[Openid-specs-ab] Profile for using SCIM with OpenID Connect

Mike Jones Michael.Jones at microsoft.com
Thu Jul 7 00:56:12 UTC 2016

After the working group makes a decision to adopt a document as a working group document, it’s added to the working group repository in Bitbucket and the current draft is published at openid.net/specs/.  We can plan to discuss it among the working group participants on the call tomorrow morning and then assuming things go well there, the next step is to send a formal request for adoption to the working group mailing list for confirmation of the adoption decision and/or feedback on it.  We can go over all of that on the call.

Tomorrow’s call is at https://www3.gotomeeting.com/join/181372694 or if that isn’t possible, at:
Dial +1 (636) 277-0133
Access Code: 181-372-694

                                                                -- Mike

From: Openid-specs-ab [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Prateek Mishra
Sent: Wednesday, July 6, 2016 5:51 PM
To: openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] Profile for using SCIM with OpenID Connect

I am requesting guidance from the A/B chair on moving this submission to draft status.

Is there a designated repository where we should publish this draft?

Could this topic be added to the agenda for the July 7, 7am pacific time, meeting?


On Jun 21, 2016, at 5:06 PM, Prateek Mishra <prateek.mishra at oracle.com<mailto:prateek.mishra at oracle.com>> wrote:

Greetings OpenID Connect WG Members,

I propose we move this submission to OIDF draft status.

Specifically, we would like to publish it to the OIDF website/repository and label it accordingly.

This will enable us to generate more discussion and receive feedback on this proposal.

- prateek

On Jun 15, 2016, at 1:10 PM, Phil Hunt <phil.hunt at oracle.com<mailto:phil.hunt at oracle.com>> wrote:

Please find attached, a draft proposal from Chuck Mortimore and myself on using SCIM as an alternate endpoint for profile services in the context of Connect.

This specification defines:
a. Discovery metadata (scim_endpoint) indicating availability of a SCIM Protocol base endpoint
b. Dynamic registration metadata (scim_profile) used to indicate a client intends to use SCIM in addition to or instead of UserInfo
c. An additional ID Token claim (scim_id and scim_location) which specifies the SCIM resource endpoint and identifier associated with the authenticated subject.

By doing this, clients can avoid having to do an external authorization and another round of exchanges to access User profile information with full CRUD features.

Clients can also access SCIM’s more sophisticated query system to ask questions if the authenticated user has particular conditions (e.g. querying a sub-attribute such as “country” in the “addresses” attribute).

As an example use case: A cloud provider wants to build a user-profile self-service portal. OIDC does the authentication of the user and allows the web service to access the CRUD features of SCIM for the updates.


phil.hunt at oracle.com<mailto:phil.hunt at oracle.com>
<Draft: OpenID Connect Profile for SCIM Services.html>

Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160707/ee44e284/attachment-0001.html>

More information about the Openid-specs-ab mailing list