Re: [scim] IET 115 Call for agenda

Phillip Hunt <> Tue, 25 October 2022 18:52 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BB02EC14CF05 for <>; Tue, 25 Oct 2022 11:52:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9R2vxUJ2I2kC for <>; Tue, 25 Oct 2022 11:52:37 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::432]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id 5E4D0C14F692 for <>; Tue, 25 Oct 2022 11:52:37 -0700 (PDT)
Received: by with SMTP id y13so8205405pfp.7 for <>; Tue, 25 Oct 2022 11:52:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20210112; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=uD03elhefwSuMFfXzBMyN/q/rN/I1UE5LCDu3Osqllo=; b=aQ343k+c6e+tv6SQwdUtENr5yIr0DxLAYqJY0HVd0x44MVpokBkvbmuLRankY3/HGp cZdzl4oMRczVSgnovKMTZ2JzTDX7oS64XtcwOu2yhig+2EGDowM6LYwz5csKvNpnsE8c YYIDc/IcqfTQCizIY6c2OnEI1F40oRbNVupJETHU677eBM+D7ypFU0WqJQa9Pm2/54x9 UMAsaxiRnCAKyJ92R3fLfqdMPhuS1rzYI0blkLlQMFdMuj7YraoRqgG85tv0rXqEpMAs twVA2VPv7HDnm4fVRUjIGw48FgCqP48v1QFD2wAcGckPKPLq7GfVgWKxLfr7rg4NMaai DCbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20210112; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=uD03elhefwSuMFfXzBMyN/q/rN/I1UE5LCDu3Osqllo=; b=MalVTKz3C8OuaPPUXbqS6u1gcdZw2wf0tZ5C74ovk9ggG9WMTUl7VW+3lQhLXiGwve 9oEx7QwmbU1YfUZcxxBuIR4Dyz2FdS5uDGKH79JRsYZSuIdx6SFOzZ/y6OyY8K3T92Q3 1cULIa9tug1B5oydZ708ZbfEktaJPyovVhw6W8hMmm3+LFWIzSmZgi43740zmD25ZLPn 757FuzvDsCB99sUz3ews+bPD3I5+j2TblOAWK3NSVQTXmBizma9JUFDwwJCTZooM4uWO FHPZeSRfR7OPdfCe17YFXKep/Vv+DLgk8laDOeEtlOlI2i6xIbpPj46dQwNLiDnvRm5S DCdQ==
X-Gm-Message-State: ACrzQf3ERxfHkZBksR41qwn+LNF/vBDLzqdeiuLiCp+XlXqGv3uipvLd aexnG9eoEVjxeBI4TQ4Htdr6iAEKe5zZiw==
X-Google-Smtp-Source: AMsMyM6gP4lXtCEaxgeFqTZcnxQteM+oZM9rw0A3MIQhLcOSEdyjl3+NBgSrN3frrY6m+a/PyivcOg==
X-Received: by 2002:a05:6a00:c95:b0:563:a157:b4a with SMTP id a21-20020a056a000c9500b00563a1570b4amr40297527pfv.76.1666723956582; Tue, 25 Oct 2022 11:52:36 -0700 (PDT)
Received: from ( [2001:569:540c:4900:4953:6c16:f9ae:201c]) by with ESMTPSA id v189-20020a622fc6000000b0056bcb102e7bsm1693921pfv.68.2022. (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 25 Oct 2022 11:52:35 -0700 (PDT)
From: Phillip Hunt <>
Message-Id: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_76FAA01A-A2AF-40B9-9F9D-B01CD82C0E70"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.\))
Date: Tue, 25 Oct 2022 11:52:34 -0700
In-Reply-To: <>
Cc: SCIM WG <>
To: "Nancy Cam-Winget (ncamwing)" <>
References: <>
X-Mailer: Apple Mail (2.3696.
Archived-At: <>
Subject: Re: [scim] IET 115 Call for agenda
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Simple Cloud Identity Management BOF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 25 Oct 2022 18:52:41 -0000

Unfortunately due to recent eye surgery, I have been unable to spend any major amount of editing time on the SCIM Events document due to severe light sensitivity that will require further surgical intervention. Because of this and some other conflicts, I have decided not to attend.

Update on the SCIM Events Draft:
For the next SCIM Events draft revision, my proposal is to:
* Add support for the SecEvent Sub-ID draft spec - draft-ietf-secevent-subject-identifiers-13 .  The goal here is to make SCIM Events compatible with existing OpenID Shared Signals Frameworks
* Add non-normative sections discussing how recovery works in practice and why receiver based recovery is important in multi-domain scenarios (this was a requirement by Google and Amazon participants during the development of security event streams specifications). 
* Add Security Considerations and Privacy Considerations Sections
* Add IANA registration for SCIM Events URIs, as well as to register SCIM id and externalid format per the subject identifiers draft.

History of SCIM and Security Events: 
The registration of SCIM Events definitions (the SCIM Events draft) is the last step in a plan that the SCIM Working Group began when RFC7643,7644 was published. It was the goal of the older SCIM WG *not* to create a new protocol when other WGs were about to design something 95% the same.  The group opted for a single interoperable approach among the larger family of identity protocols. You will notice that SCIM is present in SET(RFC8417). Notice that event formats in Security Event Tokens are similar to SCIM resources except for the missing Schemas attribute. SETs were literally made in the wider security events community to support SCIM.

Going forwards:
I remain concerned that the working group is considering adopting a method that was previously considered unworkable by the prior SCIM working group (and even that of the much older LDAPEXT group).

I hope the group can have a good discussion about the future and come to a consensus on a single approach.


Phil Hunt

> On Oct 25, 2022, at 9:25 AM, Nancy Cam-Winget (ncamwing) <> wrote:
> Hello SCIMers,
> We have a 2hr session scheduled for IETF 115:
>     Monday, 7 November 2022, Session II 1300-1500 (London time)
>     Room Name: Richmond 2 size: 80
> If you want time on the agenda please send your request to <>
> Thanks, Nancy
> _______________________________________________
> scim mailing list
> <>
> <>