Re: [scim] April 7 Meetup Agenda

"Matt Peterson (mpeterso)" <Matt.Peterson@oneidentity.com> Wed, 07 April 2021 23:52 UTC

Return-Path: <Matt.Peterson@oneidentity.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 952513A2F06 for <scim@ietfa.amsl.com>; Wed, 7 Apr 2021 16:52:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=oneidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KegfwzJdWUGU for <scim@ietfa.amsl.com>; Wed, 7 Apr 2021 16:52:34 -0700 (PDT)
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2095.outbound.protection.outlook.com [40.107.244.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E23B3A2F01 for <scim@ietf.org>; Wed, 7 Apr 2021 16:52:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=R2ESs6IZa8xZ2/9OtEWBEym9NfZJNOxeRuBkzBpb0laUC5dU4E2cgdjjPUKgjHnT1BuDtr0+SgDum36+Aee7NKPRykivZCutYBn9+4pFrFooKZhIQ3/7LigPd9o9WA7cew6cp9sjDnqJC5NTM2XOv5pdAUVRXf+813Rcr3MSpZeTMi/6PDKmg+tgJvYuWazCXBF86yHw/++nZ/Vq0m88LrxWzVGUFtkek0a2JJUu1CnbzUZaAdBjEL0GPBtVenSVqw5Wl8nVWuo7Pc7WYJGUU+NpTMrZ6wcJrnoGuxd9ptd/770daKJPiZEVPpwmDz4bUUndxzZ9OZ6ip+W+sncVHg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xKZ3+PjhurXBQEYBulmS7YyiDNALk2EB7iLy2tiV+Jo=; b=mUPcBmS5OllyXoNor6wEkOumeVTeob22NAe1+DXhfzJVhgNoZ663vlEpV/dzoSc/hWzQGpuFlON1MXOwRZTeVRbVcIfT8ATDU7m1QSbijJ/BAHjGcqGDAZK5T3yZ3BiJowDvRf4NC/c20Cqg0McTwd6u3dHCnUe23SNAtqYnyt+BCWB+hqFGy4G2pQDNP16ZaoWgeQwzeI8/YDMqAc+Mdk6HlvBt6rDyMyiqPPKFhUA/ZhI/g7pZPpBk0XBlPYi7xRrmmZLqo2z6eednxyIs+5pgy5s2SMuU9vQc3PqLE20OodHISpMrDVyX/4mLUdrsrSngz+dPCbOGXVLx1IYH7A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oneidentity.com; dmarc=pass action=none header.from=oneidentity.com; dkim=pass header.d=oneidentity.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oneidentity.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xKZ3+PjhurXBQEYBulmS7YyiDNALk2EB7iLy2tiV+Jo=; b=b+tj1PpGbNWjwKgwoCvBBMcMmI3bB+AUEY+G4LW8EImRamKiz6/j+dfdXCr8oGdnB5Z/kclG/8N9yuy+w9wtSBp4ONG7JfaAzYO7RkJRXSElNKPPGquwXvIJ1BkYZTNVDMFpIaN7mguvOpokYgj4nwQOLi4/ebrzvZdq8pLrgHQ=
Received: from MWHPR19MB0957.namprd19.prod.outlook.com (2603:10b6:300:a4::16) by MWHPR19MB1087.namprd19.prod.outlook.com (2603:10b6:300:a2::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4020.17; Wed, 7 Apr 2021 23:52:32 +0000
Received: from MWHPR19MB0957.namprd19.prod.outlook.com ([fe80::2d7b:e19d:8ce0:99ca]) by MWHPR19MB0957.namprd19.prod.outlook.com ([fe80::2d7b:e19d:8ce0:99ca%8]) with mapi id 15.20.3999.033; Wed, 7 Apr 2021 23:52:31 +0000
From: "Matt Peterson (mpeterso)" <Matt.Peterson@oneidentity.com>
