From nobody Fri Apr 1 10:39:17 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1E7E12D693 for ; Fri, 1 Apr 2016 10:39:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.311 X-Spam-Level: X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sunet.se Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YhxKOeG1zcEc for ; Fri, 1 Apr 2016 10:39:12 -0700 (PDT) Received: from e-mailfilter01.sunet.se (e-mailfilter01.sunet.se [IPv6:2001:6b0:8:2::201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DE8512D696 for ; Fri, 1 Apr 2016 10:39:12 -0700 (PDT) Received: from smtp1.sunet.se (smtp1.sunet.se [192.36.171.214]) by e-mailfilter01.sunet.se (8.14.4/8.14.4/Debian-4) with ESMTP id u31Hd9U4002652 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Fri, 1 Apr 2016 19:39:09 +0200 Received: from kerio.sunet.se (kerio.sunet.se [192.36.171.210]) by smtp1.sunet.se (8.14.9/8.14.7) with ESMTP id u31Hd6eG009128 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 1 Apr 2016 19:39:08 +0200 (CEST) VBR-Info: md=sunet.se; mc=all; mv=swamid.se DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sunet.se; s=default; t=1459532348; bh=/KVthFAxgdeWomXl2qUudky3YR8B9WFqwwmJg/x48Z0=; h=To:From:Subject:Date; b=44BCzNbzRNuukLB3juafssD+D12O/yrl/G9110av34OzAWpeRxzTXDRytCe8qZjx6 UtPvnu7fF00dF8t7FPbbfJ0q1Aq7HT6z9YLzU8sefez0vyQeRMCX7ypMq8uhldB6Q8 U3IgOHTNYX8aeO2VZHbflVv2HD/Rue+BYPSNBo+M= X-Footer: c3VuZXQuc2U= Received: from [10.53.150.125] ([88.128.81.90]) (authenticated user leifj@sunet.se) by kerio.sunet.se (Kerio Connect 9.0.1) with ESMTPSA (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128 bits)) for scim@ietf.org; Fri, 1 Apr 2016 19:39:04 +0200 To: "scim@ietf.org" From: Leif Johansson Message-ID: <56FEB236.6060105@sunet.se> Date: Fri, 1 Apr 2016 19:39:02 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-CanIt-Geo: ip=192.36.171.210; country=SE; latitude=59.3294; longitude=18.0686; http://maps.google.com/maps?q=59.3294,18.0686&z=6 X-CanItPRO-Stream: outbound-sunet-se:outbound (inherits from outbound-sunet-se:default, sunet-se:default, base:default) X-Canit-Stats-ID: 09QB5D9r7 - b7ea5039665d - 20160401 X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw Received-SPF: neutral (e-mailfilter01.sunet.se: 192.36.171.210 is neither permitted nor denied by domain leifj@sunet.se) receiver=e-mailfilter01.sunet.se; client-ip=192.36.171.210; envelope-from=; helo=smtp1.sunet.se; identity=mailfrom X-Scanned-By: CanIt (www . roaringpenguin . com) on 192.36.171.201 Archived-At: Subject: [scim] agenda for Tuesday X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Apr 2016 17:39:15 -0000 Folks, As you all probably know we did get a slot on Tuesday (16:20-17:20) and I posted an agenda that is pretty open-ended but focuses on talking about what we want to do next with SCIM. Some of you have I-Ds covering various proposals. We only have an hour but we should probably devote some of that time to short run-throughs of some of those proposals. Keep the slides short and sweet and send them to me or Morteza in advance if you want them. Cheers Leif From nobody Fri Apr 1 11:11:01 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8579E12D172; Fri, 1 Apr 2016 11:10:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.211 X-Spam-Level: X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nj0etGOlVd-U; Fri, 1 Apr 2016 11:10:57 -0700 (PDT) Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0FB412D0E6; Fri, 1 Apr 2016 11:10:57 -0700 (PDT) Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u31IAu4J025336 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 1 Apr 2016 18:10:56 GMT Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by aserv0022.oracle.com (8.13.8/8.13.8) with ESMTP id u31IAtFP012365 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 1 Apr 2016 18:10:56 GMT Received: from abhmp0008.oracle.com (abhmp0008.oracle.com [141.146.116.14]) by aserv0121.oracle.com (8.13.8/8.13.8) with ESMTP id u31IAtwX019190; Fri, 1 Apr 2016 18:10:55 GMT Received: from [10.0.1.20] (/24.86.216.17) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 01 Apr 2016 11:10:55 -0700 From: Phil Hunt Content-Type: multipart/alternative; boundary="Apple-Mail=_89A68BBF-56ED-4A16-AD88-E5E5701CF6B5" Date: Fri, 1 Apr 2016 11:10:53 -0700 Message-Id: <0A230B0A-93C2-4CA7-8BB8-18AD0573F34F@oracle.com> To: id-event@ietf.org Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\)) X-Mailer: Apple Mail (2.3112) X-Source-IP: aserv0022.oracle.com [141.146.126.234] Archived-At: Cc: "scim@ietf.org WG" , openid-general@lists.openid.net Subject: [scim] Identity Events - GitHub site X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Apr 2016 18:10:59 -0000 --Apple-Mail=_89A68BBF-56ED-4A16-AD88-E5E5701CF6B5 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii In order to provide more time for access prior to the Tuesday discussion = (during the SCIM slot at IETF95), I have posted all of the drafts that = have been worked on in github at: https://github.com/independentid/Identity-Events = The following drafts are available: draft-hunt-idevent-token-00 (published to IETF) - The event token format = based on JWT draft-hunt-idevent-scim-00 (published to IETF) - Event token extension = for SCIM draft-hunt-idevent-distribution-00 (unpublished) - Metadata and methods = for distributing events Also available (historical only): draft-hunt-scim-notify-00 (published to IETF) - An old SCIM submission = for historical purposes. draft-hunt-idevent-subscription-00 - An initial re-work of notify. = Replaced by draft-hunt-idevent-distribution. As I mentioned in an earlier email this week, the distribution draft = removes all of the protocol around how subscriptions are managed and = updated. It only defines the metadata and sets up a registry for = defining distribution methods. The draft includes the following methods = so far: - webCallback - Where the publisher uses HTTP POST to distribute events = to registered subscriber - poll - Where a subscriber uses HTTP GET to pick up events at a = subscriber endpoint from the publisher. This draft is still very preliminary, but I think it does serve the = purpose of getting discussion going. It also removes all of the SCIM specific semantics and focuses on general JSON and JWT = formatted messages. I will publish the distribution draft on Monday = when the submission window re-opens.=20 The work presented here has not yet been specifically implemented but is = strongly informed based on feedback from current production systems and = experience. Thanks for your comments and feedback.=20 Phil @independentid www.independentid.com = phil.hunt@oracle.com = --Apple-Mail=_89A68BBF-56ED-4A16-AD88-E5E5701CF6B5 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii In order to provide more time for access prior to the Tuesday = discussion (during the SCIM slot at IETF95), I have posted all of the = drafts that have been worked on in github at:
https://github.com/independentid/Identity-Events

The following drafts are = available:

draft-hunt-idevent-token-00 (published to IETF) - The event = token format based on JWT
draft-hunt-idevent-scim-00 = (published to IETF) - Event token extension for SCIM
draft-hunt-idevent-distribution-00 (unpublished) - Metadata = and methods for distributing events

Also available (historical = only):
draft-hunt-scim-notify-00 (published to = IETF) - An old SCIM submission for historical purposes.
draft-hunt-idevent-subscription-00 - An initial re-work of = notify. Replaced by draft-hunt-idevent-distribution.

As I mentioned in an = earlier email this week, the distribution draft removes all of the = protocol around how subscriptions are managed and updated. It only = defines the metadata and sets up a registry for defining distribution = methods.  The draft includes the following methods so = far:
 - webCallback - Where the publisher uses = HTTP POST to distribute events to registered subscriber
 - poll - Where a subscriber uses HTTP GET to pick up = events at a subscriber endpoint from the publisher.

This draft is still very = preliminary, but I think it does serve the purpose of getting discussion = going. It also removes all
of the SCIM specific = semantics and focuses on general JSON and JWT formatted messages. =  I will publish the distribution draft on Monday when the = submission window re-opens. 

The work presented here has not yet = been specifically implemented but is strongly informed based on feedback = from current production systems and experience.

Thanks for your comments and = feedback. 

