IETF Logo Mail Archive

Re: [scim] how to describe SCIM extensions in the modern world

Phillip Hunt <phil.hunt@independentid.com> Wed, 25 January 2023 16:02 UTC

Return-Path: <phil.hunt@independentid.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EF11C15152F for <scim@ietfa.amsl.com>; Wed, 25 Jan 2023 08:02:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.002
X-Spam-Level:
X-Spam-Status: No, score=-1.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, MIME_HTML_ONLY_MULTI=0.001, MIME_QP_LONG_LINE=0.001, MPART_ALT_DIFF=0.79, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=independentid-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W54-Zoqr6mOm for <scim@ietfa.amsl.com>; Wed, 25 Jan 2023 08:02:51 -0800 (PST)
Received: from mail-pj1-x102f.google.com (mail-pj1-x102f.google.com [IPv6:2607:f8b0:4864:20::102f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7F37C14CE51 for <scim@ietf.org>; Wed, 25 Jan 2023 08:02:51 -0800 (PST)
Received: by mail-pj1-x102f.google.com with SMTP id o13so19002171pjg.2 for <scim@ietf.org>; Wed, 25 Jan 2023 08:02:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=independentid-com.20210112.gappssmtp.com; s=20210112; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=N2c1JeYZrs0PaRbHTAZy4RVq8GNtCXNlLB3cZBPUIoc=; b=BxJMztfWGuP+0LOPIyTN6c4wnJYYSnk1guHv9mlDHdb5BgPJvdrt8SJ8P2pt3pGmT1 mgJnefKLBL02WCV1uqSkT4qWhEPPIZ+P7XV/dYkrI9ukUYtuFn9K6r79RhqG9gLnRGlC cVmho0T12TMS6bmr4AyJYxJgD/r/XYZkHl6wDgugLcK48PjQ+PAEDMEqf9i/7Z3zzyB5 33IKckPBW1nNIZq0pZ5r3STo4LDJEVQdVbToGFWCNQnnrIaASlURqbTCxHzo8ZX7Ff4B t0fwDLsuZ0YJ3OyQpiaf+XQLHjYYzvD5Nls6GxK3bGc7du2VmoW7Uy1sNfswUTPpK1Jh J1lg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=N2c1JeYZrs0PaRbHTAZy4RVq8GNtCXNlLB3cZBPUIoc=; b=stBT6nEAuvFrC2zijjRYGE8mFNilWB1usSpCXYRmvt1bk0MC9DpomSg/ebJcfsLamf YYXy6q7U16LLn9Y2UWfy+836C72g9OPN7W1iOMfin9bK//LUKZkKv144XJPSh2ntfG1J saqX1V078snN4tgKDUISBwwIitcvKbFzM0WiWjU8WZYjC4muwRMUC6IgjXzIhLU9nj7E c6BdOIntUAMcnUqTBLwS80HstE1SZcllbH5naj52yK46manV65jFV9BgL1EbSNup/V0M Y1j6C6Aa2IPOA5/fskj762JRKNW8yol8v4m41H4XiMSXsaOAWXWKXufUxiNn2R9I+mpi vJlg==
X-Gm-Message-State: AFqh2koQZek3u8Tm4kll4iLJuUQp6WdN0Wd31GtLYPItRl3SLy15B2a1 awB0JCCqHyL/T26i06bCD0KNwp5apErJJc31
X-Google-Smtp-Source: AMrXdXth9GxQpKP2t4JNmNHdXJ4yQ7+I6ilKsHn5+SUzCqkL0Cw/fbJ2eh5R7s6k8p+CM6PbSp1LRg==
X-Received: by 2002:a17:903:1355:b0:194:4339:112e with SMTP id jl21-20020a170903135500b001944339112emr29098264plb.60.1674662570259; Wed, 25 Jan 2023 08:02:50 -0800 (PST)
Received: from smtpclient.apple (node-1w7jr9plyoqwud7i6ci15kkwh.ipv6.telus.net. [2001:569:540c:4900:9588:2066:dcc1:8fd1]) by smtp.gmail.com with ESMTPSA id t14-20020a170902e84e00b00194d8a98a20sm3854655plg.46.2023.01.25.08.02.49 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 25 Jan 2023 08:02:49 -0800 (PST)
Content-Type: multipart/alternative; boundary="Apple-Mail-E2EBA68C-2CB2-4068-BF6D-5932F04202A9"
Content-Transfer-Encoding: 7bit
From: Phillip Hunt <phil.hunt@independentid.com>
Mime-Version: 1.0 (1.0)
Date: Wed, 25 Jan 2023 08:02:38 -0800
Message-Id: <92DD8F7F-0BBF-4326-AC0C-4A073BBBD7A4@independentid.com>
References: <CAH9eYVpO2+EVeRDrCYxjQYfMvVc8d4vNNFmSuN52Ng7ya_4Y7Q@mail.gmail.com>
Cc: Eliot Lear <lear@lear.ch>, scim@ietf.org, Carsten Bormann <cabo@tzi.org>
In-Reply-To: <CAH9eYVpO2+EVeRDrCYxjQYfMvVc8d4vNNFmSuN52Ng7ya_4Y7Q@mail.gmail.com>
To: Brian Demers <brian.demers@gmail.com>
X-Mailer: iPhone Mail (20C65)
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/Yjjb7H5qFYoky79dYj98Em3bc98>
Subject: Re: [scim] how to describe SCIM extensions in the modern world
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jan 2023 16:02:52 -0000

