Re: [scim] Clarification on Groups Schema membership attribute
Brian Demers <brian.demers@gmail.com> Mon, 09 January 2023 20:21 UTC
Return-Path: <brian.demers@gmail.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE96BC152593 for <scim@ietfa.amsl.com>; Mon, 9 Jan 2023 12:21:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cLmOM-j88vxA for <scim@ietfa.amsl.com>; Mon, 9 Jan 2023 12:21:24 -0800 (PST)
Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFBCAC14CF0C for <scim@ietf.org>; Mon, 9 Jan 2023 12:21:24 -0800 (PST)
Received: by mail-ed1-x534.google.com with SMTP id 18so14329340edw.7 for <scim@ietf.org>; Mon, 09 Jan 2023 12:21:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=BHNlMYqFX2XOtyZ5OZib29JHwIu6YzZmOwdJyslCnuY=; b=D1sU/S90uy1I0ew4j+KpFEx3hmBsq0HxJuoLqY9zmUET91t+gQzpMZ6Vr1Cjiwyj39 K5YwYMGzpJErVl5DDOasul7wDnGcSC2QRii6k5Mw1nGPxc5baXGxPyzlMWrGmMgccwDE RKmEqcPrAUJO6iTY9F+vKzl+ew3NSG7frbW95R/Jq1XMN3pCd3SxLk0w2Z4xyBeI9nL/ Sj5mlPa0oDK1DArN1SF+z5tB3ZSPc1Deur6TFiSg7Kmy5dUt+47kJNqlXt3WkasHyl9r nB/18ZXsV39SFdkLl/WSnrgTh/o7VazJeDYHIIE7kH/W81NcOcdNNObUiP56d9AJz8k2 ORgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=BHNlMYqFX2XOtyZ5OZib29JHwIu6YzZmOwdJyslCnuY=; b=NMLpfK4hiFBTxcAiL7fvWfWxdYxVqE5UQE0wji5K6il77WsTP3YiwRre5nxSLpfSP4 uAnghneN+mpvAOqLVKYS/US2oZrC25kFAImkyz8eVDm2ooNwc7wD2EsNfJe5VpzB+ohu 1Uk17RckTduG6BZDzOnGHftcZbuCbkDUtHzThju9z/9XSHXVDUPymhLsx15Er9RhxNrV /6hbdUt706TIQp5DDD5jSXrA48LCF6+8eGmjgLO/UU6+eA0Me1VnWdBnS6Cbrnog6xhs 8iN5Ct35BG2W0HSx2UgHuZG5PQve3Ivlan2R0xtNf38FVd87PFgPy/8SpEa/Bh0uE8MY RsVg==
X-Gm-Message-State: AFqh2kqb8rBPERvBtfm+rX0WBNseIHwwq6mnUBuACDfFPAp7Td3ivyh0 yvrgm2CQAR+UnPRxlwwrPJxgBP8T/fmex9eqd6ZLdySePhw=
X-Google-Smtp-Source: AMrXdXsjI9QeJpa+G8D7iyXavD02sKz/eZTDe0J9D5dtFBn5fRb2THJrRpsrc3JWx9n/UPPqhcsfJqoBIWMlVsKtfQw=
X-Received: by 2002:a05:6402:401e:b0:48e:afc8:2c02 with SMTP id d30-20020a056402401e00b0048eafc82c02mr2217675eda.396.1673295681869; Mon, 09 Jan 2023 12:21:21 -0800 (PST)
MIME-Version: 1.0
References: <CAH9eYVpJQeoxyzQXmA_RD6u4SW01ph5LVywcdbTqAaZHQP5u=A@mail.gmail.com>
In-Reply-To: <CAH9eYVpJQeoxyzQXmA_RD6u4SW01ph5LVywcdbTqAaZHQP5u=A@mail.gmail.com>
From: Brian Demers <brian.demers@gmail.com>
Date: Mon, 09 Jan 2023 15:21:11 -0500
Message-ID: <CAH9eYVoJCA1n9k6RdTewtsBJ8cJRiZcrFW_oN+vpmtmZJ+WBpg@mail.gmail.com>
To: SCIM WG <scim@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b8de9c05f1da82b0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/heHYV_Inis_2pocNamLJy6g8SAQ>
Subject: Re: [scim] Clarification on Groups Schema membership attribute
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jan 2023 20:21:28 -0000
To follow up, a colleague reached out directly to me and mentioned section 2.4 of the Core RFC https://www.rfc-editor.org/rfc/rfc7643#section-2.4 This mentions that _all_ multivalued attributes have the sub-attributes: type, primary, value, display, $ref Is this something that should be added to section 8.7.1? Is there someplace where we could host official reference copies of the schema defined in the RFCs? Something like simplecloud.info (I don't know who owns this site) On Fri, Jan 6, 2023 at 2:09 PM Brian Demers <brian.demers@gmail.com> wrote: > TL;DR - What are the official sub-attributes of "membership" items in the > Groups schema? > > The Groups schema listed in section 8.7.1 lists the possible > sub-attributes for `members` to be: `value`, `$ref`, and `type`. > The example in 8.4, contains `value`, `$ref`, and `display` > > Section 4.2, "Group" Resource Schema, only makes reference to `id`, > `$ref`, and _hints_ at `type` > > members > A list of members of the Group. While values MAY be added or > removed, sub-attributes of members are "immutable". The "value" > sub-attribute contains the value of an "id" attribute of a SCIM > resource, and the "$ref" sub-attribute must be the URI of a SCIM > resource such as a "User", or a "Group". The intention of the > "Group" type is to allow the service provider to support nested > groups. Service providers MAY require clients to provide a > non-empty value by setting the "required" attribute characteristic > of a sub-attribute of the "members" attribute in the "Group" > resource schema. > > > NOTE: Section 8.7.1 does state the following: > > Where permitted, individual values and schema MAY change > > If this schema is not complete, is there an _official_ schema in JSON > that is? > > >
- [scim] Clarification on Groups Schema membership … Brian Demers
- Re: [scim] Clarification on Groups Schema members… Brian Demers
- Re: [scim] [EXTERNAL] Re: Clarification on Groups… Danny Zollner