From nobody Thu Mar 2 15:48:24 2017 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE2B61293E4 for ; Thu, 2 Mar 2017 15:48:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.3 X-Spam-Level: X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=okta.com header.b=YobFTYWZ; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=oktainc.onmicrosoft.com header.b=ScbE5G+O Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8JWVcby7bexn for ; Thu, 2 Mar 2017 15:48:20 -0800 (PST) Received: from us-smtp-delivery-163.mimecast.com (us-smtp-delivery-163.mimecast.com [216.205.24.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 942E8126B6D for ; Thu, 2 Mar 2017 15:48:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=okta.com; s=mimecast20140813; t=1488498498; bh=+ycz5xSm160WxP4k1klIe2nJ3JoAugbWVzVFKRM1zVs=; h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type; b=YobFTYWZISOajwRurm8TrR3s/3cTyoZSsGzqlRe9PjEH7QtjfLVp0oCpwny/ZQQe/Hs9JhDd1P06RsIXwpMnhxXKmjNkB0wRMaLfkVh4PiDZANVOsS1IDYY1B8V3hJQ5C75sxE8LIvGH9Mv5CEdCxeG1RXKugs8kI9oq6QG6TqA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oktainc.onmicrosoft.com; s=selector1-okta-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=JFiUCKDRjUnlGtgBDR4IwwzF4JgAL+7M18My1XvNg8s=; b=ScbE5G+O11QAsWNkdyJNLYcvjiTh3AuhykcSv8VZ52YTo2q6P3A3t28hqwWKkQy7T2+vmFmSWmc1hYve969DnzASAxBaXe9AvMhx3wSbxKeD3UNnmkpJ7sGV4DP6j4R7s+Meb/lNTgd8rWejr4FPac3rn+BovndC2ti+bFIxJ8U= Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-bn3nam01lp0182.outbound.protection.outlook.com [216.32.180.182]) (Using TLS) by us-smtp-1.mimecast.com with ESMTP id us-mta-89-5qL0fDtDPoCO7E6jWK4BvA-1; Thu, 02 Mar 2017 18:48:17 -0500 Received: from CY1PR0501MB1804.namprd05.prod.outlook.com (10.163.141.142) by CY1PR0501MB1804.namprd05.prod.outlook.com (10.163.141.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.947.2; Thu, 2 Mar 2017 23:48:16 +0000 Received: from CY1PR0501MB1804.namprd05.prod.outlook.com ([10.163.141.142]) by CY1PR0501MB1804.namprd05.prod.outlook.com ([10.163.141.142]) with mapi id 15.01.0947.012; Thu, 2 Mar 2017 23:48:16 +0000 From: Kevin Gough To: "scim@ietf.org" Thread-Topic: Next Okta-run free SCIM virtual course for developers - 4/3 @ 10 AM PT Thread-Index: AQHSk69qYByiLI2s0EuCgV8IvoaIiA== Date: Thu, 2 Mar 2017 23:48:15 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [25.166.186.132] x-ms-office365-filtering-correlation-id: 2fe0ca22-7af1-4727-f9f3-08d461c698bf x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001); SRVR:CY1PR0501MB1804; x-microsoft-exchange-diagnostics: 1; CY1PR0501MB1804; 7:yVCqzE3CXlrH0uq7OOuuDL606bJmGdI8iaoACz1EVMzkaHK15szYA5gD/Cko7xmOmDUGgF9LBYwhpWRp4b1BocjqR30iaBfm754+1bNhqtonsDbGZd5zYXnGFGnI8uADou2PdD2VagkED3z8aT+LvhWtF+N3oOWy0zPIpJbiz9A+x27EOroTaEX4aEi6HyVW82V+LCFekKfgwD33zPGP9fMCUu64y8CitWPRpXYpqkbZF5ev+EmSfRQcbKcbeiFpBemAtPIi/eyW4/L3MUADrOlrnKApeca6TxhuYNo6amoJqZTzATvgTLnFQLTEjIb3phXLnz8tAC7xeRfMrdJJgQ==; 20:c5gisI3hQFpbeKAWBKbfZtN3ih8/dFNPGHQnrB4Jphil0iM82aQd7jirwTfstxVxzQhlcuEkVBYSWcnn2U7tFvug37WmMhh7XzNYHk5rOyLk5sCCrsitixY9QXiBSOGTflYlm2M6wJd0hOwEDsXFf7EZKizEIIjdrlMgU6kMVDY= x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(158342451672863)(278428928389397); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6041248)(20161123564025)(20161123562025)(20161123558025)(20161123555025)(20161123560025)(6072148); SRVR:CY1PR0501MB1804; BCL:0; PCL:0; RULEID:; SRVR:CY1PR0501MB1804; x-forefront-prvs: 023495660C x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(39450400003)(2900100001)(81166006)(450100001)(5660300001)(106116001)(122556002)(8676002)(2351001)(8936002)(7696004)(19627405001)(74316002)(1730700003)(5640700003)(6436002)(6506006)(3660700001)(966004)(77096006)(606005)(54896002)(92566002)(25786008)(2501003)(99286003)(53936002)(236005)(55016002)(6606003)(6916009)(9686003)(6306002)(66066001)(189998001)(86362001)(110136004)(102836003)(3846002)(2906002)(33656002)(6116002)(38730400002)(3280700002)(54356999)(7906003)(50986999)(7736002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR0501MB1804; H:CY1PR0501MB1804.namprd05.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: okta.com X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Mar 2017 23:48:15.8813 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f1f9fcc4-c616-4261-8a82-855dc9cb8486 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0501MB1804 X-MC-Unique: 5qL0fDtDPoCO7E6jWK4BvA-1 Content-Type: multipart/alternative; boundary="_000_CY1PR0501MB1804AA77D422C6A30FF6E6FB87280CY1PR0501MB1804_" Archived-At: Subject: [scim] Next Okta-run free SCIM virtual course for developers - 4/3 @ 10 AM PT X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Mar 2017 23:48:23 -0000 --_000_CY1PR0501MB1804AA77D422C6A30FF6E6FB87280CY1PR0501MB1804_ Content-Type: text/plain; charset=WINDOWS-1252 Content-Transfer-Encoding: quoted-printable We're resuming our free SCIM virtual courses for developers. The next one is 4/3 @ 10 AM = PT. Please share with any ISVs or individual developers who want to learn h= ow to enable SCIM-based provisioning for their application. Also, let me kn= ow if there are other forums or groups I should inform. Thanks! - Kevin Course Abstract: Provisioning with SCIM for Developers In this one-day course, students will learn how to build a System for Cross= -domain Identity Management (SCIM) server to automate provisioning to an en= dpoint application with Okta. This course provides instruction on the SCIM = standard, including provisioning events and operations, messages and data t= ransformation, and authorization options. Students will learn how to effect= ively use the SCIM standard protocols to integrate their applications with = Okta or any identity manager that supports the standard. To best understand= how to develop a SCIM integration, students will build a SCIM server in Py= thon in scripted hands-on labs. Students are also welcome to apply the conc= epts discussed in class to build in their preferred programming language. C= ommon business and technical use cases, workflows, testing, troubleshooting= , and best practices are discussed. For more info and to register: http://okta.litmos.com/self-signup/register/328927?type=3D1 --_000_CY1PR0501MB1804AA77D422C6A30FF6E6FB87280CY1PR0501MB1804_ Content-Type: text/html; charset=WINDOWS-1252 Content-Transfer-Encoding: quoted-printable

We're resu= ming our free SCIM virtual courses for developers. The next one is 4/= 3 @ 10 AM PT. Please share with any ISVs or individual developers who want to learn how to enable SCIM-based provisioning for the= ir application. Also, let me know if there are other forums or groups I sho= uld inform. Thanks! - Kevin



Course Abstract: Provisioning with S= CIM for Developers


In this one-day course, students will learn= how to build a System for Cross-domain Identity Management (SCIM) server to automate provisioning to an endpoint applicati= on with Okta. This course provides instruction on the SCIM standard, i= ncluding provisioning events and operations, messages and data transformati= on, and authorization options. Students will learn how to effectively use the SCIM standard protocols to integrate= their applications with Okta or any identity manager that supports the sta= ndard. To best understand how to develop a SCIM integration, students will build a SCIM server in Python in scripted hands-on labs. Stu= dents are also welcome to apply the concepts discussed in class to build in their preferred programming language. = Common business and technical use cases, workflows, testing, troubleshootin= g, and best practices are discussed.



