Re: [scim] [EXTERNAL] Re: Contributors needed for HR schema

Danny Zollner <Danny.Zollner@microsoft.com> Mon, 20 June 2022 23:42 UTC

Return-Path: <Danny.Zollner@microsoft.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B94B6C15D4BA for <scim@ietfa.amsl.com>; Mon, 20 Jun 2022 16:42:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.754
X-Spam-Level:
X-Spam-Status: No, score=-2.754 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.745, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QlL0k1XQXJcr for <scim@ietfa.amsl.com>; Mon, 20 Jun 2022 16:41:56 -0700 (PDT)
Received: from na01-obe.outbound.protection.outlook.com (mail-cusazon11020024.outbound.protection.outlook.com [52.101.61.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3623C15D4B6 for <scim@ietf.org>; Mon, 20 Jun 2022 16:41:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Pv74ynTgLY72nHHWkLKdXD/9GHV+eh5YgzFkMAG+h2hUXox8TLnxu2fcNKXITLAI3976mNMVmyFmszUdZoilsfhQEcZY/aTugIWEKzj0H2gRMkPVNGopTc+fOxIuxZPvaIpVO57UNAcqTOH906s6V8QcOMYMT55jCBFa4Rk3eO1if/RmbaUR5JqJ0/IxqL4vd21utOR/XCEBgCMOGb4YIYQbQrmDVoWmBPeDmZS7dfKwKrjknFya1PaI4Nqmk2lalINrDwV0dG8VS2bLD8CCnMF5G7O92fpronn6WTpu33OowQPytAbf1uYYwuTDYE7/vhw0vvOJjHBMWzi0Pk6KbA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HSjtr6psyPXhJLYBc2JT2qb/R04M3bkZeyY6Mm86nq4=; b=Q+ldTWfYVtSIbDoprQ98/mKLgZGD/0CnXRJ9HS+tteOk3q2BZ4PHYjdJzpboLEcrIHdFIBJ5Pf6ME79I2e1q0Bmk6TysUj7WunfjYLZOXQoL+YaMabWfNCPxwx99k22pqJHIPaczblT0qNtNjKw4LjvLN3AMZ5uy3XOopZ/ng+3SQrcGzSyO3+MwzhfTJMGQ6sPvTcD8Kqtkyrc6a3cvCm7EInnbG0CpoYqaxUsaXyYlhUcHfuw7NHbr2i3QZ/qoXwP798xobocsb1eVNetHw2NPou5X0eH4XO2QTv1whlmfyOLGTI8Ccic90DVsp3i7Wul5scUTuxJln5HwJuMeZw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HSjtr6psyPXhJLYBc2JT2qb/R04M3bkZeyY6Mm86nq4=; b=M9f1FeMSXCe8cT+jo3lczgvT2P9Fk4ZBKEXQI58IWWUOLhVJc77i/fW7ya9gMRyd+3Df7laCv5jC2NV6PuMxbPuVAH+ADeLVTc1bfx1udxja+ByWgkLqdxlbBfJztqakHz/OuHcBGaHBt8YwOxyuasujWsQ0letCjDW54XgfjuI=
Received: from MN2PR00MB0720.namprd00.prod.outlook.com (2603:10b6:208:1d8::15) by BL0PR00MB0769.namprd00.prod.outlook.com (2603:10b6:208:1c4::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5409.0; Mon, 20 Jun 2022 23:41:34 +0000
Received: from MN2PR00MB0720.namprd00.prod.outlook.com ([fe80::8d8:fd70:5c8e:ac48]) by MN2PR00MB0720.namprd00.prod.outlook.com ([fe80::8d8:fd70:5c8e:ac48%9]) with mapi id 15.20.5409.000; Mon, 20 Jun 2022 23:41:34 +0000
From: Danny Zollner <Danny.Zollner@microsoft.com>
To: Danny Mayer <mayer@pdmconsulting.net>, "scim@ietf.org" <scim@ietf.org>
Thread-Topic: [EXTERNAL] Re: [scim] Contributors needed for HR schema
Thread-Index: AdiCfACOkjcWip7dSE69OSqnxjRCZwCYKyUAAAhaglA=
