Re: [scim] Call for support on proposed SCIM/SINS (re)charter

Erik Gustavson <erikgustavson@google.com> Fri, 10 September 2021 20:54 UTC

Return-Path: <erikgustavson@google.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6FCD3A1B01 for <scim@ietfa.amsl.com>; Fri, 10 Sep 2021 13:54:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -18.087
X-Spam-Level:
X-Spam-Status: No, score=-18.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.499, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xCtsWGI_JlU1 for <scim@ietfa.amsl.com>; Fri, 10 Sep 2021 13:54:08 -0700 (PDT)
Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1AF083A1AFD for <scim@ietf.org>; Fri, 10 Sep 2021 13:54:08 -0700 (PDT)
Received: by mail-wr1-x434.google.com with SMTP id q11so4386192wrr.9 for <scim@ietf.org>; Fri, 10 Sep 2021 13:54:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=i9pV+WeZrgq8EGojIMPJ+57B2Rc7SXX6YLAem4zNk/8=; b=cgYYerQ6h5j9rSlVECxD91RZyIUTYZCB1o8garESW5CW4IkKyBXK0KGvMR1PGmMuz8 wiACwuSgE50GIhXrD4a/wY4lBBpD0D/u5P7pbfuqNqq2e8n1S+jaZimLSueucj9C6Bdt jH+oEXn3QtWSXozDXTyp/2PEz3NXKU7POr2piMCBllOBSfQEJzqjYwFS4sZmod469e+X 90s6APggE1RphbvpeOOBjbbw1bs9/m9y8FWpGQCEQkig5k872c4YvLcEkwO2jPlEhbi4 pjIKgruIbHw70PprEDdb9XKp/3ilxOSOXvYdH5YCsxv2r/tT3a8OFOcrUoj1VT/mWLpb 3Bjw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=i9pV+WeZrgq8EGojIMPJ+57B2Rc7SXX6YLAem4zNk/8=; b=B2yyQ5lQHFRh/953jVd8R/bkBWAlSCzFoD1wu622lJZZZqwWUizcYFAVkv78cxRUlb l1McmWLqVshxldRZACSp6uaxI+akpnnnA9xiq7yC9FB6kYTYnhnXjl7ZO9fNOOMJGcWW erLkgfFg1G9Ercawq2Nh2L/WERwM9MN9rAg9cKsJtGsP6piP3SRezLLVDfOej9YQvRda ajq3LlRri4u401/cgDT72XA5mTfx+uuRDoPlqKR/V0nNFmnyRHIqY5ceLnAmiw8MJCaJ 58L8rf2yfGl9cKUp74DxwFbYctQlHjLcY1PADoE+9R7168tiOpvGh5mDlMWjC8AV8g1e Y53g==
X-Gm-Message-State: AOAM530sOQYLdFy2iFsEuCbae263VJhUr7V+lpzpCtybu5eAU7WdK38i 7Mcp4VU8Ana4DMOLlSK8opMMDTF0FWtmlLHK/LdpGnflqYTjgw==
X-Google-Smtp-Source: ABdhPJyOEiw8hFFqsOuiiSWCFMNpz1fRKzd8kG0Ge0Wt3BHUeL99kW9k5SFaMethURAY8vUdSKl07GWH3g97Q8Mmyrs=
X-Received: by 2002:adf:b781:: with SMTP id s1mr11643279wre.319.1631307244871; Fri, 10 Sep 2021 13:54:04 -0700 (PDT)
MIME-Version: 1.0
References: <9BCA478F-548E-4F6A-9F1B-6D8E15AE9373@cisco.com> <MWHPR04MB126490567F4408E3981678908CD69@MWHPR04MB1264.namprd04.prod.outlook.com>
In-Reply-To: <MWHPR04MB126490567F4408E3981678908CD69@MWHPR04MB1264.namprd04.prod.outlook.com>
From: Erik Gustavson <erikgustavson@google.com>
Date: Fri, 10 Sep 2021 13:53:52 -0700
Message-ID: <CAHYrmth+hGc8-PgzHJ=b+eCDkQDOtQzwuA56doPgBScoOorH_g@mail.gmail.com>
To: Mike Kiser <mike.kiser=40sailpoint.com@dmarc.ietf.org>
Cc: "Nancy Cam-Winget (ncamwing)" <ncamwing=40cisco.com@dmarc.ietf.org>, "scim@ietf.org" <scim@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000da076605cbaa50ad"
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/kl1XZQkqHq3dMJW5SDh-R4YcVw8>
Subject: Re: [scim] Call for support on proposed SCIM/SINS (re)charter
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Sep 2021 20:54:14 -0000

I also support this charter and I'm willing to help produce and review the
resulting documents

On Fri, Sep 10, 2021 at 1:07 PM Mike Kiser <mike.kiser=
40sailpoint.com@dmarc.ietf.org> wrote:

