Re: [scim] Feedback and adoption readiness for draft-zollner-scim-roles-entitlements-extension

Chad Vincent <chad.vincent@crashplan.com> Wed, 09 November 2022 17:17 UTC

Return-Path: <chad.vincent@crashplan.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F46DC14CF11 for <scim@ietfa.amsl.com>; Wed, 9 Nov 2022 09:17:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.784
X-Spam-Level:
X-Spam-Status: No, score=-1.784 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=crashplan-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CULww60D3946 for <scim@ietfa.amsl.com>; Wed, 9 Nov 2022 09:17:51 -0800 (PST)
Received: from mail-oa1-x2f.google.com (mail-oa1-x2f.google.com [IPv6:2001:4860:4864:20::2f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99018C14F75F for <scim@ietf.org>; Wed, 9 Nov 2022 09:17:51 -0800 (PST)
Received: by mail-oa1-x2f.google.com with SMTP id 586e51a60fabf-13ba86b5ac0so20364085fac.1 for <scim@ietf.org>; Wed, 09 Nov 2022 09:17:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=crashplan-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=9bzk113AFOWt7zSe6RQEg0+/TYvL3Nvt5DMbFA2AZqA=; b=z+KEkUYiyuIcqmJ3PNsaK7ZbBmgMwmqOAibIuZ85g+C+ccFkuK6Gren3r9whCZdLUt sjtpZ3I/Iqwu/OBm9JkdV5hinEpXg/cKB9bNuU7I9UmqVB4uAxZzY+ru4f6Cw8cJAUrS kAk/UGyKy6fJ62q5BK913jZlCRnbiu2aZIqeCMKarCDGNNOS3tFIrTWGyht1o0ocZNJu Ny1GFQkS/Tgn0e/tebdXnhI3Beimk0JzgWy/0e9DhJAga2NZeiIgZjoZgh17jD4a4Ipb 1z0guSNxS55o3DRo3PLBmcF8NIZCtqcSnMKBDrzmW+WTa/CiQFL8ziPLQLbquu787mxZ Zxig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=9bzk113AFOWt7zSe6RQEg0+/TYvL3Nvt5DMbFA2AZqA=; b=ZyXgodXQ4MYm62jOu6x4X2051keHKjCvRdEsh5yz9muosi5YL423i98aXU6Ml06Pxa juOdYQ4aftOcokDneHmybMv0EzaubL72Yb+2vxvSM96bY51XKO43V0gWoETJsUMnEdQm G8mb9kC+EFhLp+gvuKsjFcauiUnPdqYASgbTiRyOwZTLSyWcym5zzVghq/6r3UE/LSHB d7KqS8Gw5sr0qQxP+8xPZ04FdqflxQvVzCqvWph2SwcXUGvH6/2DIEIxcrlVbhHUNdjz VcqLoIFAAXfQNDl6HKbkaIFo/s03XSwe0uiio3fZ+2JZNLStQDZQMFQ4VppdGgWZo/m5 k0sA==
X-Gm-Message-State: ACrzQf2D3bcjkn73dWE+C5Fi8QQ3eAvyW0E7H9MqECvgOgSUyXL7jqY6 uKIKMr2ziHVXh7vawojp9aI0vZ6FatgD34BoH5EZKmIe4GUF5w==
X-Google-Smtp-Source: AMsMyM5vD89By/pISIPVpRW3+oGFh8jjwQKdsy5B6a8kKbZQH+J4xy8CEMBUFboJ+kBjrtj0IB3yFm1+irVZMNRt32k=
X-Received: by 2002:a05:6870:a414:b0:131:25e5:df0e with SMTP id m20-20020a056870a41400b0013125e5df0emr36175287oal.285.1668014270027; Wed, 09 Nov 2022 09:17:50 -0800 (PST)
MIME-Version: 1.0
References: <mailman.116.1667502003.4654.scim@ietf.org> <CAKXu=h99keXizyyikOfnnoN-ziEF_Rh5rkxo26n6DdijKJb=5g@mail.gmail.com> <MW4PR19MB6959D35ED662AF74B2E5C866E13E9@MW4PR19MB6959.namprd19.prod.outlook.com>
In-Reply-To: <MW4PR19MB6959D35ED662AF74B2E5C866E13E9@MW4PR19MB6959.namprd19.prod.outlook.com>
From: Chad Vincent <chad.vincent@crashplan.com>
Date: Wed, 09 Nov 2022 11:17:38 -0600
Message-ID: <CAKXu=h9BJ5KmM3vkyK2yj_K_nvxe7W2kVQ4fxucHwdkj3HoUtw@mail.gmail.com>
To: "Matt Peterson (mpeterso)" <Matt.Peterson@oneidentity.com>
Cc: Danny Zollner <Danny.Zollner@microsoft.com>, "scim@ietf.org" <scim@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000bb34b05ed0cd65f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/_9ErmHvM-kkGuQ_gHMZggBv5hXQ>
Subject: Re: [scim] Feedback and adoption readiness for draft-zollner-scim-roles-entitlements-extension
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Nov 2022 17:17:55 -0000

