IETF Logo Mail Archive

Re: [scim] SCIM v3?

Paul Logston <paul.logston@gmail.com> Wed, 10 June 2020 15:54 UTC

Return-Path: <paul.logston@gmail.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E63E3A0881 for <scim@ietfa.amsl.com>; Wed, 10 Jun 2020 08:54:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xQQaEEpbyJNY for <scim@ietfa.amsl.com>; Wed, 10 Jun 2020 08:54:42 -0700 (PDT)
Received: from mail-il1-x132.google.com (mail-il1-x132.google.com [IPv6:2607:f8b0:4864:20::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9494A3A07F8 for <scim@ietf.org>; Wed, 10 Jun 2020 08:54:42 -0700 (PDT)
Received: by mail-il1-x132.google.com with SMTP id c75so2370696ila.8 for <scim@ietf.org>; Wed, 10 Jun 2020 08:54:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9zpsVaYTrpUjOc2FA968cM1R3F7WyZh+DI8X/esEH+k=; b=QFpqCCndB5QJWqH0qYwJ7Own+xWhSdITB774b5pZfBEyOFP9mMY/At5a0jKKRsCDSG 6fnIo+t3TWJFAIGnZurqzAfl1XXcNsJnMZt3j0tXIrqd3zG1tgO0HLGOb67Ju4RMdHge ukPyX1uv3hnFn6o3pqzUPTe/zaacbE3S/T9rlJGlQxIQbnwyrj4FpPM28+2ua8+9pdIL /I/fWQ7dHA/0aFwA+YDlGd9QrquBrV12GAeG8LliRhQX1aybF2uGX37sU2J/PxSnHypV II+J3U/FiE+VZST3y6E7/buzKafLkl8JVa9kTebtOjFUo5OmSK6jkjCVjC71mIkjtkvT UFIw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9zpsVaYTrpUjOc2FA968cM1R3F7WyZh+DI8X/esEH+k=; b=gWC9lSd1uo75GzaAoQeTC1XTh0Grk6NiZ4u1PMSYJhfT/Do8sFLG6NlnUv6b9f5zmS OlKdaHRgZuHBwR2ligVAKl3F/MytFYSqsz25DMkqhCX9CJ8nfn9xuII48pzhlrhYziXR y4HDSlBi1UZyp/txxbHQJd1/PKAliNslqlmtNniSWUyoNtfFs3SNByXCMl0WrMcpF+w4 FhteVfOzll+OfobBvaYhYcGPHCzUokbFtnZ4BIMiBwikAh3pEIBKsITtpuG2Bj/irSlf 6vUW8urDZBMf+GQX5QveiGH4FibVBv5seCEa96mwOaKWqX3gwCCva9B4sroacOeJ7OP6 4MTA==
X-Gm-Message-State: AOAM530nFYRns9e4G4aM14P4Z1ji0+/v1EQm25NSUsnVjde/Osm88xEH qbyUPG49OQHmE0JU9wkaP4lnIRFmsO4s1ZNxk/mj8lkt
X-Google-Smtp-Source: ABdhPJy+a4/5Mm7eodWz91dDgzdtWWsC2S8LbBRXxnAs18ZReOIjpPcj2yWP9z1rph50CVVBiOSow41CKIL+wtICiEw=
X-Received: by 2002:a92:2a06:: with SMTP id r6mr3535897ile.121.1591804481193; Wed, 10 Jun 2020 08:54:41 -0700 (PDT)
MIME-Version: 1.0
References: <F4D06C51-8D39-4AA3-83B0-6D6982C451C7@cisco.com> <A9824A60-BFB0-4047-8C09-6328CE497E36@independentid.com> <CA+7VvRZ0HVo_hTk_zx+bt+d5T9T0gue2VeY5tN1haSwG_xA-bg@mail.gmail.com> <21CF422B-4F2F-41E6-AC48-9B37929A5E25@darranrolls.com> <DM6PR00MB0666B2889D8D37FDC01316C3A6820@DM6PR00MB0666.namprd00.prod.outlook.com> <DM6PR04MB460489A55B634872BDFB760BF2820@DM6PR04MB4604.namprd04.prod.outlook.com> <33A15947-36F7-4197-9F9C-B4EC82D6B745@darranrolls.com>
In-Reply-To: <33A15947-36F7-4197-9F9C-B4EC82D6B745@darranrolls.com>
From: Paul Logston <paul.logston@gmail.com>
Date: Wed, 10 Jun 2020 23:54:30 +0800
Message-ID: <CAJPJM9JkVjV+gYFd6f-TNjhDZ_0uxpQBMnfjZNw=bCaA2RBAjQ@mail.gmail.com>
To: Darran Rolls <me@darranrolls.com>
Cc: Matt Domsch <matt.domsch@sailpoint.com>, Anthony Nadalin <tonynad=40microsoft.com@dmarc.ietf.org>, "scim@ietf.org" <scim@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a74c2505a7bcdce3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/YSug3UPzH1T8_W9BFakoncfTE_M>
Subject: Re: [scim] SCIM v3?
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jun 2020 15:54:45 -0000

