Re: [scim] Call for support on proposed SCIM/SINS (re)charter

Mike Kiser <mike.kiser@sailpoint.com> Fri, 10 September 2021 20:07 UTC

Return-Path: <mike.kiser@sailpoint.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B387E3A18D3; Fri, 10 Sep 2021 13:07:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sailpoint.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sF3aw7cfJvTQ; Fri, 10 Sep 2021 13:07:39 -0700 (PDT)
Received: from mx0a-002cee01.pphosted.com (mx0a-002cee01.pphosted.com [148.163.151.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56D993A18CC; Fri, 10 Sep 2021 13:07:39 -0700 (PDT)
Received: from pps.filterd (m0131058.ppops.net [127.0.0.1]) by mx0a-002cee01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18AGsqND007380; Fri, 10 Sep 2021 15:07:38 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sailpoint.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=pps1; bh=uUtRsNUKB6uHyL4SJlEIUlxF/4lUwiDuJjilYlsoAuA=; b=bLGtO6UIgqFtepzQhzCDPpWQKevLgGWYa+jAx8h475AVTAAqIhprZcb3AzVdcnnR21Vw Ksj30Q3Oe3a0FsQIweLb/a7HkACL64xoqKWlpk3ZTAVPlGwgnh67vYwe+YsHUiECeU3F 0iFimR0iJXEEBsT8GmIaeuHCTpxOzkwgMpx7b4ffeAel3dMF1cvfhj1yOKkxRfi9HSZe Bf1T/mJJZiFwyWplwve18nQVMS2jXPm90oMVjiuAczt6AojKkotV7k4af3+puupYotXv dQleGfXsOYyj5VzwpRQgyyTYtOxVwNSk8rhSQNf7APF8tuWnL+SNytip3E6LTESiLzQQ yg==
Received: from nam10-mw2-obe.outbound.protection.outlook.com (mail-mw2nam10lp2101.outbound.protection.outlook.com [104.47.55.101]) by mx0a-002cee01.pphosted.com with ESMTP id 3aytfdt922-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Sep 2021 15:07:38 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K+pwJOrPeBOWOccmsY0dPuml6YaFMR2w3SrTYIHEuF5aBlFVCYGENoqm0s0kmUJBptXeUFr1470XPE4VFXLcVaDT1aKeqBRg+mlfh633mYU/ILGMgelz68YVYJEYBUdArPlGYHNDLJoS1uXr0jWD1giVmcc5cMDtTNV8GaQA65G7Dw4xdjKqTLfL0b1oyP2ynBm4kDV+7+Ox7eFCf4Rlw97sCKn6WSagiqP7dtWpaA6kCESq2QO4X38xnCErEN59yaPKX9yIbPueC/XSeIAh/jLkffK+QD+srjH6JIppCppn885VgZ1dniXMDUDM+8Jf18iRK1E27glnWcVkkVO7Sw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=uUtRsNUKB6uHyL4SJlEIUlxF/4lUwiDuJjilYlsoAuA=; b=VqO5WzHuJ2ZcE7E1m6YxVIQe2bbHqJr3/KKB9ek1LtUvtso7G+OpWqkAnvd8031dDKG2GQUoCSO3rvip11k/3MYcVt80rcspOAP++5TRuDmxFVFjM8CTY30UR2D6jKNhbUuNNfJo497sI5HBhWIURmOdKYKbRoJC7EWzY3S3dUi4SuYobaLlwgWzt04lfS2ySSGrQUtnvMQvgiCgRide4XadK+xO2ClKr6kiCgf+GGBc8oR+f0vRTtfe5wLlPGrOJ/nYn/+B1cQZSjRf2LyiPiO/dT569Lb3N6b5BeuE9Zooi2hbEmnWcEHf+1QYTmZpnN6Bs9Zgb1rDbPsC6VWXcg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sailpoint.com; dmarc=pass action=none header.from=sailpoint.com; dkim=pass header.d=sailpoint.com; arc=none
Received: from MWHPR04MB1264.namprd04.prod.outlook.com (2603:10b6:301:3e::24) by MWHPR04MB0321.namprd04.prod.outlook.com (2603:10b6:300:11::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.15; Fri, 10 Sep 2021 20:07:36 +0000