For more info and to register:

http://okta.litmos.com/self-signup/register/328927?t= ype=3D1

--_000_CY1PR0501MB1804AA77D422C6A30FF6E6FB87280CY1PR0501MB1804_-- From nobody Fri Mar 10 21:40:12 2017 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE27D1294E0 for ; Fri, 10 Mar 2017 21:40:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=wso2.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G0S9ucy3N5H3 for ; Fri, 10 Mar 2017 21:40:09 -0800 (PST) Received: from mail-wm0-x230.google.com (mail-wm0-x230.google.com [IPv6:2a00:1450:400c:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA6561293DB for ; Fri, 10 Mar 2017 21:40:08 -0800 (PST) Received: by mail-wm0-x230.google.com with SMTP id n11so8442053wma.0 for ; Fri, 10 Mar 2017 21:40:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wso2.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=GX+Pui3PVm8WPnDzvIosccV93UVIUozp11ZXuHZr2rY=; b=i4EcbXzReAOwmA5qwrY27fCinl0LMtv78+almgVFMfZOEuJBZ4cTYcyFhdHnqMM7YN wtOKcKRET+sFetLEFsIfryp6NaIc5rmAL+B9vTgvNA0tDGw7e7iNoq8YjDWQj6Fpv4tt Seew0HTDYJT5eZ2pHAEVWCxNkpNCM4halLros= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=GX+Pui3PVm8WPnDzvIosccV93UVIUozp11ZXuHZr2rY=; b=l5a4h1GuaBLPnWW1C9qW0wHaw9bzndYGQ8qAaaCipde2BDM8vtnvgaUvhOqdwrFsQt awPtSfX+0NUj2pl7OaiRPmoq67vHX41qvbWRgk+GjB3GmnR2tOX525+m9dHIyHomU3UP rvRHrlTEllRf7S0vd/jtaN5UGLGJBmakp0+MTGhqSq9WHtsKJ44+7uFNl/up13E4ZtW0 yGTsbuRNCPk5z8cOrh+pVprM1G/8a/63NAqmSX34SeeBNl5djp+QpybXkqt5UIGblYFw Yp/x9AO0ag1YjqLndn4kQqPUPR5KhZb2xnzJJZwAoFf55cX3wDOLsECir/+X6Jt8auJF 29Dg== X-Gm-Message-State: AFeK/H187hyCqSE9/cQ+Q4FWrIbFbUHOvPmoHsVXH2bCMxkRabUljy1R5vKRs6QGpdelUfVNgirqBVHyPq1ZP9QK X-Received: by 10.28.234.147 with SMTP id g19mr1795709wmi.102.1489210807005; Fri, 10 Mar 2017 21:40:07 -0800 (PST) MIME-Version: 1.0 Received: by 10.223.143.109 with HTTP; Fri, 10 Mar 2017 21:40:06 -0800 (PST) In-Reply-To: References: From: Gayan Gunawardana Date: Sat, 11 Mar 2017 11:10:06 +0530 Message-ID: To: Samuel Erdtman Content-Type: multipart/alternative; boundary=001a1146e55825ce24054a6de9ef Archived-At: Cc: "scim@ietf.org" , Darshana Gunawardana , Omindu Rathnaweera Subject: Re: [scim] Does SCIM 2.0 have a compliance test suite? X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Mar 2017 05:40:11 -0000 --001a1146e55825ce24054a6de9ef Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Tue, Feb 28, 2017 at 10:17 PM, Samuel Erdtman wrote: > The SCIM 1.1 tests where made by me and Erik Wahlstr=C3=B6m. > > The code can be found here and here > > Thanks Samuel and Erik. It would be great if you can provide brief idea about above two repositories and how test suit has been organized. > > > Don=C2=B4t think you should rely to much on the structure setup there. > Yes but will be really helpful to just get an abstract idea. > > //Samuel > > On Tue, Feb 7, 2017 at 9:15 AM, Darshana Gunawardana < > darshanasbg@gmail.com> wrote: > >> Hi Samuel, >> >> Thanks for the response..! >> >> My colleges from WSO2 are in the process of implementing SCIM 2.0 server >> and currently people working on improving the test coverage on that. >> >> If there is no work done on this, we can check on creating common SCIM >> 2.0 suite and contributing back to the community. Wanted to check whethe= r >> it would be useful to implement common SCIM 2.0 suite thing. >> >> If this is something useful to have, we can check on possible ways of >> getting interested persons... >> >> And can I know references on the implementations on the test suite done >> on SCIM 1.1? So I can get an idea on the current design and effort neede= d >> to implement in that way. >> >> Thanks, >> Darshana >> >> On Tue, Feb 7, 2017 at 1:06 PM, Samuel Erdtman wrote= : >> >>> There is currently no such tool as far as I know. >>> >>> That it says ongoing is a bit too optimistic, there is no ongoing work >>> as far as I know. >>> >>> You are not the only one asking for this so maybe a few persons could d= o >>> some cooperation and create something. >>> >>> >>> On Tue, 7 Feb 2017 at 07:37, Darshana Gunawardana >>> wrote: >>> >>>> Hi, >>>> >>>> Is there a test tool that can used to check compliance with the SCIM >>>> 2.0 specification? >>>> >>>> The site [1] specifies that there is an ongoing effort. Is this an ope= n >>>> source effort where someone interested can try prototype versions and >>>> contribute for the development? >>>> >>>> [1] http://www.simplecloud.info/ >>>> [2] "Work on SCIM 2.0 tests is under development and there are >>>> currently no support for the enterprise extension" >>>> >>>> Thanks, >>>> -- >>>> With Regards, >>>> >>>> Darshana Gunawardana, >>>> Alumni : Dept. of Computer Science & Engineering, >>>> University of Moratuwa, >>>> Sri Lanka >>>> _______________________________________________ >>>> scim mailing list >>>> scim@ietf.org >>>> https://www.ietf.org/mailman/listinfo/scim >>>> >>> >> >> >> -- >> With Regards, >> >> Darshana Gunawardana, >> Alumni : Dept. of Computer Science & Engineering, >> University of Moratuwa, >> Sri Lanka >> > > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > > --=20 Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: gayan@wso2.com Mobile: +94 (71) 8020933 --001a1146e55825ce24054a6de9ef Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


On Tue, Feb 28, 2017 at 10:17 PM, Samuel Erdtman <= samuel@erdtman.se> wrote:
Thanks Samuel and Erik.
It would be great if you can prov= ide brief idea about above two repositories and how test suit has been orga= nized.=C2=A0 =C2=A0


Don=C2=B4t think you should rely to much on the = structure setup there.
Yes but will be really helpful to= just get an abstract idea.=C2=A0
=

//Samuel

On Tue, Feb 7, 2017 at 9:15 AM= , Darshana Gunawardana <darshanasbg@gmail.com> wrote:
Hi Samuel,

<= div>Thanks for the response..!

My colleges from WS= O2 are in the process of implementing SCIM 2.0 server and currently people = working on improving the test coverage on that.

If= there is no work done on this, we can check on creating common SCIM 2.0 su= ite and contributing back to the community. Wanted to check whether it woul= d be useful to implement common SCIM 2.0 suite thing.

<= div>If this is something useful to have, we can check on possible ways of g= etting interested persons...

And can I know refere= nces on the implementations on the test suite done on SCIM 1.1? So I can ge= t an idea on the current design and effort needed to implement in that way.=

Thanks,
Darshana

On Tue, Feb 7, 2017 at 1:06 PM, Samuel Erdtman <sa= muel@erdtman.se> wrote:
There is currently no such tool as far as I know.

That it says ongoing is a bit too optimistic, there is= no ongoing work as far as I know.

You are not the= only one asking for this so maybe a few persons could do some cooperation = and create something.


On Tue, 7 Feb 2017 at 07:37, Darshana Gunawardana <darshanasbg@gmail.co= m> wrote:
Hi,

Is there a test tool that can used to check= compliance with the SCIM 2.0 specification?
The site [1] specifies that t= here is an ongoing effort. Is this an open source effort where someone inte= rested can try prototype versions and contribute for the development?=C2=A0=

http://www.simplecloud.info/

Thanks,
--
With Regards,

Darshana Gunawardana,
Alumni : Dept. of Computer Science & Engineering,
University of Moratuwa,
Sri Lanka
_______________________________________________
scim mailing list
scim@ie= tf.org
https://www.ietf.org/mailman/listinf= o/scim



--
With Regards,

Darshana Gunawardana,
Al= umni : Dept. of Computer Science & Engineering,
University of Moratu= wa,
Sri Lanka