I did have a side-discussion with Danny and he confirmed that the omission
of the required SCIM fields is just an artifact of being a draft.

On Wed, Nov 9, 2022 at 11:02 AM Matt Peterson (mpeterso) <
Matt.Peterson@oneidentity.com> wrote:

> Danny,  Chad,
>
>
>
> I agree with Chad’s feedback about id.   For us it would be best for us if
> Roles and Entitlements resources had the following attributes that match
> other SCIM resources (i.e. users, groups):
>
>
>
> *id* ß this one is particularly important.   I think that the draft uses
> “value” instead of “id”.   I much prefer “id” as it is already assumed by
> most developers to be an immutable value that can be queried directly by
> URL (or referenced by contains/containsBy)
>
>
>
> *meta* ß described in RFC7644 section 3.1.  meta.created and
> meta.lastChanged have been useful for us when dealing with users/groups
>
>
>
> *displayName* – instead of “display” would be consistent with
> “displayName” on users and groups the name “suitable for display to
> end-users”.
>
>
>
> *description* – instead of “type”?   For our Identity Management
> products, the human readable description of what a Role and Entitlement
> grants access to are very important.  In most application authorization
> models, this is the “description” of the role or “description” of the
> entitlement.
>
>
>
> *containsBy / contains* – slight wording change to make it clear that
> this is a list of **ids**.  Consider reusing some of the wording from RFC
> 7644 that describes Group.member and User.memberOf?
>
>
>
> --
>
> Matt
>
>
>
> P.S. Sorry for taking so long to read this draft properly. It is important
> to us and, with the suggestions above, it matches the model we already use
> in our Identity Management products.
>
>
>
>
>
> *From:* scim <scim-bounces@ietf.org> *On Behalf Of * Chad Vincent
> *Sent:* Thursday, November 3, 2022 3:09 PM
> *To:* scim@ietf.org
> *Subject:* Re: [scim] Feedback and adoption readiness for
> draft-zollner-scim-roles-entitlements-extension
>
>
>
> *CAUTION:* This email originated from outside of the organization. Do not
> follow guidance, click links, or open attachments unless you recognize the
> sender and know the content is safe.
>
>
>
> I love this - we use roles currently and having a more formal spec and
> ability for the client to read what's available could come in very handy in
> the future.  So mark me down as a 5.
>
>
>
> However, these resources not including the common attributes set mandated
> by RFC 7643 section 3.1 should be explained/clarified in the RFC.  The
> Apache SCIMple library will have to handle these resources as special-cases
> since they won't have the required "id" field, for example.  That seems
> major enough to justify a paragraph.
>
>
>
> ---------- Forwarded message ----------
> From: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>
> To: SCIM WG <scim@ietf.org>
> Cc:
> Bcc:
> Date: Wed, 2 Nov 2022 23:40:10 +0000
> Subject: [scim] Feedback and adoption readiness for
> draft-zollner-scim-roles-entitlements-extension
>
> Hello SCIMers,
>
>
>
> We need feedback on to gauge support and adoption readiness of:
>
> https://datatracker.ietf.org/doc/draft-zollner-scim-roles-entitlements-extension/ <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-zollner-scim-roles-entitlements-extension%2F&data=05%7C01%7Cmatt.peterson%40oneidentity.com%7Cb93c1a9df1ce43b1579108dabddfa2fd%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638031065457274469%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000%7C%7C%7C&sdata=tBa11%2Fiu9KqiI09Hj7jMIj1ylO0autjBHncMlTYKuAQ%3D&reserved=0>
>
> Please respond to this thread on the following:
>
>
>
>
>