Phil

@independentid
www.independentid.com
phil.hunt@oracle.com





= --Apple-Mail=_89A68BBF-56ED-4A16-AD88-E5E5701CF6B5-- From nobody Sun Apr 3 09:30:54 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAF1512D5FD for ; Sun, 3 Apr 2016 09:30:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=tarent-de.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XMZKHftgiPRH for ; Sun, 3 Apr 2016 09:30:51 -0700 (PDT) Received: from mail-lb0-x233.google.com (mail-lb0-x233.google.com [IPv6:2a00:1450:4010:c04::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A00812D12C for ; Sun, 3 Apr 2016 09:30:50 -0700 (PDT) Received: by mail-lb0-x233.google.com with SMTP id bc4so127467523lbc.2 for ; Sun, 03 Apr 2016 09:30:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tarent-de.20150623.gappssmtp.com; s=20150623; h=from:subject:message-id:date:to:mime-version; bh=F3dW6qi9lUrPJQ4B+jo1eCqsOZmJ71FecGiChiQKBK0=; b=Fzp1JMsMcMAWVQ5RHzf8nqO8/4Q7fSjAt+4/72GR6JMA64BrUxETLAReL4FSF+GZJR Q3KOakjiY94FdFzDc0Abhc7YPHwq3NLunnR2sMtGFcFB/Vkq/8HTTjPZx4DsM7Nrhg70 ef55vgMFRGjQxaZAi52p6BZCL4c+QdRQZCcIF1bOfGI+R5Mcr9D5LeiX6IjAYgABiUsh MrV97ZBmykQzyIHvfyWjhtk1rQ978Etct9zmAEAysiboO1iyNNV3Z14dqm32qI37StqZ ZgmhQda06ACTiEXGo0FhwjNshHGpDFVEd51KtJECuCuV8atzf3bQ0AWP+AHaWQa8aink 8vWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:subject:message-id:date:to:mime-version; bh=F3dW6qi9lUrPJQ4B+jo1eCqsOZmJ71FecGiChiQKBK0=; b=aTYkaOV6tnp/GeWdDhe3jYINXKVciesLd6iiyuMY7jPzBbYqkddTRpH6akHYE+wR6Q VUpaVTyhiLeIHQhMJ1SaEZR9cSnEi0ZHajnHPx7TcaXmSNznLyI3JBObLjXlDSYVk5+u EXzua3r7EW5NeDdgKsnjDGgY+9I1awMoOJ+z9gNj6gKwBn6bfHxYGcbG02dhRKo+d2AQ qWDeCk79bZtoEX0g8AtQ5NVQ3Uj9c97TKHK1GzDXPRMmsUw4pxFV92Fw8oRJE9jjfuqr qs78jBTOvKj2NKzGThEVVpbIGU0BybdIOfIWgrg2oXO3zyKBoJZsS6Ot/G76d0eJCtjO rj+A== X-Gm-Message-State: AD7BkJKH/9LHoNIGtdEL543nqipeRxKIMlpLPej8ZG9+a8ax0KHynhWgQA16ml47u3Ei7eq3 X-Received: by 10.28.221.9 with SMTP id u9mr7802840wmg.92.1459701048971; Sun, 03 Apr 2016 09:30:48 -0700 (PDT) Received: from davids-mbp-3.fritz.box (p5B2ED40D.dip0.t-ipconnect.de. [91.46.212.13]) by smtp.gmail.com with ESMTPSA id z6sm9434606wme.9.2016.04.03.09.30.47 for (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 03 Apr 2016 09:30:47 -0700 (PDT) From: David Crome Content-Type: multipart/alternative; boundary="Apple-Mail=_844940EB-53B1-42D9-AABC-5E54DEC5D33A" Message-Id: Date: Sun, 3 Apr 2016 18:30:47 +0200 To: "scim@ietf.org" Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\)) X-Mailer: Apple Mail (2.3112) Archived-At: Subject: [scim] Registering SCIM Schema X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Apr 2016 16:30:53 -0000 --Apple-Mail=_844940EB-53B1-42D9-AABC-5E54DEC5D33A Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi, we (https://github.com/osiam/osiam) like to register a SCIM URN = Sub-namespace for our internal extension: urn:ietf:params:scim:schemas:org.osiam Anything else we need to do for the registration? Regards, David Crome --Apple-Mail=_844940EB-53B1-42D9-AABC-5E54DEC5D33A Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii
Hi,

we (https://github.com/osiam/osiam) like to register a = SCIM URN Sub-namespace for our internal = extension:

urn:ietf:params:scim:schemas:org.osiam

Anything else we need to do for the = registration?

Regards,
David Crome



= --Apple-Mail=_844940EB-53B1-42D9-AABC-5E54DEC5D33A-- From nobody Sun Apr 3 09:59:46 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 691F212D15C for ; Sun, 3 Apr 2016 09:59:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.21 X-Spam-Level: X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xRZjhQ71cVVR for ; Sun, 3 Apr 2016 09:59:43 -0700 (PDT) Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97A2B12D104 for ; Sun, 3 Apr 2016 09:59:43 -0700 (PDT) Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u33GxgX8021480 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sun, 3 Apr 2016 16:59:42 GMT Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by aserv0022.oracle.com (8.13.8/8.13.8) with ESMTP id u33GxfM0032569 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sun, 3 Apr 2016 16:59:42 GMT Received: from abhmp0004.oracle.com (abhmp0004.oracle.com [141.146.116.10]) by aserv0121.oracle.com (8.13.8/8.13.8) with ESMTP id u33GxfwC024970; Sun, 3 Apr 2016 16:59:41 GMT Received: from [31.133.137.184] (/31.133.137.184) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sun, 03 Apr 2016 09:59:41 -0700 Content-Type: multipart/alternative; boundary=Apple-Mail-8F8B0A98-8F07-4525-9F50-8AA229A9F2C9 Mime-Version: 1.0 (1.0) From: "Phil Hunt (IDM)" X-Mailer: iPhone Mail (13E238) In-Reply-To: Date: Sun, 3 Apr 2016 13:59:38 -0300 Content-Transfer-Encoding: 7bit Message-Id: References: To: David Crome X-Source-IP: aserv0022.oracle.com [141.146.126.234] Archived-At: Cc: "scim@ietf.org" Subject: Re: [scim] Registering SCIM Schema X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Apr 2016 16:59:45 -0000 --Apple-Mail-8F8B0A98-8F07-4525-9F50-8AA229A9F2C9 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Follow the instructions in the iana section of RFC7643.=20 Cheers Phil > On Apr 3, 2016, at 13:30, David Crome wrote: >=20 > Hi, >=20 > we (https://github.com/osiam/osiam) like to register a SCIM URN Sub-namesp= ace for our internal extension: >=20 > urn:ietf:params:scim:schemas:org.osiam >=20 > Anything else we need to do for the registration? >=20 > Regards, > David Crome >=20 >=20 >=20 > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim --Apple-Mail-8F8B0A98-8F07-4525-9F50-8AA229A9F2C9 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
Follow the instructions in the iana se= ction of RFC7643. 

Cheers

Phil

On Apr 3, 2016, at= 13:30, David Crome <d.crome@tarent.= de> wrote:

Hi,

we (https://github.com/osiam/osiam) like to register a SCIM&n= bsp;URN Sub-namespace for our internal extension:

urn:ietf:params:scim:schemas:org.osiam

=
Anything else we n= eed to do for the registration?

Regards,
David Crome



____________________= ___________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman= /listinfo/scim
= --Apple-Mail-8F8B0A98-8F07-4525-9F50-8AA229A9F2C9-- From nobody Mon Apr 4 19:15:31 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A4E212D60A; Mon, 4 Apr 2016 19:15:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.21 X-Spam-Level: X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rfyLqiteIycA; Mon, 4 Apr 2016 19:15:22 -0700 (PDT) Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EAED112D5A9; Mon, 4 Apr 2016 19:15:21 -0700 (PDT) Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u352FKZZ012557 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 5 Apr 2016 02:15:21 GMT Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userv0022.oracle.com (8.14.4/8.13.8) with ESMTP id u352FJX5011038 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 5 Apr 2016 02:15:20 GMT Received: from abhmp0008.oracle.com (abhmp0008.oracle.com [141.146.116.14]) by aserv0121.oracle.com (8.13.8/8.13.8) with ESMTP id u352FJcX000566; Tue, 5 Apr 2016 02:15:19 GMT Received: from dhcp-896a.meeting.ietf.org (/31.133.138.106) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 04 Apr 2016 19:15:19 -0700 From: Phil Hunt Content-Type: multipart/alternative; boundary="Apple-Mail=_8A22F07C-487E-4CB1-BB28-E9280F05E240" Message-Id: Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\)) Date: Mon, 4 Apr 2016 23:15:15 -0300 References: <20160405021126.13977.45272.idtracker@ietfa.amsl.com> To: "scim@ietf.org WG" , id-event@ietf.org, "" , openid-general@lists.openid.net X-Mailer: Apple Mail (2.3112) X-Source-IP: userv0022.oracle.com [156.151.31.74] Archived-At: Subject: [scim] New Version Notification for draft-hunt-idevent-distribution-00.txt X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Apr 2016 02:15:24 -0000 --Apple-Mail=_8A22F07C-487E-4CB1-BB28-E9280F05E240 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 FYI=E2=80=A6 I previously announced this draft as available in github. I=E2=80=99ve = published it tonight in advance of tomorrows discussion. Note that this is very preliminary and I=E2=80=99ve already had some = excellent feedback on improvements.=20 Looking forward to a good discussion tomorrow. Cheers, Phil @independentid www.independentid.com = phil.hunt@oracle.com = > Begin forwarded message: >=20 > From: internet-drafts@ietf.org > Subject: New Version Notification for = draft-hunt-idevent-distribution-00.txt > Date: April 4, 2016 at 11:11:26 PM GMT-3 > To: "Phil Hunt" , "Morteza Ansari" = >=20 >=20 > A new version of I-D, draft-hunt-idevent-distribution-00.txt > has been successfully submitted by Phil Hunt and posted to the > IETF repository. >=20 > Name: draft-hunt-idevent-distribution > Revision: 00 > Title: Identity Event Subscription Protocol > Document date: 2016-04-04 > Group: Individual Submission > Pages: 22 > URL: = https://www.ietf.org/internet-drafts/draft-hunt-idevent-distribution-00.tx= t > Status: = https://datatracker.ietf.org/doc/draft-hunt-idevent-distribution/ > Htmlized: = https://tools.ietf.org/html/draft-hunt-idevent-distribution-00 >=20 >=20 > Abstract: > This specification defines a registry to define methods to = distribute > identity events to subscribers. It includes a definition for > publishers to use HTTP POST to push events to clients via web > callback, and a method for subscribers to use HTTP GET to retrieve > events in a feed queue. >=20 >=20 >=20 >=20 > Please note that it may take a couple of minutes from the time of = submission > until the htmlized version and diff are available at tools.ietf.org. >=20 > The IETF Secretariat >=20 --Apple-Mail=_8A22F07C-487E-4CB1-BB28-E9280F05E240 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 FYI=E2=80=A6

I previously announced this draft as available in github. = I=E2=80=99ve published it tonight in advance of tomorrows = discussion.