_______________________________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim




--
<= font face=3D"arial, sans-serif" color=3D"#888888">Gayan Gunawardana
Software Engineer; WSO2 = Inc.; http://wso2.com/
--001a1146e55825ce24054a6de9ef-- From nobody Thu Mar 16 11:49:56 2017 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 088B012995D for ; Thu, 16 Mar 2017 11:49:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3Dcv4Wfuk5p7 for ; Thu, 16 Mar 2017 11:49:52 -0700 (PDT) Received: from mail-ot0-x229.google.com (mail-ot0-x229.google.com [IPv6:2607:f8b0:4003:c0f::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A14F12994F for ; Thu, 16 Mar 2017 11:49:52 -0700 (PDT) Received: by mail-ot0-x229.google.com with SMTP id 19so66805189oti.0 for ; Thu, 16 Mar 2017 11:49:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=I/zwHpLT5bV6n/+eAkHwKfwJOnRrWh+9mlQw0DMUW6E=; b=Xb+Gds6OrR/i5EADcCPgk2lxxRuPsEPwi5+RZ+mB9aL96q2TDZxOkzBmx1rrV1xlld 8H5PO4WtZZhv1MkufVQFgvGpsYcykXuKXcHTpy4mjaZrDr5+WfMh7ixqJvOgFxBcuo/P E/wkgoQ+ZXg3P9LSX4CEe4yufjBXnOArUX7XdwYZpnsah5fgFk0KBSVaHjBB/70KJnUF GicClv4vAI+0c5bIBrfakv/bic75/Y2i8S+4mmU4gNEboKO495tolfzW9vz30H+qE20Z z6y1Mhlu+xGVRhNiTOlRz2Nhs/64Aj0Hfkyamntn3yiCvwbmcuR8HeRvFvP57U13fFEY IX+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=I/zwHpLT5bV6n/+eAkHwKfwJOnRrWh+9mlQw0DMUW6E=; b=nJv2fUt9e1FLkTE2tMdUX9/vi/aLPzQHz70MZeH+tYNd71HlJ/X1k/kXjkkjgZMRZH g/OA7JdGxo1yNkbV9Yyz6jUHbWvJ5awpoO3+2y0b0rL5h+luLmQm7Ij6uAGDP7JDBGaW AoVt+R/MMENdd4P3NE+Kh7CUt+2czhyqNqIwPyppx0LZIuWNfFKfzUMVDFyL2YpALNpT lcSSwmxmQ6pRnbs80933ybEy1P8MJ2feUiHJmvc1vePpzNBkj2oqF3L3ru3AdTe9lYDK SkCY6MLnd/G+XWXF6tY/gJy6iVT1isk9zj39ZAJ+2w9broaasebUCBzFuULFwx9uNt6+ z9iQ== X-Gm-Message-State: AFeK/H2TtOn0z45kqitjHwbdXtCnJxf5CdUcCkh+TEYiH3X2hDLA1KDkVOjsWQNE1wspH/0oFw243Y8gu9lWDQ== X-Received: by 10.157.82.91 with SMTP id q27mr5049198otg.50.1489690191444; Thu, 16 Mar 2017 11:49:51 -0700 (PDT) MIME-Version: 1.0 Received: by 10.157.34.165 with HTTP; Thu, 16 Mar 2017 11:49:30 -0700 (PDT) In-Reply-To: References: From: Darshana Gunawardana Date: Fri, 17 Mar 2017 00:19:30 +0530 Message-ID: To: Phil Hunt Cc: Samuel Erdtman , "scim@ietf.org" , Omindu Rathnaweera Content-Type: multipart/alternative; boundary=f403043c4028afc1f2054add86ef Archived-At: Subject: Re: [scim] Does SCIM 2.0 have a compliance test suite? X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Mar 2017 18:49:55 -0000 --f403043c4028afc1f2054add86ef Content-Type: text/plain; charset=UTF-8 Hi folks, Thanks all for your responses. On Wed, Mar 1, 2017 at 1:05 AM, Phil Hunt wrote: > There has been discussion about having OpenID Foundation host some tests. > However, so far, nobody has volunteered to write the tests or fund their > support. If we can generate interest, maybe we can make it happen. > A few of us at WSO2 thought about a suitable way to generate interest on this. WSO2 has been a mentor organization for GSoC for the last three years and also accepted for the same on this year as well. So we have come up with a GSoC project proposal on the topic "SCIM 2.0 compliance test suite". You can find more details of the project proposal on the below link. https://docs.wso2.com/display/GSoC/Project+Proposals+for+ 2017#ProjectProposalsfor2017-Proposal21:[IS]SCIM2.0compliancetestsuite Any suggestions on the project proposal are highly appreciated. The good news is, we already have one interested applicant on this project!!! Hopefully we will have more applicants.. and a decent student proposal to proceed with.. Thanks, Darshana > > Note: The IETF does not seem to handle inter-op test suites and > certifications. At least not in my experience. > > Phil > > Oracle Corporation, Identity Cloud Services & Identity Standards > @independentid > www.independentid.com > phil.hunt@oracle.com > > > > > > > > On Feb 7, 2017, at 12:15 AM, Darshana Gunawardana > wrote: > > Hi Samuel, > > Thanks for the response..! > > My colleges from WSO2 are in the process of implementing SCIM 2.0 server > and currently people working on improving the test coverage on that. > > If there is no work done on this, we can check on creating common SCIM 2.0 > suite and contributing back to the community. Wanted to check whether it > would be useful to implement common SCIM 2.0 suite thing. > > If this is something useful to have, we can check on possible ways of > getting interested persons... > > And can I know references on the implementations on the test suite done on > SCIM 1.1? So I can get an idea on the current design and effort needed to > implement in that way. > > Thanks, > Darshana > > On Tue, Feb 7, 2017 at 1:06 PM, Samuel Erdtman wrote: > >> There is currently no such tool as far as I know. >> >> That it says ongoing is a bit too optimistic, there is no ongoing work as >> far as I know. >> >> You are not the only one asking for this so maybe a few persons could do >> some cooperation and create something. >> >> >> On Tue, 7 Feb 2017 at 07:37, Darshana Gunawardana >> wrote: >> >>> Hi, >>> >>> Is there a test tool that can used to check compliance with the SCIM 2.0 >>> specification? >>> >>> The site [1] specifies that there is an ongoing effort. Is this an open >>> source effort where someone interested can try prototype versions and >>> contribute for the development? >>> >>> [1] http://www.simplecloud.info/ >>> [2] "Work on SCIM 2.0 tests is under development and there are currently >>> no support for the enterprise extension" >>> >>> Thanks, >>> -- >>> With Regards, >>> >>> Darshana Gunawardana, >>> Alumni : Dept. of Computer Science & Engineering, >>> University of Moratuwa, >>> Sri Lanka >>> _______________________________________________ >>> scim mailing list >>> scim@ietf.org >>> https://www.ietf.org/mailman/listinfo/scim >>> >> > > > -- > With Regards, > > Darshana Gunawardana, > Alumni : Dept. of Computer Science & Engineering, > University of Moratuwa, > Sri Lanka > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > > > -- With Regards, Darshana Gunawardana, Alumni : Dept. of Computer Science & Engineering, University of Moratuwa, Sri Lanka --f403043c4028afc1f2054add86ef Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi folks,

Thanks all for your responses= .

On Wed, Ma= r 1, 2017 at 1:05 AM, Phil Hunt <phil.hunt@oracle.com> wr= ote:
There has been discussion about having OpenID Foundation= host some tests. However, so far, nobody has volunteered to write the test= s or fund their support.=C2=A0 If we can generate interest, maybe we can ma= ke it happen.

A few of us at WSO2=C2= =A0thought=C2=A0about a suitable w= ay to generate interest on this.

WSO2 has been a m= entor organization for GSoC for the last three years and also accepted for = the same on this year as well. So we have come up with a GSoC project propo= sal on the topic "SCIM 2.0 compliance test suite". You can find m= ore details of the project proposal on the below link.

=

Any suggestions on t= he project proposal are highly appreciated.

Th= e good news is, we already have one interested applicant on this project!!!=

Hopefully we will have more applicants.. and a de= cent=C2=A0student proposal to proceed with..

Thanks,
Darshana
=C2=A0

Note: The IETF does not seem to handle inter-op test suites and certi= fications.=C2=A0 At least not in my experience.

Phil

Oracle Corporati= on, Identity Cloud Services & Identity Standards
@independent= id
phil.hunt@oracle.com

=






On Feb 7, 2017, at 12:15 AM, Darsha= na Gunawardana <darshanasbg@gmail.com> wrote:

Hi Samuel,

Thanks for the response..!
<= br>
My colleges from WSO2 are in the process of implementing SCIM= 2.0 server and currently people working on improving the test coverage on = that.

If there is no work done on this, we can che= ck on creating common SCIM 2.0 suite and contributing back to the community= . Wanted to check whether it would be useful to implement common SCIM 2.0 s= uite thing.

If this is something useful to have, w= e can check on possible ways of getting interested persons...
And can I know references on the implementations on the test su= ite done on SCIM 1.1? So I can get an idea on the current design and effort= needed to implement in that way.

Thanks,
Darshana

On Tue, Feb 7, 2017 at 1:06 PM, Samuel Erdtman= =C2=A0<samuel@erdtman.se>=C2=A0wrote:
Th= ere is currently no such tool as far as I know.

Th= at it says ongoing is a bit too optimistic, there is no ongoing work as far= as I know.

You are not the only one asking for th= is so maybe a few persons could do some cooperation and create something.


=
On Tue, 7 Feb 2017 at 07:37, Darshana Gunawardana <darshanasbg@gmail.com> wr= ote:
Hi,

= Is there a test tool that can used to check compliance with the SCIM 2.0 sp= ecification?

