IETF Logo Mail Archive

Re: [scim] [EXTERNAL] Re: Feedback and adoption readiness for draft-zollner-scim-roles-entitlements-extension

Brian Demers <brian.demers@gmail.com> Wed, 09 November 2022 00:57 UTC

Return-Path: <brian.demers@gmail.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 145F8C152712 for <scim@ietfa.amsl.com>; Tue, 8 Nov 2022 16:57:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.993
X-Spam-Level:
X-Spam-Status: No, score=-1.993 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oPdy3vdSmpik for <scim@ietfa.amsl.com>; Tue, 8 Nov 2022 16:57:14 -0800 (PST)
Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42F22C15271A for <scim@ietf.org>; Tue, 8 Nov 2022 16:57:14 -0800 (PST)
Received: by mail-ej1-x629.google.com with SMTP id q9so43011652ejd.0 for <scim@ietf.org>; Tue, 08 Nov 2022 16:57:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=6r36E3pWhcyxleOyMl//i5X6WNDbdaMjMBRmZ7HTnJ4=; b=P8lzi374bnlizm3LNQm2ojMnlrxF1Qh3V3+FmZ/KxvDyLue/L30XvduOLUhOZ+gJtK 6Qah3WRtRBpRZkumrj84zfjoyjZc+hUYcGOAABI2RjTaxxZAhviJ+owx3chriOERZj5t bVvxqIwqmjrtUwxsqf/4ByeXaylJCEICsKK5djdoMDTBC56UmP5KgYRyKuiuql4212KF v6EkaN/DPIIWOFLLnDhecwDuMUCIh7tZ5wUV2ipvHM3GJryQWt+ZlK5clfv1l5lWlbc8 rMrurZXd6GTkpA4EvjvdZSVxDOFwptvfyoOjNgyDR9Wigl6f9u4jYC61MQBl7UeGMPoA YeDg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=6r36E3pWhcyxleOyMl//i5X6WNDbdaMjMBRmZ7HTnJ4=; b=P0HaWyMRnrsfwglFyBH7fdtLBFoXj4o4hrwxiHDzW3obyIMqCGjROr+Qh/oVdJoydc JbdAhzp3uNBPlt9EGRkjPWN9JK2L2fViYQ9rJEo8nUC4H0S9NVNvSfoYBHEFN18DkKq4 7ZU6rmSNnoMZqoZDjDAgPezQiHYAsQrZ941oWhFftLNXgbC4CQ/5VIZNKwzMzxlsmvCS EPlE/VHddxNZ5d/JSzD1fZlkwYN7v8f7rsSeVGlhcR03fcgbio/2O42Y7lEImS8k1L/v ajzYSIqJgxWTdshi/b5pl5LmCMSYiCAJiH58AIAAtn3ZVbSISWQVG+Z+A4F+uR+xsc2Z WSXQ==
X-Gm-Message-State: ANoB5pmYcu174pCz/9WchkTHYiacIsatuk+wp+uW4f3JlMEctjNRBDMh NhU1FytLOA0KK9Rkm03KzKZEXUinPyRBDHbug0bucpzQTHc=
X-Google-Smtp-Source: AA0mqf486VjC/PK4Ul3m17PdjZ69VuexuRTTzkkW/Gju2aTgTHhI/lxWV7VGlCJZlI/q7/VpLFNJWCKZCWx/pbe3z0w=
X-Received: by 2002:a17:906:cd28:b0:7ae:63a8:5310 with SMTP id oz40-20020a170906cd2800b007ae63a85310mr14181049ejb.741.1667955431661; Tue, 08 Nov 2022 16:57:11 -0800 (PST)
MIME-Version: 1.0
References: <mailman.116.1667502003.4654.scim@ietf.org> <CAKXu=h99keXizyyikOfnnoN-ziEF_Rh5rkxo26n6DdijKJb=5g@mail.gmail.com> <CH2PR00MB07111FF49E3258F4DD5B936DFF389@CH2PR00MB0711.namprd00.prod.outlook.com>
In-Reply-To: <CH2PR00MB07111FF49E3258F4DD5B936DFF389@CH2PR00MB0711.namprd00.prod.outlook.com>
From: Brian Demers <brian.demers@gmail.com>
Date: Tue, 08 Nov 2022 19:57:00 -0500
Message-ID: <CAH9eYVruEt4uz+ON1Jd=ryQy0NHqP76esqdO+SM4jHBbk7WtgA@mail.gmail.com>
To: Danny Zollner <Danny.Zollner=40microsoft.com@dmarc.ietf.org>
Cc: Chad Vincent <chad.vincent@crashplan.com>, "scim@ietf.org" <scim@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000166dd05ecff230e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/VGqMgptbSiAo5QGrHbq2RzOv0wE>
Subject: Re: [scim] [EXTERNAL] Re: Feedback and adoption readiness for draft-zollner-scim-roles-entitlements-extension
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Nov 2022 00:57:18 -0000