Note= that this is very preliminary and I=E2=80=99ve already had some = excellent feedback on improvements. 

Looking forward to a good discussion = tomorrow.

Cheers,




Begin forwarded message:

From: = internet-drafts@ietf.org
Subject: = New Version = Notification for draft-hunt-idevent-distribution-00.txt
Date: = April 4, 2016 at 11:11:26 PM = GMT-3
To: = "Phil Hunt" <phil.hunt@yahoo.com>, "Morteza Ansari" <morteza.ansari@cisco.com>

A new version = of I-D, draft-hunt-idevent-distribution-00.txt
has been = successfully submitted by Phil Hunt and posted to the
IETF = repository.

Name: = draft-hunt-idevent-distribution
Revision: 00
Title:= = Identity Event Subscription Protocol
Document = date: = 2016-04-04
Group: Individual Submission
Pages:= = 22
URL: =            https://www.ietf.org/internet-drafts/draft-hunt-idevent-distrib= ution-00.txt
Status: =         https://datatracker.ietf.org/doc/draft-hunt-idevent-distributio= n/
Htmlized:       https://tools.ietf.org/html/draft-hunt-idevent-distribution-00<= /a>


Abstract:
=   This specification defines a registry to define methods to = distribute
  identity events to subscribers. =  It includes a definition for
  publishers = to use HTTP POST to push events to clients via web
=   callback, and a method for subscribers to use HTTP GET to = retrieve
  events in a feed queue.




Please note that it may take a couple of minutes from the = time of submission
until the htmlized version and diff are = available at tools.ietf.org.

The IETF = Secretariat


= --Apple-Mail=_8A22F07C-487E-4CB1-BB28-E9280F05E240-- From nobody Tue Apr 5 14:59:44 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25F3E12D1F0; Tue, 5 Apr 2016 14:59:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.53 X-Spam-Level: X-Spam-Status: No, score=-14.53 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PbC_o41gzxGH; Tue, 5 Apr 2016 14:59:39 -0700 (PDT) Received: from smtp-fw-4101.amazon.com (smtp-fw-4101.amazon.com [72.21.198.25]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72B3A12D192; Tue, 5 Apr 2016 14:59:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1459893579; x=1491429579; h=from:to:subject:date:message-id:mime-version; bh=gAftxoS5BnKmuraUVq7cCiLsKxxSH5jtpedelAS+lnI=; b=oXCztm3rrucAwb6CY8fT3E5FUqPu3PXNiZ0URo/tx8tkaZQkuJiFJglN OgtE7OOGRL6Ea+bUGW/saddcHd89eKE/Kt0IWURZVzw0V9xpW3cJVAcNV I3ZUiyinymEGmomlzL7OYOg6M2aKrT94A/xYZgwetAUdQcdf4lnWFzjhc M=; X-IronPort-AV: E=Sophos;i="5.24,445,1454976000"; d="scan'208,217";a="483233609" Received: from iad12-co-svc-p1-lb1-vlan2.amazon.com (HELO email-inbound-relay-71005.iad55.amazon.com) ([10.43.8.2]) by smtp-border-fw-out-4101.iad4.amazon.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 05 Apr 2016 21:59:37 +0000 Received: from ex10-hub-7002.ant.amazon.com (iad1-ws-svc-lb91-vlan2.amazon.com [10.0.103.146]) by email-inbound-relay-71005.iad55.amazon.com (8.14.7/8.14.7) with ESMTP id u35Lwl6F003619 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 5 Apr 2016 21:59:36 GMT Received: from EX13D03UWA001.ant.amazon.com (10.43.160.141) by ex10-hub-7002.ant.amazon.com (10.43.110.153) with Microsoft SMTP Server (TLS) id 14.3.181.6; Tue, 5 Apr 2016 14:59:24 -0700 Received: from EX13D03UWA001.ant.amazon.com (10.43.160.141) by EX13D03UWA001.ant.amazon.com (10.43.160.141) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Tue, 5 Apr 2016 21:59:22 +0000 Received: from EX13D03UWA001.ant.amazon.com ([10.43.160.141]) by EX13D03UWA001.ant.amazon.com ([10.43.160.141]) with mapi id 15.00.1104.000; Tue, 5 Apr 2016 21:59:22 +0000 From: "Hardt, Dick" To: "scim@ietf.org" , "oauth@ietf.org" Thread-Topic: Simple Federation Deployment Thread-Index: AQHRj4ZpF7B+0HEfvEK1Conjtst8Ig== Date: Tue, 5 Apr 2016 21:59:22 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.43.161.78] Content-Type: multipart/alternative; boundary="_000_F5394E82327845D087AE42FC8742F252amazoncom_" MIME-Version: 1.0 Precedence: Bulk Archived-At: Subject: [scim] Simple Federation Deployment X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Apr 2016 21:59:41 -0000 --_000_F5394E82327845D087AE42FC8742F252amazoncom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 VXNlIGNhc2U6IEFuIGFkbWluIGZvciBhbiBvcmdhbml6YXRpb24gd291bGQgbGlrZSB0byBlbmFi bGUgaGVyIHVzZXJzIHRvIGFjY2VzcyBhIFNhYVMgYXBwbGljYXRpb24gYXQgaGVyIElkUC4NCg0K VXNlciBleHBlcmllbmNlOg0KDQogIDEuICBBZG1pbiBhdXRoZW50aWNhdGVzIHRvIElkUCBpbiBi cm93c2VyDQogIDIuICBBZG1pbiBzZWxlY3RzIFNhYVMgYXBwIHRvIGZlZGVyYXRlIHdpdGggZnJv bSBsaXN0IGF0IElkUA0KICAzLiAgSWRQIG9wdGlvbmFsbHkgcHJlc2VudHMgY29uZmlnIG9wdGlv bnMNCiAgNC4gIElkUCByZWRpcmVjdHMgQWRtaW4gdG8gU2FhUyBhcHANCiAgNS4gIEFkbWluIGF1 dGhlbnRpY2F0ZXMgdG8gU2FhUyBhcHANCiAgNi4gIFNhYVMgYXBwIG9wdGlvbmFsbHkgZ2F0aGVy cyBjb25maWcgb3B0aW9ucw0KICA3LiAgU2FhUyBhcHAgcmVkaXJlY3RzIGFkbWluIHRvIElkUA0K ICA4LiAgSWRQIGNvbmZpcm1zIHN1Y2Nlc3NmdWwgZmVkZXJhdGlvbiA9PiBPSURDIC8gU0FNTCBh bmQgU0NJTSBhcmUgbm93IGNvbmZpZ3VyZWQgYW5kIHdvcmtpbmcgYmV0d2VlbiBJZFAgYW5kIFNh YVMgQXBwDQoNCldobyBlbHNlIGlzIGludGVyZXN0ZWQgaW4gc29sdmluZyB0aGlzPw0KDQpJcyB0 aGVyZSBpbnRlcmVzdCBpbiB3b3JraW5nIG9uIHRoaXMgaW4gZWl0aGVyIFNDSU0gb3IgT0FVVEgg V2dzPw0KDQpBbnkgb25lIGluIEJBIGludGVyZXN0ZWQgaW4gbWVldGluZyBvbiB0aGlzIHRvcGlj IHRoaXMgd2Vlaz8NCg0K4oCUIERpY2sNCg== --_000_F5394E82327845D087AE42FC8742F252amazoncom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsgY29sb3I6IHJnYigwLCAwLCAwKTsgZm9udC1zaXplOiAx NHB4OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiPg0KPGRpdj5Vc2UgY2FzZTog QW4gYWRtaW4gZm9yIGFuIG9yZ2FuaXphdGlvbiB3b3VsZCBsaWtlIHRvIGVuYWJsZSBoZXIgdXNl cnMgdG8gYWNjZXNzIGEgU2FhUyBhcHBsaWNhdGlvbiBhdCBoZXIgSWRQLiZuYnNwOzwvZGl2Pg0K PGRpdj48YnI+DQo8L2Rpdj4NCjxkaXY+VXNlciBleHBlcmllbmNlOiZuYnNwOzwvZGl2Pg0KPG9s Pg0KPGxpPkFkbWluIGF1dGhlbnRpY2F0ZXMgdG8gSWRQIGluIGJyb3dzZXI8L2xpPjxsaT5BZG1p biBzZWxlY3RzIFNhYVMgYXBwIHRvIGZlZGVyYXRlIHdpdGggZnJvbSBsaXN0IGF0IElkUDwvbGk+ PGxpPklkUCBvcHRpb25hbGx5IHByZXNlbnRzIGNvbmZpZyBvcHRpb25zPC9saT48bGk+SWRQIHJl ZGlyZWN0cyBBZG1pbiB0byBTYWFTIGFwcDwvbGk+PGxpPkFkbWluIGF1dGhlbnRpY2F0ZXMgdG8g U2FhUyBhcHA8L2xpPjxsaT5TYWFTIGFwcCBvcHRpb25hbGx5IGdhdGhlcnMgY29uZmlnIG9wdGlv bnM8L2xpPjxsaT5TYWFTIGFwcCByZWRpcmVjdHMgYWRtaW4gdG8gSWRQPC9saT48bGk+SWRQIGNv bmZpcm1zIHN1Y2Nlc3NmdWwgZmVkZXJhdGlvbiA9Jmd0OyBPSURDIC8gU0FNTCBhbmQgU0NJTSBh cmUgbm93IGNvbmZpZ3VyZWQgYW5kIHdvcmtpbmcgYmV0d2VlbiBJZFAgYW5kIFNhYVMgQXBwPC9s aT48L29sPg0KPGRpdj5XaG8gZWxzZSBpcyBpbnRlcmVzdGVkIGluIHNvbHZpbmcgdGhpcz88L2Rp dj4NCjxkaXY+PGJyPg0KPC9kaXY+DQo8ZGl2PklzIHRoZXJlIGludGVyZXN0IGluIHdvcmtpbmcg b24gdGhpcyBpbiBlaXRoZXIgU0NJTSBvciBPQVVUSCBXZ3M/PC9kaXY+DQo8ZGl2Pjxicj4NCjwv ZGl2Pg0KPGRpdj5Bbnkgb25lIGluIEJBIGludGVyZXN0ZWQgaW4gbWVldGluZyBvbiB0aGlzIHRv cGljIHRoaXMgd2Vlaz88L2Rpdj4NCjxkaXY+PGJyPg0KPC9kaXY+DQo8ZGl2PuKAlCBEaWNrPC9k aXY+DQo8ZGl2Pg0KPGRpdiBpZD0iTUFDX09VVExPT0tfU0lHTkFUVVJFIj48L2Rpdj4NCjwvZGl2 Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_F5394E82327845D087AE42FC8742F252amazoncom_-- From nobody Tue Apr 5 15:11:30 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D41012D877; Tue, 5 Apr 2016 15:11:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.21 X-Spam-Level: X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Uv_GMKBlUW6O; Tue, 5 Apr 2016 15:11:22 -0700 (PDT) Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0FBB12D0F4; Tue, 5 Apr 2016 15:11:22 -0700 (PDT) Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u35MBKIR006526 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 5 Apr 2016 22:11:20 GMT Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserv0021.oracle.com (8.13.8/8.13.8) with ESMTP id u35MBJwC009533 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 5 Apr 2016 22:11:20 GMT Received: from abhmp0013.oracle.com (abhmp0013.oracle.com [141.146.116.19]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id u35MBJ2I018720; Tue, 5 Apr 2016 22:11:19 GMT Received: from [31.133.161.104] (/31.133.161.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 05 Apr 2016 15:11:19 -0700 Content-Type: multipart/alternative; boundary=Apple-Mail-F1D45B87-372B-4321-A798-33B7273126BC Mime-Version: 1.0 (1.0) From: "Phil Hunt (IDM)" X-Mailer: iPhone Mail (13E238) In-Reply-To: Date: Tue, 5 Apr 2016 19:11:16 -0300 Content-Transfer-Encoding: 7bit Message-Id: <086477E4-5F4E-4C52-AC91-E26824A9FA7A@oracle.com> References: To: "Hardt, Dick" X-Source-IP: aserv0021.oracle.com [141.146.126.233] Archived-At: Cc: "scim@ietf.org" , "oauth@ietf.org" Subject: Re: [scim] Simple Federation Deployment X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Apr 2016 22:11:24 -0000 --Apple-Mail-F1D45B87-372B-4321-A798-33B7273126BC Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Is the idp the center of all things for these users? Usually you have a provisioning system that coordinates state and uses thing= s like scim connectors to do this.=20 Another approach from today would be to pass a scim event to the remote prov= ider which then decides what needs to be done to facilitate the thingd you d= escribe.=20 Iow. Either the idp (sender) or the sp (receiver) have a provisioning system= to do this.=20 The solution and the simplicity depends on where the control needs to be.=20= Phil > On Apr 5, 2016, at 18:59, Hardt, Dick wrote: >=20 > Use case: An admin for an organization would like to enable her users to a= ccess a SaaS application at her IdP.=20 >=20 > User experience:=20 > Admin authenticates to IdP in browser > Admin selects SaaS app to federate with from list at IdP > IdP optionally presents config options > IdP redirects Admin to SaaS app > Admin authenticates to SaaS app > SaaS app optionally gathers config options > SaaS app redirects admin to IdP > IdP confirms successful federation =3D> OIDC / SAML and SCIM are now confi= gured and working between IdP and SaaS App > Who else is interested in solving this? >=20 > Is there interest in working on this in either SCIM or OAUTH Wgs? >=20 > Any one in BA interested in meeting on this topic this week? >=20 > =E2=80=94 Dick > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim --Apple-Mail-F1D45B87-372B-4321-A798-33B7273126BC Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
Is the idp the center of all things fo= r these users?