The site [1] specifies that = there is an ongoing effort. Is this an open source effort where someone int= erested can try prototype versions and contribute for the development?=C2= =A0

<= /div>
[1]=C2=A0http://www.simpl= ecloud.info/
[2] "Work = on SCIM 2.0 tests is under development and there are currently no support f= or the enterprise extension"
Thanks,=
--=C2=A0
With Regards,

Darshana Gunawardana,
Alumni : Dept. of Computer Science & Engineering,
University of Moratuwa,
= Sri Lanka
______________________________= _________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mai= lman/listinfo/scim



--=C2=A0
With Regards,

Darshana Gunawardana,
Alumni : Dept. of Computer Scie= nce & Engineering,
University of Moratuwa,
Sri Lanka
<= /div>
________________________________= _______________
scim mailing listscim@ietf.org
https://www.ietf.org/mai= lman/listinfo/scim

<= /div>



--
Wi= th Regards,

Darshana Gunawardana,
Alumni : Dept. of = Computer Science & Engineering,
University of Moratuwa,
Sri Lanka=
--f403043c4028afc1f2054add86ef-- From nobody Mon Mar 27 07:16:03 2017 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0142F1296A1 for ; Mon, 27 Mar 2017 07:16:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.002 X-Spam-Level: X-Spam-Status: No, score=-5.002 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YAiTm88rPr0G for ; Mon, 27 Mar 2017 07:16:00 -0700 (PDT) Received: from iberico.switch.ch (iberico.switch.ch [IPv6:2001:620:0:1002::27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25DCC129534 for ; Mon, 27 Mar 2017 07:15:59 -0700 (PDT) Received: from albris.switch.ch (albris.switch.ch [IPv6:2001:620:0:1001::8]) by iberico.switch.ch (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id v2REFvhm023305 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Mon, 27 Mar 2017 16:15:58 +0200 Received: from macrb.switch.ch ([130.59.17.20]) by albris.switch.ch with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.72) (envelope-from ) id 1csVR7-0006Vi-6W for scim@ietf.org; Mon, 27 Mar 2017 16:15:57 +0200 To: "scim@ietf.org" From: Rolf Brugger Message-ID: <5dd746c7-647b-ad0f-a8cf-ad9c3ca8df7c@switch.ch> Date: Mon, 27 Mar 2017 16:15:56 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-SWITCHham-Score: X-CanIt-Geo: ip=2001:620:0:1001::8; country=CH; region=Zurich; city=Zurich; latitude=47.3720; longitude=8.5413; http://maps.google.com/maps?q=47.3720,8.5413&z=6 X-CanItPRO-Stream: switch-ch:outbound (inherits from switch-ch:default, base:default) X-Canit-Stats-ID: Bayes signature not available X-Scanned-By: CanIt (www . roaringpenguin . com) Archived-At: Subject: [scim] Does SCIM have an access rights model? X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Mar 2017 14:16:02 -0000 Hi all, I'm new to this list, and I hope my question is relevant to this community. In our particular use case we have one SCIM server and multiple SCIM clients. All clients are allowed to query all identities and all attributes. However, not all clients have the same permissions to update/write attributes. For example, some clients may only modify group memberships of identities, while other clients have the exclusive permission to modify name and email of identities. Is there a model in SCIM or some kind of best practice in existing implementations how to model client read/write permissions for attributes? best regards Rolf -- SWITCH Rolf Brugger, Trust & Identity Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland direct +41 44 268 15 89 rolf.brugger@switch.ch, https://www.switch.ch From nobody Mon Mar 27 07:55:40 2017 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92DA4120725 for ; Mon, 27 Mar 2017 07:55:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.997 X-Spam-Level: X-Spam-Status: No, score=-6.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-2.796, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OqaaLqpZrSOI for ; Mon, 27 Mar 2017 07:55:36 -0700 (PDT) Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7D87128954 for ; Mon, 27 Mar 2017 07:55:36 -0700 (PDT) Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v2REtYQT010877 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 27 Mar 2017 14:55:34 GMT Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id v2REtXTC030852 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 27 Mar 2017 14:55:33 GMT Received: from abhmp0009.oracle.com (abhmp0009.oracle.com [141.146.116.15]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id v2REtXVI011480; Mon, 27 Mar 2017 14:55:33 GMT Received: from [31.133.146.196] (/31.133.146.196) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 27 Mar 2017 07:55:33 -0700 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) From: "Phil Hunt (IDM)" X-Mailer: iPhone Mail (14D27) In-Reply-To: <5dd746c7-647b-ad0f-a8cf-ad9c3ca8df7c@switch.ch> Date: Mon, 27 Mar 2017 09:55:32 -0500 Cc: "scim@ietf.org" Content-Transfer-Encoding: quoted-printable Message-Id: <5675DA25-C333-45E0-A5BB-AD88B20BFF83@oracle.com> References: <5dd746c7-647b-ad0f-a8cf-ad9c3ca8df7c@switch.ch> To: Rolf Brugger X-Source-IP: userv0021.oracle.com [156.151.31.71] Archived-At: Subject: Re: [scim] Does SCIM have an access rights model? X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Mar 2017 14:55:39 -0000 Rolf Thanks for your question.=20 At the moment SCIM is a provisioning protocol and access rules are up to the= service provider. Eg What makes sense for a directory may not make sense fo= r a crm system.=20 Regardless, the consequences to the client are still the same-success or una= uthorized. :)=20 For historical context a similar discussion happened in LDAP. While requirem= ents had consensus no interoperable model was defined.=20 With all that said, I think it may be useful to have discussions about lan o= auth scope standard that could enable clients to request certain rights. Eg a= bility to query as a directory. Ability to do self updates etc.=20 This became more apparent when we wrote the oidc scim profile as clients wan= ted an access token with user self service rights instead of read only acces= s at the oidc userinfo endpoint.=20 Phil > On Mar 27, 2017, at 9:15 AM, Rolf Brugger wrote: >=20 > Hi all, >=20 > I'm new to this list, and I hope my question is relevant to this community= . >=20 > In our particular use case we have one SCIM server and multiple SCIM clien= ts. All clients are allowed to query all identities and all attributes. >=20 > However, not all clients have the same permissions to update/write attribu= tes. For example, some clients may only modify group memberships of identiti= es, while other clients have the exclusive permission to modify name and ema= il of identities. >=20 > Is there a model in SCIM or some kind of best practice in existing impleme= ntations how to model client read/write permissions for attributes? >=20 > best regards >=20 > Rolf >=20 > --=20 > SWITCH > Rolf Brugger, Trust & Identity > Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland > direct +41 44 268 15 89 > rolf.brugger@switch.ch, https://urldefense.proofpoint.com/v2/url?u=3Dhttps= -3A__www.switch.ch&d=3DDwICAg&c=3DRoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK1= 0&r=3DJBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=3DWmnYxVYjsRE1_cESvAJdAH= dRQ3MCyAZb2HHTClsca_U&s=3DAN-ijCyAYZPgh5_id4zq-F0lgoKH7iHfL1Hyxn5H5Wg&e=3D=20= > _______________________________________________ > scim mailing list > scim@ietf.org > https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__www.ietf.org_mailma= n_listinfo_scim&d=3DDwICAg&c=3DRoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r= =3DJBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=3DWmnYxVYjsRE1_cESvAJdAHdRQ= 3MCyAZb2HHTClsca_U&s=3D18i8xxKNQ5Kt6BoRZ2uBLo4GL-gB9ZWkzfQhwK8z6uA&e=3D From nobody Mon Mar 27 08:50:17 2017 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5ECDB12945E for ; Mon, 27 Mar 2017 08:50:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f-n_qCGM-FgN for ; Mon, 27 Mar 2017 08:50:14 -0700 (PDT) Received: from teruel.switch.ch (teruel.switch.ch [IPv6:2001:620:0:3002::92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3028129456 for ; Mon, 27 Mar 2017 08:50:13 -0700 (PDT) Received: from albris.switch.ch (albris.switch.ch [IPv6:2001:620:0:1001::8]) by teruel.switch.ch (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id v2RFo9WW032555 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Mon, 27 Mar 2017 17:50:11 +0200 Received: from macrb.switch.ch ([130.59.17.20]) by albris.switch.ch with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.72) (envelope-from ) id 1csWuH-0007Zj-P9 for scim@ietf.org; Mon, 27 Mar 2017 17:50:09 +0200 To: scim@ietf.org References: <5dd746c7-647b-ad0f-a8cf-ad9c3ca8df7c@switch.ch> <5675DA25-C333-45E0-A5BB-AD88B20BFF83@oracle.com> From: Rolf Brugger Message-ID: Date: Mon, 27 Mar 2017 17:50:09 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <5675DA25-C333-45E0-A5BB-AD88B20BFF83@oracle.