Sorry if this is a bit rambly. I am having my morning coffee. This would definitely be a good conversation over beers. 

I would say scim is more like a database system where resources are served through a common api. The types of resources and their attributes discoverable at service provider endpoints (schemas and resource types). 

While many implement scim with fixed classes for each endpoint, some providers implement like a database (eg i2scim.io) and can serve any resource object through the common api simply by updating schema configuration and taking advantage of nosql and json friendly databases. H

One other thing scim does the others do not is inform clients about mutability. Is an attribute readonly, write only,  immutable, updatable etc. 

JsonSchema and openapi introduce tightly bound structures and even rules for one time use. The goal here is to generate code quickly over the cost of flexibility.  I have to admit this is not really a problem any more given continuous integration and iterative development. 

One issue with JsonSchema seems to be that the spec forked. I found this frustrating trying to describe scim in it as both had needed pieces. 🙄

Phil

On Jan 25, 2023, at 7:24 AM, Brian Demers <brian.demers@gmail.com> wrote:


IMHO, I think there should be an _official_ set of reference schema (as defined in rfc7643) and an OpenAPI definition.
There is some overlap here, but I think they serve slightly different purposes.

The schema allows for a developer reference and for things that are not defined (or easily defined) in an OpenAPI definition (case sensitivity, uniqueness, returned, etc)

The OpenAPI spec may facilitate generating a basic client, a stub server, basic tests, or debugging (using an OpenAPI UI or something like Postman)

On the implementation side of things, I'm guessing all of the OpenAPI models could be translated from the schema (though extensions and canonical types might get a little tricky)



On Wed, Jan 25, 2023 at 9:36 AM Eliot Lear <lear@lear.ch> wrote:

Hi everyone,

Last year I said that we were looking for the best way to describe SCIM extensions.  Realistically the world is going in one of three directions:

  • JSON Schema;
  • OpenAPI; and
  • AsyncAPI

JSON Schema presents some challenges for Internet-Drafts in that it doesn't fold well.  Not that this should be the key design decision, but it is annoying.

OpenAPI and AsyncAPI each borrow from JSON Schema.  OpenAPI directly maps to a RESTful interface while AsyncAPI can map to Other Things like MQTT.  But it too seems to be able to map to RESTful.

Do people have thoughts about this?

Eliot

_______________________________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim" rel="noreferrer nofollow" target="_blank">https://www.ietf.org/mailman/listinfo/scim
_______________________________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim

v2.23.0 | Report a Bug | By Email