To: Phil Hunt <phil.hunt@independentid.com>, Pamela Dingle <Pamela.Dingle=40microsoft.com@dmarc.ietf.org>
CC: "scim@ietf.org" <scim@ietf.org>
Thread-Topic: [scim] April 7 Meetup Agenda
Thread-Index: AQHXK7Z1GmBuUOPwTESb/Jb4D7q4CqqpO92AgABI1/A=
Date: Wed, 7 Apr 2021 23:52:31 +0000
Message-ID: <MWHPR19MB0957340F6C61EC42ACE0AC75E1759@MWHPR19MB0957.namprd19.prod.outlook.com>
References: <MW2PR00MB044175A55D621BD26FDAA174F6759@MW2PR00MB0441.namprd00.prod.outlook.com> <B491EB60-AA96-469B-8BC3-1260CC7CA826@independentid.com>
In-Reply-To: <B491EB60-AA96-469B-8BC3-1260CC7CA826@independentid.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: independentid.com; dkim=none (message not signed) header.d=none;independentid.com; dmarc=none action=none header.from=oneidentity.com;
x-originating-ip: [166.70.31.124]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7f20c1d8-a980-4967-b606-08d8fa2035b6
x-ms-traffictypediagnostic: MWHPR19MB1087:
x-microsoft-antispam-prvs: <MWHPR19MB108705372546FD1018053CD5E1759@MWHPR19MB1087.namprd19.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:5236;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: wS5ByZoTWtYstmZSONF2WZ/kMzgMV0n58NqQ/SjLsB3+TFvy4fEfS9IWvaNGZZOHbo4cf6HdnkjTZePnHcZnf6ZMXC5+WTew7cgFjz6vHPkbQ6N+gj/zkCHuC1vDCCx6OaOABo9BbivK+jT20CLn4pOOmL0DztzLM+8uwK4RtaN2mt603xLc9ZM4XUQLbs7+I2f0NZV556brxPOOW8IYiW0SEHSH4aTgXHrbWtCKBxaj4mP04X0Pu2imIoXkKkuQK6wjYvVwG+hM55EJAd/chuyErW7PBXI868HjjsBPvIIWjac0x/ASOUNUKBMbMhoe5HLXRtZG1zbH66DDNldLw3ID1vmDE05sKl9r46oxmZr/0cSJ/BLF3WZC2Y3mR9fyIL1ZXS+uTPEmUMRZenE1vciMjRMdS3YO4uKlOM9qootUh6sFMbl5981JnvhidlX1EcLLPoclaepLni55wI6hUXn1IV+79XlSwpGXM/IbAvzbG3QwxlxG5AJ2WL3AsmXWJX52lk1rULCb6ZbvLMxU5QNxCniUEHxqCJSgxFXx8BBkkh+XdC9U+K0o8FaHjYFB3Wsf+sBvbOWrsBkUK0Hw+sIsoDwjwhMNopiab+lndCzsLGWULNozX1UrB/9F0oGY0PcB6/+dbvl7JPcvUZFbpJ6clisSwXZ5tk2o7+po2Q5EKlxLzOV2AU02Iv53kYi8b/R9gXNAyZ0ZwdCFOeScAaR3vHJHYwbu5hcrCnnxEMY=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR19MB0957.namprd19.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(39860400002)(396003)(136003)(366004)(346002)(110136005)(66946007)(2906002)(52536014)(5660300002)(316002)(7696005)(66476007)(86362001)(66556008)(66446008)(64756008)(76116006)(8676002)(8936002)(26005)(53546011)(55236004)(38100700001)(166002)(966005)(478600001)(71200400001)(55016002)(45080400002)(4326008)(9686003)(33656002)(83380400001)(186003)(6506007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?us-ascii?Q?3qRNgP5g1RxgCBm8cXYX9zoLyvors3yZcfeRC7VsmKzAgJRLGVgnMZOA/ss/?