Usually you have a provisioning system that coordinates stat= e and uses things like scim connectors to do this. 

Another approach f= rom today would be to pass a scim event to the remote provider which then de= cides what needs to be done to facilitate the thingd you describe. 

Io= w. Either the idp (sender) or the sp (receiver) have a provisioning system t= o do this. 

The solution and the simplicity depends on where the contr= ol needs to be. 

Phil

On Apr 5, 2016, at 18:59, Ha= rdt, Dick <dick@amazon.com> wro= te:

Use case: An admin for an organization would like to enable her users t= o access a SaaS application at her IdP. 

User experience: 
  1. Admin authenticates to IdP in browser
  2. Admin selects SaaS app to f= ederate with from list at IdP
  3. IdP optionally presents config options=
  4. IdP redirects Admin to SaaS app
  5. Admin authenticates to SaaS= app
  6. SaaS app optionally gathers config options
  7. SaaS app red= irects admin to IdP
  8. IdP confirms successful federation =3D> OIDC /= SAML and SCIM are now configured and working between IdP and SaaS App
    9. <= /ol>
    Who else is interested in solving this?

    Is there interest in working on this in either SCIM or OAUTH Wgs?
    =

    Any one in BA interested in meeting on this topic this week?

    =E2=80=94 Dick
____________________= ___________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman= /listinfo/scim
= --Apple-Mail-F1D45B87-372B-4321-A798-33B7273126BC-- From nobody Tue Apr 5 15:29:09 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EA0512D654; Tue, 5 Apr 2016 15:29:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.53 X-Spam-Level: X-Spam-Status: No, score=-14.53 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SpiCIle3mYVp; Tue, 5 Apr 2016 15:29:03 -0700 (PDT) Received: from smtp-fw-9102.amazon.com (smtp-fw-9102.amazon.com [207.171.184.29]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30BC912D14D; Tue, 5 Apr 2016 15:29:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1459895343; x=1491431343; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=VKJs/DMZq3+sizJR62+pmJtFLX2oxplT/eFRj8qCNTQ=; b=ced/LyQpc43YguMqIs1xDp76c+Q5fQbMpCXKT0pNhg94DQoSlQWt5iYr xCRyzL6TWG9qHTGkCilcNr8b199A2Vx4i+1mnoldjSCNWdl/GTXw5Fuo5 B4k19CDs1v7ZyGWklDDKkZ1Khcm8mpvVoQ/LcHCOD+lqvh4iqaX+rb7Mf 4=; X-IronPort-AV: E=Sophos;i="5.24,445,1454976000"; d="scan'208,217";a="416207516" Received: from sea19-co-svc-lb5-vlan2.sea.amazon.com (HELO email-inbound-relay-25001.iad12.amazon.com) ([10.47.22.162]) by smtp-border-fw-out-9102.sea19.amazon.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 05 Apr 2016 22:26:16 +0000 Received: from ex10-hub-7001.ant.amazon.com (iad1-ws-svc-lb91-vlan2.amazon.com [10.0.103.146]) by email-inbound-relay-25001.iad12.amazon.com (8.14.7/8.14.7) with ESMTP id u35MQ0x9006927 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 5 Apr 2016 22:26:14 GMT Received: from EX13D03UWA003.ant.amazon.com (10.43.160.39) by ex10-hub-7001.ant.amazon.com (10.43.103.49) with Microsoft SMTP Server (TLS) id 14.3.181.6; Tue, 5 Apr 2016 15:25:56 -0700 Received: from EX13D03UWA001.ant.amazon.com (10.43.160.141) by EX13D03UWA003.ant.amazon.com (10.43.160.39) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Tue, 5 Apr 2016 22:25:55 +0000 Received: from EX13D03UWA001.ant.amazon.com ([10.43.160.141]) by EX13D03UWA001.ant.amazon.com ([10.43.160.141]) with mapi id 15.00.1104.000; Tue, 5 Apr 2016 22:25:55 +0000 From: "Hardt, Dick" To: "Phil Hunt (IDM)" Thread-Topic: [scim] Simple Federation Deployment Thread-Index: AQHRj4ZpF7B+0HEfvEK1Conjtst8Ip978RgA///R1QA= Date: Tue, 5 Apr 2016 22:25:54 +0000 Message-ID: <78D87E6B-DBFE-46D9-B7FA-15201924DA12@amazon.com> References: <086477E4-5F4E-4C52-AC91-E26824A9FA7A@oracle.com> In-Reply-To: <086477E4-5F4E-4C52-AC91-E26824A9FA7A@oracle.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.43.160.131] Content-Type: multipart/alternative; boundary="_000_78D87E6BDBFE46D9B7FA15201924DA12amazoncom_" MIME-Version: 1.0 Archived-At: Cc: "scim@ietf.org" , "oauth@ietf.org" Subject: Re: [scim] Simple Federation Deployment X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Apr 2016 22:29:05 -0000 --_000_78D87E6BDBFE46D9B7FA15201924DA12amazoncom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SeKAmW0gdGFsa2luZyBhYm91dCByZW1vdmluZyBtYW51YWwgc3RlcHMgaW4gd2hhdCBoYXBwZW5z IHRvZGF5IHdoZXJlIGNvbmZpZ3VyaW5nIGEgU2FhUyBhcHAgYXQgYW4gSWRQIChzdWNoIGFzIEdv b2dsZSwgQXp1cmUsIFBpbmcsIE9jdGEpIHJlcXVpcmVzIGlzIGEgYnVuY2ggb2YgY3V0dGluZyBh bmQgcGFzdGluZyBvZiBhY2Nlc3MgdG9rZW5zIC8ga2V5cyAvIGNlcnRzIGFuZCBkb2luZyBhIGJ1 bmNoIG9mICBjb25maWcgdGhhdCBpcyBlcnJvciBwcm9uZSBhbmQgdW5pcXVlIGZvciBlYWNoIHJl bGF0aW9uc2hpcC4NCg0KRG9u4oCZdCB3YW50IHRvIHNvbHZlIG9uIHRoZSB0aHJlYWQg4oCmIGxv b2tpbmcgdG8gc2VlIGlmIHRoZXJlIGlzIGludGVyZXN0IQ0KDQpPbiA0LzUvMTYsIDc6MTEgUE0s IHNvbWVvbmUgY2xhaW1pbmcgdG8gYmUgInNjaW0gb24gYmVoYWxmIG9mIFBoaWwgSHVudCAoSURN KSIgPHNjaW0tYm91bmNlc0BpZXRmLm9yZzxtYWlsdG86c2NpbS1ib3VuY2VzQGlldGYub3JnPiBv biBiZWhhbGYgb2YgcGhpbC5odW50QG9yYWNsZS5jb208bWFpbHRvOnBoaWwuaHVudEBvcmFjbGUu Y29tPj4gd3JvdGU6DQoNCklzIHRoZSBpZHAgdGhlIGNlbnRlciBvZiBhbGwgdGhpbmdzIGZvciB0 aGVzZSB1c2Vycz8NCg0KVXN1YWxseSB5b3UgaGF2ZSBhIHByb3Zpc2lvbmluZyBzeXN0ZW0gdGhh dCBjb29yZGluYXRlcyBzdGF0ZSBhbmQgdXNlcyB0aGluZ3MgbGlrZSBzY2ltIGNvbm5lY3RvcnMg dG8gZG8gdGhpcy4NCg0KQW5vdGhlciBhcHByb2FjaCBmcm9tIHRvZGF5IHdvdWxkIGJlIHRvIHBh c3MgYSBzY2ltIGV2ZW50IHRvIHRoZSByZW1vdGUgcHJvdmlkZXIgd2hpY2ggdGhlbiBkZWNpZGVz