Re: [scim] Feedback and adoption readiness for draft-zollner-scim-roles-entitlements-extension
Chad Vincent <chad.vincent@crashplan.com> Wed, 09 November 2022 17:17 UTC
Return-Path: <chad.vincent@crashplan.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F46DC14CF11 for <scim@ietfa.amsl.com>; Wed, 9 Nov 2022 09:17:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.784
X-Spam-Level:
X-Spam-Status: No, score=-1.784 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=crashplan-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CULww60D3946 for <scim@ietfa.amsl.com>; Wed, 9 Nov 2022 09:17:51 -0800 (PST)
Received: from mail-oa1-x2f.google.com (mail-oa1-x2f.google.com [IPv6:2001:4860:4864:20::2f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99018C14F75F for <scim@ietf.org>; Wed, 9 Nov 2022 09:17:51 -0800 (PST)
Received: by mail-oa1-x2f.google.com with SMTP id 586e51a60fabf-13ba86b5ac0so20364085fac.1 for <scim@ietf.org>; Wed, 09 Nov 2022 09:17:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=crashplan-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=9bzk113AFOWt7zSe6RQEg0+/TYvL3Nvt5DMbFA2AZqA=; b=z+KEkUYiyuIcqmJ3PNsaK7ZbBmgMwmqOAibIuZ85g+C+ccFkuK6Gren3r9whCZdLUt sjtpZ3I/Iqwu/OBm9JkdV5hinEpXg/cKB9bNuU7I9UmqVB4uAxZzY+ru4f6Cw8cJAUrS kAk/UGyKy6fJ62q5BK913jZlCRnbiu2aZIqeCMKarCDGNNOS3tFIrTWGyht1o0ocZNJu Ny1GFQkS/Tgn0e/tebdXnhI3Beimk0JzgWy/0e9DhJAga2NZeiIgZjoZgh17jD4a4Ipb 1z0guSNxS55o3DRo3PLBmcF8NIZCtqcSnMKBDrzmW+WTa/CiQFL8ziPLQLbquu787mxZ Zxig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=9bzk113AFOWt7zSe6RQEg0+/TYvL3Nvt5DMbFA2AZqA=; b=ZyXgodXQ4MYm62jOu6x4X2051keHKjCvRdEsh5yz9muosi5YL423i98aXU6Ml06Pxa juOdYQ4aftOcokDneHmybMv0EzaubL72Yb+2vxvSM96bY51XKO43V0gWoETJsUMnEdQm G8mb9kC+EFhLp+gvuKsjFcauiUnPdqYASgbTiRyOwZTLSyWcym5zzVghq/6r3UE/LSHB d7KqS8Gw5sr0qQxP+8xPZ04FdqflxQvVzCqvWph2SwcXUGvH6/2DIEIxcrlVbhHUNdjz VcqLoIFAAXfQNDl6HKbkaIFo/s03XSwe0uiio3fZ+2JZNLStQDZQMFQ4VppdGgWZo/m5 k0sA==
X-Gm-Message-State: ACrzQf2D3bcjkn73dWE+C5Fi8QQ3eAvyW0E7H9MqECvgOgSUyXL7jqY6 uKIKMr2ziHVXh7vawojp9aI0vZ6FatgD34BoH5EZKmIe4GUF5w==
X-Google-Smtp-Source: AMsMyM5vD89By/pISIPVpRW3+oGFh8jjwQKdsy5B6a8kKbZQH+J4xy8CEMBUFboJ+kBjrtj0IB3yFm1+irVZMNRt32k=
X-Received: by 2002:a05:6870:a414:b0:131:25e5:df0e with SMTP id m20-20020a056870a41400b0013125e5df0emr36175287oal.285.1668014270027; Wed, 09 Nov 2022 09:17:50 -0800 (PST)
MIME-Version: 1.0
References: <mailman.116.1667502003.4654.scim@ietf.org> <CAKXu=h99keXizyyikOfnnoN-ziEF_Rh5rkxo26n6DdijKJb=5g@mail.gmail.com> <MW4PR19MB6959D35ED662AF74B2E5C866E13E9@MW4PR19MB6959.namprd19.prod.outlook.com>
In-Reply-To: <MW4PR19MB6959D35ED662AF74B2E5C866E13E9@MW4PR19MB6959.namprd19.prod.outlook.com>
From: Chad Vincent <chad.vincent@crashplan.com>
Date: Wed, 09 Nov 2022 11:17:38 -0600
Message-ID: <CAKXu=h9BJ5KmM3vkyK2yj_K_nvxe7W2kVQ4fxucHwdkj3HoUtw@mail.gmail.com>
To: "Matt Peterson (mpeterso)" <Matt.Peterson@oneidentity.com>
Cc: Danny Zollner <Danny.Zollner@microsoft.com>, "scim@ietf.org" <scim@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000bb34b05ed0cd65f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/_9ErmHvM-kkGuQ_gHMZggBv5hXQ>
Subject: Re: [scim] Feedback and adoption readiness for draft-zollner-scim-roles-entitlements-extension
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Nov 2022 17:17:55 -0000