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-SWITCHham-Score: X-CanIt-Geo: ip=2001:620:0:1001::8; country=CH; region=Zurich; city=Zurich; latitude=47.3720; longitude=8.5413; http://maps.google.com/maps?q=47.3720,8.5413&z=6 X-CanItPRO-Stream: switch-ch:outbound (inherits from switch-ch:default, base:default) X-Canit-Stats-ID: Bayes signature not available X-Scanned-By: CanIt (www . roaringpenguin . com) Archived-At: Subject: Re: [scim] Does SCIM have an access rights model? X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Mar 2017 15:50:16 -0000 Hi Phil, It does make sense to me that a model to manage access rights for SCIM clients to a SCIM server is out of scope - mostly because it very context dependent. In our use case we have to limit access rights of SCIM clients, and I just wanted to make sure that we are not re-inventing the wheel. So thank you your answer. That was very helpful! cheers Rolf On 27/03/17 16:55, Phil Hunt (IDM) wrote: > Rolf > > Thanks for your question. > > At the moment SCIM is a provisioning protocol and access rules are up > to the service provider. Eg What makes sense for a directory may not > make sense for a crm system. > > Regardless, the consequences to the client are still the same-success > or unauthorized. :) > > For historical context a similar discussion happened in LDAP. While > requirements had consensus no interoperable model was defined. > > With all that said, I think it may be useful to have discussions > about lan oauth scope standard that could enable clients to request > certain rights. Eg ability to query as a directory. Ability to do > self updates etc. > > This became more apparent when we wrote the oidc scim profile as > clients wanted an access token with user self service rights instead > of read only access at the oidc userinfo endpoint. > > Phil > >> On Mar 27, 2017, at 9:15 AM, Rolf Brugger >> wrote: >> >> Hi all, >> >> I'm new to this list, and I hope my question is relevant to this >> community. >> >> In our particular use case we have one SCIM server and multiple >> SCIM clients. All clients are allowed to query all identities and >> all attributes. >> >> However, not all clients have the same permissions to update/write >> attributes. For example, some clients may only modify group >> memberships of identities, while other clients have the exclusive >> permission to modify name and email of identities. >> >> Is there a model in SCIM or some kind of best practice in existing >> implementations how to model client read/write permissions for >> attributes? >> >> best regards >> >> Rolf >> >> -- SWITCH Rolf Brugger, Trust & Identity Werdstrasse 2, P.O. Box, >> 8021 Zurich, Switzerland direct +41 44 268 15 89 >> rolf.brugger@switch.ch, >> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.switch.ch&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=WmnYxVYjsRE1_cESvAJdAHdRQ3MCyAZb2HHTClsca_U&s=AN-ijCyAYZPgh5_id4zq-F0lgoKH7iHfL1Hyxn5H5Wg&e= >> _______________________________________________ scim mailing list >> scim@ietf.org >> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_scim&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=WmnYxVYjsRE1_cESvAJdAHdRQ3MCyAZb2HHTClsca_U&s=18i8xxKNQ5Kt6BoRZ2uBLo4GL-gB9ZWkzfQhwK8z6uA&e= > >> > _______________________________________________ scim mailing list > scim@ietf.org https://www.ietf.org/mailman/listinfo/scim > -- SWITCH Rolf Brugger, Trust & Identity Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland direct +41 44 268 15 89 rolf.brugger@switch.ch, https://www.switch.ch From nobody Mon Mar 27 08:53:16 2017 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12885126B71 for ; Mon, 27 Mar 2017 08:53:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.995 X-Spam-Level: X-Spam-Status: No, score=-6.995 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-2.796, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ffnGve5FR5xw for ; Mon, 27 Mar 2017 08:53:13 -0700 (PDT) Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBC5612945D for ; Mon, 27 Mar 2017 08:53:12 -0700 (PDT) Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v2RFrBQu006422 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 27 Mar 2017 15:53:12 GMT Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by aserv0021.oracle.com (8.13.8/8.14.4) with ESMTP id v2RFrB3B032111 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 27 Mar 2017 15:53:11 GMT Received: from abhmp0018.oracle.com (abhmp0018.oracle.com [141.146.116.24]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id v2RFrBUH023532; Mon, 27 Mar 2017 15:53:11 GMT Received: from dhcp-93f3.meeting.ietf.org (/31.133.147.243) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 27 Mar 2017 08:53:11 -0700 From: Phil Hunt Message-Id: <3B3D6357-F46A-489C-A3BB-358DEB082BD7@oracle.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_28994A82-8FC3-4D52-AC34-BCD58E97A146" Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\)) Date: Mon, 27 Mar 2017 10:53:02 -0500 In-Reply-To: Cc: scim@ietf.org To: Rolf Brugger References: <5dd746c7-647b-ad0f-a8cf-ad9c3ca8df7c@switch.ch> <5675DA25-C333-45E0-A5BB-AD88B20BFF83@oracle.com> X-Mailer: Apple Mail (2.3259) X-Source-IP: aserv0021.oracle.com [141.146.126.233] Archived-At: Subject: Re: [scim] Does SCIM have an access rights model? X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Mar 2017 15:53:15 -0000 --Apple-Mail=_28994A82-8FC3-4D52-AC34-BCD58E97A146 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii No problem. I believe you are free to innovate where it makes sense in = the context of your application. Note that as a profile of HTTP, SCIM has to follow the HTTP = specifications. We have made some clarifications as to HTTP status = response meanings in the context of SCIM. Phil Oracle Corporation, Identity Cloud Architect & Standards @independentid www.independentid.com = phil.hunt@oracle.com = > On Mar 27, 2017, at 10:50 AM, Rolf Brugger = wrote: >=20 > Hi Phil, >=20 > It does make sense to me that a model to manage access rights for SCIM = clients to a SCIM server is out of scope - mostly because it very = context dependent. >=20 > In our use case we have to limit access rights of SCIM clients, and I = just wanted to make sure that we are not re-inventing the wheel. >=20 > So thank you your answer. That was very helpful! >=20 > cheers >=20 > Rolf >=20 >=20 > On 27/03/17 16:55, Phil Hunt (IDM) wrote: >> Rolf >>=20 >> Thanks for your question. >>=20 >> At the moment SCIM is a provisioning protocol and access rules are up >> to the service provider. Eg What makes sense for a directory may not >> make sense for a crm system. >>=20 >> Regardless, the consequences to the client are still the same-success >> or unauthorized. :) >>=20 >> For historical context a similar discussion happened in LDAP. While >> requirements had consensus no interoperable model was defined. >>=20 >> With all that said, I think it may be useful to have discussions >> about lan oauth scope standard that could enable clients to request >> certain rights. Eg ability to query as a directory. Ability to do >> self updates etc. >>=20 >> This became more apparent when we wrote the oidc scim profile as >> clients wanted an access token with user self service rights instead >> of read only access at the oidc userinfo endpoint. >>=20 >> Phil >>=20 >>> On Mar 27, 2017, at 9:15 AM, Rolf Brugger >>> wrote: >>>=20 >>> Hi all, >>>=20 >>> I'm new to this list, and I hope my question is relevant to this >>> community. >>>=20 >>> In our particular use case we have one SCIM server and multiple >>> SCIM clients. All clients are allowed to query all identities and >>> all attributes. >>>=20 >>> However, not all clients have the same permissions to update/write >>> attributes. For example, some clients may only modify group >>> memberships of identities, while other clients have the exclusive >>> permission to modify name and email of identities. >>>=20 >>> Is there a model in SCIM or some kind of best practice in existing >>> implementations how to model client read/write permissions for >>> attributes? >>>=20 >>> best regards >>>=20 >>> Rolf >>>=20 >>> -- SWITCH Rolf Brugger, Trust & Identity Werdstrasse 2, P.O. Box, >>> 8021 Zurich, Switzerland direct +41 44 268 15 89 >>> rolf.brugger@switch.ch, >>> = https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__www.switch.ch&d=3DD= wICAg&c=3DRoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=3DJBm5biRrKugCH0Fk= ITSeGJxPEivzjWwlNKe4C_lLIGk&m=3DWmnYxVYjsRE1_cESvAJdAHdRQ3MCyAZb2HHTClsca_= U&s=3DAN-ijCyAYZPgh5_id4zq-F0lgoKH7iHfL1Hyxn5H5Wg&e=3D >>> _______________________________________________ scim mailing list >>> scim@ietf.org >>> = https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__www.ietf.org_mailma= n_listinfo_scim&d=3DDwICAg&c=3DRoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10= &r=3DJBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=3DWmnYxVYjsRE1_cESvAJdA= HdRQ3MCyAZb2HHTClsca_U&s=3D18i8xxKNQ5Kt6BoRZ2uBLo4GL-gB9ZWkzfQhwK8z6uA&e=3D= >>=20 >>>=20 >> _______________________________________________ scim mailing list >> scim@ietf.org = https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__www.ietf.org_mailma= n_listinfo_scim&d=3DDwICAg&c=3DRoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10= &r=3DJBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=3DrhrL9frOOOJ1GNPuLsvDg= auqPWURGhFr8AT0eiBF3Fs&s=3Dd9nM8LNKtuwsKP-gjdDyKX1YqZxzqEmcF72B4XJBKmM&e=3D= =20 >=20 > --=20 > SWITCH > Rolf Brugger, Trust & Identity > Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland > direct +41 44 268 15 89 > rolf.brugger@switch.ch, = https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__www.switch.ch&d=3DD= wICAg&c=3DRoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=3DJBm5biRrKugCH0Fk= ITSeGJxPEivzjWwlNKe4C_lLIGk&m=3DrhrL9frOOOJ1GNPuLsvDgauqPWURGhFr8AT0eiBF3F= s&s=3DfvcplE2qxGwfHwc_l9TCZtohuy5-fIhgyC3QWV1Xt_g&e=3D=20 > _______________________________________________ > scim mailing list > scim@ietf.org > = https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__www.ietf.org_mailma= n_listinfo_scim&d=3DDwICAg&c=3DRoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10= &r=3DJBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=3DrhrL9frOOOJ1GNPuLsvDg= auqPWURGhFr8AT0eiBF3Fs&s=3Dd9nM8LNKtuwsKP-gjdDyKX1YqZxzqEmcF72B4XJBKmM&e=3D= =20 --Apple-Mail=_28994A82-8FC3-4D52-AC34-BCD58E97A146 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii
No problem. I believe you are free to = innovate where it makes sense in the context of your = application.