= =?us-ascii?Q?3CV7Y3v9rTU3fFBfJ+APmcQX0Zjsm3pMDtU+JneBqGkoyRHtP2lZ4FCOR3k0?= =?us-ascii?Q?3jhl1RVl1PPpLFwKTx+U7fwnYc18aUuT+nsyScvNcYEdn91NGcguatoNnW4P?= =?us-ascii?Q?5dCS1g6LcB29TMq19JTgwm7shr7MR1rW8kLk59X57pKIdg+68vXQ3BHXn2mF?= =?us-ascii?Q?nfvHSyrwqsTyvB7+gvYdWwZD5T2M/cwwHgtAyJotiCSTeR49jwB5+08UuJ8K?= =?us-ascii?Q?mpeSZktTl9ATe0MMkkTY8UotnCcQyDW+wI7ghq3nGPjwbCd+IDFzjWmU4JGq?= =?us-ascii?Q?bDsWaQGYeki+xwI6rOYNZmPWu9P6cZeIPCbO45cdC4+RBPEmipE0rXfixH5s?= =?us-ascii?Q?VfBTBF4WscysxYTFq969pUudBCC7F1KdY/8Fx2U0SEhIeRxXc5MyykOoRK8U?= =?us-ascii?Q?5yNi0BIp/FDiAntuAaRVwe1uBvT6Wu8CzS385MO4OtGytSk7JlVYSraOCSr/?= =?us-ascii?Q?63m4PfL14QXquGAQMHuyo20QZVpWqOzrgFUoV5RhhP10ULPpdruQd3ea1vc1?= =?us-ascii?Q?Cy9fWT1bYtlJBuKWy/QSN2DORfdSsyqJCmS5EbeysnWDu7TKY6pUbjvPx7N5?= =?us-ascii?Q?IYfTDjxtqdi+g8fUVkvfPpyh2kBjBvhi8bbyGzh80jPXx6gWiUwqaIDuuj2N?= =?us-ascii?Q?jCm/5Kf+xj6F+wt1hGXp0TOeIEFc0oEyXkig6+cqQtAg+3+u0SZqiqMFKhJ0?= =?us-ascii?Q?ZnGuXwEbCjHYWx1wbOGmZrHGZdv9SQKCT6jRJAWdyPhs9fjr48YbTaxrPy1C?= =?us-ascii?Q?n4ZakjiHYI5Pg4TqFKCCFoZKlBcgd7vDFA3tPJ/2nQc64R5w/WVyJLSQJ4Qs?= =?us-ascii?Q?O6XG9fIBQCQNCGlUkw11mJNmwocmHmTKxqjd5tGMqXk8tz45oikvMsw4L7P7?= =?us-ascii?Q?p09khLwe0yOt1ASozA0c3QtADbnmk8/MrpCfbgWooXMF5vNNialg1imBOXEc?= =?us-ascii?Q?yF1HWXSZHJLCrk6SWzw1ldoEADueM/CPWQRx048tMku0M0iSE4wcM9XhoZ/6?= =?us-ascii?Q?bFoxHM+p7XVuRnRTHAh57nWWHYg40mfxBLkN4wdltcHKWtTlttR82o2uWg7L?= =?us-ascii?Q?QEfvpH4vu5P38Y5y3MTYFcRo8SNy+LEKiiqnrUVodzUGlYjCPND3A5uFku1z?= =?us-ascii?Q?Wr9MmCxlYNaziUcw1dUkoZOZ+onrfeHzKNVPCN9nlH/0xI3RU4YbT5k8dene?= =?us-ascii?Q?RgykTeegjqyjbPXElHfFO38e5W53O4o8Fgp0glVbhmIr7yOi3F1D+nD/n1So?= =?us-ascii?Q?F9jHuKfGAoM+xj0QdnQzuWRT?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MWHPR19MB0957340F6C61EC42ACE0AC75E1759MWHPR19MB0957namp_"
MIME-Version: 1.0
X-OriginatorOrg: oneidentity.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MWHPR19MB0957.namprd19.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7f20c1d8-a980-4967-b606-08d8fa2035b6
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Apr 2021 23:52:31.9419 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 91c369b5-1c9e-439c-989c-1867ec606603
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: hSyh+2/Lp3HYeuh39OXSz1Ar05U0EnrekKr0WJIxKCzmxR06hyqxzRFHHD4k6K9qD1NhSHai/CI8h2OAfaMN5A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR19MB1087
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/nNSN8NXBOPDS-8bw05N2J46FTT0>
Subject: Re: [scim] April 7 Meetup Agenda
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Apr 2021 23:52:40 -0000