Thanks Darran, see you then.

Paul Logston
(510) 755 - 4474
paul.logston@gmail.com
linkedin.com/in/paullogston <https://www.linkedin.com/in/paullogston/>



On Wed, Jun 10, 2020 at 8:47 PM Darran Rolls <me@darranrolls.com> wrote:

> I’m going to jump in and reserve an hour on Thursday 25th at 11am central
> US time.   Here are the meeting details:
>
>
>
> https://zoom.us/j/92197243294
>
> Meeting ID: 921 9724 3294
>
> Find your local number: https://zoom.us/u/aedUwgpW02
>
>
>
> Darran
>
>
>
> *From: *Matt Domsch <matt.domsch@sailpoint.com>
> *Date: *Tuesday, June 9, 2020 at 11:08 AM
> *To: *Anthony Nadalin <tonynad=40microsoft.com@dmarc.ietf.org>, Darran
> Rolls <me@darranrolls.com>, "scim@ietf.org" <scim@ietf.org>
> *Subject: *RE: [scim] SCIM v3?
>
>
>
> We’ll definitely ask for a BOF, or if the charter and its approvals can be
> done in time, a formal WG session at IETF 108.  That may be pushing it, but
> the area directors think it’s possible.  They’ve offered to reserve a time
> as a BOF now.
>
>
>
> I can attend any of Darran’s suggested times for a videoconference.
>
>
>
> Thanks,
> Matt
>
>
>
> *Matt Domsch*
> *VP, Lead Corporate Architect*
> matt.domsch@sailpoint.com
>
> mobile: 512-981-6486
> *www.sailpoint.com <http://www.sailpoint.com/>*
>
>
>
>
>
> *From:* scim <scim-bounces@ietf.org> *On Behalf Of * Anthony Nadalin
> *Sent:* Tuesday, June 9, 2020 9:40 AM
> *To:* Darran Rolls <me@darranrolls.com>; scim@ietf.org
> *Subject:* Re: [scim] SCIM v3?
>
>
>
> It may be better to have a bof for ietf 108. I think there are some
> updates that could be made to SCIM as we have some things on our list, but
> I’m not sure that another directory protocol is what is needed
>
>
>
> *From:* scim <scim-bounces@ietf.org> *On Behalf Of *Darran Rolls
> *Sent:* Tuesday, June 9, 2020 5:27 AM
> *To:* scim@ietf.org
> *Subject:* [EXTERNAL] Re: [scim] SCIM v3?
>
>
>
> So, I read lots of interest to restart and contribute – excellent.
>
>
>
> In the interest of rapidly moving towards a strawman charter, I’ll take a
> first pass at what that charter might look like and send it out here for
> comment.  If no one has any objection, I propose we set a time for an
> “interest-group call” mid/late next week?  I  know it’s tricky and a little
> unfair to throw out call times without more prior planning BUT if we can
> move this along quickly we can catch the IETF 108 train.
>
>
>
> So, is there support to hold one of the following times next week for a
> conversation on that (to be sent) strawman charter?  LMK if anyone feels
> that’s too tight or unfair for folks that are interested but can’t make it
> and we can stick to a list-only conversation.
>
>
>
> 10am Central US Wednesday 24th
>
> 11am  Central US Wednesday 24th
>
> ---
>
> 10am Central US Thursday 25th
>
> 11am  Central US Thursday 25th
>
> ---
>
> 10am Central US Friday 26th
>
> 11am  Central US Friday 26th
>
>
>
> Thanks
>
> Darran
>
>
>
> *From: *Paul Lanzi <paul@remediant.com>
> *Date: *Monday, June 8, 2020 at 11:30 AM
> *To: *Darran Rolls <me@darranrolls.com>, "scim@ietf.org" <scim@ietf.org>
> *Subject: *Re: [scim] SCIM v3?
>
>
>
> Darran, all --
>
>
>