Note that as a profile of HTTP, SCIM has to follow the HTTP = specifications.  We have made some clarifications as to HTTP status = response meanings in the context of SCIM.

Phil

Oracle Corporation, Identity Cloud = Architect & Standards
@independentid
www.independentid.com
phil.hunt@oracle.com











On Mar 27, 2017, at 10:50 AM, Rolf Brugger <rolf.brugger@switch.ch> wrote:

Hi = Phil,

It does make sense to me that a model = to manage access rights for SCIM clients to a SCIM server is out of = scope - mostly because it very context dependent.

In our use case we have to limit access rights of SCIM = clients, and I just wanted to make sure that we are not re-inventing the = wheel.

So thank you your answer. That was = very helpful!

cheers

Rolf


On 27/03/17 = 16:55, Phil Hunt (IDM) wrote:
Rolf

Thanks for your = question.

At the moment SCIM is a = provisioning protocol and access rules are up
to the = service provider. Eg What makes sense for a directory may not
make sense for a crm system.

Regardless, the consequences to the client are still the = same-success
or unauthorized. :)

For historical context a similar discussion happened in LDAP. = While
requirements had consensus no interoperable model = was defined.

With all that said, I think it = may be useful to have discussions
about lan oauth scope = standard that could enable clients to request
certain = rights. Eg ability to query as a directory. Ability to do
self updates etc.

This became = more apparent when we wrote the oidc scim profile as
clients= wanted an access token with user self service rights instead
of read only access at the oidc userinfo endpoint.

Phil

On Mar 27, 2017, at 9:15 AM, Rolf Brugger = <rolf.brugger@switch.ch>
wrote:

Hi all,

I'm new = to this list, and I hope my question is relevant to this
community.

In our particular use = case we have one SCIM server and multiple
SCIM clients. = All clients are allowed to query all identities and
all = attributes.

However, not all clients have = the same permissions to update/write
attributes. For = example, some clients may only modify group
memberships of = identities, while other clients have the exclusive
permission to modify name and email of identities.

Is there a model in SCIM or some kind of best = practice in existing
implementations how to model client = read/write permissions for
attributes?

best regards

Rolf

-- SWITCH Rolf Brugger, Trust & Identity = Werdstrasse 2, P.O. Box,
8021 Zurich, Switzerland direct = +41 44 268 15 89
rolf.brugger@switch.ch,
https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__www.swit= ch.ch&d=3DDwICAg&c=3DRoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&a= mp;r=3DJBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=3DWmnYxVYjsRE1_cE= SvAJdAHdRQ3MCyAZb2HHTClsca_U&s=3DAN-ijCyAYZPgh5_id4zq-F0lgoKH7iHfL1Hyx= n5H5Wg&e=3D
= _______________________________________________ scim mailing list
scim@ietf.org
https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__www.ietf= .org_mailman_listinfo_scim&d=3DDwICAg&c=3DRoP1YumCXCgaWHvlZYR8PQcx= BKCX5YTpkKY057SbK10&r=3DJBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&am= p;m=3DWmnYxVYjsRE1_cESvAJdAHdRQ3MCyAZb2HHTClsca_U&s=3D18i8xxKNQ5Kt6BoR= Z2uBLo4GL-gB9ZWkzfQhwK8z6uA&e=3D


_______________________________________________ = scim mailing list
scim@ietf.org https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__www.ietf= .org_mailman_listinfo_scim&d=3DDwICAg&c=3DRoP1YumCXCgaWHvlZYR8PQcx= BKCX5YTpkKY057SbK10&r=3DJBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&am= p;m=3DrhrL9frOOOJ1GNPuLsvDgauqPWURGhFr8AT0eiBF3Fs&s=3Dd9nM8LNKtuwsKP-g= jdDyKX1YqZxzqEmcF72B4XJBKmM&e=3D

--
SWITCH
Rolf Brugger, Trust = & Identity
Werdstrasse 2, P.O. Box, 8021 Zurich, = Switzerland
direct +41 44 268 15 89
rolf.brugger@switch.ch, https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__www.swit= ch.ch&d=3DDwICAg&c=3DRoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&a= mp;r=3DJBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=3DrhrL9frOOOJ1GNP= uLsvDgauqPWURGhFr8AT0eiBF3Fs&s=3DfvcplE2qxGwfHwc_l9TCZtohuy5-fIhgyC3QW= V1Xt_g&e=3D
_______________________________________________
scim mailing list
scim@ietf.org
https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__www.ietf= .org_mailman_listinfo_scim&d=3DDwICAg&c=3DRoP1YumCXCgaWHvlZYR8PQcx= BKCX5YTpkKY057SbK10&r=3DJBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&am= p;m=3DrhrL9frOOOJ1GNPuLsvDgauqPWURGhFr8AT0eiBF3Fs&s=3Dd9nM8LNKtuwsKP-g= jdDyKX1YqZxzqEmcF72B4XJBKmM&e=3D

= --Apple-Mail=_28994A82-8FC3-4D52-AC34-BCD58E97A146-- From nobody Tue Mar 28 05:11:40 2017 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3016512996E for ; Tue, 28 Mar 2017 05:11:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=erdtman-se.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BPJ41NmpmiVT for ; Tue, 28 Mar 2017 05:11:36 -0700 (PDT) Received: from mail-oi0-x234.google.com (mail-oi0-x234.google.com [IPv6:2607:f8b0:4003:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 983281294C3 for ; Tue, 28 Mar 2017 05:11:36 -0700 (PDT) Received: by mail-oi0-x234.google.com with SMTP id r203so38379747oib.3 for ; Tue, 28 Mar 2017 05:11:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=erdtman-se.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=s9zOiQbEX2+dPlpc5Ktl0U12Vu0/XPsQRcoCNJ11WOQ=; b=x2mAqeLM5j9Mn5boi2/Zw245jg0CE3BzN9ALob5ot/C6nlZGZBDXzJinUhj1YUOL5F XHNVdeZdEsj1WHKzN15ICjZG5iwubBROyeGTsGu10mcQfiuyZPb4ONNZ4t9In+NlZDLa uYK+lf58qcgxn8iZ3IpNJlgo2jRUSHdZ7EJ8rcZoCgHE5baJ+gfkpo0Bk7BceZcpbZQh RMlTz6uUGegZ2on19iQT7Hny2zDn0nB5RqkChnhlUU4mhEEOaOFyncNoIEkRr4W02cUd ofKPYXU/Fcqj2TfGZksO6XRPjtIQuO8SIfWeZUNsu24rWgp8I/ezmj1kIArUyFUb/e9x AhRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=s9zOiQbEX2+dPlpc5Ktl0U12Vu0/XPsQRcoCNJ11WOQ=; b=IaI8AcS/Hy/iTSPQE0IiezYRWJ3sM22HZA73LmoLyrH1ZmPehPQLLgvb7kjD6xyPo6 4tVNpXWSk+ZSDgDEu0QfEzJ4jZGrOw3r4QM4fWGuZ8V51pJvFvvGCxGe2dQsMqBT4ycy 333YkwSxmTLWuZRXHb8NMd11k02pUpScIXG32zBTMaaGBtiE0/BN1eiJY5vH1PBYwVQI fQouwSs4jXRLNYbv6ZN2a16Mj7Fc9SWgzJMzIYRKhautHG+VzoNe6UREJ7uSg3ebkOoK r/6ygjDqFpX81oHRoSw8n+sb+wlrCpEK0vOMadOwljG58TAWi1xh2YsrqVeqRFBAy6hX UvuQ== X-Gm-Message-State: AFeK/H1P4eq+fZsGrz3/DzwsJj8Ki04MAkp9GAoTzOxfR6aL5EmX4vIPiBG6NXUOHDKmFdXjcxnDznlYchULwg== X-Received: by 10.202.241.70 with SMTP id p67mr12569599oih.67.1490703095817; Tue, 28 Mar 2017 05:11:35 -0700 (PDT) MIME-Version: 1.0 References: <123f42044dc242d594307e6e7aeff6a7@amlsp7155.grupoamil.com.br> In-Reply-To: <123f42044dc242d594307e6e7aeff6a7@amlsp7155.grupoamil.com.br> From: Samuel Erdtman Date: Tue, 28 Mar 2017 12:11:25 +0000 Message-ID: To: "Leandro Gomes de Castro - PMO Diret/BR" , "scim@ietf.org" Content-Type: multipart/alternative; boundary=94eb2c0950827e028f054bc95c26 Archived-At: Subject: Re: [scim] Main differences between SCIM 1.1 and SCIM 2.0 X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Mar 2017 12:11:39 -0000 --94eb2c0950827e028f054bc95c26 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Adding the scim list. I would have to do some research before answering that question. Maybe Phil on the list can without On Mon, 27 Mar 2017 at 22:21, Leandro Gomes de Castro - PMO Diret/BR < leacastro@prestadores.amil.com.br> wrote: > Hello Samuel, how are you? > > We have an implementation of SCIM 2.0 product, incompatible with CA > connector, we would like to know the main differences for the SCIM 1.1 > version, to understand the impacts in case of downgrade. > > Thank you very much > *Leandro Castro* > leacastro@prestadores.amil.com.br > > *Aviso legal* > Esta mensagem, incluindo seus anexos, tem car=C3=A1ter confidencial e seu > conte=C3=BAdo =C3=A9 restrito ao destinat=C3=A1rio. Caso voc=C3=AA a tenh= a recebido por engano, > por favor, retorne-a ao destinat=C3=A1rio e apague-a de seus arquivos. = =C3=89 > expressamente proibido qualquer uso n=C3=A3o autorizado, replica=C3=A7=C3= =A3o ou > dissemina=C3=A7=C3=A3o desta mensagem ou de parte dela, sob qualquer meio= . > > *Disclaimer* > This message contains confidential information and is free of virus. The > information is intended for the addressee only. If you have received this > e-mail in error, please notify us immediately by replying to the sender a= nd > delete it from your files. You are hereby notified that any disclosure, > copying, distribution, or the taking of any action in reliance on the > contents of this information is strictly prohibited. > ------------------------------ > --94eb2c0950827e028f054bc95c26 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Adding the scim list.