Except for the case of a multiple value attribute having many (>100) values, I don't think there is much utility being able to specify a subset of values in a filter.  In your email example, it would be very practical for the client to receive all email values.  Once received, it is easy for the client to select the "work" emails (if this is all that the client is interested in).

The compelling case for multi-valued paging is for retrieving values of Group.members (members of a group) and User.groups (groups a user is a member of).  It is compelling because these are the only attributes in the base SCIM schema that are likely to have hundreds of values.

Fortunately, is still possible to handle the most common group memberships use cases without needing multi-valued pagination.  The following is a list of use cases for group memberships.  I have provided the SCIMv2 request that would satisfy the use case without the need for multi-valued attribute pagination or any changes to the SCIM v2 spec.  (I have also included the equivalent Microsoft Graph query for each use case to show how the SCIMv2 request would translate to another familiar API):

Use Case #1:  I have the group id "ffffffff-1111-49f5-b200-2c8aa95f3a49", I want to get all the members of the group (even if there are many paged results):

Solution: Use the SCIMv2  /user resource:
GET https://scimserver.mydomain.com/user?filter=groups.value+eq+ffffffff-1111-49f5-b200-2c8aa95f3a49

Corresponding Microsoft Graph API:
GET https://graph.microsoft.com/v1.0/groups/ffffffff-1111-49f5-b200-2c8aa95f3a49/members

Use Case #2:  I have the user id "aaaaaaaa-1111-4306-8e52-bb1921f1a7ed" and I want to get all the groups that the user is a member of (even if there are many paged results):

Solution: Use the SCIMv2  /group resource:
GET https://scimserver.mydomain.com/group?filter=members.value+eq+aaaaaaaa-1111-4306-8e52-bb1921f1a7ed

Corresponding Microsoft Graph API:
GET https://graph.microsoft.com/v1.0/users/aaaaaaaa-1111-4306-8e52-bb1921f1a7ed/transitiveMemberOf


Note that that the SCIMv2 solution to use cases #1 and #2 (above) may have many results. However, the results are *objects* that are paged using existing SCIM object pagination (RFC 7644 3.4.2.4).  No pagination of multiple values is necessary.


Use Case #3:  I have the user id "aaaaaaaa-1111-4306-8e52-bb1921f1a7ed" and I want to check if the user is a member of group with id "ffffffff-1111-49f5-b200-2c8aa95f3a49"

Solution: Use the SCIMv2 /user or /group resource with a compound filter:
GET https://scimserver.mydomain.com/user?filter=id+eq+aaaaaaaa-1111-4306-8e52-bb1921f1a7ed+and+(groups.value+eq+ffffffff-1111-49f5-b200-2c8aa95f3a49)

-OR-

GET https://graph.microsoft.com/v1.0/group?filter=id+eq+ffffffff-2222-4263-abd9-878238d6f7b2+and+(users.value+eq+ aaaaaaaa-1111-4306-8e52-bb1921f1a7ed)

Corresponding Microsoft Graph API:
POST https://graph.microsoft.com/v1.0/users/aaaaaaaa-1111-4306-8e52-bb1921f1a7ed/checkMemberGroups
{ "groupIds": [ "ffffffff-1111-49f5-b200-2c8aa95f3a49" ] }

Use Case #4:  I have the group with id "ffffffff-1111-49f5-b200-2c8aa95f3a49" I want to check if the group has a member with user id "aaaaaaaa-1111-4306-8e52-bb1921f1a7ed"

Solution:  This is essentially the same as use case #3 above (just worded from the group perspective).


LDAP has taught us that representing group membership as a multi-valued attribute makes common use cases difficult.  As a result, new  APIs (like Azure Graph) represent group memberships with separate resource types.   Even though it is possible to handle common use cases with SCIM filters (described in use cases above), it might still be useful to investigate the addition of two new SCIM resource types (as an extension): a "GroupMembers" and a "UserGroups".  These would be used in the following way (same use cases as above):

Get me the members of a group (returns User objects):
GET https://scimserver.mydomain.com/GroupMembers/<groupId>

Get me groups a user is a member of (returns Group objects)
GET https://scimserver.mydomain.com/UserGroups/<userId>

Is user a member of a group?
GET https://scimserver.mydomain.com/GroupMembers/<groupId>?filter= id+eq+<userId>
GET https://scimserver.mydomain.com/UserGroups/<userId>?filter= id+eq+<groupId>

--
Matt Peterson
matt.peterson@quest.com



From: scim <scim-bounces@ietf.org> On Behalf Of Phil Hunt
Sent: Wednesday, April 7, 2021 10:18 AM
To: Pamela Dingle <Pamela.Dingle=40microsoft.com@dmarc.ietf.org>
Cc: scim@ietf.org
Subject: Re: [scim] April 7 Meetup Agenda

CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.

Regarding the discussion of the current draft proposals, the MV paging draft was originally designed to facilitate paging of large groups.