Received: from MWHPR04MB1264.namprd04.prod.outlook.com ([fe80::880e:98d:d68d:89cf]) by MWHPR04MB1264.namprd04.prod.outlook.com ([fe80::880e:98d:d68d:89cf%5]) with mapi id 15.20.4500.016; Fri, 10 Sep 2021 20:07:36 +0000
From: Mike Kiser <mike.kiser@sailpoint.com>
To: "Nancy Cam-Winget (ncamwing)" <ncamwing=40cisco.com@dmarc.ietf.org>, "scim@ietf.org" <scim@ietf.org>
Thread-Topic: Call for support on proposed SCIM/SINS (re)charter
Thread-Index: AQHXpRCytxZmiLK1g0qdr9XxTq+BzqudtFdB
Date: Fri, 10 Sep 2021 20:07:36 +0000
Message-ID: <MWHPR04MB126490567F4408E3981678908CD69@MWHPR04MB1264.namprd04.prod.outlook.com>
References: <9BCA478F-548E-4F6A-9F1B-6D8E15AE9373@cisco.com>
In-Reply-To: <9BCA478F-548E-4F6A-9F1B-6D8E15AE9373@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
suggested_attachment_session_id: 1e9d7f95-03a2-8f36-2322-2cf2e1003f8c
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=sailpoint.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 08113f74-a771-4dec-28ec-08d97496a241
x-ms-traffictypediagnostic: MWHPR04MB0321:
x-microsoft-antispam-prvs: <MWHPR04MB032119240AFB54A0D639E8878CD69@MWHPR04MB0321.namprd04.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: pFvlN6nFznFKtZoBUD/kNHYlWvGay4hQgXGtk+tH8CCcjOgFaPE9VoSdCoR4DmxsbxPNoZ/LjGGoXtZPQBU13dHvZT1IOlkml3KLxRcBJmgzBozoMfzLLzpI1PUaIC7vYLWCfCNqdhw1XTPKeMr2tlsgE9ieup74myFAUs3RS7zbUQY2+oe0UX3O9F2EMZaeDzQ74SkiDJ1qKF/mIxFT9kMvJ8U3o9rTIxp5Rhfgj5oPxcYvs61NjIUvGNQZzPgtSxQRzayASsUiow0M3VvZ7moRbnV47WWXPU66rh/u06akdx3T+0gDN8J9Q3LNM7Ea0i1Eu+WurdvIvulPTBNf/ZM423HOt/NalOkcqEG9OwKpFm2D4WEioNWzHIjCWMsV4CfIcdO/4aIPl8GFxnLWtmRu939wVL/AgVba+dL5pThzLTS82Xa+Fcijz9ckSuOGfmDgPcE3N2j556iWEWZOxIkgALROEkkmfUhOAAfDSgZ0wo3IapBJ/WZU5mrUShvGP57a9n/AjeQ0w3TfP714DkcTJUfbGugUGQEzi3nMDoHjylnDfqTXN0n4DKhzq5kg3br8pRyXeHbyFS299IVkiDXvaRUogslm8vZ0c586zFZGMru87ZydokukkYCC1fj26Epdu5xi6METmCnzMkI9ILgI0gml0g1USaM8apoBMP17UaoVYpGFuNbIQFAPKxMMrFSYD2rPQOfftNEghYTnNlLLHqReLpoSsGJKQXxAYnuKA+BteKoEUHssDf/6qgzsxXeIOfWQWs6QchlZfesyalUCqMOnL5tSyhNuHc85h880Ji7DcDsnOTb7m2q72t84XaDWu5jGvGc2wpL2KgAmOw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR04MB1264.namprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(39850400004)(366004)(396003)(136003)(346002)(316002)(110136005)(478600001)(66446008)(64756008)(19627405001)(26005)(66556008)(76116006)(6506007)(44832011)(53546011)(66476007)(86362001)(83380400001)(38100700002)(66574015)(2906002)(71200400001)(66946007)(52536014)(33656002)(9686003)(38070700005)(122000001)(7696005)(19627235002)(55016002)(8936002)(186003)(166002)(5660300002)(8676002)(91956017); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?Windows-1252?Q?nJdYoyqYExD5mQJKPZnSTCCKm5re3soCeh19h/4SMoYoAug844a3j5Hy?= =?Windows-1252?Q?dzhQWAZuEr/cv5vHmPhyEQBltgRV6m5oKTlv8TSzimntZhis509G8aJx?= =?Windows-1252?Q?ePGvA2u7l+mshfMXhInQJF/teJgZCT8gjMRSUkYzVNaMrY1WmC6Fnzha?= =?Windows-1252?Q?IjjXdspLfZCWvyW+SbTjbT2nzKpKS5cFrv/pmrnrlKKM/B8tgWcLMGG0?= =?Windows-1252?Q?