I did have a side-discussion with Danny and he confirmed that the omission of the required SCIM fields is just an artifact of being a draft. On Wed, Nov 9, 2022 at 11:02 AM Matt Peterson (mpeterso) < Matt.Peterson@oneidentity.com> wrote: > Danny, Chad, > > > > I agree with Chad’s feedback about id. For us it would be best for us if > Roles and Entitlements resources had the following attributes that match > other SCIM resources (i.e. users, groups): > > > > *id* ß this one is particularly important. I think that the draft uses > “value” instead of “id”. I much prefer “id” as it is already assumed by > most developers to be an immutable value that can be queried directly by > URL (or referenced by contains/containsBy) > > > > *meta* ß described in RFC7644 section 3.1. meta.created and > meta.lastChanged have been useful for us when dealing with users/groups > > > > *displayName* – instead of “display” would be consistent with > “displayName” on users and groups the name “suitable for display to > end-users”. > > > > *description* – instead of “type”? For our Identity Management > products, the human readable description of what a Role and Entitlement > grants access to are very important. In most application authorization > models, this is the “description” of the role or “description” of the > entitlement. > > > > *containsBy / contains* – slight wording change to make it clear that > this is a list of **ids**. Consider reusing some of the wording from RFC > 7644 that describes Group.member and User.memberOf? > > > > -- > > Matt > > > > P.S. Sorry for taking so long to read this draft properly. It is important > to us and, with the suggestions above, it matches the model we already use > in our Identity Management products. > > > > > > *From:* scim <scim-bounces@ietf.org> *On Behalf Of * Chad Vincent > *Sent:* Thursday, November 3, 2022 3:09 PM > *To:* scim@ietf.org > *Subject:* Re: [scim] Feedback and adoption readiness for > draft-zollner-scim-roles-entitlements-extension > > > > *CAUTION:* This email originated from outside of the organization. Do not > follow guidance, click links, or open attachments unless you recognize the > sender and know the content is safe. > > > > I love this - we use roles currently and having a more formal spec and > ability for the client to read what's available could come in very handy in > the future. So mark me down as a 5. > > > > However, these resources not including the common attributes set mandated > by RFC 7643 section 3.1 should be explained/clarified in the RFC. The > Apache SCIMple library will have to handle these resources as special-cases > since they won't have the required "id" field, for example. That seems > major enough to justify a paragraph. > > > > ---------- Forwarded message ---------- > From: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com> > To: SCIM WG <scim@ietf.org> > Cc: > Bcc: > Date: Wed, 2 Nov 2022 23:40:10 +0000 > Subject: [scim] Feedback and adoption readiness for > draft-zollner-scim-roles-entitlements-extension > > Hello SCIMers, > > > > We need feedback on to gauge support and adoption readiness of: > > https://datatracker.ietf.org/doc/draft-zollner-scim-roles-entitlements-extension/ <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-zollner-scim-roles-entitlements-extension%2F&data=05%7C01%7Cmatt.peterson%40oneidentity.com%7Cb93c1a9df1ce43b1579108dabddfa2fd%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638031065457274469%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000%7C%7C%7C&sdata=tBa11%2Fiu9KqiI09Hj7jMIj1ylO0autjBHncMlTYKuAQ%3D&reserved=0> > > Please respond to this thread on the following: > > > > > > 1. You have read the draft and believe it is ready to be adopted by the working group. Any other feedback on the content of the draft is welcomed too. > > 2. You are willing to be an active contributor or reviewer of the document > > 4. You support the draft and plan to implement > > 5. You support the draft but have no time or plans to implement now, but can provide feedback > > 6. You have no interest in the draft > > > > Please provide your feedback by November 28th. > > > > Thanks, > > Nancy > > > > > > > ---------- Forwarded message ---------- > From: Paul Lanzi <paul@remediant.com> > To: SCIM WG <scim@ietf.org> > Cc: > Bcc: > Date: Wed, 2 Nov 2022 16:50:26 -0700 > Subject: Re: [scim] Feedback and adoption readiness