[scim] Setting a mutability value such as readOnly or readWrite for whole SCIM resources
Hans-Joerg Happel <happel@audriga.com> Thu, 08 December 2022 17:25 UTC
Return-Path: <happel@audriga.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 140BEC14CE51 for <scim@ietfa.amsl.com>; Thu, 8 Dec 2022 09:25:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3A9bqogDjJl6 for <scim@ietfa.amsl.com>; Thu, 8 Dec 2022 09:25:09 -0800 (PST)
Received: from mail.audriga.com (mail.audriga.com [176.221.42.35]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4651FC14CEEA for <scim@ietf.org>; Thu, 8 Dec 2022 09:25:09 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.audriga.com (Postfix) with ESMTP id EA212A217 for <scim@ietf.org>; Thu, 8 Dec 2022 18:25:04 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at mail.audriga.com
Received: from mail.audriga.com ([127.0.0.1]) by localhost (mail.audriga.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1SmeOM-aQwO4 for <scim@ietf.org>; Thu, 8 Dec 2022 18:25:02 +0100 (CET)
Received: from [192.168.10.147] (ip-109-090-161-242.um36.pools.vodafone-ip.de [109.90.161.242]) (Authenticated sender: happel@audriga.com) by mail.audriga.com (Postfix) with ESMTPSA id 9732DA0FF for <scim@ietf.org>; Thu, 8 Dec 2022 18:25:02 +0100 (CET)
Message-ID: <621ed78f-5071-cff5-3d5a-92446647f22e@audriga.com>
Date: Thu, 08 Dec 2022 18:25:02 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2
Content-Language: en-US
To: scim@ietf.org
From: Hans-Joerg Happel <happel@audriga.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/xGY-zvlz0ByGfJVC90xJOkJQLwQ>
Subject: [scim] Setting a mutability value such as readOnly or readWrite for whole SCIM resources
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Dec 2022 17:25:10 -0000
Hi, RFC 7643 allows to define a "mutability" to SCIM resource attributes to express if a certain attribute is, e.g., readOnly, readWrite, or writeOnly. We've some cases where we would like to have a "mutability" value assigned to whole SCIM resources instead of attributes only (This might also be a relevant feature in the light of the discussion at the recent SCIM interim about multiple different SCIM "actors" interacting). As far as I see, this is not possible based on the current spec. So some workaround for an SCIM endpoint right now might just be to return some error code on HTTP level [2], if, e.g., a request tries to write a resource which cannot be written for some reason. However, perhaps I am missing something here? Otherwise, this might be a candidate for a rfc7643bis. Is there already a place where we track issues for those? Thanks and best, Hans-Joerg ps.: In addition, the (im)mutability of SCIM "service provider configuration" endpoints (/ServiceProviderConfig, Schemas and /ResourceTypes) seems to be rather implicitly specified currently (https://datatracker.ietf.org/doc/html/rfc7644#section-4): "SCIM defines three endpoints to facilitate discovery of SCIM service provider features and schema that MAY be retrieved using HTTP GET:" [1] https://datatracker.ietf.org/doc/html/rfc7643#section-2-2 [2] https://datatracker.ietf.org/doc/html/rfc7644#section-3.2
- [scim] Setting a mutability value such as readOnl… Hans-Joerg Happel
- Re: [scim] Setting a mutability value such as rea… Phillip Hunt
- Re: [scim] Setting a mutability value such as rea… Hans-Joerg Happel