IHdoYXQgbmVlZHMgdG8gYmUgZG9uZSB0byBmYWNpbGl0YXRlIHRoZSB0aGluZ2QgeW91IGRlc2Ny aWJlLg0KDQpJb3cuIEVpdGhlciB0aGUgaWRwIChzZW5kZXIpIG9yIHRoZSBzcCAocmVjZWl2ZXIp IGhhdmUgYSBwcm92aXNpb25pbmcgc3lzdGVtIHRvIGRvIHRoaXMuDQoNClRoZSBzb2x1dGlvbiBh bmQgdGhlIHNpbXBsaWNpdHkgZGVwZW5kcyBvbiB3aGVyZSB0aGUgY29udHJvbCBuZWVkcyB0byBi ZS4NCg0KUGhpbA0KDQpPbiBBcHIgNSwgMjAxNiwgYXQgMTg6NTksIEhhcmR0LCBEaWNrIDxkaWNr QGFtYXpvbi5jb208bWFpbHRvOmRpY2tAYW1hem9uLmNvbT4+IHdyb3RlOg0KDQpVc2UgY2FzZTog QW4gYWRtaW4gZm9yIGFuIG9yZ2FuaXphdGlvbiB3b3VsZCBsaWtlIHRvIGVuYWJsZSBoZXIgdXNl cnMgdG8gYWNjZXNzIGEgU2FhUyBhcHBsaWNhdGlvbiBhdCBoZXIgSWRQLg0KDQpVc2VyIGV4cGVy aWVuY2U6DQoNCiAgMS4gIEFkbWluIGF1dGhlbnRpY2F0ZXMgdG8gSWRQIGluIGJyb3dzZXINCiAg Mi4gIEFkbWluIHNlbGVjdHMgU2FhUyBhcHAgdG8gZmVkZXJhdGUgd2l0aCBmcm9tIGxpc3QgYXQg SWRQDQogIDMuICBJZFAgb3B0aW9uYWxseSBwcmVzZW50cyBjb25maWcgb3B0aW9ucw0KICA0LiAg SWRQIHJlZGlyZWN0cyBBZG1pbiB0byBTYWFTIGFwcA0KICA1LiAgQWRtaW4gYXV0aGVudGljYXRl cyB0byBTYWFTIGFwcA0KICA2LiAgU2FhUyBhcHAgb3B0aW9uYWxseSBnYXRoZXJzIGNvbmZpZyBv cHRpb25zDQogIDcuICBTYWFTIGFwcCByZWRpcmVjdHMgYWRtaW4gdG8gSWRQDQogIDguICBJZFAg Y29uZmlybXMgc3VjY2Vzc2Z1bCBmZWRlcmF0aW9uID0+IE9JREMgLyBTQU1MIGFuZCBTQ0lNIGFy ZSBub3cgY29uZmlndXJlZCBhbmQgd29ya2luZyBiZXR3ZWVuIElkUCBhbmQgU2FhUyBBcHANCg0K V2hvIGVsc2UgaXMgaW50ZXJlc3RlZCBpbiBzb2x2aW5nIHRoaXM/DQoNCklzIHRoZXJlIGludGVy ZXN0IGluIHdvcmtpbmcgb24gdGhpcyBpbiBlaXRoZXIgU0NJTSBvciBPQVVUSCBXZ3M/DQoNCkFu eSBvbmUgaW4gQkEgaW50ZXJlc3RlZCBpbiBtZWV0aW5nIG9uIHRoaXMgdG9waWMgdGhpcyB3ZWVr Pw0KDQrigJQgRGljaw0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX18NCnNjaW0gbWFpbGluZyBsaXN0DQpzY2ltQGlldGYub3JnPG1haWx0bzpzY2ltQGlldGYu b3JnPg0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zY2ltDQo= --_000_78D87E6BDBFE46D9B7FA15201924DA12amazoncom_ Content-Type: text/html; charset="utf-8" Content-ID: <99678ED67605434DA60D2B06666A3FAD@ant.amazon.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsgY29sb3I6IHJnYigwLCAwLCAwKTsgZm9udC1zaXplOiAx NHB4OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiPg0KPGRpdj4NCjxkaXY+SeKA mW0gdGFsa2luZyBhYm91dCByZW1vdmluZyBtYW51YWwgc3RlcHMgaW4gd2hhdCBoYXBwZW5zIHRv ZGF5IHdoZXJlIGNvbmZpZ3VyaW5nIGEgU2FhUyBhcHAgYXQgYW4gSWRQIChzdWNoIGFzIEdvb2ds ZSwgQXp1cmUsIFBpbmcsIE9jdGEpIHJlcXVpcmVzIGlzIGEgYnVuY2ggb2YgY3V0dGluZyBhbmQg cGFzdGluZyBvZiBhY2Nlc3MgdG9rZW5zIC8ga2V5cyAvIGNlcnRzIGFuZCBkb2luZyBhIGJ1bmNo IG9mICZuYnNwO2NvbmZpZyB0aGF0IGlzIGVycm9yDQogcHJvbmUgYW5kIHVuaXF1ZSBmb3IgZWFj aCByZWxhdGlvbnNoaXAuPC9kaXY+DQo8ZGl2Pjxicj4NCjwvZGl2Pg0KPGRpdj5Eb27igJl0IHdh bnQgdG8gc29sdmUgb24gdGhlIHRocmVhZCDigKYgbG9va2luZyB0byBzZWUgaWYgdGhlcmUgaXMg aW50ZXJlc3QhPC9kaXY+DQo8ZGl2Pg0KPGRpdiBpZD0iTUFDX09VVExPT0tfU0lHTkFUVVJFIj48 L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pjxicj4NCjwvZGl2Pg0KPHNwYW4gaWQ9Ik9MS19T UkNfQk9EWV9TRUNUSU9OIj4NCjxkaXY+DQo8ZGl2Pk9uIDQvNS8xNiwgNzoxMSBQTSwgc29tZW9u ZSBjbGFpbWluZyB0byBiZSAmcXVvdDtzY2ltIG9uIGJlaGFsZiBvZiBQaGlsIEh1bnQgKElETSkm cXVvdDsgJmx0OzxhIGhyZWY9Im1haWx0bzpzY2ltLWJvdW5jZXNAaWV0Zi5vcmciPnNjaW0tYm91 bmNlc0BpZXRmLm9yZzwvYT4gb24gYmVoYWxmIG9mDQo8YSBocmVmPSJtYWlsdG86cGhpbC5odW50 QG9yYWNsZS5jb20iPnBoaWwuaHVudEBvcmFjbGUuY29tPC9hPiZndDsgd3JvdGU6PC9kaXY+DQo8 L2Rpdj4NCjxkaXY+PGJyPg0KPC9kaXY+DQo8YmxvY2txdW90ZSBpZD0iTUFDX09VVExPT0tfQVRU UklCVVRJT05fQkxPQ0tRVU9URSIgc3R5bGU9IkJPUkRFUi1MRUZUOiAjYjVjNGRmIDUgc29saWQ7 IFBBRERJTkc6MCAwIDAgNTsgTUFSR0lOOjAgMCAwIDU7Ij4NCjxkaXY+DQo8ZGl2IGRpcj0iYXV0 byI+DQo8ZGl2PklzIHRoZSBpZHAgdGhlIGNlbnRlciBvZiBhbGwgdGhpbmdzIGZvciB0aGVzZSB1 c2Vycz88L2Rpdj4NCjxkaXYgaWQ9IkFwcGxlTWFpbFNpZ25hdHVyZSI+PGJyPg0KPC9kaXY+DQo8 ZGl2IGlkPSJBcHBsZU1haWxTaWduYXR1cmUiPlVzdWFsbHkgeW91IGhhdmUgYSBwcm92aXNpb25p bmcgc3lzdGVtIHRoYXQgY29vcmRpbmF0ZXMgc3RhdGUgYW5kIHVzZXMgdGhpbmdzIGxpa2Ugc2Np bSBjb25uZWN0b3JzIHRvIGRvIHRoaXMuJm5ic3A7PC9kaXY+DQo8ZGl2IGlkPSJBcHBsZU1haWxT aWduYXR1cmUiPjxicj4NCjwvZGl2Pg0KPGRpdiBpZD0iQXBwbGVNYWlsU2lnbmF0dXJlIj5Bbm90 aGVyIGFwcHJvYWNoIGZyb20gdG9kYXkgd291bGQgYmUgdG8gcGFzcyBhIHNjaW0gZXZlbnQgdG8g dGhlIHJlbW90ZSBwcm92aWRlciB3aGljaCB0aGVuIGRlY2lkZXMgd2hhdCBuZWVkcyB0byBiZSBk b25lIHRvIGZhY2lsaXRhdGUgdGhlIHRoaW5nZCB5b3UgZGVzY3JpYmUuJm5ic3A7PC9kaXY+DQo8 ZGl2IGlkPSJBcHBsZU1haWxTaWduYXR1cmUiPjxicj4NCjwvZGl2Pg0KPGRpdiBpZD0iQXBwbGVN YWlsU2lnbmF0dXJlIj5Jb3cuIEVpdGhlciB0aGUgaWRwIChzZW5kZXIpIG9yIHRoZSBzcCAocmVj ZWl2ZXIpIGhhdmUgYSBwcm92aXNpb25pbmcgc3lzdGVtIHRvIGRvIHRoaXMuJm5ic3A7PC9kaXY+ DQo8ZGl2IGlkPSJBcHBsZU1haWxTaWduYXR1cmUiPjxicj4NCjwvZGl2Pg0KPGRpdiBpZD0iQXBw bGVNYWlsU2lnbmF0dXJlIj5UaGUgc29sdXRpb24gYW5kIHRoZSBzaW1wbGljaXR5IGRlcGVuZHMg b24gd2hlcmUgdGhlIGNvbnRyb2wgbmVlZHMgdG8gYmUuJm5ic3A7PGJyPg0KPGJyPg0KUGhpbDwv ZGl2Pg0KPGRpdj48YnI+DQpPbiBBcHIgNSwgMjAxNiwgYXQgMTg6NTksIEhhcmR0LCBEaWNrICZs dDs8YSBocmVmPSJtYWlsdG86ZGlja0BhbWF6b24uY29tIj5kaWNrQGFtYXpvbi5jb208L2E+Jmd0 OyB3cm90ZTo8YnI+DQo8YnI+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiPg0KPGRp dj4NCjxkaXY+VXNlIGNhc2U6IEFuIGFkbWluIGZvciBhbiBvcmdhbml6YXRpb24gd291bGQgbGlr ZSB0byBlbmFibGUgaGVyIHVzZXJzIHRvIGFjY2VzcyBhIFNhYVMgYXBwbGljYXRpb24gYXQgaGVy IElkUC4mbmJzcDs8L2Rpdj4NCjxkaXY+PGJyPg0KPC9kaXY+DQo8ZGl2PlVzZXIgZXhwZXJpZW5j ZTombmJzcDs8L2Rpdj4NCjxvbD4NCjxsaT5BZG1pbiBhdXRoZW50aWNhdGVzIHRvIElkUCBpbiBi cm93c2VyPC9saT48bGk+QWRtaW4gc2VsZWN0cyBTYWFTIGFwcCB0byBmZWRlcmF0ZSB3aXRoIGZy b20gbGlzdCBhdCBJZFA8L2xpPjxsaT5JZFAgb3B0aW9uYWxseSBwcmVzZW50cyBjb25maWcgb3B0 aW9uczwvbGk+PGxpPklkUCByZWRpcmVjdHMgQWRtaW4gdG8gU2FhUyBhcHA8L2xpPjxsaT5BZG1p biBhdXRoZW50aWNhdGVzIHRvIFNhYVMgYXBwPC9saT48bGk+U2FhUyBhcHAgb3B0aW9uYWxseSBn YXRoZXJzIGNvbmZpZyBvcHRpb25zPC9saT48bGk+U2FhUyBhcHAgcmVkaXJlY3RzIGFkbWluIHRv IElkUDwvbGk+PGxpPklkUCBjb25maXJtcyBzdWNjZXNzZnVsIGZlZGVyYXRpb24gPSZndDsgT0lE