[Openid-specs-fastfed] FW: [scim] SCIM v3?

Matt Domsch matt.domsch at sailpoint.com
Wed Jun 24 15:18:47 UTC 2020 

From: Darran Rolls <me at darranrolls.com>
Sent: Wednesday, June 10, 2020 7:48 AM
To: Matt Domsch <matt.domsch at sailpoint.com>; Anthony Nadalin <tonynad=40microsoft.com at dmarc.ietf.org>; scim at ietf.org
Subject: Re: [scim] SCIM v3?

I’m going to jump in and reserve an hour on Thursday 25th at 11am central US time.   Here are the meeting details:

https://zoom.us/j/92197243294
Meeting ID: 921 9724 3294
Find your local number: https://zoom.us/u/aedUwgpW02

Darran

From: Matt Domsch <matt.domsch at sailpoint.com<mailto:matt.domsch at sailpoint.com>>
Date: Tuesday, June 9, 2020 at 11:08 AM
To: Anthony Nadalin <tonynad=40microsoft.com at dmarc.ietf.org<mailto:tonynad=40microsoft.com at dmarc.ietf.org>>, Darran Rolls <me at darranrolls.com<mailto:me at darranrolls.com>>, "scim at ietf.org<mailto:scim at ietf.org>" <scim at ietf.org<mailto:scim at ietf.org>>
Subject: RE: [scim] SCIM v3?

We’ll definitely ask for a BOF, or if the charter and its approvals can be done in time, a formal WG session at IETF 108.  That may be pushing it, but the area directors think it’s possible.  They’ve offered to reserve a time as a BOF now.

I can attend any of Darran’s suggested times for a videoconference.

Thanks,
Matt

Matt Domsch
VP, Lead Corporate Architect
matt.domsch at sailpoint.com<mailto:matt.domsch at sailpoint.com>
mobile: 512-981-6486
www.sailpoint.com<http://www.sailpoint.com/>


From: scim <scim-bounces at ietf.org<mailto:scim-bounces at ietf.org>> On Behalf Of Anthony Nadalin
Sent: Tuesday, June 9, 2020 9:40 AM
To: Darran Rolls <me at darranrolls.com<mailto:me at darranrolls.com>>; scim at ietf.org<mailto:scim at ietf.org>
Subject: Re: [scim] SCIM v3?

It may be better to have a bof for ietf 108. I think there are some updates that could be made to SCIM as we have some things on our list, but I’m not sure that another directory protocol is what is needed

From: scim <scim-bounces at ietf.org<mailto:scim-bounces at ietf.org>> On Behalf Of Darran Rolls
Sent: Tuesday, June 9, 2020 5:27 AM
To: scim at ietf.org<mailto:scim at ietf.org>
Subject: [EXTERNAL] Re: [scim] SCIM v3?

So, I read lots of interest to restart and contribute – excellent.

In the interest of rapidly moving towards a strawman charter, I’ll take a first pass at what that charter might look like and send it out here for comment.  If no one has any objection, I propose we set a time for an “interest-group call” mid/late next week?  I  know it’s tricky and a little unfair to throw out call times without more prior planning BUT if we can move this along quickly we can catch the IETF 108 train.

So, is there support to hold one of the following times next week for a conversation on that (to be sent) strawman charter?  LMK if anyone feels that’s too tight or unfair for folks that are interested but can’t make it and we can stick to a list-only conversation.

10am Central US Wednesday 24th
11am  Central US Wednesday 24th
---
10am Central US Thursday 25th
11am  Central US Thursday 25th
---
10am Central US Friday 26th
11am  Central US Friday 26th

Thanks
Darran

From: Paul Lanzi <paul at remediant.com<mailto:paul at remediant.com>>
Date: Monday, June 8, 2020 at 11:30 AM
To: Darran Rolls <me at darranrolls.com<mailto:me at darranrolls.com>>, "scim at ietf.org<mailto:scim at ietf.org>" <scim at ietf.org<mailto:scim at ietf.org>>
Subject: Re: [scim] SCIM v3?

Darran, all --

I think a relook at some of the items you mentioned would be great -- count me in!

On this topic:
> Ratification of extension to address Privilege Account Management user cases

We've had some discussions with the SailPoint folks (most notably: David Lee, Matt Domsch and more recently, Adam C) that the current SCIM-PAM API is very specifically focused on supporting password-vault use cases, and doesn't have an allowance for the Just-In-Time PAM approach. Both the Identity Defined Security Alliance (IDSA) and Gartner have recently recognized this approach, and I think it would make sense to further extend the SCIM-PAM proposal to also include the use cases around JIT PAM. I'm happy to help contribute towards the technical work needed to do so.

Thanks,

--Paul
--Co-Founder @ Remediant
[Image removed by sender.]ᐧ

On Mon, Jun 8, 2020 at 8:59 AM Phillip Hunt <phil.hunt at independentid.com<mailto:phil.hunt at independentid.com>> wrote:
Thanks Elliot.

A number of these features including MVA filtering and paging are based on a desire to build front end IDM management UIs to SCIM API providers.

