IETF Logo Mail Archive

Re: [scim] Groups Member Type

Kelly Grizzle <kelly.grizzle@sailpoint.com> Wed, 09 August 2017 15:32 UTC

Return-Path: <kelly.grizzle@sailpoint.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 665571323BF for <scim@ietfa.amsl.com>; Wed, 9 Aug 2017 08:32:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sailpoint.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OeU_weiwfzPs for <scim@ietfa.amsl.com>; Wed, 9 Aug 2017 08:32:15 -0700 (PDT)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0093.outbound.protection.outlook.com [104.47.34.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 817881323BC for <scim@ietf.org>; Wed, 9 Aug 2017 08:32:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sailpoint.onmicrosoft.com; s=selector1-sailpoint-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=QWvCdJiRYw50VHxpXlUQz1TRsthhMIG+oGuFFh1TisM=; b=CZcCwIb0MoI8LRfE0X+iTxYIomXVzQHa+3KOJRpUa14iBD9weZCDbtfuqJA7zPsWnAf+8XJFtQ4QY5DU7L0Q9Da21kf/B4OO4hHMG78xJlh5ynya/V6LDrSCDvePmfQhiZllbFM+4OizlzrE/Bn1L8T8al8aeqK0ujgJ3CFNGk8=
Received: from CY1PR04MB2363.namprd04.prod.outlook.com (10.167.10.143) by CY1PR04MB2363.namprd04.prod.outlook.com (10.167.10.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1320.16; Wed, 9 Aug 2017 15:32:14 +0000
Received: from CY1PR04MB2363.namprd04.prod.outlook.com ([10.167.10.143]) by CY1PR04MB2363.namprd04.prod.outlook.com ([10.167.10.143]) with mapi id 15.01.1320.018; Wed, 9 Aug 2017 15:32:14 +0000
From: Kelly Grizzle <kelly.grizzle@sailpoint.com>
To: Shelley <randomshelley@gmail.com>
CC: "scim@ietf.org" <scim@ietf.org>
Thread-Topic: [scim] Groups Member Type
Thread-Index: AQHOALOOeHp6hjJutkGc7C2Tyxq6nZhpv6cAgAs7UQCAAEp64IAVpkqAiftC6wCAABjZ4A==
Date: Wed, 09 Aug 2017 15:32:13 +0000
Message-ID: <CY1PR04MB2363D61AB4E1F0C5843904F5E28B0@CY1PR04MB2363.namprd04.prod.outlook.com>
References: <CAGUsYPz7_9Tat93aC2t=YAQcHG6dmboYDYij_8sRpKA6CZoWEA@mail.gmail.com> <56C3C758F9D6534CA3778EAA1E0C343753AB2F38@BLUPRD0412MB643.namprd04.prod.outlook.com> <CAGUsYPwUt997zV9sxC4p93Jz=9j+bWeqygyMSkssM1gMZfxhpQ@mail.gmail.com> <56C3C758F9D6534CA3778EAA1E0C343753AC4630@BLUPRD0412MB643.namprd04.prod.outlook.com> <CAGUsYPyV7RjdmbUMcQ5N8NdwGjPzt2xHSANyNJon_uceNjhUgA@mail.gmail.com> <CAGUsYPzYh0zqpEedtAx2rwTKzPYRiURY3DTzJi8jyDUxrifUiw@mail.gmail.com>
In-Reply-To: <CAGUsYPzYh0zqpEedtAx2rwTKzPYRiURY3DTzJi8jyDUxrifUiw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kelly.grizzle@sailpoint.com;
x-originating-ip: [70.114.154.180]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY1PR04MB2363; 6:oLKNJqddzu9O90o/RNeFVtP2HD7Ace87i85/TqeFlDhVrYvqemgek0v/XYCmjK3ACo/mjcQcnrDjkexDdMBwlbbZzha0vEuU7JMIKrhuAGzDfhRn0sl3go0Esm1l5XwZXfWrys+tZsFS6WaaVyEEARDuxDeHyn62cfXIb/AasBL/N68sVGUSBWuGwZ5nHNrU8tYXp6dXety9ZwzKyBTp0XfGdixt6EcSAiWkE+dWCjfDCoISsBQgenq0l31NPJkX5HsHwItizX0XScoljUEmq+gP7skNcSZFJu0wNw71Iv4p8aFHPcR9eCwiHsyurOhXUyEDIrEeJ30PAqz3hqEVuw==; 5:14ay7Ovop1+mjVJF+bPXsiBG6tWgGJSw5DJ80ZqeuL9gJXBHKs7uASNGtsBrbhNcbu9VbKOyDklujakZB/lPI42IhIXBFamJyTSnXI/ykdWQMm/gRikRkl3qBu6N2vi6rChFGkRRL//G9d8pJNg+UQ==; 24:D5abJ446Xys4Fw9vJfR9ha6mEVSDG+VNd9lhxo0G8GcLwwgj65aHfgKMXJvIDEY4pGNL5r9bc3K0KdXSyWlEFJWZomkqNz8MJu3VPvGyi04=; 7:F8QC5IuUHL2K9TSCW52OOpZ3IR8986VTio8dpMTqrtSDGOpc7w4LLvmNw/HR7bpaFaMRrBM88CPfh/veXlj7q1nDVpOn+KTLgqZuWyuGsEO4cRJCz4UqfBHzoXW32cYV+TbftD0+iLgulotZIl3ILYkEmtO3aRNXPwJ6MMqJUP/gYJEkBDEG9/CsHBZj9KSO0d35vrCjiUrXFHslIklw2boRV2PhSL34SuNewN1DLXM=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 00344cb1-05ec-46f6-ff67-08d4df3bcf5c
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:CY1PR04MB2363;
x-ms-traffictypediagnostic: CY1PR04MB2363:
x-exchange-antispam-report-test: UriScan:(158342451672863)(21748063052155);
x-microsoft-antispam-prvs: <CY1PR04MB23633747862B88CA7B90366BE28B0@CY1PR04MB2363.namprd04.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(3002001)(6041248)(20161123562025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123564025)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY1PR04MB2363; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY1PR04MB2363;
x-forefront-prvs: 0394259C80
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39400400002)(39410400002)(39450400003)(39840400002)(24454002)(189002)(377454003)(199003)(2900100001)(6436002)(86362001)(14454004)(3280700002)(3660700001)(8676002)(68736007)(93886004)(50986999)(76176999)(81156014)(54356999)(66066001)(81166006)(6306002)(19609705001)(6246003)(236005)(6506006)(229853002)(54896002)(53936002)(6916009)(2950100002)(38730400002)(39060400002)(9686003)(25786009)(77096006)(110136004)(4326008)(966005)(99286003)(55016002)(478600001)(6116002)(74316002)(106356001)(102836003)(7696004)(3846002)(606006)(790700001)(2906002)(5660300001)(8936002)(7736002)(105586002)(101416001)(53546010)(189998001)(1411001)(97736004)(33656002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR04MB2363; H:CY1PR04MB2363.namprd04.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: sailpoint.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY1PR04MB2363D61AB4E1F0C5843904F5E28B0CY1PR04MB2363namp_"
MIME-Version: 1.0
X-OriginatorOrg: sailpoint.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Aug 2017 15:32:14.0187 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9c848b2a-49ba-4c39-9749-118d06717a84
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR04MB2363
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/bWCAi7vSprqdVd6BN0v0OCOY9ms>
Subject: Re: [scim] Groups Member Type
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Aug 2017 15:32:18 -0000

