IETF Logo Mail Archive

Re: [scim] New Version Notification for draft-hunt-scim-events-00.txt

Phillip Hunt <phil.hunt@independentid.com> Sun, 13 February 2022 21:49 UTC

Return-Path: <phil.hunt@independentid.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D18A93A0BC9 for <scim@ietfa.amsl.com>; Sun, 13 Feb 2022 13:49:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=independentid-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1ibkCdErnA1Q for <scim@ietfa.amsl.com>; Sun, 13 Feb 2022 13:49:14 -0800 (PST)
Received: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6:2607:f8b0:4864:20::429]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3675F3A0BC7 for <scim@ietf.org>; Sun, 13 Feb 2022 13:49:14 -0800 (PST)
Received: by mail-pf1-x429.google.com with SMTP id e17so6446810pfv.5 for <scim@ietf.org>; Sun, 13 Feb 2022 13:49:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=independentid-com.20210112.gappssmtp.com; s=20210112; h=from:mime-version:subject:message-id:references:to:date; bh=JIYfrZekAkRtemfDQziJw5jB7JJPMWUUbAzK4ab4Uk4=; b=sgPgDi2qLXBvOVKjyIBecgTCcvBmW2mrOrA092Ebl0gYc0YMt/pnIubT1FdJgw/3zF E9TybpMlIGQ1YBj7ADngt40McWuP7z+u4SNelMkQuvPBPqjfdphdZTCbhy5w9Q4p8rxm 3+/bse2uWu/bGZ9nKV90/WSaiHthm7F0qL+OUx5RGN8tL6U2wMhfM8kC8nWb4Uei5F1G wBAvwlcrjPWktA2HNBr8LM3tCq885GAqdc+7jYzZPkFqvMQZ6K6RV7oAv+38IqXHTORS 2WkfT6/PJZPoHxCbipxi5zVUmUkURl5N3tjo1pX5Hyz43dEh0IDevS+l+H0Q1hoxg1ap VNAg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:mime-version:subject:message-id:references :to:date; bh=JIYfrZekAkRtemfDQziJw5jB7JJPMWUUbAzK4ab4Uk4=; b=XuIfx2iAlMpzeVT5F9Szkf9Oc4rHZMgWaFs0qdp3OP0Hz4GRISqHLDyaY5o4E5Bb7n S1PuZeRlOm8hruXGFs/t/NEBO4uz3n/HXd2GKMmY/HqYeMSX9DVpPPEn+x2+cqr+T7FQ nSfm4YgjRyB9tib9XxOFwTv8u6jUvJFlWsZj6L8gTZgMI3/bVgZXpQIB22qRJ/cczktr kSQ1xg2XH9cNRIS1tv6eHN8hUY7UYzTCXM8QeB3CvPD9F4H1GyfNC0TpDS6i+HbKyYdQ l7rYRW6D1sGqBry95+ATjaIJ83PEOmNSR5VwcB7RuK5ETUe2HTXAOZ3NhUqEjYNRgtav sH5g==
X-Gm-Message-State: AOAM532oRJ0ZleX2vI4IfjbgOZHPWPOtACLSo+i8yAFvC6vFpvg1ZQfq VbQm0Yzxude148ipsFyG9qIK09z2j8oKJRo5
X-Google-Smtp-Source: ABdhPJwzoVTwhVYSpEdYUSx8B3qeDqkfUZJeVLbNXX5jAa0jbSDK5KmLtcCUw+ImmpYTUg94SG8dGQ==
X-Received: by 2002:a63:5917:: with SMTP id n23mr9326375pgb.228.1644788951485; Sun, 13 Feb 2022 13:49:11 -0800 (PST)
Received: from smtpclient.apple (node-1w7jr9qjhqzxp3iceiif0dxiw.ipv6.telus.net. [2001:569:7316:ae00:950c:d90e:a747:26f8]) by smtp.gmail.com with ESMTPSA id c8sm35147465pfv.57.2022.02.13.13.49.10 for <scim@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 13 Feb 2022 13:49:11 -0800 (PST)
From: Phillip Hunt <phil.hunt@independentid.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_26990888-83F5-4F47-B2BE-AD17D27880C3"
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.40.0.1.81\))
Message-Id: <24C0EC30-ED30-416E-9E52-1C6287488DE5@independentid.com>
References: <164478778536.18383.9465550742040458278@ietfa.amsl.com>
To: SCIM WG <scim@ietf.org>
Date: Sun, 13 Feb 2022 13:49:10 -0800
X-Mailer: Apple Mail (2.3693.40.0.1.81)
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/aXo7EjIDpBhDxQkhkzBM6ftwd_k>
Subject: Re: [scim] New Version Notification for draft-hunt-scim-events-00.txt
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Feb 2022 21:49:19 -0000