However, what I think is useful about the draft is it extends SCIM to allow both filters and paging parameters on attribute qualifiers.

It is handy if for example you want to return only specific value instances of a CMVA.  For example in PAM you could return only values of a specific credential type. In the draft, there is an example returning only work email addresses as a simple example.



GET /Users/2819c223-7f76-453a-919d-413861904646?

     attributes=*,emails[type eq \"work\"]

In the normal SCIM protocol, a filters and paging params are used to qualify which resources are returned.  In this draft extension, filters and paging params may be used to qualify which values returned.

I mention this, because the draft may be of broader use then just group paging.  If there is interest, I am happy to keep working on it.

Phil Hunt
@independentid
phil.hunt@independentid.com<mailto:phil.hunt@independentid.com>




On Apr 7, 2021, at 7:08 AM, Pamela Dingle <Pamela.Dingle=40microsoft.com@dmarc.ietf.org<mailto:Pamela.Dingle=40microsoft.com@dmarc.ietf.org>> wrote:

Hi all,

Our agenda for today's bi-weekly meeting at 8am PT will start with a review of the ietf scim PAM (privileged access management) draft as well as to look at the spreadsheet that you all might remember from a previous meetup.

Also - I believe I now have a calendar setup that can be exported to a .ics file and therefore reliably imported by you all.  That .ics link is going into our github repo, which is also where our notes will live and so we can start posting links to calendars, agendas, and notes with ease.

For now, here is the calendar link and also the teams link:

Calendar ICS: https://outlook.live.com/owa/calendar/00000000-0000-0000-0000-000000000000/25ef962b-555f-4781-b533-bfe7be451be8/cid-95C8043F862EFECA/calendar.ics<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.live.com%2Fowa%2Fcalendar%2F00000000-0000-0000-0000-000000000000%2F25ef962b-555f-4781-b533-bfe7be451be8%2Fcid-95C8043F862EFECA%2Fcalendar.ics&data=04%7C01%7CMatt.Peterson%40oneidentity.com%7C84b7ebdd5371454ffb1d08d8f9e0d06c%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637534091259927361%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=9jyWeXn9UU%2BfZnQuhNs724fjiQ0LP9hMLlauDIqnTZQ%3D&reserved=0>
Calendar HTML: https://outlook.live.com/owa/calendar/00000000-0000-0000-0000-000000000000/25ef962b-555f-4781-b533-bfe7be451be8/cid-95C8043F862EFECA/calendar.ics<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.live.com%2Fowa%2Fcalendar%2F00000000-0000-0000-0000-000000000000%2F25ef962b-555f-4781-b533-bfe7be451be8%2Fcid-95C8043F862EFECA%2Fcalendar.ics&data=04%7C01%7CMatt.Peterson%40oneidentity.com%7C84b7ebdd5371454ffb1d08d8f9e0d06c%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637534091259937351%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=q3V5vJxLEz5K6VZVu8MB5IDy4ROtmuHnwiwlR0EoR%2BI%3D&reserved=0>

Teams: Click here to join the meeting<https://nam12.safelinks.protection.outlook.com/ap/t-59584e83/?url=https%3A%2F%2Fteams.microsoft.com%2Fl%2Fmeetup-join%2F19%253ameeting_Y2QxYzU0NjEtN2ZjNi00MGQ1LWJkMzUtZmQxZjZlZGZiYWZi%2540thread.v2%2F0%3Fcontext%3D%257b%2522Tid%2522%253a%252272f988bf-86f1-41af-91ab-2d7cd011db47%2522%252c%2522Oid%2522%253a%252285bc2986-6412-41c0-ab6d-98c80048fe64%2522%257d&data=04%7C01%7CMatt.Peterson%40oneidentity.com%7C84b7ebdd5371454ffb1d08d8f9e0d06c%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637534091259947355%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=SsCJvVHPNkG8GvzwDDsZEcWnyctDImM3QK4Q47vu37U%3D&reserved=0>

_______________________________________________
scim mailing list
scim@ietf.org<mailto:scim@ietf.org>
https://www.ietf.org/mailman/listinfo/scim<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=04%7C01%7CMatt.Peterson%40oneidentity.com%7C84b7ebdd5371454ffb1d08d8f9e0d06c%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637534091259957345%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=X68aS58slt1ZtTVW40EKxOhmLZnmBKqL8yijtXeeKjs%3D&reserved=0>