QyAvIFNBTUwgYW5kIFNDSU0gYXJlIG5vdyBjb25maWd1cmVkIGFuZCB3b3JraW5nIGJldHdlZW4g SWRQIGFuZCBTYWFTIEFwcDwvbGk+PC9vbD4NCjxkaXY+V2hvIGVsc2UgaXMgaW50ZXJlc3RlZCBp biBzb2x2aW5nIHRoaXM/PC9kaXY+DQo8ZGl2Pjxicj4NCjwvZGl2Pg0KPGRpdj5JcyB0aGVyZSBp bnRlcmVzdCBpbiB3b3JraW5nIG9uIHRoaXMgaW4gZWl0aGVyIFNDSU0gb3IgT0FVVEggV2dzPzwv ZGl2Pg0KPGRpdj48YnI+DQo8L2Rpdj4NCjxkaXY+QW55IG9uZSBpbiBCQSBpbnRlcmVzdGVkIGlu IG1lZXRpbmcgb24gdGhpcyB0b3BpYyB0aGlzIHdlZWs/PC9kaXY+DQo8ZGl2Pjxicj4NCjwvZGl2 Pg0KPGRpdj7igJQgRGljazwvZGl2Pg0KPGRpdj4NCjxkaXYgaWQ9IiI+PC9kaXY+DQo8L2Rpdj4N CjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSI+DQo8ZGl2Pjxz cGFuPl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPC9zcGFu Pjxicj4NCjxzcGFuPnNjaW0gbWFpbGluZyBsaXN0PC9zcGFuPjxicj4NCjxzcGFuPjxhIGhyZWY9 Im1haWx0bzpzY2ltQGlldGYub3JnIj5zY2ltQGlldGYub3JnPC9hPjwvc3Bhbj48YnI+DQo8c3Bh bj48YSBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NjaW0iPmh0 dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2NpbTwvYT48L3NwYW4+PGJyPg0K PC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9z cGFuPg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_78D87E6BDBFE46D9B7FA15201924DA12amazoncom_-- From nobody Tue Apr 5 22:08:13 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53E8412D7E5; Tue, 5 Apr 2016 22:08:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.21 X-Spam-Level: X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id du_d_3GEvwmc; Tue, 5 Apr 2016 22:08:08 -0700 (PDT) Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFFB812D09F; Tue, 5 Apr 2016 22:08:08 -0700 (PDT) Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u36585wP024049 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 6 Apr 2016 05:08:06 GMT Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by aserv0022.oracle.com (8.13.8/8.13.8) with ESMTP id u36585cm026703 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 6 Apr 2016 05:08:05 GMT Received: from abhmp0006.oracle.com (abhmp0006.oracle.com [141.146.116.12]) by aserv0121.oracle.com (8.13.8/8.13.8) with ESMTP id u36585UZ015383; Wed, 6 Apr 2016 05:08:05 GMT Received: from [31.133.137.184] (/31.133.137.184) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 05 Apr 2016 22:08:05 -0700 Content-Type: multipart/alternative; boundary=Apple-Mail-D33862B2-62E3-4F18-8326-EA43E5B2769B Mime-Version: 1.0 (1.0) From: "Phil Hunt (IDM)" X-Mailer: iPhone Mail (13E238) In-Reply-To: <78D87E6B-DBFE-46D9-B7FA-15201924DA12@amazon.com> Date: Wed, 6 Apr 2016 02:07:58 -0300 Content-Transfer-Encoding: 7bit Message-Id: <9F821551-7B5D-4450-BCCC-6FD889E40267@oracle.com> References: <086477E4-5F4E-4C52-AC91-E26824A9FA7A@oracle.com> <78D87E6B-DBFE-46D9-B7FA-15201924DA12@amazon.com> To: "Hardt, Dick" X-Source-IP: aserv0022.oracle.com [141.146.126.234] Archived-At: Cc: "scim@ietf.org" , "oauth@ietf.org" Subject: Re: [scim] Simple Federation Deployment X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2016 05:08:11 -0000 --Apple-Mail-D33862B2-62E3-4F18-8326-EA43E5B2769B Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable There may be some similar concerns on our side. Lets talk more this week.=20= Phil > On Apr 5, 2016, at 19:25, Hardt, Dick wrote: >=20 > I=E2=80=99m talking about removing manual steps in what happens today wher= e configuring a SaaS app at an IdP (such as Google, Azure, Ping, Octa) requi= res is a bunch of cutting and pasting of access tokens / keys / certs and do= ing a bunch of config that is error prone and unique for each relationship.= >=20 > Don=E2=80=99t want to solve on the thread =E2=80=A6 looking to see if ther= e is interest! >=20 > On 4/5/16, 7:11 PM, someone claiming to be "scim on behalf of Phil Hunt (I= DM)" wrote: >=20 > Is the idp the center of all things for these users? >=20 > Usually you have a provisioning system that coordinates state and uses thi= ngs like scim connectors to do this.=20 >=20 > Another approach from today would be to pass a scim event to the remote pr= ovider which then decides what needs to be done to facilitate the thingd you= describe.=20 >=20 > Iow. Either the idp (sender) or the sp (receiver) have a provisioning syst= em to do this.=20 >=20 > The solution and the simplicity depends on where the control needs to be.=20= >=20 > Phil >=20 > On Apr 5, 2016, at 18:59, Hardt, Dick wrote: >=20 >> Use case: An admin for an organization would like to enable her users to a= ccess a SaaS application at her IdP.=20 >>=20 >> User experience:=20 >> Admin authenticates to IdP in browser >> Admin selects SaaS app to federate with from list at IdP >> IdP optionally presents config options >> IdP redirects Admin to SaaS app >> Admin authenticates to SaaS app >> SaaS app optionally gathers config options >> SaaS app redirects admin to IdP >> IdP confirms successful federation =3D> OIDC / SAML and SCIM are now conf= igured and working between IdP and SaaS App >> Who else is interested in solving this? >>=20 >> Is there interest in working on this in either SCIM or OAUTH Wgs? >>=20 >> Any one in BA interested in meeting on this topic this week? >>=20 >> =E2=80=94 Dick >> _______________________________________________ >> scim mailing list >> scim@ietf.org >> https://www.ietf.org/mailman/listinfo/scim > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim --Apple-Mail-D33862B2-62E3-4F18-8326-EA43E5B2769B Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
There may be some similar concerns on o= ur side. Lets talk more this week. 