This caught my eye because Chad mentioned Apache SCIMple, so I took a quick
pass at hacking up what this would look like in SCIMple.

That generated a few questions, forgive me if these were already covered
somewhere else:

1. The Role and Entitlement schemas look identical, except for minor
changes in the descriptions.  Should both these new resources make use of a
common schema?
2. Section 4.1 calls out a ServiceProviderConfig Extension.  I didn't see
anything in rfc7643 on how this would work.  Would this be a new 3rd schema
that is added to the ServiceProviderConfig response? Or is this
mechanism defined somewhere else?
3. Each Role/Entitlement can have an id, value, display, and type.
  a. What is the difference between `type` and `value`?
  b. While I probably agree `display` _should_ be unique to the "server",
is this an actual requirement?  I could potentially see attributes "value"
and "display" being mapped to some implementation's "name" and
"description" (respectively), where "description" _may_ not have a unique
requirement.
4. nit: the schema names should use a singular form of the nouns (to be
consistent with the Core Schemas),
i.e. urn:ietf:params:scim:schemas:2.0:Entitlement
and urn:ietf:params:scim:schemas:2.0:Role
 - Potentially starting with `urn:ietf:params:scim:schemas:extension:` to
use similar naming pattern as the EnterpriseUser schema (though this
doesn't seem required rfc7643 section 10)

Thanks!
-Brian

On Thu, Nov 3, 2022 at 5:32 PM Danny Zollner <Danny.Zollner=
40microsoft.com@dmarc.ietf.org> wrote:

