Re: [scim] SCIM v3?
Paul Logston <paul.logston@gmail.com> Wed, 10 June 2020 15:54 UTC
Return-Path: <paul.logston@gmail.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E63E3A0881 for <scim@ietfa.amsl.com>; Wed, 10 Jun 2020 08:54:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xQQaEEpbyJNY for <scim@ietfa.amsl.com>; Wed, 10 Jun 2020 08:54:42 -0700 (PDT)
Received: from mail-il1-x132.google.com (mail-il1-x132.google.com [IPv6:2607:f8b0:4864:20::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9494A3A07F8 for <scim@ietf.org>; Wed, 10 Jun 2020 08:54:42 -0700 (PDT)
Received: by mail-il1-x132.google.com with SMTP id c75so2370696ila.8 for <scim@ietf.org>; Wed, 10 Jun 2020 08:54:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9zpsVaYTrpUjOc2FA968cM1R3F7WyZh+DI8X/esEH+k=; b=QFpqCCndB5QJWqH0qYwJ7Own+xWhSdITB774b5pZfBEyOFP9mMY/At5a0jKKRsCDSG 6fnIo+t3TWJFAIGnZurqzAfl1XXcNsJnMZt3j0tXIrqd3zG1tgO0HLGOb67Ju4RMdHge ukPyX1uv3hnFn6o3pqzUPTe/zaacbE3S/T9rlJGlQxIQbnwyrj4FpPM28+2ua8+9pdIL /I/fWQ7dHA/0aFwA+YDlGd9QrquBrV12GAeG8LliRhQX1aybF2uGX37sU2J/PxSnHypV II+J3U/FiE+VZST3y6E7/buzKafLkl8JVa9kTebtOjFUo5OmSK6jkjCVjC71mIkjtkvT UFIw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9zpsVaYTrpUjOc2FA968cM1R3F7WyZh+DI8X/esEH+k=; b=gWC9lSd1uo75GzaAoQeTC1XTh0Grk6NiZ4u1PMSYJhfT/Do8sFLG6NlnUv6b9f5zmS OlKdaHRgZuHBwR2ligVAKl3F/MytFYSqsz25DMkqhCX9CJ8nfn9xuII48pzhlrhYziXR y4HDSlBi1UZyp/txxbHQJd1/PKAliNslqlmtNniSWUyoNtfFs3SNByXCMl0WrMcpF+w4 FhteVfOzll+OfobBvaYhYcGPHCzUokbFtnZ4BIMiBwikAh3pEIBKsITtpuG2Bj/irSlf 6vUW8urDZBMf+GQX5QveiGH4FibVBv5seCEa96mwOaKWqX3gwCCva9B4sroacOeJ7OP6 4MTA==
X-Gm-Message-State: AOAM530nFYRns9e4G4aM14P4Z1ji0+/v1EQm25NSUsnVjde/Osm88xEH qbyUPG49OQHmE0JU9wkaP4lnIRFmsO4s1ZNxk/mj8lkt
X-Google-Smtp-Source: ABdhPJy+a4/5Mm7eodWz91dDgzdtWWsC2S8LbBRXxnAs18ZReOIjpPcj2yWP9z1rph50CVVBiOSow41CKIL+wtICiEw=
X-Received: by 2002:a92:2a06:: with SMTP id r6mr3535897ile.121.1591804481193; Wed, 10 Jun 2020 08:54:41 -0700 (PDT)
MIME-Version: 1.0
References: <F4D06C51-8D39-4AA3-83B0-6D6982C451C7@cisco.com> <A9824A60-BFB0-4047-8C09-6328CE497E36@independentid.com> <CA+7VvRZ0HVo_hTk_zx+bt+d5T9T0gue2VeY5tN1haSwG_xA-bg@mail.gmail.com> <21CF422B-4F2F-41E6-AC48-9B37929A5E25@darranrolls.com> <DM6PR00MB0666B2889D8D37FDC01316C3A6820@DM6PR00MB0666.namprd00.prod.outlook.com> <DM6PR04MB460489A55B634872BDFB760BF2820@DM6PR04MB4604.namprd04.prod.outlook.com> <33A15947-36F7-4197-9F9C-B4EC82D6B745@darranrolls.com>
In-Reply-To: <33A15947-36F7-4197-9F9C-B4EC82D6B745@darranrolls.com>
From: Paul Logston <paul.logston@gmail.com>
Date: Wed, 10 Jun 2020 23:54:30 +0800
Message-ID: <CAJPJM9JkVjV+gYFd6f-TNjhDZ_0uxpQBMnfjZNw=bCaA2RBAjQ@mail.gmail.com>
To: Darran Rolls <me@darranrolls.com>
Cc: Matt Domsch <matt.domsch@sailpoint.com>, Anthony Nadalin <tonynad=40microsoft.com@dmarc.ietf.org>, "scim@ietf.org" <scim@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a74c2505a7bcdce3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/YSug3UPzH1T8_W9BFakoncfTE_M>
Subject: Re: [scim] SCIM v3?