Phil

On Apr 5, 2016, at 19:25, Hardt, Dick <dick@amazon.com> wrote:

I=E2=80=99m talking about removing manual steps in what happens today w= here configuring a SaaS app at an IdP (such as Google, Azure, Ping, Octa) re= quires is a bunch of cutting and pasting of access tokens / keys / certs and= doing a bunch of  config that is error prone and unique for each relationship.

Don=E2=80=99t want to solve on the thread =E2=80=A6 looking to see if t= here is interest!

On 4/5/16, 7:11 PM, someone claiming to be "scim on behalf of Phil Hunt= (IDM)" <scim-bounces@ietf.org on behalf of phil.hunt@oracle.com> wrote:<= /div>

Is the idp the center of all things for these users?

Usually you have a provisioning system that c= oordinates state and uses things like scim connectors to do this. 

Another approach from today would be to pass a= scim event to the remote provider which then decides what needs to be done t= o facilitate the thingd you describe. 

Iow. Either the idp (sender) or the sp (recei= ver) have a provisioning system to do this. 

The solution and the simplicity depends on wh= ere the control needs to be. 

Phil

On Apr 5, 2016, at 18:59, Hardt, Dick <dick@amazon.com> wrote:

Use case: An admin for an organization would like to enable her users t= o access a SaaS application at her IdP. 

User experience: 
  1. Admin authenticates to IdP in browser
  2. Admin selects SaaS app to f= ederate with from list at IdP
  3. IdP optionally presents config options=
  4. IdP redirects Admin to SaaS app
  5. Admin authenticates to SaaS= app
  6. SaaS app optionally gathers config options
  7. SaaS app red= irects admin to IdP
  8. IdP confirms successful federation =3D> OIDC /= SAML and SCIM are now configured and working between IdP and SaaS App
    9. <= /ol>
    Who else is interested in solving this?

    Is there interest in working on this in either SCIM or OAUTH Wgs?
    =

    Any one in BA interested in meeting on this topic this week?

    =E2=80=94 Dick
_______________________________________________
scim mailing list
scim@ietf.org
https://www.iet= f.org/mailman/listinfo/scim
____________________= ___________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman= /listinfo/scim
= --Apple-Mail-D33862B2-62E3-4F18-8326-EA43E5B2769B-- From nobody Tue Apr 5 23:57:07 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11CD712D136; Tue, 5 Apr 2016 23:57:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id okpZVq8YhMOg; Tue, 5 Apr 2016 23:57:03 -0700 (PDT) Received: from nrifs03.index.or.jp (nrigw01.index.or.jp [133.250.250.1]) by ietfa.amsl.com (Postfix) with ESMTP id D915B12D114; Tue, 5 Apr 2016 23:57:02 -0700 (PDT) Received: from nriea03.index.or.jp (unknown [172.19.246.38]) by nrifs03.index.or.jp (Postfix) with SMTP id 7C61917EA46; Wed, 6 Apr 2016 15:57:01 +0900 (JST) Received: from nrims00a.nri.co.jp ([192.50.135.11]) by nriea03.index.or.jp (unknown) with ESMTP id u366v17M008332; Wed, 6 Apr 2016 15:57:01 +0900 Received: from nrims00a.nri.co.jp (localhost.localdomain [127.0.0.1]) by nrims00a.nri.co.jp (Switch-3.3.4/Switch-3.3.4) with ESMTP id u366v0hD045807; Wed, 6 Apr 2016 15:57:00 +0900 Received: (from mailnull@localhost) by nrims00a.nri.co.jp (Switch-3.3.4/Switch-3.3.0/Submit) id u366v0mR045806; Wed, 6 Apr 2016 15:57:00 +0900 X-Authentication-Warning: nrims00a.nri.co.jp: mailnull set sender to n-sakimura@nri.co.jp using -f Received: from nrizmf13.index.or.jp ([172.100.25.22]) by nrims00a.nri.co.jp (Switch-3.3.4/Switch-3.3.4) with ESMTP id u366v027045803; Wed, 6 Apr 2016 15:57:00 +0900 Received: from NatRZ4 (unknown [172.21.163.96]) by nrivpnfs01.index.or.jp (Postfix) with ESMTP id 3605EBF94D; Wed, 6 Apr 2016 15:56:56 +0900 (JST) From: "Nat Sakimura" To: "'Hardt, Dick'" , "'Phil Hunt \(IDM\)'" References: <086477E4-5F4E-4C52-AC91-E26824A9FA7A@oracle.com> <78D87E6B-DBFE-46D9-B7FA-15201924DA12@amazon.com> In-Reply-To: <78D87E6B-DBFE-46D9-B7FA-15201924DA12@amazon.com> Date: Wed, 6 Apr 2016 15:56:56 +0900 Message-ID: <015501d18fd1$84935540$8db9ffc0$@nri.co.jp> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0156_01D1901C.F4800650" X-Mailer: Microsoft Outlook 15.0 X-MailAdviser: 20141126 Thread-Index: AQJtGwW8oLtP+WMa70Ssdqh7/dtyYQKOPHBiAglzs3eeIK9LsA== Content-Language: ja Archived-At: Cc: scim@ietf.org, oauth@ietf.org Subject: Re: [scim] Simple Federation Deployment X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2016 06:57:06 -0000 This is a multipart message in MIME format. ------=_NextPart_000_0156_01D1901C.F4800650 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable +1 for removing the manual cut-n-pastes! =20 Nat =20 -- PLEASE READ :This e-mail is confidential and intended for the named recipient only. If you are not an intended recipient, please notify the sender and delete this e-mail. =20 From: scim [mailto:scim-bounces@ietf.org] On Behalf Of Hardt, Dick Sent: Wednesday, April 6, 2016 7:26 AM To: Phil Hunt (IDM) Cc: scim@ietf.org; oauth@ietf.org Subject: Re: [scim] Simple Federation Deployment =20 I=E2=80=99m talking about removing manual steps in what happens today = where configuring a SaaS app at an IdP (such as Google, Azure, Ping, = Octa) requires is a bunch of cutting and pasting of access tokens / keys = / certs and doing a bunch of config that is error prone and unique for = each relationship. =20 Don=E2=80=99t want to solve on the thread =E2=80=A6 looking to see if = there is interest! =20 On 4/5/16, 7:11 PM, someone claiming to be "scim on behalf of Phil Hunt = (IDM)" on behalf = of phil.hunt@oracle.com > wrote: =20 Is the idp the center of all things for these users? =20 Usually you have a provisioning system that coordinates state and uses = things like scim connectors to do this.=20 =20 Another approach from today would be to pass a scim event to the remote = provider which then decides what needs to be done to facilitate the = thingd you describe.=20 =20 Iow. Either the idp (sender) or the sp (receiver) have a provisioning = system to do this.=20 =20 The solution and the simplicity depends on where the control needs to = be.=20 Phil On Apr 5, 2016, at 18:59, Hardt, Dick > wrote: Use case: An admin for an organization would like to enable her users to = access a SaaS application at her IdP.=20 =20 User experience:=20 1. Admin authenticates to IdP in browser 2. Admin selects SaaS app to federate with from list at IdP 3. IdP optionally presents config options 4. IdP redirects Admin to SaaS app 5. Admin authenticates to SaaS app 6. SaaS app optionally gathers config options 7. SaaS app redirects admin to IdP 8. IdP confirms successful federation =3D> OIDC / SAML and SCIM are now = configured and working between IdP and SaaS App Who else is interested in solving this? =20 Is there interest in working on this in either SCIM or OAUTH Wgs? =20 Any one in BA interested in meeting on this topic this week? =20 =E2=80=94 Dick _______________________________________________ scim mailing list scim@ietf.org =20 https://www.ietf.org/mailman/listinfo/scim ------=_NextPart_000_0156_01D1901C.F4800650 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

+= 1 for removing the manual cut-n-pastes!

<= o:p> 

N= at

<= o:p> 

--=

PLEASE READ :This = e-mail is confidential and intended for the

named recipient = only. If you are not an intended recipient,

please notify the = sender=C2=A0 and delete this e-mail.

<= o:p> 

From:<= /b> scim = [mailto:scim-bounces@ietf.org] On Behalf Of Hardt, = Dick
Sent: Wednesday, April 6, 2016 7:26 AM
To: Phil = Hunt (IDM) <phil.hunt@oracle.com>
Cc: scim@ietf.org; = oauth@ietf.org
Subject: Re: [scim] Simple Federation = Deployment

 

I= =E2=80=99m talking about removing manual steps in what happens today = where configuring a SaaS app at an IdP (such as Google, Azure, Ping, = Octa) requires is a bunch of cutting and pasting of access tokens / keys = / certs and doing a bunch of  config that is error prone and unique = for each relationship.

<= o:p> 

D= on=E2=80=99t want to solve on the thread =E2=80=A6 looking to see if = there is interest!

