2022 19:57:00 -0500
Message-ID: <CAH9eYVruEt4uz+ON1Jd=ryQy0NHqP76esqdO+SM4jHBbk7WtgA@mail.gmail.com>
To: Danny Zollner <Danny.Zollner=40microsoft.com@dmarc.ietf.org>
Cc: Chad Vincent <chad.vincent@crashplan.com>, "scim@ietf.org" <scim@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000166dd05ecff230e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/VGqMgptbSiAo5QGrHbq2RzOv0wE>
Subject: Re: [scim] [EXTERNAL] Re: Feedback and adoption readiness for draft-zollner-scim-roles-entitlements-extension
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Nov 2022 00:57:18 -0000
This caught my eye because Chad mentioned Apache SCIMple, so I took a quick pass at hacking up what this would look like in SCIMple. That generated a few questions, forgive me if these were already covered somewhere else: 1. The Role and Entitlement schemas look identical, except for minor changes in the descriptions. Should both these new resources make use of a common schema? 2. Section 4.1 calls out a ServiceProviderConfig Extension. I didn't see anything in rfc7643 on how this would work. Would this be a new 3rd schema that is added to the ServiceProviderConfig response? Or is this mechanism defined somewhere else? 3. Each Role/Entitlement can have an id, value, display, and type. a. What is the difference between `type` and `value`? b. While I probably agree `display` _should_ be unique to the "server", is this an actual requirement? I could potentially see attributes "value" and "display" being mapped to some implementation's "name" and "description" (respectively), where "description" _may_ not have a unique requirement. 4. nit: the schema names should use a singular form of the nouns (to be consistent with the Core Schemas), i.e. urn:ietf:params:scim:schemas:2.0:Entitlement and urn:ietf:params:scim:schemas:2.0:Role - Potentially starting with `urn:ietf:params:scim:schemas:extension:` to use similar naming pattern as the EnterpriseUser schema (though this doesn't seem required rfc7643 section 10) Thanks! -Brian On Thu, Nov 3, 2022 at 5:32 PM Danny Zollner <Danny.Zollner= 40microsoft.com@dmarc.ietf.org> wrote: > Hi Chad, > > > > I recall receiving this same feedback previously and in the next version > of the draft (perhaps the first new version post-adoption?) language will > be added to explicitly call out the use of common attributes. If I were to > split hairs here, I’d argue that even without the draft explicitly calling > them out, the text in 7643 3.1 states that those attributes are required to > exist on all resource types including new extensions like the ones in this > draft. It is a mistake to not explicitly call out the correct usage of > those attributes in this draft, though, so it will be fixed. > > > > Thanks, > > > > *Danny Zollner* (He/Him) > > *From:* scim <scim-bounces@ietf.org> *On Behalf Of * Chad Vincent > *Sent:* Thursday, November 3, 2022 4:09 PM > *To:* scim@ietf.org > *Subject:* [EXTERNAL] Re: [scim] Feedback and adoption readiness for > draft-zollner-scim-roles-entitlements-extension > > > > Some people who received this message don't often get email from > chad.vincent@crashplan.com. Learn why this is important > <https://aka.ms/LearnAboutSenderIdentification> > > I love this - we use roles currently and having a more formal spec and > ability for the client to read what's available could come in very handy in > the future. So mark me down as a 5. > > > > However, these resources not including the common attributes set mandated > by RFC 7643 section 3.1 should be explained/clarified in the RFC. The > Apache SCIMple library will have to handle these resources as special-cases > since they won't have the required "id" field, for example. That seems > major enough to justify a paragraph. > > > > ---------- Forwarded message ---------- > From: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com> > To: SCIM WG <scim@ietf.org> > Cc: > Bcc: > Date: Wed, 2 Nov 2022 23:40:10 +0000 > Subject: [scim] Feedback and adoption readiness for > draft-zollner-scim-roles-entitlements-extension > > Hello SCIMers, > > > > We need feedback on to gauge support and adoption readiness of: > > https://datatracker.ietf.org/doc/draft-zollner-scim-roles-entitlements-extension/ <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-zollner-scim-roles-entitlements-extension%2F&data=05%7C01%7Cdanny.zollner%40microsoft.com%7Ca11aede3fdb54846b08b08dabddfa397%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638031065521821498%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=rh2rD2ai4JphkRpxltG1sVgpXPy5ZuOs8xr4FSmvAl0%3D&reserved=0> > > Please