I would have to do some= research before answering that question.

Maybe Ph= il on the list can without

On= Mon, 27 Mar 2017 at 22:21, Leandro Gomes de Castro - PMO Diret/BR <leacastro@prestadores.amil= .com.br> wrote:

He= llo Samuel, how are you?

We have an implementation of SCIM 2.0 product, incompatible with CA connect= or, we would like to know the main differences for the SCIM 1.1 version, to= understand the impacts in case of downgrade.

Thank you very much

= Leandro Castro
<= a href=3D"mailto:leacastro@prestadores.amil.com.br" class=3D"gmail_msg" tar= get=3D"_blank">leacastro@prestadores.amil.com.br=
<= u class=3D"gmail_msg">

Aviso legal
Esta mensagem, incluindo seus anexos, tem car=C3=A1ter confidencial e seu c= onte=C3=BAdo =C3=A9 restrito ao destinat=C3=A1rio. Caso voc=C3=AA a tenha r= ecebido por engano, por favor, retorne-a ao destinat=C3=A1rio e apague-a de= seus arquivos. =C3=89 expressamente proibido qualquer uso n=C3=A3o autoriz= ado, replica=C3=A7=C3=A3o ou dissemina=C3=A7=C3=A3o desta mensagem ou de parte = dela, sob qualquer meio.

Disclaimer
This message contains confidential information and is free of virus. The in= formation is intended for the addressee only. If you have received this e-m= ail in error, please notify us immediately by replying to the sender and de= lete it from your files. You are hereby notified that any disclosure, copying, distribution, or the taking = of any action in reliance on the contents of this information is strictly p= rohibited.
--94eb2c0950827e028f054bc95c26-- From nobody Tue Mar 28 06:01:46 2017 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCB291243FE for ; Tue, 28 Mar 2017 06:01:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.996 X-Spam-Level: X-Spam-Status: No, score=-6.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-2.796, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5sifavXhaXTZ for ; Tue, 28 Mar 2017 06:01:42 -0700 (PDT) Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E349129412 for ; Tue, 28 Mar 2017 06:01:42 -0700 (PDT) Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v2SD1d0M020456 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 28 Mar 2017 13:01:39 GMT Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by aserv0021.oracle.com (8.13.8/8.14.4) with ESMTP id v2SD1dnQ029518 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 28 Mar 2017 13:01:39 GMT Received: from abhmp0004.oracle.com (abhmp0004.oracle.com [141.146.116.10]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id v2SD1cNa005406; Tue, 28 Mar 2017 13:01:38 GMT Received: from [31.133.146.196] (/31.133.146.196) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 28 Mar 2017 06:01:38 -0700 Content-Type: multipart/alternative; boundary=Apple-Mail-30BDC80A-7F22-48E3-B8C0-66A311D52843 Mime-Version: 1.0 (1.0) From: "Phil Hunt (IDM)" X-Mailer: iPhone Mail (14D27) In-Reply-To: Date: Tue, 28 Mar 2017 08:01:36 -0500 Cc: Leandro Gomes de Castro - PMO Diret/BR , "scim@ietf.org" Content-Transfer-Encoding: 7bit Message-Id: <984A4E0A-9783-49EB-A4E1-B782189FCB27@oracle.com> References: <123f42044dc242d594307e6e7aeff6a7@amlsp7155.grupoamil.com.br> To: Samuel Erdtman X-Source-IP: aserv0021.oracle.com [141.146.126.233] Archived-At: Subject: Re: [scim] Main differences between SCIM 1.1 and SCIM 2.0 X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Mar 2017 13:01:45 -0000 --Apple-Mail-30BDC80A-7F22-48E3-B8C0-66A311D52843 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable There are other posts but here is my summary: https://blogs.oracle.com/fusionmiddleware/entry/standards_corner_ietf_scim_w= orking There were substantial changes to improve interop, simplicity and extensibil= ity as well as a much less cryptic and more powerful patch method. =20 Phil > On Mar 28, 2017, at 7:11 AM, Samuel Erdtman wrote: >=20 > Adding the scim list. >=20 > I would have to do some research before answering that question. >=20 > Maybe Phil on the list can without >=20 >> On Mon, 27 Mar 2017 at 22:21, Leandro Gomes de Castro - PMO Diret/BR wrote: >> Hello Samuel, how are you? >>=20 >> We have an implementation of SCIM 2.0 product, incompatible with CA conne= ctor, we would like to know the main differences for the SCIM 1.1 version, t= o understand the impacts in case of downgrade. >>=20 >> Thank you very much >>=20 >> Leandro Castro >> leacastro@prestadores.amil.com.br >>=20 >> Aviso legal >> Esta mensagem, incluindo seus anexos, tem car=C3=A1ter confidencial e seu= conte=C3=BAdo =C3=A9 restrito ao destinat=C3=A1rio. Caso voc=C3=AA a tenha r= ecebido por engano, por favor, retorne-a ao destinat=C3=A1rio e apague-a de s= eus arquivos. =C3=89 expressamente proibido qualquer uso n=C3=A3o autorizado= , replica=C3=A7=C3=A3o ou dissemina=C3=A7=C3=A3o desta mensagem ou de parte d= ela, sob qualquer meio.=20 >>=20 >> Disclaimer >> This message contains confidential information and is free of virus. The i= nformation is intended for the addressee only. If you have received this e-m= ail in error, please notify us immediately by replying to the sender and del= ete it from your files. You are hereby notified that any disclosure, copying= , distribution, or the taking of any action in reliance on the contents of t= his information is strictly prohibited. > _______________________________________________ > scim mailing list > scim@ietf.org > https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__www.ietf.org_mailma= n_listinfo_scim&d=3DDwICAg&c=3DRoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r= =3DJBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=3DIjBRYfF46Zxo03Cv3exacln_T= -Gm1y_WZ2uIYsAVPvk&s=3DRJ7Ar0cpR7MVdkZwQQHIM47zMbSN_-U0IbVxALLkcOQ&e=3D=20 --Apple-Mail-30BDC80A-7F22-48E3-B8C0-66A311D52843 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
There are other posts but here is my s= ummary:

The= re were substantial changes to improve interop, simplicity and extensibility= as well as a much less cryptic and more powerful patch method.  
=

Phil

On Mar 28, 2017, at 7:11 A= M, Samuel Erdtman <samuel@erdtman.se= > wrote:

Adding the s= cim list.

I would have to do some research before a= nswering that question.

Maybe Phil on the list can w= ithout

On Mon, 27 Mar 2017 at 2= 2:21, Leandro Gomes de Castro - PMO Diret/BR <leacastro@prestadores.amil.com.br> wrote:

Hell= o Samuel, how are you?

We have an implementation of SCIM 2.0 product, incompatible with CA connecto= r, we would like to know the main differences for the SCIM 1.1 version, to u= nderstand the impacts in case of downgrade.

Thank you very much

<= font color=3D"#333333" size=3D"2" face=3D"Tahoma" class=3D"gmail_msg">Leandro Castro=
leacastro@prestadores.amil.com.br

Aviso legal
Esta mensagem, incluindo seus anexos, tem car=C3=A1ter confidencial e seu co= nte=C3=BAdo =C3=A9 restrito ao destinat=C3=A1rio. Caso voc=C3=AA a tenha rec= ebido por engano, por favor, retorne-a ao destinat=C3=A1rio e apague-a de se= us arquivos. =C3=89 expressamente proibido qualquer uso n=C3=A3o autorizado,= replica=C3=A7=C3=A3o ou dissemina=C3=A7=C3=A3o desta mensagem ou de parte d= ela, sob qualquer meio.