>   1.  You have read the draft and believe it is ready to be adopted by the working group. Any other feedback on the content of the draft is welcomed too.
>
>   2.  You are willing to be an active contributor or reviewer of the document
>
>   4.  You support the draft and plan to implement
>
>   5.  You support the draft but have no time or plans to implement now, but can provide feedback
>
>   6.  You have no interest in the draft
>
>
>
> Please provide your feedback by November 28th.
>
>
>
> Thanks,
>
>    Nancy
>
>
>
>
>
>
> ---------- Forwarded message ----------
> From: Paul Lanzi <paul@remediant.com>
> To: SCIM WG <scim@ietf.org>
> Cc:
> Bcc:
> Date: Wed, 2 Nov 2022 16:50:26 -0700
> Subject: Re: [scim] Feedback and adoption readiness for
> draft-zollner-scim-roles-entitlements-extension
>
> #4 for me.
>
> Thanks,
>
> --Paul
>
> ᐧ
>
>
>
> On Wed, Nov 2, 2022 at 4:40 PM Nancy Cam-Winget (ncamwing) <ncamwing=
> 40cisco.com@dmarc.ietf.org> wrote:
>
> Hello SCIMers,
>
>
>
> We need feedback on to gauge support and adoption readiness of:
>
> https://datatracker.ietf.org/doc/draft-zollner-scim-roles-entitlements-extension/ <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-zollner-scim-roles-entitlements-extension%2F&data=05%7C01%7Cmatt.peterson%40oneidentity.com%7Cb93c1a9df1ce43b1579108dabddfa2fd%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638031065457274469%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000%7C%7C%7C&sdata=tBa11%2Fiu9KqiI09Hj7jMIj1ylO0autjBHncMlTYKuAQ%3D&reserved=0>
>
> Please respond to this thread on the following:
>
>
>
>
>
>   1.  You have read the draft and believe it is ready to be adopted by the working group. Any other feedback on the content of the draft is welcomed too.
>
>   2.  You are willing to be an active contributor or reviewer of the document
>
>   4.  You support the draft and plan to implement
>
>   5.  You support the draft but have no time or plans to implement now, but can provide feedback
>
>   6.  You have no interest in the draft
>
>
>
> Please provide your feedback by November 28th.
>
>
>
> Thanks,
>
>    Nancy
>
>
>
> _______________________________________________
> scim mailing list
> scim@ietf.org
> https://www.ietf.org/mailman/listinfo/scim
> <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=05%7C01%7Cmatt.peterson%40oneidentity.com%7Cb93c1a9df1ce43b1579108dabddfa2fd%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638031065457274469%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000%7C%7C%7C&sdata=f2tiwDDzqDIAc5kxRVv68eML%2BRYKvXVmjsvghNhRqPY%3D&reserved=0>
>
> _______________________________________________
> scim mailing list
> scim@ietf.org
> https://www.ietf.org/mailman/listinfo/scim
> <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=05%7C01%7Cmatt.peterson%40oneidentity.com%7Cb93c1a9df1ce43b1579108dabddfa2fd%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638031065457274469%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000%7C%7C%7C&sdata=f2tiwDDzqDIAc5kxRVv68eML%2BRYKvXVmjsvghNhRqPY%3D&reserved=0>
>
>
>
>
> --
>
> Chad Vincent (he/him) | Software Engineer, Senior - CrashPlan
>
> chad.vincent@crashplan.com
>
> 400 S 4th St Suite 410 PMB 31083 Minneapolis, MN 55415-1419
>
>
>
>
> <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrashplan.com%2F&data=05%7C01%7Cmatt.peterson%40oneidentity.com%7Cb93c1a9df1ce43b1579108dabddfa2fd%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638031065457274469%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000%7C%7C%7C&sdata=E3DXK05Ij39M3yKNiydGKTgd2kDIaBJeE4R%2BLZlefuQ%3D&reserved=0>
>
>
>


-- 

Chad Vincent (he/him) | Software Engineer, Senior - CrashPlan

chad.vincent@crashplan.com

400 S 4th St Suite 410 PMB 31083 Minneapolis, MN 55415-1419



<https://crashplan.com>