[Openid-specs-ab] Profile for using SCIM with OpenID Connect

Prateek Mishra Prateek.Mishra at oracle.com
Thu Jul 7 00:50:37 UTC 2016


I am requesting guidance from the A/B chair on moving this submission to draft status.

Is there a designated repository where we should publish this draft?

Could this topic be added to the agenda for the July 7, 7am pacific time, meeting?

Thanks,
prateek

> On Jun 21, 2016, at 5:06 PM, Prateek Mishra <prateek.mishra at oracle.com> wrote:
> 
> Greetings OpenID Connect WG Members,
> 
> I propose we move this submission to OIDF draft status. 
> 
> Specifically, we would like to publish it to the OIDF website/repository and label it accordingly.
> 
> This will enable us to generate more discussion and receive feedback on this proposal.
> 
> - prateek
> 
> 
> 
> 
> 
>> On Jun 15, 2016, at 1:10 PM, Phil Hunt <phil.hunt at oracle.com <mailto:phil.hunt at oracle.com>> wrote:
>> 
>> Please find attached, a draft proposal from Chuck Mortimore and myself on using SCIM as an alternate endpoint for profile services in the context of Connect.
>> 
>> This specification defines:
>> a. Discovery metadata (scim_endpoint) indicating availability of a SCIM Protocol base endpoint
>> b. Dynamic registration metadata (scim_profile) used to indicate a client intends to use SCIM in addition to or instead of UserInfo
>> c. An additional ID Token claim (scim_id and scim_location) which specifies the SCIM resource endpoint and identifier associated with the authenticated subject.
>> 
>> By doing this, clients can avoid having to do an external authorization and another round of exchanges to access User profile information with full CRUD features.
>> 
>> Clients can also access SCIM’s more sophisticated query system to ask questions if the authenticated user has particular conditions (e.g. querying a sub-attribute such as “country” in the “addresses” attribute).  
>> 
>> As an example use case: A cloud provider wants to build a user-profile self-service portal. OIDC does the authentication of the user and allows the web service to access the CRUD features of SCIM for the updates.
>> 
>> Phil
>> 
>> @independentid
>> www.independentid.com <http://www.independentid.com/>phil.hunt at oracle.com <mailto:phil.hunt at oracle.com>
>> <Draft: OpenID Connect Profile for SCIM Services.html>
>> <openid-connect-scim-profile-1_0.txt>
>> 
>> 
>> 
>> 
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net>
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160706/4bea8e0b/attachment.html>


More information about the Openid-specs-ab mailing list