Re: [scim] [EXTERNAL] Re: Contributors needed for HR schema

Danny Mayer <mayer@pdmconsulting.net> Sun, 18 September 2022 17:08 UTC

Return-Path: <mayer@pdmconsulting.net>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A67DDC14CF02 for <scim@ietfa.amsl.com>; Sun, 18 Sep 2022 10:08:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id txuazslUB9Yr for <scim@ietfa.amsl.com>; Sun, 18 Sep 2022 10:08:51 -0700 (PDT)
Received: from chessie.everett.org (chessie.everett.org [66.220.13.234]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67156C14F737 for <scim@ietf.org>; Sun, 18 Sep 2022 10:08:39 -0700 (PDT)
Received: from [192.168.1.156] (pool-108-26-202-2.bstnma.fios.verizon.net [108.26.202.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by chessie.everett.org (Postfix) with ESMTPSA id 4MVvQl5gDXzMP8M; Sun, 18 Sep 2022 17:08:31 +0000 (UTC)
Content-Type: multipart/alternative; boundary="------------nqOXxw9EtOMVVkxcrd9CF17l"
Message-ID: <b4d389ba-0262-6def-da83-5f99232c391f@pdmconsulting.net>
Date: Sun, 18 Sep 2022 13:08:31 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.13.0
Content-Language: en-US
To: Danny Zollner <Danny.Zollner=40microsoft.com@dmarc.ietf.org>, "scim@ietf.org" <scim@ietf.org>
References: <MN2PR00MB0720A50B2E5EB355A07E5714FFAF9@MN2PR00MB0720.namprd00.prod.outlook.com> <76b2c137-9ae4-74ab-0482-80328a7db032@pdmconsulting.net> <MN2PR00MB0720CC2B7346ED47A504BC42FFB09@MN2PR00MB0720.namprd00.prod.outlook.com> <d4e9bdf7-8530-ad12-cced-892a5fd59307@pdmconsulting.net> <MN2PR00MB0720AD8F7BE8A39BD62AA190FF489@MN2PR00MB0720.namprd00.prod.outlook.com>
From: Danny Mayer <mayer@pdmconsulting.net>
In-Reply-To: <MN2PR00MB0720AD8F7BE8A39BD62AA190FF489@MN2PR00MB0720.namprd00.prod.outlook.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/mgr46Oybo_Fh9GeFKyAghtgc7sI>
Subject: Re: [scim] [EXTERNAL] Re: Contributors needed for HR schema
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Sep 2022 17:08:54 -0000

On 9/16/22 12:54 AM, Danny Zollner wrote:
>
> Apologies for the several month delay.
>
> Danny Mayer: I don’t think the angle that you are approaching this 
> from is the same as the one I am. I’d argue it isn’t the problem that 
> was being thought of when the item mentioning an enhanced schema to 
> support exchanging of human resources data was added to the charter, 
> either.
>
You didn't mention that in your message! I have worked with several 
different HR applications to get various different types of information 
from it. Each has their own challenges and yes there's no standard API 
today. Of particular concern is making sure you can restrict which 
systems can have access to what data. I will note that at least one HR 
application allowed it to restrict the data that could be returned based 
on the ID used to access the API. Each system accessing the the HR 
application MUST have it's own ID to help with segregation and to be 
able to identify which system is making the request. More difficult is 
making sure unauthorized parties are unable to get access to those 
credentials. IP address restrictions help. Note, however, that these 
parts are not part of what SCIM would be addressing.

Danny