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jun 2020 15:54:45 -0000
Thanks Darran, see you then. Paul Logston (510) 755 - 4474 paul.logston@gmail.com linkedin.com/in/paullogston <https://www.linkedin.com/in/paullogston/> On Wed, Jun 10, 2020 at 8:47 PM Darran Rolls <me@darranrolls.com> wrote: > I’m going to jump in and reserve an hour on Thursday 25th at 11am central > US time. Here are the meeting details: > > > > https://zoom.us/j/92197243294 > > Meeting ID: 921 9724 3294 > > Find your local number: https://zoom.us/u/aedUwgpW02 > > > > Darran > > > > *From: *Matt Domsch <matt.domsch@sailpoint.com> > *Date: *Tuesday, June 9, 2020 at 11:08 AM > *To: *Anthony Nadalin <tonynad=40microsoft.com@dmarc.ietf.org>, Darran > Rolls <me@darranrolls.com>, "scim@ietf.org" <scim@ietf.org> > *Subject: *RE: [scim] SCIM v3? > > > > We’ll definitely ask for a BOF, or if the charter and its approvals can be > done in time, a formal WG session at IETF 108. That may be pushing it, but > the area directors think it’s possible. They’ve offered to reserve a time > as a BOF now. > > > > I can attend any of Darran’s suggested times for a videoconference. > > > > Thanks, > Matt > > > > *Matt Domsch* > *VP, Lead Corporate Architect* > matt.domsch@sailpoint.com > > mobile: 512-981-6486 > *www.sailpoint.com <http://www.sailpoint.com/>* > > > > > > *From:* scim <scim-bounces@ietf.org> *On Behalf Of * Anthony Nadalin > *Sent:* Tuesday, June 9, 2020 9:40 AM > *To:* Darran Rolls <me@darranrolls.com>; scim@ietf.org > *Subject:* Re: [scim] SCIM v3? > > > > It may be better to have a bof for ietf 108. I think there are some > updates that could be made to SCIM as we have some things on our list, but > I’m not sure that another directory protocol is what is needed > > > > *From:* scim <scim-bounces@ietf.org> *On Behalf Of *Darran Rolls > *Sent:* Tuesday, June 9, 2020 5:27 AM > *To:* scim@ietf.org > *Subject:* [EXTERNAL] Re: [scim] SCIM v3? > > > > So, I read lots of interest to restart and contribute – excellent. > > > > In the interest of rapidly moving towards a strawman charter, I’ll take a > first pass at what that charter might look like and send it out here for > comment. If no one has any objection, I propose we set a time for an > “interest-group call” mid/late next week? I know it’s tricky and a little > unfair to throw out call times without more prior planning BUT if we can > move this along quickly we can catch the IETF 108 train. > > > > So, is there support to hold one of the following times next week for a > conversation on that (to be sent) strawman charter? LMK if anyone feels > that’s too tight or unfair for folks that are interested but can’t make it > and we can stick to a list-only conversation. > > > > 10am Central US Wednesday 24th > > 11am Central US Wednesday 24th > > --- > > 10am Central US Thursday 25th > > 11am Central US Thursday 25th > > --- > > 10am Central US Friday 26th > > 11am Central US Friday 26th > > > > Thanks > > Darran > > > > *From: *Paul Lanzi <paul@remediant.com> > *Date: *Monday, June 8, 2020 at 11:30 AM > *To: *Darran Rolls <me@darranrolls.com>, "scim@ietf.org" <scim@ietf.org> > *Subject: *Re: [scim] SCIM v3? > > > > Darran, all -- > > > > I think a relook at some of the items you mentioned would be great -- > count me in! > > > > On this topic: > > > Ratification of extension to address Privilege Account Management user > cases > > > We've had some discussions with the SailPoint folks (most notably: David > Lee, Matt Domsch and more recently, Adam C) that the current SCIM-PAM API > is very specifically focused on supporting password-vault use cases, and > doesn't have an allowance for the Just-In-Time PAM approach. Both the > Identity Defined Security Alliance (IDSA) and Gartner have recently > recognized this approach, and I think it would make sense to further extend > the SCIM-PAM proposal to also include the use cases around JIT PAM. I'm > happy to help contribute towards the technical work needed to do so. > > Thanks, > > --Paul > > --Co-Founder @ Remediant > > [image: Image removed by sender.]