Hi SCIMers!

As promised, I have submitted the draft proposal for Co-ordinated Events between SCIM Providers (called SCIM Profile for Security Event Tokens).

The draft is a bit long, but that is primarily because I have included a number of diagrams and examples as well as use case (delivery mode) discussion. The actual implementation specification is relatively short.

The draft leverages the Securtiy Event Token spec set and defines events for SCIM that can be used for:
* Feed control (what resources are part of an event feed)
* HTTP Async Request completion messages
* Security signals
* Co-ordinated cross-domain provisioning and domain based replication.

Apologies, the draft has a few “TODOs". Though I have included several privacy and security considerations in the content, I still need to complete the separate sections. As an editor introducing a brand new specification, I prefer to do write these sections when there is a rudimentary consensus and the basic approach has crystalized. I plan to complete this before adoption as a possible working group draft.

There is also a section on event processing logic.I feel this too needs some prior requirements discussion as we may need to refine scenarios. It could also be argued that processing logic is up to the implementer and not necessary for inter-op. 

One item that is out of scope for this draft is “bootstrap” and “recovery” for SCIM Service Providers. I’m not sure this content belongs in this draft. Obviously if one is setting up a new replica node, you have to have a method for initial transfer. I would be happy to contribute to, or help write such a draft. It might not need to be normative but more of a best practice draft.

Finally, it is my hope that this draft eliminates much (or all) of the stated requests I have heard for cursor-based paging.  The idea of event processing is to prevent the repeated need for full system transfers (via paged gets) by dealing with events as they occur once two or more systems are running based on a bulk load.  The approach of using “call-backs” also helps to enforce data access and disclosure restrictions that might not otherwise be possible in cursor-based approaches.

Chairs…obviously I would like to discuss this at the next IETF meeting in March.

Phillip Hunt
@independentid
phil.hunt@independentid.com




> Begin forwarded message:
> 
> From: internet-drafts@ietf.org
> Subject: New Version Notification for draft-hunt-scim-events-00.txt
> Date: February 13, 2022 at 1:29:45 PM PST
> To: "Phil Hunt" <phil.hunt@independentid.com>, "Phillip Hunt" <phil.hunt@independentid.com>
> 
> 
> A new version of I-D, draft-hunt-scim-events-00.txt
> has been successfully submitted by Phil Hunt and posted to the
> IETF repository.
> 
> Name:		draft-hunt-scim-events
> Revision:	00
> Title:		SCIM Profile for Security Event Tokens
> Document date:	2022-02-13
> Group:		Individual Submission
> Pages:		27
> URL:            https://www.ietf.org/archive/id/draft-hunt-scim-events-00.txt
> Status:         https://datatracker.ietf.org/doc/draft-hunt-scim-events/
> Html:           https://www.ietf.org/archive/id/draft-hunt-scim-events-00.html
> Htmlized:       https://datatracker.ietf.org/doc/html/draft-hunt-scim-events
> 
> 
> Abstract:
>   This specification profiles the Security Event Token specification,
>   to define a set of events for SCIM Protocol servers that can be used
>   for asynchronous transaction confirmations, replication, cross-domain
>   provisioning co-ordination, and security signals.
> 
> 
> 
> 
> The IETF Secretariat
> 
>

v2.23.0 | Report a Bug | By Email