[scim] Multiple external id values
Mark Dobrinic <mark.dobrinic@twobotechnologies.com> Mon, 05 October 2015 14:43 UTC
Return-Path: <mark.dobrinic@twobotechnologies.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 504491ACE87 for <scim@ietfa.amsl.com>; Mon, 5 Oct 2015 07:43:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iVY2L3k0D5XI for <scim@ietfa.amsl.com>; Mon, 5 Oct 2015 07:43:22 -0700 (PDT)
Received: from mail-wi0-f181.google.com (mail-wi0-f181.google.com [209.85.212.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 138F01ACE99 for <scim@ietf.org>; Mon, 5 Oct 2015 07:43:22 -0700 (PDT)
Received: by wicgb1 with SMTP id gb1so122938912wic.1 for <scim@ietf.org>; Mon, 05 Oct 2015 07:43:20 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-type; bh=wc1a4nysfkUUuNfCRVNn20t2rWOD63ad5160R7molgM=; b=gB5pRYB2wMEgWWlijLyDfazoFu39GMqIcTUEtVvqCsu8LZGvCJ/l3pmS4Z7d6M9+nl jlgWWVaOVrdijNhRyiOvfXLh555zwO2tL8CVSHTXvIlxll/j3SdRzFSr5atjX+iLuhqQ dnmvn00UbV7uy/149a2dOHu4CAHYDK9awF4NT7GKaYqDmIKlyR8j48XiyR/MYTjn04ug jbO/aORVcBHmT6C7Qe0vX8NbfYUTMvCP3qS8tTvngavvz6TvupwlWeuNu84b1L8wGOG1 B6AY45v+D6GagmT7+BHnx8l/R8XcZ8ugqB15PICvI37adumCJSznG5xp2IWV7GcMi4rG dCgQ==
X-Gm-Message-State: ALoCoQnSxJPAPm8odZXCMXvYVSruIWtyyZxY8/grB9Nvf/zKlpCHSrYxPPXJ0HO2oI1PItQTwstL
X-Received: by 10.194.80.71 with SMTP id p7mr29253925wjx.83.1444056200477; Mon, 05 Oct 2015 07:43:20 -0700 (PDT)
Received: from speedyM.local (ip5651156e.adsl-surfen.hetnet.nl. [86.81.21.110]) by smtp.googlemail.com with ESMTPSA id r4sm14990375wia.19.2015.10.05.07.43.19 for <scim@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 05 Oct 2015 07:43:19 -0700 (PDT)
To: scim@ietf.org
From: Mark Dobrinic <mark.dobrinic@twobotechnologies.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <56128C3A.6050402@twobotechnologies.com>
Date: Mon, 05 Oct 2015 16:42:02 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------070909000903050602000805"
Archived-At: <http://mailarchive.ietf.org/arch/msg/scim/eRf6GFg2xTj-NH5KqTnnlo-e8v8>
Subject: [scim] Multiple external id values
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2015 14:43:25 -0000
Hi Scim people,
While incorporating Scim client functionality towards a Scim Service
Provider, we've stumbled upon a limitation regarding our desired use of
externalId, that doesn't fit the current spec.
Our usecase involves managing multiple external id's, so that we can
both support multiple externalId's to multiple Scim Clients from one
Scim Service Provider, as well as let a Scim Client manage multiple
external id's with one Scim Service Provider. Each external id lives
within the domain of a, well, domain. There are plenty of real world
examples where domain-scoped id's are used, so it seems no more than
natural to consider this with Scim as well.
For example, a user with id barbara has an externalId 'babs' in the
domain 'home', and externalId 'labarbara' in domain 'work'.
As I understand Scim as being as effective and simple as possible, we've
been using the extensibility of Scim to make this work. I can imagine
this to be a generic problem that more people are (or will be) facing.
Therefore, I'd like to propose our solution and would like to discuss
whether this could/should be considered a standard solution to a
standard problem, either in this form or something better.
What we did was introduce an extension "
urn:scim:schemas:extensions:external-ids:1.0"
that defines an attribute "externalIds",
is of type "complex",
is multiValued,
can be described as "External Identities of a user. Each External
Identity is scoped within its domain",
is optional,
and has the following sub-attributes:
- value : string value containing the value of the external id
- type : string value containing the domain of the external id
In JSON, it would look like this:
{
"schemas": [ "urn:scim:schemas:core:1.0",
"urn:scim:schemas:extensions:external-ids:1.0" ],
"id":"2819c223-7f76-453a-919d-413861904646",
"userName":"bjensen",
"externalId":"bjensen",
....
"urn:scim:schemas:extensions:external-ids:1.0": {
"externalIds": [
{
"value": "babs",
"type": "home"
},
{
"value": "labarbara",
"type": "work"
}]
}
}
Note that we are adding to the baseline features of Scim, and not
changing anything existing.
I would like to hear your feedback on this, and I'm interested whether
this could be considered as a standard extension in upcoming Scim versions.
Thanks!
--
Regards,
Mark Dobrinic
Software Engineer and Identity Specialist
Twobo Technologies AB
mark.dobrinic@twobotechnologies.com
www.twobotechnologies.com
- [scim] Multiple external id values Mark Dobrinic
- Re: [scim] Multiple external id values Phil Hunt
- Re: [scim] Multiple external id values Mark Dobrinic
- Re: [scim] Multiple external id values Phil Hunt
- Re: [scim] Multiple external id values Mark Dobrinic