Date: Mon, 20 Jun 2022 23:41:33 +0000
Message-ID: <MN2PR00MB0720CC2B7346ED47A504BC42FFB09@MN2PR00MB0720.namprd00.prod.outlook.com>
References: <MN2PR00MB0720A50B2E5EB355A07E5714FFAF9@MN2PR00MB0720.namprd00.prod.outlook.com> <76b2c137-9ae4-74ab-0482-80328a7db032@pdmconsulting.net>
In-Reply-To: <76b2c137-9ae4-74ab-0482-80328a7db032@pdmconsulting.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2022-06-20T23:41:30Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=9ca0023e-0738-4abd-87bb-1a45b413e3a7; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 01da9cf3-1df2-4dcb-ff19-08da531668d5
x-ms-traffictypediagnostic: BL0PR00MB0769:EE_
x-microsoft-antispam-prvs: <BL0PR00MB07694B83D86E935827293E90FFB09@BL0PR00MB0769.namprd00.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: arsfqN6lsbtmnJCGwgQNRqLDVP9lWzzRAF2nTo18r2oDkmo69pzXoE0UPWQ5Yk/aHc9sYLrU5eLeQZF/JLI4ZnYQSTElTWxqRant6TD2sqxWe60zWlMegZaDaEFelq6fdY6aaewg184Sc8N6kR/mhFUW9aA79tfd8QxedQ1mmyuV/Y+ZwfmSf3STzOSv1FmJoFmWxB14FPLx8ZJ1qa1jqXgneLxwWXTs4YMHc4XXVEJ7FgD9dUHn5GSkk5uM/7KT1O1ocJbPqNKjSCAtY/iY0eUWzRkNshv5RFta8PpKa41gC/vZiq4LRSN/4iuR9JKyRQq78k5WZQ1xVplFsnKeG4oap7rYQJCVIAcRplg1Eg8As1Gy5WpuGaHv6oZ3+nm973+8BfRpBTXk7K6fmbp+PK6eq+X2oTIfl/948t4Twi8dNzCC6LV43AwhPYrvgrGoG1e+qqDYGgM7A4KewDfoTdKLYGm5j5dBrWJPtdHdqeiwmfhhZWMX1lAa19uwjmV/6Nv0xdQSqtcC1mcYVVUqUEEKr43Ybdj9Gwj8XewxulCnrIZNwumwINPev0CaZQ9iHaPKh1Cr2ghIw/vm0M2mPal4f0QKbyBtmyQvm0b+obectAPZI4A0lRlRkGcwQiB4Qib1V7zWQVK9/msnlpoloQ5T4ymGXiKihnDn6JhpCxrZZ3YCI5AXwqbVVS1vxk5xqEAowOaFrJHEdrHTpoeNrTNOpmWWt4uhwnGS3QYuRmqf2N/2APSqnhdTqgaGYEenm0Lr5fnjpgbGhuXhPv3+Zgv510lgxBTy6E+mq9tB4yqUPfjWRWLgbHjB7Hm9dkt24XLpb8mIJqQzsFHuTC90QA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR00MB0720.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(39860400002)(366004)(346002)(396003)(376002)(136003)(451199009)(33656002)(86362001)(38100700002)(122000001)(166002)(82960400001)(38070700005)(82950400001)(5660300002)(8936002)(52536014)(966005)(478600001)(2906002)(316002)(110136005)(10290500003)(8676002)(66446008)(64756008)(71200400001)(66556008)(66476007)(186003)(55016003)(66946007)(76116006)(53546011)(83380400001)(6506007)(7696005)(8990500004)(9686003)(41300700001)(26005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?731246Ffim8/bi6LfqQPiVK7XlehNc7vb4MryRnZ/lQuFyDxnBzlQepMDp19?= =?us-ascii?Q?a1Huta9Q/wtZqBUWJRvK8x9P5eGBUc3p5RF/MNn2ds3JqA+dZWhCDGpBd+D1?= =?us-ascii?Q?Ezte3gofCmp9JaWyG3ZH36jJ9OOQOy3lqv6SPFlJH2LNtxE7Ij/QDBMfiQrT?= =?us-ascii?Q?EHqyXyGjkuTD2WO7/pSLxoUc1IYLMStTvarVS6BHYcLuGcamcLLoba6tu3J8?= =?us-ascii?Q?P6yykuZ8AEwyTPy6wLUWoMGo/wCJolh3GIHcsmKL5wRdqsGASlGuAztQr/A0?