IETF Logo Mail Archive

[scim] May 2022: Update on status of SCIM Schema and Protocol revision work

Danny Zollner <Danny.Zollner@microsoft.com> Wed, 11 May 2022 15:44 UTC

Return-Path: <Danny.Zollner@microsoft.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAE20C15E6D3 for <scim@ietfa.amsl.com>; Wed, 11 May 2022 08:44:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.675
X-Spam-Level:
X-Spam-Status: No, score=-2.675 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.575, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k_anQWIHVodU for <scim@ietfa.amsl.com>; Wed, 11 May 2022 08:44:52 -0700 (PDT)
Received: from na01-obe.outbound.protection.outlook.com (mail-eus2azlp170100001.outbound.protection.outlook.com [IPv6:2a01:111:f403:c110::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C79BEC15E3E3 for <scim@ietf.org>; Wed, 11 May 2022 08:44:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EqBN0gtcGAjFBnqW05BWKvwm9OUNThsN2YjlGYRLsROLuQ6Y9f21t0mGEtUyuRZ/KZ+wAa119+HzBfDAfOO5FR8f9/dOG6LBRgd4sFyzrjyuHOUhRy+vtPZ3o7fR5v51o3dzSNRefvNJgrQzFl7F/69wWXbLRD9D9OA6DbmrhxEgAVRocymrAZteI4q7T6JNsZA5QejYSTA1yfno3yyBSRk5khjDU5FycZoU/Ls4/541VYImwl1uf2c7JlKwkZOlwHypsbVBEKcGe7GCS7IuSNdYeaskSaH2REsMkn8mn7iwCgIyF+fql2H4JKwlluVHjLeYkwRokaUfVZAUTRVTmQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=1HCok044I/1ZLKIya+ykcLfesPxmSFMkxg6y1+owQ58=; b=n0kFB8ZQh5xQZCwzXP39bSY/VSeXb8q83SlRDicnycKb6hLvflkMwaTvN3RKDeld4KWgVNqCSx8XdKF0nDvoNG65oeFWF45PFsRWlCufhh269Sv9s7PZnR78t8evNI5Vwj+TLIZrl+qd+qZLJJkx3Aj1pntK7cVaJ067l07VHLkYaqtL5BQOPJyb1FgMfTSdVs+lC+gAd6rNBXTjFF8k8Ijt9aovfzmZMXyVmjrEnef3RZ871mTbcOFkuzxhmY1+Kfq0anqXsYMDl1GpCBixzWM33iBE3o1nnM7y3neR8rTwn42QqMOoeUKb+gmFb8etuZOB4ev2b5sYMJv7fsMx9g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1HCok044I/1ZLKIya+ykcLfesPxmSFMkxg6y1+owQ58=; b=D0rwIcHIeZj3MPxLBk0hnP+iwPSboAdhQek6ODC6PWAY8LEWoR9Uc5CAqtzhuVnpF9UeuXkm+q8ckZJlZQGrDsFryeF53rJyWtv1c/wqELKh+SH/SEP78T7nLUQwooTk6RX5pexpsrphKFO3t9Y+HiSkRt2HSus49L2ArD3Sn+I=
Received: from BY5PR00MB0708.namprd00.prod.outlook.com (2603:10b6:a03:204::9) by SJ0PR00MB1176.namprd00.prod.outlook.com (2603:10b6:a03:359::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5291.0; Wed, 11 May 2022 15:44:45 +0000
Received: from BY5PR00MB0708.namprd00.prod.outlook.com ([fe80::65cf:4ff9:111:558d]) by BY5PR00MB0708.namprd00.prod.outlook.com ([fe80::65cf:4ff9:111:558d%9]) with mapi id 15.20.5291.000; Wed, 11 May 2022 15:44:45 +0000
From: Danny Zollner <Danny.Zollner@microsoft.com>
To: "scim@ietf.org" <scim@ietf.org>
CC: "Janelle Allen (janelall)" <janelall@cisco.com>
Thread-Topic: May 2022: Update on status of SCIM Schema and Protocol revision work
Thread-Index: AdhlTZsNlrPlpGA+QvuF6FjaALhdJA==
Date: Wed, 11 May 2022 15:44:45 +0000
Message-ID: <BY5PR00MB07087CAF0319334B2F395469FFC89@BY5PR00MB0708.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2022-05-10T23:52:18Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=b96cd6e1-f05e-4461-80c9-d01078e40427; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7fdaa63f-40b5-44c4-1d2d-08da33652c86
x-ms-traffictypediagnostic: SJ0PR00MB1176:EE_
x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr
x-microsoft-antispam-prvs: <SJ0PR00MB1176D808423BC63F22808631FFC89@SJ0PR00MB1176.namprd00.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: nR2itLwkae31rgE9QhnXu1K1OzaDGgljee/mZBfFM/HG80pvQSmDTmYakVL8tU7QDHevR3NPriu7l8SfEZyipgcdaWa7+asTwY/2BCW+mxyXIcNDIRjb5zDYDbyBCTOFRBGwTsGe27YNsC3OHbqIXKUEvmwV0s+tzW0xY7KAs10YtWQCBf9Z/pUr1sox2mglhFYtkPwUVRRXMQMPljhbe/tThYd1ol+OKROsRbNfWSgDMWfsXETmzNBTsJq9dNTr0V/VC8gKA8JNUS1WNVMyu8Mt/dKukPc2b+dV489hvz4fdS4oVqMvKTPatnYQnps6q876f5I0fjZ+kc9hU+1SG0/3pvCK2zgR/NVWc14hI9tzhFLfwnytazA3B1GgtBehLoEUbv4lJ4250H/zgqWMJRZWB8i7H5ayZdfaxIItt7RyLLCVz6Ndt/1lEsUqIT5ZusNIRkRsNtlLKqTzoIwhzfCmvA+Mme4pnN+CWAucPA9pBMs1f2NaHx6UrWRYIix110t9sy5632Btxak5FMehOt56P5eN06WuHpj1OXrtHK8oNCi0EDeRH2xfzw2t0U0MRZUhI1zsLMdHhYBI1qOUPRswRi4r5dy5l/rx1CG0Dml6aqwqMLpB9ZJobXCD56LM1rF3WBXPIw7VSazKUCZZ71zdArBkA6TXuajjmU+7j/3fRariV8tMyUIhSC53V/QYPaG2Tt0tmmzCKc6VPt87Kay/+FvQpSo1kjPW9tHh3urCM0nWANLEZneDSdlNsQTGR7ZV93KsMCSL2+I42xobKmpmK/exNNrdGiLaXD3ftSvaDJQjS2+ooFCyqBOcHIRCzjn0AoJQE+3U+yTtbBrZMX1lXB0Tr6C87PdjngYMVSsjFyv77kdox+3Sg1Zif544
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR00MB0708.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(451199009)(6506007)(4326008)(2906002)(15650500001)(82960400001)(7696005)(186003)(10290500003)(6916009)(316002)(76116006)(8676002)(66476007)(66946007)(64756008)(66446008)(66556008)(33656002)(38100700002)(71200400001)(966005)(52536014)(8936002)(508600001)(38070700005)(55016003)(86362001)(83380400001)(8990500004)(5660300002)(122000001)(82950400001)(9686003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 2
x-ms-exchange-antispam-messagedata-0: otrcNUGXgxwkMlwJZCcTXfeD9P2q/7i+p6Gz7xcHrWJcdzqFBqg2rYrxGjIZ9URfmLVb+g0EQAYJaYTh8KjigWp3D9o3U/VH2/nEV9qCxbTT8ggaizRimmVGE3MsKvpoc3sf5Y501BYtFB9vsal+roolwO3uFTdoLiCeqCb4KoufXMAIvHIdRpeqtZuJAAdj56hJ59+1N/3C8gNm+R3zKLz/0kaahveSfEGk0l2XbFd+od0rOAvHU18Qf++FHNcgKBUgnu0vCbIRVzDGKmRmekVORQZVRSGlvbJh82k+sqBCsuAv0IuHgDZGCKCAZ3qyWsxO1MAiOLfa3XkeHM2w+IrM5D0r0xyqbEiMaO09yDmnkf0ViUQkJd+Go+0fssOI/c4yiGFk50gj7/H/4B8LT/q1LLz/BXv+eCEy+bUeUsnWESxMzQd3Vd55la6Nhlu1XMsA0AsV59U/PNTXbVa5FIkjuNqxcjunrEgVHLVCKuAjJaaBvx5b4GAxlMsxKz2Ho3lhVSsBHS6McZal/pPEMsPmpafUzv7mYLTfo2pL4xRTUa++hQVnYYwfbTAkMlwM1DArX8HGzG5+QIXV/QLt8qgJs4GMbMoVsAHVTSHmJxkSl6MVVt7LZccf3MV/4R7KgXb0CztiqCm2yGh6H92rypGdRoVt7amDsH7WFraZPddgvbhIuL5b/MV1wRQ46hKk0ChtMgxeVPtmESQ+9nLUNaYcNtUGGo5p0Ai5IaFUb/PD4A4y0eU5SdjFuDS/h9HhAWuds+t/JVpK4S3z2hOrqzEtJzN9gOLPbmY7gwD2mM6wKAU3POvoEiAp5H2XeaDV3Gh59KbZNDGDpsckTmGh8d6uOJ4H6Vt1xo6aVj74AkE7Ux3NZOvBdxuSmQiVTOSDsj/7cIIIEwAfCBD/0t+/S+Dwd/F4a1npO/y43AvS9JCtlGBV3Iy6bHyjf85oFF8UqrnML13SjtMrH/S7g9deNAvHZ5LzVpjcL1o2dqMnoPr+RY8TqsMJu0u3iWPwFqPc8aHbQQ62Ft3NpHBHwJ00MlYtFfHQchzHS99Gk8KJP7/qWTHkdWRLM5LHd+7gXej2sD+5KSdGoZtT6SCUpxFEnplGo142F8K+PYCQSoPJJTANCtrVEL8sOGe+rEHwmcLmXOKdfrV12EEp2lzrtbwyzbkFc6yXYT/1DxUcBjCM3l0/widv+9uP+LIlkgQdg0tdokQXyyxSkyuuIKhexEtdHmyQ6pK23yVKTEFLj4TKo6/tIGNjutIWadFzdb5vE1nd/oJ2mHbp3Kxzp3e/aYfgdzC3/aWYilqlSObObj26ypa/n1J/y7h7pw1X5jBUbmt/S1j9B3OWKQ0FIpLTho0gQ4kSqymY6ZwPhYOmU3yA4msXnFliGnAvIQM+J6mBecelcBoTUMijhM9z6pClnBoQkYrZMT7ESB1L2IlCP16geKnVfPduPHjNHWg0PPljiD1s0zml3heN5Lz/2FqYSJRWFaFlIPxcWejd3tv6TObiwUaOVFcbx6dl3ALV899beBZGL5+0Z4iNbZxLAaeCwUI77YQaaI91rCOzTAL6WwMFuvi2RVVs3Az1JgUs2SjXVE1LUB32rEOWIRzLMWWSjkvtI8rxDSC0fsapp8VA3mlng8ymZTm/7E3rdw28bQqgL+4yWgluK7vL97gY6QZ3LmedxI2lFRaHKrVPJ0w0Wx1UF7O8yCP8IyB2X39f1H91NKzfyavwn2ak5/n/1fpCy78dsoUbysMPPzWNRG1mi/M0Cm9A8evTdtU/A2+k2YC+p7rU/3QBSZBJ
x-ms-exchange-antispam-messagedata-1: RvYsqKEFCkc61g==
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR00MB0708.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7fdaa63f-40b5-44c4-1d2d-08da33652c86
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 May 2022 15:44:45.7546 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Iosdwkl3uhMCNkaM8WMEQeZ7IsCTUUcaw6pEEBph4FbLqChYvHHKgumD7xLxAZpXEjl91EPvWxYGcSFI67ZXRg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR00MB1176
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/kDjtp5o-vmrzA9vID1tI7KIdkbs>
Subject: [scim] May 2022: Update on status of SCIM Schema and Protocol revision work
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 May 2022 15:44:53 -0000

