Re: [scim] Notes and action items from the 6/25 interest group call

Phillip Hunt <> Tue, 30 June 2020 17:33 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1B9D13A0CB2 for <>; Tue, 30 Jun 2020 10:33:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id MdylY3pLJ4EX for <>; Tue, 30 Jun 2020 10:33:06 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::62f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 197033A0CB1 for <>; Tue, 30 Jun 2020 10:33:05 -0700 (PDT)
Received: by with SMTP id u9so5129810pls.13 for <>; Tue, 30 Jun 2020 10:33:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=D43/v7I2HvUY7orQIs+4gvhrLQeTR03ffW4JhHfGmqs=; b=n4qkRLglnzOTtlZ5y6X8LIIDsBt+UtRvbb0u0eHT9QY9RL/MEl/e8diyJCERu/RDEX nPgGhA8XvRWhCNKGBZQxaZWQ1i6clDLe0Z0l4JJGk08K8T5KQFKz11nwZVaiSNMmuFJB lSZ1mJxob+9AKJVOoJ73mxh8a+/JIa6v1lPNfISUZkXKEaG3Y4W9EouL4IN0LViGb/lc 5S3TtPrcdUe0eLzS9YKx2lFqDWu2kZAsorZrxZN65LRXsP5RLtztOga1fp7bvCb+GTTs I4ZD9n16SRTIofTqWTFLAbej70pbTOgSx3xZuJzp/tzX4o/XKCkTAGJght6iQmm9E7MD 00Dw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=D43/v7I2HvUY7orQIs+4gvhrLQeTR03ffW4JhHfGmqs=; b=U7wUPD3WZWFLOHnnZDVpl5jFBUqfO/fo5qZEsT9OaD6TTicMdoBDoLdot6cJmz/eaR M6W995l9CST4J8rYjhlIfDqs4Wp7vodsLhVnVKkE5RDZn4SdZHHU5cXixFjFwnlt/qxS atAT83rk7uwK0DfUO7hfiuOVFyHMkSA3ov0duvL+SpVV8wIzp0Gkxfdz3cFwRFmcDj4p F35Zk2fi8gPhPZNEHKpVGRmXj5W6PeCBMXZSzB1goc6I2Z08mog9Xo9SpL5941bNInjo 9BCDcBMqRbYOKav4JkUb8wgqqP1gKZf8kuiVgO0r4joO5P4wMeBJMZ1yb7VXkVlMhPQ6 hmZQ==
X-Gm-Message-State: AOAM530vNRnoC4Ir2xC3fnnH6eNl4bQH0zg2TC8AizDjFE176a5GY150 6lvUSCtol0q0f1t4EwFmkt0Aaqp4eb4=
X-Google-Smtp-Source: ABdhPJxUc3dYaurGIMPJrdyxTyeFmp59ydQYSjtnajUmmcwBrAN6qkVlP2PooqzPdiUkFtd8ZafZhw==
X-Received: by 2002:a17:902:148:: with SMTP id 66mr17766495plb.308.1593538385405; Tue, 30 Jun 2020 10:33:05 -0700 (PDT)
Received: from ?IPv6:2001:569:7a71:1d00:d6f:643a:17fb:df83? ( [2001:569:7a71:1d00:d6f:643a:17fb:df83]) by with ESMTPSA id 7sm3254311pgh.80.2020. (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 30 Jun 2020 10:33:04 -0700 (PDT)
Content-Type: multipart/alternative; boundary=Apple-Mail-AFFAC1BB-ADD6-4188-A90C-7DA624AA21FE
Content-Transfer-Encoding: 7bit
From: Phillip Hunt <>
Mime-Version: 1.0 (1.0)
Date: Tue, 30 Jun 2020 10:33:04 -0700
Message-Id: <>
References: <>
Cc: "" <>
In-Reply-To: <>
To: Darran Rolls <>
X-Mailer: iPhone Mail (17F80)
Archived-At: <>
Subject: Re: [scim] Notes and action items from the 6/25 interest group call
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 30 Jun 2020 17:33:08 -0000


I would rephrase that a bit. It is only required that enough work be done to demonstrate legit interest in a draft. The drafts can be substantially worked on after chartering. 

The test being if a draft proposal can’t be made then not much sense in chartering. 