> I think a relook at some of the items you mentioned would be great --
> count me in!
>
>
>
> On this topic:
>
> > Ratification of extension to address Privilege Account Management user
> cases
>
>
> We've had some discussions with the SailPoint folks (most notably: David
> Lee, Matt Domsch and more recently, Adam C) that the current SCIM-PAM API
> is very specifically focused on supporting password-vault use cases, and
> doesn't have an allowance for the Just-In-Time PAM approach. Both the
> Identity Defined Security Alliance (IDSA) and Gartner have recently
> recognized this approach, and I think it would make sense to further extend
> the SCIM-PAM proposal to also include the use cases around JIT PAM. I'm
> happy to help contribute towards the technical work needed to do so.
>
> Thanks,
>
> --Paul
>
> --Co-Founder @ Remediant
>
> [image: Image removed by sender.]ᐧ
>
>
>
> On Mon, Jun 8, 2020 at 8:59 AM Phillip Hunt <phil.hunt@independentid.com>
> wrote:
>
> Thanks Elliot.
>
>
>
> A number of these features including MVA filtering and paging are based on
> a desire to build front end IDM management UIs to SCIM API providers.
>
>
>
> One could say this would begin to move SCIM from a provisioning protocol
> to a “directory” protocol. Is SCIM Directory a theme that would drive
> interest in a new charter?
>
> Phil
>
>
>
> On Jun 8, 2020, at 2:38 AM, Eliot Lear <lear@cisco.com> wrote:
>
> Hi Paul,
>
>
>
> As a hanger-on, I like your list.  I don’t see the value in paging, but
> clearly a great many others do, so I have something to learn.
>
>
>
> Eliot
>
>
>
> On 8 Jun 2020, at 10:34, Paul Logston <paul.logston@gmail.com> wrote:
>
>
>
> Hi Darran and Phil,
>
>
>
> I am interested in being part of this discussion. I work for a
> company that regularly uses the SCIM protocol and we have a use for a
> number of the extensions Darran suggested above.
>
>
>
> Best,
>
> Paul
>
>
> Paul Logston
> (510) 755 - 4474
>
> paul.logston@gmail..com <paul.logston@gmail.com>
>
> linkedin.com/in/paullogston
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fpaullogston%2F&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386708033&sdata=7M3nM2ir6U%2BCgYbZOed6DGSflQc4jy7%2FxOE5Bqqpyu0%3D&reserved=0>
>
>
>
>
>
>
>
> On Sun, Jun 7, 2020 at 3:32 AM Phillip Hunt <phil.hunt@independentid.com>
> wrote:
>
> Darran
>
>
>
> Good to hear!
>
>
>
> I am not sure these items require a v3. I believe these all can be done
> via extensions thus maintaining backwards compatibility.
>
>
>
> For example I did submit a proposal for paged attributes based on the
> current drafts.
>
>
>
> https://tools..ietf.org/html/draft-hunt-scim-mv-paging-00
> <https://tools.ietf..org/html/draft-hunt-scim-mv-paging-00>
>
>
>
> I think we have to see if there is sufficient interest to charter a WG and
> determine interest in specific items.
>
>
>
> Another long term issue compliance issues. For this we to find an
> independent organization to develop and host an interop test suite as
> compliance testing is not something the IETF does.  This will likely
> require direct donation of funds and time. This is how things happened for
> OIDC testing.
>
> Phil Hunt
>
>
>