/6RBjcvwiI5sa1FX+NLH+mAXdg3/RQBuzfVuK5Krr6hiJfRqoUFdLwGn?= =?Windows-1252?Q?i2CW/EkjoS1zYYVNXaaiGEaWJVLfI0K6PNYLamt9UC9zVQaNfvJ5u3tQ?= =?Windows-1252?Q?59z2ji/ePOx5q7j1GUn/qzcGeHFNctQO9HTjnZi1bY0RqlO0CYvxbuE8?= =?Windows-1252?Q?w7WZKACBMwNoAOTD82yHDLLYGjPdN1I+rY94xguQru8c/GuelTGnBAxq?= =?Windows-1252?Q?8/QztDxY0Eebf22qUOJthAsXl83IPUqaGIchy/EEXY/2hFe2FXSWwtN+?= =?Windows-1252?Q?BCpDN3f+Jch11iWXtJcIXLaB/fQIu6SraRQ9a3VEpjG446uztS3l2hn5?= =?Windows-1252?Q?WeZEcUz9m97Y/aUukUM7kXrqqHtMB4hk7a5gDyxgNGkcsDk8iM7s9U0x?= =?Windows-1252?Q?qJ5WhMKKrd3Lz/wjjBvur7lvdmekS+6moMiDYlEp4cP9XVoi2/l9RzN6?= =?Windows-1252?Q?X9kibusHmdQqD844586ZVrQZM7rOSwAMlO8EnLHgwhqjdQh7AUga2QXQ?= =?Windows-1252?Q?ljhyjq8AVIJft6vGft47vVIkALXDXZVyObI0f8o+A3gM+3XxoX39P7wv?= =?Windows-1252?Q?exVfqK6eD3wFLn+8Ib/X4K0iNQWVO7zYXQEFbgloyf0T1sAf+b4OZ0qv?= =?Windows-1252?Q?ebTWQdEqNqEFal5qSpm6hWqVeAK6r0ei0zk+BqvI8u2TplgHSquDkKa9?= =?Windows-1252?Q?1DbQX0ibYkfAj80grtcqLfuaMduMX0fADmS477v8vsoBGqTqh7EzZ8LL?= =?Windows-1252?Q?ymu7PEsbcRnz9CZP3FDI90CHNn+R7QM11GNsn8UKbCcNsr/e7T5e1lA4?= =?Windows-1252?Q?9nixDnscwX7I36qf8Ld9d0Xwb/DwR4YdAMuTpE5gbp3h8BjIwQugmYBn?= =?Windows-1252?Q?I/WHRIsSjP7mWJ/r8KEPTul7QhD+FOJpj86Lij7kWCDrJrgk9zDeZTut?= =?Windows-1252?Q?K8j/rMS6sW0D3b65zrJbJfspBaqzagRCrzk4oIIJO5oGI4UyFgoG1Fs1?= =?Windows-1252?Q?1BlIFnMJtZJjbDaqOdpKLXBncFbIEytWfzWviviZs7pe0AHrNcI68qiC?= =?Windows-1252?Q?DPfzXUR2fwY2xtgoBk791HOW1Y+q00OxAL3uZNljmKro6c1woH4TRois?= =?Windows-1252?Q?K+BW6Q3nQOxbjFNpaAk5UZLpTGw7RRjVWCs=3D?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MWHPR04MB126490567F4408E3981678908CD69MWHPR04MB1264namp_"
MIME-Version: 1.0
X-OriginatorOrg: sailpoint.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MWHPR04MB1264.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 08113f74-a771-4dec-28ec-08d97496a241
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Sep 2021 20:07:36.5371 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9c848b2a-49ba-4c39-9749-118d06717a84
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: PgJ9TJW2Z+CrxG6wZCCK+9pEQ+s3ONr5X7Hh+qKKWs+Ze2ujzKgJe1EMpzZyRHnkALid4V0CAeQeL5kFG8v5w72Xsq9RLOFjw/CBwORd61s=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR04MB0321
X-Proofpoint-GUID: 7D1dWvCdFuYIbyPwBcSxZCCovwB0JAHU
X-Proofpoint-ORIG-GUID: 7D1dWvCdFuYIbyPwBcSxZCCovwB0JAHU
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-10_08,2021-09-09_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 mlxlogscore=999 spamscore=0 adultscore=0 suspectscore=0 mlxscore=0 lowpriorityscore=0 malwarescore=0 impostorscore=0 clxscore=1011 priorityscore=1501 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109030001 definitions=main-2109100113
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/WQAusLgaQJZRcRVMkPyJt3rq77k>
Subject: Re: [scim] Call for support on proposed SCIM/SINS (re)charter
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Sep 2021 20:07:45 -0000