> On Jun 30, 2020, at 9:44 AM, Darran Rolls <> wrote:
> Folks,
> Thanks for attending last week’s call, here are the attendees, notes and action items.  At one point we had 23 folks on the line however I only managed to capture the attendees listed below.  If I missed your name or (more likely) mistyped its spelling,  please let me know.  By way of notes, rather than trying to capture individual comments, I have distilled a summary of the conversation instead, so if I missed anything you feel is important, please respond to this thread.
> Attendees
> Karl McGuinness - Okta
> Matt Domsch - SailPoint
> Anthony Nadalin - Microsoft
> Jeremny Palenchar - Orcas Consulting
> Paul Logston - 15five
> Unni  Sarath - Staples 
> Ryann Bradley - Okta
> Quint Daenen - Elimity 
> Chris Harm — Penn State University
> Shawn Smith - Penn State University
> Brian Hanarhan - (not recorded)  
> Paul Lantz – (not recorded)
> Matt Peterson - One Identity 
> Kim McFinn - Microsoft
> Darin McAdmans - AWS
> Sam Rosin - Salesforce
> Phil Hunt - Independent Identity
> David Brossard - Salesforce
> Justin China- Forgerock
> Summary of the Conversation
> There was good support for re chartering the WG, but recognition that most of the actual work would need to be done on the list beforehand.  In essence, re-chartering would be a post-work activity to ratify / formalize the resulting specification work rather than the other way around. 
> There was lot of conversation around various operational improvements to the model and how to facilitate this new work without affecting existing implementations.  Overall the conversation leaned towards a “2.1” – an effort to deliver extensions and enhancements that would be backwards comparable.  It was duly noted that any normative change to the existing published RFC’s (outside of errata), would constitute a new draft regardless. 
> There was good support for anything that would improve testing compliance and overall interoperability.  It was however duly noted that the IETF would likely not be the place to deliver any form of “test suite”.  That said, there was no real conclusion on where and how that would happen.
> There was agreement that a likely next step towards a charter would be to facilitate a SCIM BOF during IETF #108.  Attendance at this BOF would be critical in demonstrating support for re-opening the WG.
> As a next step, we agreed to catalog areas of potential work and try to understand who is interested to work on what.  Darran committed to start a separate list thread on “potential work items” and try to come up with a method of tracking that interest. 
> Action Items
> Darran to reach out to the AD’s to confirm the approach (work then charter and formal WG, not the other way around) and report back to the list.
> Darran to begin discussion with AD’s about holding a SCIM BOF at IETF #108 in July
> Darran to start a separate thread to catalog the main buckets of work and facilitate a process such that we can gauge support for each.
> Char Recording
> 11:22:30     From Anthony Nadalin (USA) : Here are some of my concerns
> 11:22:37     From Anthony Nadalin (USA) : 1.    SCIM becoming a directory protocol2.    Adding features that don’t have interoperability 3.    Bloating SCIM more that what it is already 4.    I have concerns over the Privileged management cases as there are security issues the we never took on in SCIM , like authentication
> 11:46:15     From Paul Logston - Principal Engineer - NYC : Agreed.
> 11:49:59     From Tim Cappalli : How do we generalize identity to handle users, devices, workloads, etc?
> 11:50:34     From Anthony Nadalin (USA) : That's a big change and a schema change
> 11:51:04     From Tim Cappalli : That specific example would be a 3.0 vs a 2.1
> 11:51:07     From Anthony Nadalin (USA) : the schema is extensible
> 11:55:09     From djob : I've seen SCIM as a means to query user data (similar to LDAP) so from that PoV it's not just provisioning
> 11:55:17     From djob : It's useful in XACML architectures
> 12:03:47     From Pamela Dingle : I'm really looking forward to the detailed notes here and next steps, and so glad we are moving forward!  I have to drop but very excited.  
> 12:15:07     From Anthony Nadalin (USA) : suggest that folks looka at the SCIM drafts that have been published already
> 12:15:26     From Jeremy Palenchar - Orcas Consulting : Agreed Tony, II need to get up to speed on what's been done
> 12:16:58     From Matt : We can dramatically reduce the need for paging of multi-valued attributes by simply providing a collection that can be used instead of a multi-valued "members" attribute.  Querying group/role membership as a separate collection could make  lots or problems go away.   Not just for pagination of results, but for filtering the query.
> Thanks
> -- 
> Darran Rolls
> LinkedIn @djrolls
> _______________________________________________
> scim mailing list