ᐧ > > > > On Mon, Jun 8, 2020 at 8:59 AM Phillip Hunt <phil.hunt@independentid.com> > wrote: > > Thanks Elliot. > > > > A number of these features including MVA filtering and paging are based on > a desire to build front end IDM management UIs to SCIM API providers. > > > > One could say this would begin to move SCIM from a provisioning protocol > to a “directory” protocol. Is SCIM Directory a theme that would drive > interest in a new charter? > > Phil > > > > On Jun 8, 2020, at 2:38 AM, Eliot Lear <lear@cisco.com> wrote: > > Hi Paul, > > > > As a hanger-on, I like your list. I don’t see the value in paging, but > clearly a great many others do, so I have something to learn. > > > > Eliot > > > > On 8 Jun 2020, at 10:34, Paul Logston <paul.logston@gmail.com> wrote: > > > > Hi Darran and Phil, > > > > I am interested in being part of this discussion. I work for a > company that regularly uses the SCIM protocol and we have a use for a > number of the extensions Darran suggested above. > > > > Best, > > Paul > > > Paul Logston > (510) 755 - 4474 > > paul.logston@gmail..com <paul.logston@gmail.com> > > linkedin.com/in/paullogston > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fpaullogston%2F&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386708033&sdata=7M3nM2ir6U%2BCgYbZOed6DGSflQc4jy7%2FxOE5Bqqpyu0%3D&reserved=0> > > > > > > > > On Sun, Jun 7, 2020 at 3:32 AM Phillip Hunt <phil.hunt@independentid.com> > wrote: > > Darran > > > > Good to hear! > > > > I am not sure these items require a v3. I believe these all can be done > via extensions thus maintaining backwards compatibility. > > > > For example I did submit a proposal for paged attributes based on the > current drafts. > > > > https://tools..ietf.org/html/draft-hunt-scim-mv-paging-00 > <https://tools.ietf..org/html/draft-hunt-scim-mv-paging-00> > > > > I think we have to see if there is sufficient interest to charter a WG and > determine interest in specific items. > > > > Another long term issue compliance issues. For this we to find an > independent organization to develop and host an interop test suite as > compliance testing is not something the IETF does. This will likely > require direct donation of funds and time. This is how things happened for > OIDC testing. > > Phil Hunt > > > > On Jun 6, 2020, at 10:15 AM, Darran Rolls <me@darranrolls..com > <me@darranrolls.com>> wrote: > > Hello SCIM folks, > > > > To introduce myself to the group, up until March of this year I was the > CTO at SailPoint and worked with Kelly Grizzle and Matt Domsch on all > things identity standards. I'm now consulting and engaging on various > projects around the IAM space. > > > > Having chatted with Leif and Morteza directly, I wanted to bring a > discussion back here to the full WG alias. As several of you will already > know, I’d like to formally make a request to re-chartering this WG. The > goal of the WG would be to address the ratification of the following work > items: > > > > - Protocol /operational enhancements > > > - Multi-value paging & cursor pagination > - Relying party user provisioning > - Soft Delete > - Interop and testing capabilities > > > - New schema to address > > > - Extended HR /user data and related action events > - Ratification of extension to address Privilege Account Management > user cases > > > > I therefore seek your comments and input on this proposal. Are you > interested to participate? What is missing from the above list of work > items? Is there support for an informal interest-group call sometime in > the next two weeks? > > > > Thanks > > Darran > > > > -- > > https://www.darranrolls.com > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.darranrolls.com%2F&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386718036&sdata=rCp7YeXBYLgKG8yDmT0IZxp0bcddlPV8JIZNht9mgrY%3D&reserved=0> > > LinkedIn > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdarran-rolls-068b84&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386728031&sdata=oLPoy3%2BnrAeO5GMFkP2RVn8WpskrxP7fNIwJx6tCbH8%3D&reserved=0> > @djrolls > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fdjrolls&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386728031&sdata=sQK%2B0BI5bKQjCFt78zCeGmd3UIN5QmOfqFuqEmX4ncA%3D&reserved=0> > > > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > <https://www.ietf..org/mailman/listinfo/scim> > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386738025&sdata=6jbsd0ErjL%2Ba2UbnN3mUTJ2m%2BfE6P7c2pNG1XMxlBJw%3D&reserved=0> > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386748018&sdata=ZTOfVOy18FxvswVRRQvqLkdR3QprxTOSud8T%2BxgkdBs%3D&reserved=0> > > > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386748018&sdata=ZTOfVOy18FxvswVRRQvqLkdR3QprxTOSud8T%2BxgkdBs%3D&reserved=0> > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim >
- [scim] SCIM v3? Darran Rolls
- Re: [scim] SCIM v3? Phillip Hunt
- Re: [scim] SCIM v3? Paul Logston
- Re: [scim] SCIM v3? Eliot Lear
- Re: [scim] SCIM v3? Phillip Hunt
- Re: [scim] SCIM v3? Darran Rolls
- Re: [scim] SCIM v3? Anthony Nadalin
- Re: [scim] SCIM v3? Paul Logston
- Re: [scim] SCIM v3? Matt Peterson (mpeterso)
- Re: [scim] SCIM v3? Matt Domsch
- Re: [scim] SCIM v3? Darran Rolls
- Re: [scim] SCIM v3? Paul Logston
- Re: [scim] SCIM v3? Matt Domsch
- Re: [scim] SCIM v3? Paul Logston
- Re: [scim] SCIM v3? Darran Rolls