= =?us-ascii?Q?ByeVSBWnFBNjga0lDJ7oqdyMW9g93LfnF4n7nRUYdD7Eebk2ZNb0q7WJzkXa?= =?us-ascii?Q?uCaDTbrFksfPSBoB95/WtxOjAk6RIoYgvVEC1x1fcdU2qLFJ+EeTtj6ZFHws?= =?us-ascii?Q?qsBAs1EagK6IvjAR+joJNjL/WFXa5bdi1d6cM4CwrTpy43rn2xRowGEpRiJr?= =?us-ascii?Q?UxSiSPlQvIcGBv0uPfv1+OI2aP+i2JOEKT4pH0NRFtc3XMfq2opC03seaKe6?= =?us-ascii?Q?W5e8dQ2Osw9Gfxs8v2MYXu93w+3S4qBNjkOMQAuxsWFOThR3bRYaKJqvsK8A?= =?us-ascii?Q?JoMJIhV0bLv1VhkNtw1OdRvbmr3dvDvpdro7gZQfrIrlDQnzEM/NvBWBaD05?= =?us-ascii?Q?+L5V10NVhu84EyCrS3C2Z0A0scr8xgPkeSKjl8q7jGs8oCROyrQ6s+NfOUKG?= =?us-ascii?Q?4IIUwSYkJyrg3n45koRXMptjpvhMnzRBunCr+IWgJPxJgxE3B67BXxAoVJhQ?= =?us-ascii?Q?YZYrq9P+OSg6tI7WJ5sphbOpsdeGD/YH8aLUPtreS4ngagK8WFoByx/jfsx1?= =?us-ascii?Q?F+arFTrnPa0CCWOsAkDRLkhi1mtPZwsWDyQ5xH1U99+b3aCN9+zKbBBk9B/V?= =?us-ascii?Q?qKdgfMXTz2qmr/K7bGjmQFAASB7eqR9EGtcVvbvvuVQZltiJ0ufB/mKv1PiR?= =?us-ascii?Q?sjpFjcMg09e4IlRDvJz74x6VgSvZ95X+NzV39lFf7bHHUoQL2W3tXdLMxeUk?= =?us-ascii?Q?9yxbY5HYTk1lc9NbmGhGvYkmUI/HK834bit+KuxXmZ63AcxgjCAoJcCGQ0za?= =?us-ascii?Q?Wme4uw1FTfBThHCYX7Y4KpDoQa667GIvJ5fIOZiaLmUHJPOj9wVElsyfjZ2v?= =?us-ascii?Q?aZw7h4n6oxEMN1iEj26IMJ3FBqy1zT0izeAJQv1LE/Y6chA0KW3VkU4j54t7?= =?us-ascii?Q?AS750r+JRskLdmaYIaQ/wH6LpIYSZsaQMK2lE/FJGcM/9FGJV+VeFbrBAFgo?= =?us-ascii?Q?Tdw7dmDwFzuyKhRPo1BbekG2bysNn793lWNofRuTXtTTVS0LcSM2doTa+nCi?= =?us-ascii?Q?2tjvQ7T7aOVW8nKBfdVuzmrIBtFzGkA1nm2c9wYuSXkdouAZvTOm6z1WiwMi?= =?us-ascii?Q?vI+GrXZRis8cYjmLscS13d1bNmpgV5iAv8tSYv7dM8CMrztPUh+mqXMrGEPo?= =?us-ascii?Q?U6EkC/NGc6WOAoJaSzRyFn63sczLSjFnQG9PVk82w+zhX8wNbVInGpzue4lm?= =?us-ascii?Q?wroGDe03v/XoMbWgadbUcQHE6oaezsT56inE0AhuFY0XWiG4NsIgPKvQkNg6?= =?us-ascii?Q?CPPuGQn1l+sd9Pe1pWZeSnRe8RYjXhUnPHEY7h6t5NbULoGm/QevP/J56Zu4?= =?us-ascii?Q?Kq81ML2lGCbOmXMo7GQeN6EjXvCafScUdJOtVKWj8oFaw8nqcGVW3p2e3wuu?= =?us-ascii?Q?seeoVJo5QdDMZ8hlooFHNSXXhzbch7O7XI5Yux58gLPUMaa0OoICxiCkgMjw?= =?us-ascii?Q?K+RGnxj8sw=3D=3D?=
Content-Type: multipart/alternative; boundary="_000_MN2PR00MB0720CC2B7346ED47A504BC42FFB09MN2PR00MB0720namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR00MB0720.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 01da9cf3-1df2-4dcb-ff19-08da531668d5
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jun 2022 23:41:33.9431 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: OIzhYg9TKJyJp/ADm9pNlvLH6wIhJZ5iOWbB/48kdme98WjlKPabe7eY8mpELkcEdxSiNb2s+41hr8rbQ0euAg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR00MB0769
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/Rl9Xz61gWtuTU2Z7gXtGzNy4q8w>
Subject: Re: [scim] [EXTERNAL] Re: Contributors needed for HR schema
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jun 2022 23:42:00 -0000