> Hi Chad,
>
>
>
> I recall receiving this same feedback previously and in the next version
> of the draft (perhaps the first new version post-adoption?) language will
> be added to explicitly call out the use of common attributes. If I were to
> split hairs here, I’d argue that even without the draft explicitly calling
> them out, the text in 7643 3.1 states that those attributes are required to
> exist on all resource types including new extensions like the ones in this
> draft. It is a mistake to not explicitly call out the correct usage of
> those attributes in this draft, though, so it will be fixed.
>
>
>
> Thanks,
>
>
>
> *Danny Zollner* (He/Him)
>
> *From:* scim <scim-bounces@ietf.org> *On Behalf Of * Chad Vincent
> *Sent:* Thursday, November 3, 2022 4:09 PM
> *To:* scim@ietf.org
> *Subject:* [EXTERNAL] Re: [scim] Feedback and adoption readiness for
> draft-zollner-scim-roles-entitlements-extension
>
>
>
> Some people who received this message don't often get email from
> chad.vincent@crashplan.com. Learn why this is important
> <https://aka.ms/LearnAboutSenderIdentification>
>
> I love this - we use roles currently and having a more formal spec and
> ability for the client to read what's available could come in very handy in
> the future.  So mark me down as a 5.
>
>
>
> However, these resources not including the common attributes set mandated
> by RFC 7643 section 3.1 should be explained/clarified in the RFC.  The
> Apache SCIMple library will have to handle these resources as special-cases
> since they won't have the required "id" field, for example.  That seems
> major enough to justify a paragraph.
>
>
>
> ---------- Forwarded message ----------
> From: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>
> To: SCIM WG <scim@ietf.org>
> Cc:
> Bcc:
> Date: Wed, 2 Nov 2022 23:40:10 +0000
> Subject: [scim] Feedback and adoption readiness for
> draft-zollner-scim-roles-entitlements-extension
>
> Hello SCIMers,
>
>
>
> We need feedback on to gauge support and adoption readiness of:
>
> https://datatracker.ietf.org/doc/draft-zollner-scim-roles-entitlements-extension/ <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-zollner-scim-roles-entitlements-extension%2F&data=05%7C01%7Cdanny.zollner%40microsoft.com%7Ca11aede3fdb54846b08b08dabddfa397%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638031065521821498%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=rh2rD2ai4JphkRpxltG1sVgpXPy5ZuOs8xr4FSmvAl0%3D&reserved=0>
>
> Please respond to this thread on the following:
>
>
>
>
>
>   1.  You have read the draft and believe it is ready to be adopted by the working group. Any other feedback on the content of the draft is welcomed too.
>
>   2.  You are willing to be an active contributor or reviewer of the document
>
>   4.  You support the draft and plan to implement
>
>   5.  You support the draft but have no time or plans to implement now, but can provide feedback
>
>   6.  You have no interest in the draft
>
>
>
> Please provide your feedback by November 28th.
>
>
>
> Thanks,
>
>    Nancy
>
>
>
>
>
>
> ---------- Forwarded message ----------
> From: Paul Lanzi <paul@remediant.com>
> To: SCIM WG <scim@ietf.org>
> Cc:
> Bcc:
> Date: Wed, 2 Nov 2022 16:50:26 -0700
> Subject: Re: [scim] Feedback and adoption readiness for
> draft-zollner-scim-roles-entitlements-extension
>
> #4 for me.
>
> Thanks,
>
> --Paul
>
> ᐧ
>
>
>
> On Wed, Nov 2, 2022 at 4:40 PM Nancy Cam-Winget (ncamwing) <ncamwing=
> 40cisco.com@dmarc.ietf.org> wrote:
>
> Hello SCIMers,
>
>
>
> We need feedback on to gauge support and adoption readiness of:
>
> https://datatracker.ietf.org/doc/draft-zollner-scim-roles-entitlements-extension/ <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-zollner-scim-roles-entitlements-extension%2F&data=05%7C01%7Cdanny.zollner%40microsoft.com%7Ca11aede3fdb54846b08b08dabddfa397%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638031065521821498%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=rh2rD2ai4JphkRpxltG1sVgpXPy5ZuOs8xr4FSmvAl0%3D&reserved=0>
>
> Please respond to this thread on the following:
>
>
>
>
>
>   1.  You have read the draft and believe it is ready to be adopted by the working group. Any other feedback on the content of the draft is welcomed too.
>
>   2.  You are willing to be an active contributor or reviewer of the document
>
>   4.  You support the draft and plan to implement
>
>   5.  You support the draft but have no time or plans to implement now, but can provide feedback
>
>   6.  You have no interest in the draft
>
>
>
> Please provide your feedback by November 28th.
>
>
>
> Thanks,
>
>    Nancy
>
>
>
> _______________________________________________
> scim mailing list
> scim@ietf.org
> https://www.ietf.org/mailman/listinfo/scim
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=05%7C01%7Cdanny.zollner%40microsoft.com%7Ca11aede3fdb54846b08b08dabddfa397%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638031065521821498%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4otD1jdaBdQwRKUTMXObgdBmvi%2Fb2dAOQ3n7Zr1HkA0%3D&reserved=0>
>
> _______________________________________________
> scim mailing list
> scim@ietf.org
> https://www.ietf.org/mailman/listinfo/scim
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=05%7C01%7Cdanny.zollner%40microsoft.com%7Ca11aede3fdb54846b08b08dabddfa397%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638031065521821498%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4otD1jdaBdQwRKUTMXObgdBmvi%2Fb2dAOQ3n7Zr1HkA0%3D&reserved=0>
>
>
>
>
> --
>
> Chad Vincent (he/him) | Software Engineer, Senior - CrashPlan
>
> chad.vincent@crashplan.com
>
> 400 S 4th St Suite 410 PMB 31083 Minneapolis, MN 55415-1419
>
>
>
>
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrashplan.com%2F&data=05%7C01%7Cdanny.zollner%40microsoft.com%7Ca11aede3fdb54846b08b08dabddfa397%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638031065521821498%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=5WxnnaHSXPH1DLp87goymJj9%2Flo%2BxVQlUsCUw%2FNJK2s%3D&reserved=0>
>
>
> _______________________________________________
> scim mailing list
> scim@ietf.org
> https://www.ietf.org/mailman/listinfo/scim
>

v2.23.0 | Report a Bug | By Email