One could say this would begin to move SCIM from a provisioning protocol to a “directory” protocol. Is SCIM Directory a theme that would drive interest in a new charter?
Phil

On Jun 8, 2020, at 2:38 AM, Eliot Lear <lear at cisco.com<mailto:lear at cisco.com>> wrote:
Hi Paul,

As a hanger-on, I like your list.  I don’t see the value in paging, but clearly a great many others do, so I have something to learn.

Eliot

On 8 Jun 2020, at 10:34, Paul Logston <paul.logston at gmail.com<mailto:paul.logston at gmail.com>> wrote:

Hi Darran and Phil,

I am interested in being part of this discussion. I work for a company that regularly uses the SCIM protocol and we have a use for a number of the extensions Darran suggested above.

Best,
Paul

Paul Logston
(510) 755 - 4474
paul.logston at gmail..com<mailto:paul.logston at gmail.com>
linkedin.com/in/paullogston<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fpaullogston%2F&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386708033&sdata=7M3nM2ir6U%2BCgYbZOed6DGSflQc4jy7%2FxOE5Bqqpyu0%3D&reserved=0>



On Sun, Jun 7, 2020 at 3:32 AM Phillip Hunt <phil.hunt at independentid.com<mailto:phil.hunt at independentid.com>> wrote:
Darran

Good to hear!

I am not sure these items require a v3. I believe these all can be done via extensions thus maintaining backwards compatibility.

For example I did submit a proposal for paged attributes based on the current drafts.

https://tools..ietf.org/html/draft-hunt-scim-mv-paging-00<https://tools.ietf..org/html/draft-hunt-scim-mv-paging-00>

I think we have to see if there is sufficient interest to charter a WG and determine interest in specific items.

Another long term issue compliance issues. For this we to find an independent organization to develop and host an interop test suite as compliance testing is not something the IETF does.  This will likely require direct donation of funds and time. This is how things happened for OIDC testing.
Phil Hunt

On Jun 6, 2020, at 10:15 AM, Darran Rolls <me at darranrolls..com<mailto:me at darranrolls.com>> wrote:
Hello SCIM folks,

To introduce myself to the group, up until March of this year I was the CTO at SailPoint and worked with Kelly Grizzle and Matt Domsch on all things identity standards.  I'm now consulting and engaging on various projects around the IAM space.

Having chatted with Leif and Morteza directly, I wanted to bring a discussion back here to the full WG alias.  As several of you will already know, I’d like to formally make a request to re-chartering this WG.  The goal of the WG would be to address the ratification of the following work items:


  *   Protocol /operational enhancements

     *   Multi-value paging & cursor pagination
     *   Relying party user provisioning
     *   Soft Delete
     *   Interop and testing capabilities

  *   New schema to address

     *   Extended HR /user data and related action events
     *   Ratification of extension to address Privilege Account Management user cases

I therefore seek your comments and input on this  proposal.  Are you interested to participate?  What is missing from the above list of work items?  Is there support for an informal interest-group call sometime in the next two weeks?

Thanks
Darran

--
https://www.darranrolls.com<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.darranrolls.com%2F&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386718036&sdata=rCp7YeXBYLgKG8yDmT0IZxp0bcddlPV8JIZNht9mgrY%3D&reserved=0>
LinkedIn<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdarran-rolls-068b84&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386728031&sdata=oLPoy3%2BnrAeO5GMFkP2RVn8WpskrxP7fNIwJx6tCbH8%3D&reserved=0> @djrolls<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fdjrolls&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386728031&sdata=sQK%2B0BI5bKQjCFt78zCeGmd3UIN5QmOfqFuqEmX4ncA%3D&reserved=0>

_______________________________________________
scim mailing list
scim at ietf.org<mailto:scim at ietf.org>
https://www.ietf.org/mailman/listinfo/scim<https://www.ietf..org/mailman/listinfo/scim>
_______________________________________________
scim mailing list
scim at ietf.org<mailto:scim at ietf.org>
https://www.ietf.org/mailman/listinfo/scim<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386738025&sdata=6jbsd0ErjL%2Ba2UbnN3mUTJ2m%2BfE6P7c2pNG1XMxlBJw%3D&reserved=0>
_______________________________________________
scim mailing list
scim at ietf.org<mailto:scim at ietf.org>
https://www.ietf.org/mailman/listinfo/scim<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386748018&sdata=ZTOfVOy18FxvswVRRQvqLkdR3QprxTOSud8T%2BxgkdBs%3D&reserved=0>

_______________________________________________
scim mailing list
scim at ietf.org<mailto:scim at ietf.org>
https://www.ietf.org/mailman/listinfo/scim<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscim&data=02%7C01%7Ctonynad%40microsoft.com%7Cc861765885a84cf4641708d80c7071b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637273024386748018&sdata=ZTOfVOy18FxvswVRRQvqLkdR3QprxTOSud8T%2BxgkdBs%3D&reserved=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fastfed/attachments/20200624/56bed266/attachment-0001.html>

More information about the Openid-specs-fastfed mailing list