Would it make sense to split these into separate items? Defining the HR schema being one piece - possibly into different sub-schemas(is that a word?) for different classes of data -  i.e.: general organizational data vs some set of data that would serve other purposes such as salary data (NOT saying we include that..) for easier boundary lines for applying access control? And then for the second piece, I think this sub-bullet from the charter:

    * Per-attribute schema negotiation

May cover the topics you mentioned on limiting what parts of the schema are available to what parties. Part of why I suggest splitting this apart is that the topic of limiting access to data looks like it aligns with that that charter item, but it's also applicable outside of the HR schema scenario and should be solved separately and then applied across the board.

Does that sound OK, or am I missing something and completely off base..?

Thanks,

Danny

From: Danny Mayer <mayer@pdmconsulting.net>
Sent: Monday, June 20, 2022 1:34 PM
To: Danny Zollner <Danny.Zollner@microsoft.com>om>; scim@ietf.org
Subject: [EXTERNAL] Re: [scim] Contributors needed for HR schema


I have plenty of experience fetching non-privacy data from HR. The bigger question, as usual is how much do you want to make "public" in other applications and how do you make sure you limit the data that the HR organization is prepared to share with other parts of the company.

Danny
On 6/17/22 4:35 PM, Danny Zollner wrote:
Hi SCIM-ers,

One of the items on the charter for the SCIM working group is to design a human resources-centric schema for SCIM. For this to be successful, we'll need contributors that are knowledgeable on HR and HCM services and concepts. If anyone has background on this area - ideally previously or currently working for an organization involved in this space - and can contribute, please respond to this thread and let us know of your interest.

I've had some discussions with folks more knowledgeable on these sort of things than I am already, and here are a few things I took away from that that I'd like to put out there as ideas up for discussion:


  1.  We should create a new resource, "Worker", rather than make an HR schema on a user resource. HR data is likely to feed into a logic engine of some sort that then ultimately decides what needs to happen, and HR systems generally should not be directly turning HR data into users in other systems without some middle layer.


  2.  Some attributes in this schema may have a finite list of acceptable values - think locations, departments, cost centers. Extending other new resources, i.e.: /CostCenters, may be helpful for discovery's sake to allow a client interacting with an HR/HCM SCIM service provider to GET a list of allowed locations, departments, cost centers, etc.. and more efficiently generate requests where the values of these attributes can be predetermined to be valid or not ahead of an operation to create/update a worker.

Thanks,

Thanks,

Danny Zollner



_______________________________________________

scim mailing list

scim@ietf.org<mailto:scim@ietf.org>

https://www.ietf.org/mailman/listinfo/scim<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=05%7C01%7CDanny.Zollner%40microsoft.com%7Ca688578c21cb4368843b08da52f3db3f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637913504701608666%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=geskFfHmlYs147l2z7JWSmeGkD2rwRJVQq7TE9K97mE%3D&reserved=0>