for > draft-zollner-scim-roles-entitlements-extension > > #4 for me. > > Thanks, > > --Paul > > ᐧ > > > > On Wed, Nov 2, 2022 at 4:40 PM Nancy Cam-Winget (ncamwing) <ncamwing= > 40cisco.com@dmarc.ietf.org> wrote: > > Hello SCIMers, > > > > We need feedback on to gauge support and adoption readiness of: > > https://datatracker.ietf.org/doc/draft-zollner-scim-roles-entitlements-extension/ <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-zollner-scim-roles-entitlements-extension%2F&data=05%7C01%7Cmatt.peterson%40oneidentity.com%7Cb93c1a9df1ce43b1579108dabddfa2fd%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638031065457274469%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000%7C%7C%7C&sdata=tBa11%2Fiu9KqiI09Hj7jMIj1ylO0autjBHncMlTYKuAQ%3D&reserved=0> > > Please respond to this thread on the following: > > > > > > 1. You have read the draft and believe it is ready to be adopted by the working group. Any other feedback on the content of the draft is welcomed too. > > 2. You are willing to be an active contributor or reviewer of the document > > 4. You support the draft and plan to implement > > 5. You support the draft but have no time or plans to implement now, but can provide feedback > > 6. You have no interest in the draft > > > > Please provide your feedback by November 28th. > > > > Thanks, > > Nancy > > > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=05%7C01%7Cmatt.peterson%40oneidentity.com%7Cb93c1a9df1ce43b1579108dabddfa2fd%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638031065457274469%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000%7C%7C%7C&sdata=f2tiwDDzqDIAc5kxRVv68eML%2BRYKvXVmjsvghNhRqPY%3D&reserved=0> > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=05%7C01%7Cmatt.peterson%40oneidentity.com%7Cb93c1a9df1ce43b1579108dabddfa2fd%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638031065457274469%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000%7C%7C%7C&sdata=f2tiwDDzqDIAc5kxRVv68eML%2BRYKvXVmjsvghNhRqPY%3D&reserved=0> > > > > > -- > > Chad Vincent (he/him) | Software Engineer, Senior - CrashPlan > > chad.vincent@crashplan.com > > 400 S 4th St Suite 410 PMB 31083 Minneapolis, MN 55415-1419 > > > > > <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrashplan.com%2F&data=05%7C01%7Cmatt.peterson%40oneidentity.com%7Cb93c1a9df1ce43b1579108dabddfa2fd%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638031065457274469%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000%7C%7C%7C&sdata=E3DXK05Ij39M3yKNiydGKTgd2kDIaBJeE4R%2BLZlefuQ%3D&reserved=0> > > > -- Chad Vincent (he/him) | Software Engineer, Senior - CrashPlan chad.vincent@crashplan.com 400 S 4th St Suite 410 PMB 31083 Minneapolis, MN 55415-1419 <https://crashplan.com>
- [scim] Feedback and adoption readiness for draft-… Nancy Cam-Winget (ncamwing)
- Re: [scim] Feedback and adoption readiness for dr… Paul Lanzi
- Re: [scim] Feedback and adoption readiness for dr… Chad Vincent
- Re: [scim] [EXTERNAL] Re: Feedback and adoption r… Danny Zollner
- Re: [scim] Feedback and adoption readiness for dr… Saxe, Dean
- Re: [scim] [EXTERNAL] Re: Feedback and adoption r… Brian Demers
- Re: [scim] Feedback and adoption readiness for dr… Matt Peterson (mpeterso)
- Re: [scim] Feedback and adoption readiness for dr… Matt Peterson (mpeterso)
- Re: [scim] Feedback and adoption readiness for dr… Chad Vincent
- Re: [scim] Feedback and adoption readiness for dr… Phillip Hunt
- Re: [scim] Feedback and adoption readiness for dr… Anuradha Karunarathna
- Re: [scim] [⚠️] Feedback and adoption readiness f… Alice Wang
- Re: [scim] Feedback and adoption readiness for dr… Nancy Cam-Winget (ncamwing)
- Re: [scim] Feedback and adoption readiness for dr… Connor Rowe
- Re: [scim] [EXTERNAL] Re: Feedback and adoption r… Connor Rowe
- Re: [scim] [EXTERNAL] Re: Feedback and adoption r… Connor Rowe