Given the general desire for SCIM to allow loose reading but strict writing, I would vote for option 1.  If type is not specified in a PUT/POST/PATCH then the server can assume “User”.

--Kelly

From: Shelley [mailto:randomshelley@gmail.com]
Sent: Wednesday, August 9, 2017 9:02 AM
To: Kelly Grizzle <kelly.grizzle@sailpoint.com>
Cc: scim@ietf.org
Subject: Re: [scim] Groups Member Type

Resurrecting this old thread, as this question has recently come up during some of our interoperability testing, and there still appears to be some ambiguity in the spec...

The SCIM 1.1 and 2.0 specifications do not seem to indicate the expected behavior if the type sub-attribute is not provided on a Group resource member. Neither spec seems to explicitly require this attribute, so what is the expected behavior if no type is provided? Is there a default (e.g. "User" or "Group"), must Service Providers search for the member across all resource types, or should it be treated as REQUIRED (e.g. returning a 400 error)?


On Mon, Feb 25, 2013 at 10:38 AM, Shelley <randomshelley@gmail.com<mailto:randomshelley@gmail.com>> wrote:
Thanks, Kelly. Given that the ID may represent either a User or Group and only the combination of "type" and "value" uniquely identify the reference, should the canonical "type" attribute for group members be REQUIRED as well? (Further, the majority of examples throughout the Protocol specification only include a "value" and not "type", so it's ambiguous as to whether these "values" represent Users or Groups.)


On Mon, Feb 11, 2013 at 4:02 PM, Kelly Grizzle <kelly.grizzle@sailpoint.com<mailto:kelly.grizzle@sailpoint.com>> wrote:
I opened ticket #35 to change this.

http://trac.tools.ietf.org/wg/scim/trac/ticket/35

--Kelly

From: scim-bounces@ietf.org<mailto:scim-bounces@ietf.org> [mailto:scim-bounces@ietf.org<mailto:scim-bounces@ietf.org>] On Behalf Of Shelley
Sent: Monday, February 11, 2013 11:36 AM
To: Kelly Grizzle
Cc: scim@ietf.org<mailto:scim@ietf.org>
Subject: Re: [scim] Groups Member Type

+1 to mark it as "immutable".
On Mon, Feb 4, 2013 at 8:08 AM, Kelly Grizzle <kelly.grizzle@sailpoint.com<mailto:kelly.grizzle@sailpoint.com>> wrote:
Good point.  It seems like this should say “immutable” rather than “read-only”, since it can be set initially but not updated.  Thoughts from anyone else?  If this seems reasonable I’ll open an issue to get this fixed.

--Kelly

From: scim-bounces@ietf.org<mailto:scim-bounces@ietf.org> [mailto:scim-bounces@ietf.org<mailto:scim-bounces@ietf.org>] On Behalf Of Shelley
Sent: Friday, February 01, 2013 1:37 PM
To: scim@ietf.org<mailto:scim@ietf.org>
Subject: [scim] Groups Member Type

As indicated in Section 8, the canonical types for Group members are READ-ONLY. As such, how can consumers provide the type (i.e. "User" or "Group")? Is it implied that IDs are unique across both users and groups in order for service providers to fulfill this requirement?

v2.23.0 | Report a Bug | By Email