respond to this thread on the following: > > > > > > 1. You have read the draft and believe it is ready to be adopted by the working group. Any other feedback on the content of the draft is welcomed too. > > 2. You are willing to be an active contributor or reviewer of the document > > 4. You support the draft and plan to implement > > 5. You support the draft but have no time or plans to implement now, but can provide feedback > > 6. You have no interest in the draft > > > > Please provide your feedback by November 28th. > > > > Thanks, > > Nancy > > > > > > > ---------- Forwarded message ---------- > From: Paul Lanzi <paul@remediant.com> > To: SCIM WG <scim@ietf.org> > Cc: > Bcc: > Date: Wed, 2 Nov 2022 16:50:26 -0700 > Subject: Re: [scim] Feedback and adoption readiness for > draft-zollner-scim-roles-entitlements-extension > > #4 for me. > > Thanks, > > --Paul > > ᐧ > > > > On Wed, Nov 2, 2022 at 4:40 PM Nancy Cam-Winget (ncamwing) <ncamwing= > 40cisco.com@dmarc.ietf.org> wrote: > > Hello SCIMers, > > > > We need feedback on to gauge support and adoption readiness of: > > https://datatracker.ietf.org/doc/draft-zollner-scim-roles-entitlements-extension/ <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-zollner-scim-roles-entitlements-extension%2F&data=05%7C01%7Cdanny.zollner%40microsoft.com%7Ca11aede3fdb54846b08b08dabddfa397%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638031065521821498%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=rh2rD2ai4JphkRpxltG1sVgpXPy5ZuOs8xr4FSmvAl0%3D&reserved=0> > > Please respond to this thread on the following: > > > > > > 1. You have read the draft and believe it is ready to be adopted by the working group. Any other feedback on the content of the draft is welcomed too. > > 2. You are willing to be an active contributor or reviewer of the document > > 4. You support the draft and plan to implement > > 5. You support the draft but have no time or plans to implement now, but can provide feedback > > 6. You have no interest in the draft > > > > Please provide your feedback by November 28th. > > > > Thanks, > > Nancy > > > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=05%7C01%7Cdanny.zollner%40microsoft.com%7Ca11aede3fdb54846b08b08dabddfa397%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638031065521821498%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4otD1jdaBdQwRKUTMXObgdBmvi%2Fb2dAOQ3n7Zr1HkA0%3D&reserved=0> > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=05%7C01%7Cdanny.zollner%40microsoft.com%7Ca11aede3fdb54846b08b08dabddfa397%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638031065521821498%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4otD1jdaBdQwRKUTMXObgdBmvi%2Fb2dAOQ3n7Zr1HkA0%3D&reserved=0> > > > > > -- > > Chad Vincent (he/him) | Software Engineer, Senior - CrashPlan > > chad.vincent@crashplan.com > > 400 S 4th St Suite 410 PMB 31083 Minneapolis, MN 55415-1419 > > > > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrashplan.com%2F&data=05%7C01%7Cdanny.zollner%40microsoft.com%7Ca11aede3fdb54846b08b08dabddfa397%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638031065521821498%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=5WxnnaHSXPH1DLp87goymJj9%2Flo%2BxVQlUsCUw%2FNJK2s%3D&reserved=0> > > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim >
- [scim] Feedback and adoption readiness for draft-… Nancy Cam-Winget (ncamwing)
- Re: [scim] Feedback and adoption readiness for dr… Paul Lanzi
- Re: [scim] Feedback and adoption readiness for dr… Chad Vincent
- Re: [scim] [EXTERNAL] Re: Feedback and adoption r… Danny Zollner
- Re: [scim] Feedback and adoption readiness for dr… Saxe, Dean
- Re: [scim] [EXTERNAL] Re: Feedback and adoption r… Brian Demers
- Re: [scim] Feedback and adoption readiness for dr… Matt Peterson (mpeterso)
- Re: [scim] Feedback and adoption readiness for dr… Matt Peterson (mpeterso)
- Re: [scim] Feedback and adoption readiness for dr… Chad Vincent
- Re: [scim] Feedback and adoption readiness for dr… Phillip Hunt
- Re: [scim] Feedback and adoption readiness for dr… Anuradha Karunarathna
- Re: [scim] [⚠️] Feedback and adoption readiness f… Alice Wang
- Re: [scim] Feedback and adoption readiness for dr… Nancy Cam-Winget (ncamwing)
- Re: [scim] Feedback and adoption readiness for dr… Connor Rowe
- Re: [scim] [EXTERNAL] Re: Feedback and adoption r… Connor Rowe
- Re: [scim] [EXTERNAL] Re: Feedback and adoption r… Connor Rowe