Disclaimer
This message contains confidential information and is free of virus. The inf= ormation is intended for the addressee only. If you have received this e-mai= l in error, please notify us immediately by replying to the sender and delet= e it from your files. You are hereby notified that any disclosure, copying, distribution, or the taking o= f any action in reliance on the contents of this information is strictly pro= hibited.
= --Apple-Mail-30BDC80A-7F22-48E3-B8C0-66A311D52843-- From nobody Tue Mar 28 06:13:47 2017 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB296129538 for ; Tue, 28 Mar 2017 06:13:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.997 X-Spam-Level: X-Spam-Status: No, score=-6.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-2.796, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q-qBaWpgdd1R for ; Tue, 28 Mar 2017 06:13:43 -0700 (PDT) Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF6061298B7 for ; Tue, 28 Mar 2017 06:13:42 -0700 (PDT) Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v2SDDeHW006505 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 28 Mar 2017 13:13:41 GMT Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id v2SDDeeo028754 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 28 Mar 2017 13:13:40 GMT Received: from abhmp0015.oracle.com (abhmp0015.oracle.com [141.146.116.21]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id v2SDDdlX013989; Tue, 28 Mar 2017 13:13:39 GMT Received: from [172.20.1.98] (/216.80.61.6) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 28 Mar 2017 06:13:39 -0700 From: Phil Hunt Message-Id: <08351BAE-B3DB-4DC8-9FD6-741552E132B2@oracle.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_62BDEBE4-9670-4096-92B4-47C28F0B621B" Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\)) Date: Tue, 28 Mar 2017 08:13:37 -0500 In-Reply-To: <984A4E0A-9783-49EB-A4E1-B782189FCB27@oracle.com> Cc: Leandro Gomes de Castro - PMO Diret/BR , "scim@ietf.org" To: Samuel Erdtman References: <123f42044dc242d594307e6e7aeff6a7@amlsp7155.grupoamil.com.br> <984A4E0A-9783-49EB-A4E1-B782189FCB27@oracle.com> X-Mailer: Apple Mail (2.3259) X-Source-IP: aserv0022.oracle.com [141.146.126.234] Archived-At: Subject: Re: [scim] Main differences between SCIM 1.1 and SCIM 2.0 X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Mar 2017 13:13:46 -0000 --Apple-Mail=_62BDEBE4-9670-4096-92B4-47C28F0B621B Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Apologies, I referenced the wrong article, this one has more information = (from Sep 2015): https://blogs.oracle.com/fusionmiddleware/entry/standards_corner Phil Oracle Corporation, Identity Cloud Architect & Standards @independentid www.independentid.com = phil.hunt@oracle.com = > On Mar 28, 2017, at 8:01 AM, Phil Hunt (IDM) = wrote: >=20 > There are other posts but here is my summary: > = https://blogs.oracle.com/fusionmiddleware/entry/standards_corner_ietf_scim= _working = >=20 > There were substantial changes to improve interop, simplicity and = extensibility as well as a much less cryptic and more powerful patch = method. =20 >=20 > Phil >=20 > On Mar 28, 2017, at 7:11 AM, Samuel Erdtman > wrote: >=20 >> Adding the scim list. >>=20 >> I would have to do some research before answering that question. >>=20 >> Maybe Phil on the list can without >>=20 >> On Mon, 27 Mar 2017 at 22:21, Leandro Gomes de Castro - PMO Diret/BR = > wrote: >> Hello Samuel, how are you? >>=20 >> We have an implementation of SCIM 2.0 product, incompatible with CA = connector, we would like to know the main differences for the SCIM 1.1 = version, to understand the impacts in case of downgrade. >>=20 >> Thank you very much >>=20 >> Leandro Castro >> leacastro@prestadores.amil.com.br = >>=20 >> Aviso legal >> Esta mensagem, incluindo seus anexos, tem car=C3=A1ter confidencial e = seu conte=C3=BAdo =C3=A9 restrito ao destinat=C3=A1rio. Caso voc=C3=AA a = tenha recebido por engano, por favor, retorne-a ao destinat=C3=A1rio e = apague-a de seus arquivos. =C3=89 expressamente proibido qualquer uso = n=C3=A3o autorizado, replica=C3=A7=C3=A3o ou dissemina=C3=A7=C3=A3o = desta mensagem ou de parte dela, sob qualquer meio.=20 >>=20 >> Disclaimer >> This message contains confidential information and is free of virus. = The information is intended for the addressee only. If you have received = this e-mail in error, please notify us immediately by replying to the = sender and delete it from your files. You are hereby notified that any = disclosure, copying, distribution, or the taking of any action in = reliance on the contents of this information is strictly prohibited. >> _______________________________________________ >> scim mailing list >> scim@ietf.org >> = https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__www.ietf.org_mailma= n_listinfo_scim&d=3DDwICAg&c=3DRoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10= &r=3DJBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=3DIjBRYfF46Zxo03Cv3exac= ln_T-Gm1y_WZ2uIYsAVPvk&s=3DRJ7Ar0cpR7MVdkZwQQHIM47zMbSN_-U0IbVxALLkcOQ&e=3D= = =20 > _______________________________________________ > scim mailing list > scim@ietf.org > = https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__www.ietf.org_mailma= n_listinfo_scim&d=3DDwICAg&c=3DRoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10= &r=3DJBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=3DaEbMavJHEUKMpa8h9OsjV= yjYDmVJlf4YtNLKeJfa738&s=3Df1cWtY90NUL4qOLjbvU87_s7c891w_Kf0Kit0vdtL1Y&e=3D= =20 --Apple-Mail=_62BDEBE4-9670-4096-92B4-47C28F0B621B Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Apologies, I referenced the wrong article, this one has more = information (from Sep 2015):
https://blogs.oracle.com/fusionmiddleware/entry/standards_corne= r

Phil

Oracle Corporation, Identity Cloud = Architect & Standards
@independentid
www.independentid.com
phil.hunt@oracle.com











On Mar 28, 2017, at 8:01 AM, Phil Hunt (IDM) = <phil.hunt@oracle.com> wrote:

There are other = posts but here is my summary:
https://blogs.oracle.com/fusionmiddleware/entry/standards_corne= r_ietf_scim_working

There were substantial changes to improve interop, simplicity = and extensibility as well as a much less cryptic and more powerful patch = method.  

Phil

On Mar 28, 2017, at 7:11 AM, Samuel Erdtman <samuel@erdtman.se> = wrote:

Adding the scim = list.

I would = have to do some research before answering that question.

Maybe Phil on the list = can without

On Mon, 27 Mar 2017 at 22:21, = Leandro Gomes de Castro - PMO Diret/BR <leacastro@prestadores.amil.com.br> wrote:

Hello Samuel, how are you?

We have an implementation of SCIM 2.0 product, incompatible with CA = connector, we would like to know the main differences for the SCIM 1.1 = version, to understand the impacts in case of downgrade.

Thank you very much

Leandro Castro
leacastro@prestadores.amil.com.br

Aviso legal
Esta mensagem, incluindo seus anexos, tem car=C3=A1ter confidencial e = seu conte=C3=BAdo =C3=A9 restrito ao destinat=C3=A1rio. Caso voc=C3=AA a = tenha recebido por engano, por favor, retorne-a ao destinat=C3=A1rio e = apague-a de seus arquivos. =C3=89 expressamente proibido qualquer uso = n=C3=A3o autorizado, replica=C3=A7=C3=A3o ou dissemina=C3=A7=C3=A3o desta mensagem ou de = parte dela, sob qualquer meio.

Disclaimer
This message contains confidential information and is free of virus. The = information is intended for the addressee only. If you have received = this e-mail in error, please notify us immediately by replying to the = sender and delete it from your files. You are hereby notified that any disclosure, copying, distribution, or the = taking of any action in reliance on the contents of this information is = strictly prohibited.
_______________________________________________
scim mailing list
scim@ietf.org
https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__www.ietf= .org_mailman_listinfo_scim&d=3DDwICAg&c=3DRoP1YumCXCgaWHvlZYR8PQcx= BKCX5YTpkKY057SbK10&r=3DJBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&am= p;m=3DIjBRYfF46Zxo03Cv3exacln_T-Gm1y_WZ2uIYsAVPvk&s=3DRJ7Ar0cpR7MVdkZw= QQHIM47zMbSN_-U0IbVxALLkcOQ&e=3D
______________________________________= _________
scim mailing list
scim@ietf.org
https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__www.ietf= .org_mailman_listinfo_scim&d=3DDwICAg&c=3DRoP1YumCXCgaWHvlZYR8PQcx= BKCX5YTpkKY057SbK10&r=3DJBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&am= p;m=3DaEbMavJHEUKMpa8h9OsjVyjYDmVJlf4YtNLKeJfa738&s=3Df1cWtY90NUL4qOLj= bvU87_s7c891w_Kf0Kit0vdtL1Y&e=3D

= --Apple-Mail=_62BDEBE4-9670-4096-92B4-47C28F0B621B--