> Nancy -
>
>  Excellent work.
>
>   In favor of this charter, willing to work on revising for fastfed /
> shared events/signals, and HR / PAM extension (a la Grizzle).
>
>   Looking forward to moving SCIM further down the line.
>
>  -Mike
> ------------------------------
> *From:* scim <scim-bounces@ietf.org> on behalf of Nancy Cam-Winget
> (ncamwing) <ncamwing=40cisco.com@dmarc.ietf.org>
> *Sent:* Wednesday, September 8, 2021 19:21
> *To:* scim@ietf.org <scim@ietf.org>
> *Subject:* [scim] Call for support on proposed SCIM/SINS (re)charter
>
>
> Hello SCIM participants,
>
>
>
> After some virtual meetings (thank you Pam for hosting these!) and
> discussion, there is a new proposed charter that addresses the points
> raised at the IETF 111 SINS session.
>
> This is a call for support of the charter defined below, please provide
> your response by Sept. 24, 2021.
>
>
>
> As you respond in support for the charter, please also specify if you are
> willing to produce, review and/or implement the resulting documents.
>
> Otherwise, do provide feedback in the time window if there are concerns or
> issues you see with the charter below:
>
>
> Charter
>
> The System for Cross-domain Identity Management (SCIM) specification is an
> HTTP-based protocol that makes managing identities in multi-domain
> scenarios easier. SCIM was last published in 2015 and has seen growing
> adoption.
>
> One goal for this working group is to shepherd SCIM, currently RFC series
> 7642
> <https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/rfc7642__;!!MsNKLpFGsw!eTFh5jVfVk7j5EbQi8cR7GP4P6_P3P0XP4CHOXvPG1347jwVSVPPypLTkQ2tqHggOw$>
> , 7643
> <https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/rfc7643__;!!MsNKLpFGsw!eTFh5jVfVk7j5EbQi8cR7GP4P6_P3P0XP4CHOXvPG1347jwVSVPPypLTkQ2sdvxDOg$>
> , 7644
> <https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/rfc7644__;!!MsNKLpFGsw!eTFh5jVfVk7j5EbQi8cR7GP4P6_P3P0XP4CHOXvPG1347jwVSVPPypLTkQ09gz3ESg$>,
> through the Internet Standard process. The group will deliver revised
> specifications for the SCIM requirements as Informational, and for the SCIM
> protocol and base schema suitable for consideration as a Standard. This
> work will be based upon the existing RFCs, errata and interoperabilty
> feedback, and incorporate current security and privacy best practices.
>
> In addition to revising the requirements, protocol and base schema RFCs,
> the group will also consider additional specifications as extensions to
> SCIM that have found broad adoption and are ready for standards track. This
> includes profiles and schemas for interoperability in additional scenarios.
> The working group will develop additional Proposed Standard RFCs based on
> outcomes of the following work:
>
>    - Revision of the informational RFC 7642 will:
>       - Focus on Use cases and implementation patterns
>          - Pull vs. Push based use cases
>          - Events and signals use cases
>          - Deletion use cases
>       - New use cases may be added to the revised RFC
>    - Revision of RFC 7643/44 will include:
>       - Profiling SCIM relationships with other identity-centric
>       protocols such as OAuth 2.0, OpenID Connect, Shared Signals, and Fastfed
>       - Updates to the evolution of the externalid usage
>    - Document SCIM support for synchronization-related goals between
>    domains focused on:
>       - Handling returning large result sets through paging, based on
>       [draft-hunt-scim-mv-paging-00]
>       - Incremental approaches to synchronization
>    - Support for deletion-related goals including:
>       - Handling Deletes in SCIM Servers that don’t allow Deletes (Soft
>       Deletes) - based on [draft-ansari-scim-soft-delete-00]
>    - Support for advanced automation scenarios such as:
>       - Discovery and negotiation of client credentials
>       - Attribute mapping
>       - Per-attribute schema negotiation
>    - Enhance the existing schema to support exchanging of HR, Enterprise
>    group and privileged access management (using draft-grizzle-scim-pam
>    <https://urldefense.com/v3/__https://tools.ietf.org/id/draft-grizzle-scim-pam-ext-00.html__;!!MsNKLpFGsw!eTFh5jVfVk7j5EbQi8cR7GP4P6_P3P0XP4CHOXvPG1347jwVSVPPypLTkQ2pUlFhPA$> as
>    a base)
>
>
>
> Best, Nancy (as one of the BoF chairs)
>
>
> _______________________________________________
> scim mailing list
> scim@ietf.org
> https://www.ietf.org/mailman/listinfo/scim
>


-- 

Erik Gustavson

erikgustavson@google.com

Engineering Manager - Google C&C Core

650-451-1372