> On Jun 6, 2020, at 10:15 AM, Darran Rolls <me@darranrolls..com
> <me@darranrolls.com>> wrote:
>
> Hello SCIM folks,
>
>
>
> To introduce myself to the group, up until March of this year I was the
> CTO at SailPoint and worked with Kelly Grizzle and Matt Domsch on all
> things identity standards.  I'm now consulting and engaging on various
> projects around the IAM space.
>
>
>
> Having chatted with Leif and Morteza directly, I wanted to bring a
> discussion back here to the full WG alias.  As several of you will already
> know, I’d like to formally make a request to re-chartering this WG.  The
> goal of the WG would be to address the ratification of the following work
> items:
>
>
>
>    - Protocol /operational enhancements
>
>
>    - Multi-value paging & cursor pagination
>       - Relying party user provisioning
>       - Soft Delete
>       - Interop and testing capabilities
>
>
>    - New schema to address
>
>
>    - Extended HR /user data and related action events
>       - Ratification of extension to address Privilege Account Management
>       user cases
>
>
>
> I therefore seek your comments and input on this  proposal.  Are you
> interested to participate?  What is missing from the above list of work
> items?  Is there support for an informal interest-group call sometime in
> the next two weeks?
>
>
>
> Thanks
>
> Darran
>
>
>
> --
>
> https://www.darranrolls.com
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.darranrolls.com%2F&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386718036&sdata=rCp7YeXBYLgKG8yDmT0IZxp0bcddlPV8JIZNht9mgrY%3D&reserved=0>
>
> LinkedIn
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdarran-rolls-068b84&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386728031&sdata=oLPoy3%2BnrAeO5GMFkP2RVn8WpskrxP7fNIwJx6tCbH8%3D&reserved=0>
> @djrolls
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fdjrolls&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386728031&sdata=sQK%2B0BI5bKQjCFt78zCeGmd3UIN5QmOfqFuqEmX4ncA%3D&reserved=0>
>
>
>
> _______________________________________________
> scim mailing list
> scim@ietf.org
> https://www.ietf.org/mailman/listinfo/scim
> <https://www.ietf..org/mailman/listinfo/scim>
>
> _______________________________________________
> scim mailing list
> scim@ietf.org
> https://www.ietf.org/mailman/listinfo/scim
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386738025&sdata=6jbsd0ErjL%2Ba2UbnN3mUTJ2m%2BfE6P7c2pNG1XMxlBJw%3D&reserved=0>
>
> _______________________________________________
> scim mailing list
> scim@ietf.org
> https://www.ietf.org/mailman/listinfo/scim
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386748018&sdata=ZTOfVOy18FxvswVRRQvqLkdR3QprxTOSud8T%2BxgkdBs%3D&reserved=0>
>
>
>
> _______________________________________________
> scim mailing list
> scim@ietf.org
> https://www.ietf.org/mailman/listinfo/scim
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386748018&sdata=ZTOfVOy18FxvswVRRQvqLkdR3QprxTOSud8T%2BxgkdBs%3D&reserved=0>
>
> _______________________________________________
> scim mailing list
> scim@ietf.org
> https://www.ietf.org/mailman/listinfo/scim
>

v2.23.0 | Report a Bug | By Email