Hi everyone,
 
Ahead of our interim meeting today, Janelle and I as editors for the SCIM Schema and Protocol (RFC 7643/7644) revision work would like to share the following:
 
. We've converted the SCIM 2.0 schema and protocol RFCs into Markdown/Kramdown in order to facilitate easier editing in the future. There are still some formatting problems remaining, as well as the editor and reference information needing to be added in the right format, but the bulk of the reformatting work is done.
	o These Kramdown files can be found in the api and core-schema repos at https://github.com/ietf-scim-wg
	o These Markdown/Kramdown files can be converted via tooling at https://github.com/cabo/kramdown-rfc from KD -> XML -> RFC-formatted TXT file
	o If anyone is interested in helping with finishing off the formatting issues related to XML -> MD conversion, it would be greatly appreciated
. We'll work on processing various errata and clarifications to the spec into a newer version of the SCIM 2.0 schema and protocol
	o We're still working on figuring out what the end state looks like in terms of versioning (reissue 2.0/2.1/3.0/etc..)  - but we're going to put that to the side for now and focus on content and solving problems instead.
	o Major introductions of new features will be drafted as independent extensions to SCIM 2.0 to start with
 
Now on to specific agenda items:
 
Items that we have clear thoughts on next steps on:
 
. Updates to account state for capturing context of the state or change in state of the users account
	o Janelle has been working on this - the current idea is a proposal to expand the "active" attribute on the user resource to be complex rather than a boolean, and to include other contextual information such as reason for enablement/disablement. 
	o Janelle has a session at Identiverse in June where she'll be speaking on this topic
. Multi-Value Query Filtering and Paging
	o draft-hunt-scim-mv-paging is the best starting point for this and we should work towards getting any necessary changes made and adopting it
. Define a method for coordinating resources between domains - Security Event Tokens
	o draft-hunt-scim-events addresses this and folks should review this and provide feedback
. Support for deletion-related goals including handling deletes in SCIM servers that don't allow deletes
	o Would like to combine into account state expansion above, and use elements from draft-ansari-scim-soft-delete as appropriate
. Support for advance automation scenarios - new schemas:
	o Going to work on initial drafts for HR and Enterprise Group schemas
 
 
Items that we haven't given much thought to yet:
 
. Profiling SCIM relationships with other identity-centric protocols such as OAuth 2.0, OpenID Connect, Shared Signals, and Fastfed
. Updates to the evolution of the externalid usage
. Define a method for coordinating resources between domains
	o Synchronization/Delta Change Detection
. Support for advanced automation scenarios such as:
	o Discovery and negotiation of client credentials
	o Attribute mapping
	o Per-attribute schema negotiation
	o PAM schema
 
For any of the above items, if anyone is interested in collaborating on these for initial drafts prior to submission/sharing with the mailing list and the IETF data tracker, please reach out. As we make progress we'll start posting basic drafts to the GitHub repos and soliciting feedback as well.

Thanks,

Danny Zollner

zollnerd@microsoft.com

v2.23.0 | Report a Bug | By Email