Nancy -

 Excellent work.

  In favor of this charter, willing to work on revising for fastfed / shared events/signals, and HR / PAM extension (a la Grizzle).

  Looking forward to moving SCIM further down the line.

 -Mike
________________________________
From: scim <scim-bounces@ietf.org> on behalf of Nancy Cam-Winget (ncamwing) <ncamwing=40cisco.com@dmarc.ietf.org>
Sent: Wednesday, September 8, 2021 19:21
To: scim@ietf.org <scim@ietf.org>
Subject: [scim] Call for support on proposed SCIM/SINS (re)charter


Hello SCIM participants,



After some virtual meetings (thank you Pam for hosting these!) and discussion, there is a new proposed charter that addresses the points raised at the IETF 111 SINS session.

This is a call for support of the charter defined below, please provide your response by Sept. 24, 2021.



As you respond in support for the charter, please also specify if you are willing to produce, review and/or implement the resulting documents.

Otherwise, do provide feedback in the time window if there are concerns or issues you see with the charter below:



Charter

The System for Cross-domain Identity Management (SCIM) specification is an HTTP-based protocol that makes managing identities in multi-domain scenarios easier. SCIM was last published in 2015 and has seen growing adoption.

One goal for this working group is to shepherd SCIM, currently RFC series 7642<https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/rfc7642__;!!MsNKLpFGsw!eTFh5jVfVk7j5EbQi8cR7GP4P6_P3P0XP4CHOXvPG1347jwVSVPPypLTkQ2tqHggOw$>w$>, 7643<https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/rfc7643__;!!MsNKLpFGsw!eTFh5jVfVk7j5EbQi8cR7GP4P6_P3P0XP4CHOXvPG1347jwVSVPPypLTkQ2sdvxDOg$>g$>, 7644<https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/rfc7644__;!!MsNKLpFGsw!eTFh5jVfVk7j5EbQi8cR7GP4P6_P3P0XP4CHOXvPG1347jwVSVPPypLTkQ09gz3ESg$>g$>, through the Internet Standard process. The group will deliver revised specifications for the SCIM requirements as Informational, and for the SCIM protocol and base schema suitable for consideration as a Standard. This work will be based upon the existing RFCs, errata and interoperabilty feedback, and incorporate current security and privacy best practices.

In addition to revising the requirements, protocol and base schema RFCs, the group will also consider additional specifications as extensions to SCIM that have found broad adoption and are ready for standards track. This includes profiles and schemas for interoperability in additional scenarios. The working group will develop additional Proposed Standard RFCs based on outcomes of the following work:

  *   Revision of the informational RFC 7642 will:
     *   Focus on Use cases and implementation patterns
        *   Pull vs. Push based use cases
        *   Events and signals use cases
        *   Deletion use cases
     *   New use cases may be added to the revised RFC
  *   Revision of RFC 7643/44 will include:
     *   Profiling SCIM relationships with other identity-centric protocols such as OAuth 2.0, OpenID Connect, Shared Signals, and Fastfed
     *   Updates to the evolution of the externalid usage
  *   Document SCIM support for synchronization-related goals between domains focused on:
     *   Handling returning large result sets through paging, based on [draft-hunt-scim-mv-paging-00]
     *   Incremental approaches to synchronization
  *   Support for deletion-related goals including:
     *   Handling Deletes in SCIM Servers that don’t allow Deletes (Soft Deletes) - based on [draft-ansari-scim-soft-delete-00]
  *   Support for advanced automation scenarios such as:
     *   Discovery and negotiation of client credentials
     *   Attribute mapping
     *   Per-attribute schema negotiation
  *   Enhance the existing schema to support exchanging of HR, Enterprise group and privileged access management (using draft-grizzle-scim-pam<https://urldefense.com/v3/__https://tools.ietf.org/id/draft-grizzle-scim-pam-ext-00.html__;!!MsNKLpFGsw!eTFh5jVfVk7j5EbQi8cR7GP4P6_P3P0XP4CHOXvPG1347jwVSVPPypLTkQ2pUlFhPA$> as a base)



Best, Nancy (as one of the BoF chairs)