<= o:p> 

O= n 4/5/16, 7:11 PM, someone claiming to be "scim on behalf of Phil = Hunt (IDM)" <scim-bounces@ietf.org on = behalf of phil.hunt@oracle.com> = wrote:

<= o:p> 

I= s the idp the center of all things for these = users?

<= o:p> 

U= sually you have a provisioning system that coordinates state and uses = things like scim connectors to do = this. 

<= o:p> 

A= nother approach from today would be to pass a scim event to the remote = provider which then decides what needs to be done to facilitate the = thingd you describe. 

<= o:p> 

I= ow. Either the idp (sender) or the sp (receiver) have a provisioning = system to do this. 

<= o:p> 

T= he solution and the simplicity depends on where the control needs to = be. 

Phil

<= br>On Apr 5, 2016, at 18:59, Hardt, Dick <dick@amazon.com> = wrote:

U= se case: An admin for an organization would like to enable her users to = access a SaaS application at her = IdP. 

<= o:p> 

U= ser experience: 

  1. Admin = authenticates to IdP in browser
  2. Admin = selects SaaS app to federate with from list at = IdP
  3. IdP = optionally presents config options
  4. IdP = redirects Admin to SaaS app
  5. Admin = authenticates to SaaS app
  6. SaaS app = optionally gathers config options
  7. SaaS app = redirects admin to IdP
  8. IdP confirms = successful federation =3D> OIDC / SAML and SCIM are now configured = and working between IdP and SaaS App

W= ho else is interested in solving = this?

<= o:p> 

I= s there interest in working on this in either SCIM or OAUTH = Wgs?

<= o:p> 

A= ny one in BA interested in meeting on this topic this = week?

<= o:p> 

=E2= =80=94 Dick

_= ______________________________________________
scim mailing = list
scim@ietf.org
https://www.ietf.org/= mailman/listinfo/scim

<= /div>
------=_NextPart_000_0156_01D1901C.F4800650-- From nobody Wed Apr 6 00:16:37 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 829ED12D6D2 for ; Wed, 6 Apr 2016 00:16:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=viewds-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xJJuyQbVDPQd for ; Wed, 6 Apr 2016 00:16:29 -0700 (PDT) Received: from mail-pa0-x230.google.com (mail-pa0-x230.google.com [IPv6:2607:f8b0:400e:c03::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 873AF12D0B6 for ; Wed, 6 Apr 2016 00:16:29 -0700 (PDT) Received: by mail-pa0-x230.google.com with SMTP id zm5so27475172pac.0 for ; Wed, 06 Apr 2016 00:16:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=viewds-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:thread-index:content-language; bh=q9FQRgSTY/iQCf6lAOMUKM7gV9YYvozpbVeBjHpWvD4=; b=y2SsB6wGt4cZ7/d3hrnprT/2SUss3h19OWUFUs8KdCW1RCBQKK1TRS7h1fU0HSVAID yc1F3MPRbcrWfnzkvntTOGNW02+cNuLMOkpjyrGty+Rz8F3aBitqTyceaYdSL9qNYpXK PVS9J1QpNB/I/xnN75L1rZMBpIwSyFyaiOESacrKHwTH0sg2ULzAoXl3axbcQD5FFyJH goA4dBS2vjLJ/H+9LDBCpsXJYWR7uXbt4l3os91Q8Wrs1PGEoD/pOhEGsiS32aH0RGPs jB5qurLcpxfeIlQPhneBln8P0YegLWX1x85kl6VpFOxUQdPNxbnpythE3TbdchGjToDv 5FLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:thread-index:content-language; bh=q9FQRgSTY/iQCf6lAOMUKM7gV9YYvozpbVeBjHpWvD4=; b=abOt9J4jjQ+/BYc/qHioqvhkr7VNoVwh3vY+vs+8xTlksFHWRZJm4JwPh4sQZsPW8p laq9vg5ZIdSYllO6lQPK83f/cGNeNqXmKvz6rGAJ+BSSPa0BARo9NG/PVshVLGgKLppy bXyXjm+hXXrnvPt99COniQV2FObsKCUx4+Cbv8a0XjlyFVbGvpcysxLQsK8cMnjZ8K1E cLAP8yZDNuL/mcY8q5HF4iitYxiWhsY7MzBRWTkmFqMNHfZkCNr+S++RbDpQ9UwLiEJD FdLuaaK0eQmk/cxar6soD2jau5DzeBmaeurplXlqfnBA9j9cTRBECU4Q3vQrWrHl8R4V 3dYA== X-Gm-Message-State: AD7BkJJgdjsZJ8353F0rSmDyOdsFKpaQOQYv6P0HyI6+qb3x/Xx/ApmlpaoYO+s6XwZ7hQ== X-Received: by 10.66.255.65 with SMTP id ao1mr45220833pad.38.1459926989090; Wed, 06 Apr 2016 00:16:29 -0700 (PDT) Received: from WINH57TOAH3443 (2.101.96.58.static.exetel.com.au. [58.96.101.2]) by smtp.gmail.com with ESMTPSA id u21sm2318731pfa.60.2016.04.06.00.16.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 06 Apr 2016 00:16:27 -0700 (PDT) From: "Gil Kirkpatrick" To: "'Nat Sakimura'" , "'Hardt, Dick'" , "'Phil Hunt \(IDM\)'" References: <086477E4-5F4E-4C52-AC91-E26824A9FA7A@oracle.com> <78D87E6B-DBFE-46D9-B7FA-15201924DA12@amazon.com> <015501d18fd1$84935540$8db9ffc0$@nri.co.jp> In-Reply-To: <015501d18fd1$84935540$8db9ffc0$@nri.co.jp> Date: Wed, 6 Apr 2016 17:16:16 +1000 Message-ID: <003501d18fd4$3a199990$ae4cccb0$@viewds.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0036_01D19028.0BC73030" X-Mailer: Microsoft Outlook 15.0 Thread-Index: AQJtGwW8oLtP+WMa70Ssdqh7/dtyYQKOPHBiAglzs3cA3629NZ4ZtwJQ Content-Language: en-us Archived-At: Cc: scim@ietf.org, oauth@ietf.org Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2016 07:16:35 -0000 This is a multipart message in MIME format. ------=_NextPart_000_0036_01D19028.0BC73030 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable That=E2=80=99s an issue we=E2=80=99re facing as well. Definitely = interested. =20 -gil =20 From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Nat Sakimura Sent: Wednesday, April 6, 2016 4:57 PM To: 'Hardt, Dick' ; 'Phil Hunt (IDM)' = Cc: scim@ietf.org; oauth@ietf.org Subject: Re: [OAUTH-WG] [scim] Simple Federation Deployment =20 +1 for removing the manual cut-n-pastes! =20 Nat =20 -- PLEASE READ :This e-mail is confidential and intended for the named recipient only. If you are not an intended recipient, please notify the sender and delete this e-mail. =20 From: scim [mailto:scim-bounces@ietf.org] On Behalf Of Hardt, Dick Sent: Wednesday, April 6, 2016 7:26 AM To: Phil Hunt (IDM) = > Cc: scim@ietf.org ; oauth@ietf.org = =20 Subject: Re: [scim] Simple Federation Deployment =20 I=E2=80=99m talking about removing manual steps in what happens today = where configuring a SaaS app at an IdP (such as Google, Azure, Ping, = Octa) requires is a bunch of cutting and pasting of access tokens / keys = / certs and doing a bunch of config that is error prone and unique for = each relationship. =20 Don=E2=80=99t want to solve on the thread =E2=80=A6 looking to see if = there is interest! =20 On 4/5/16, 7:11 PM, someone claiming to be "scim on behalf of Phil Hunt = (IDM)" on behalf = of phil.hunt@oracle.com > wrote: =20 Is the idp the center of all things for these users? =20 Usually you have a provisioning system that coordinates state and uses = things like scim connectors to do this.=20 =20 Another approach from today would be to pass a scim event to the remote = provider which then decides what needs to be done to facilitate the = thingd you describe.=20 =20 Iow. Either the idp (sender) or the sp (receiver) have a provisioning = system to do this.=20 =20 The solution and the simplicity depends on where the control needs to = be.=20 Phil On Apr 5, 2016, at 18:59, Hardt, Dick > wrote: Use case: An admin for an organization would like to enable her users to = access a SaaS application at her IdP.=20 =20 User experience:=20 1. Admin authenticates to IdP in browser 2. Admin selects SaaS app to federate with from list at IdP 3. IdP optionally presents config options 4. IdP redirects Admin to SaaS app 5. Admin authenticates to SaaS app 6. SaaS app optionally gathers config options 7. SaaS app redirects admin to IdP 8. IdP confirms successful federation =3D> OIDC / SAML and SCIM are now = configured and working between IdP and SaaS App Who else is interested in solving this? =20 Is there interest in working on this in either SCIM or OAUTH Wgs? =20 Any one in BA interested in meeting on this topic this week? =20 =E2=80=94 Dick _______________________________________________ scim mailing list scim@ietf.org =20 https://www.ietf.org/mailman/listinfo/scim ------=_NextPart_000_0036_01D19028.0BC73030 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

That=E2=80=99s an issue we=E2=80=99re facing = as well. Definitely interested.

 

-gil

 

From:<= /b> OAuth = [mailto:oauth-bounces@ietf.org] On Behalf Of Nat = Sakimura
Sent: Wednesday, April 6, 2016 4:57 PM
To: = 'Hardt, Dick' <dick@amazon.com>; 'Phil Hunt (IDM)' = <phil.hunt@oracle.com>
Cc: scim@ietf.org; = oauth@ietf.org
Subject: Re: [OAUTH-WG] [scim] Simple = Federation Deployment

 

+1 for removing the manual = cut-n-pastes!

 

Nat

 

--

PLEASE READ :This e-mail = is confidential and intended for the

named recipient only. If = you are not an intended recipient,

please notify the = sender  and delete this e-mail.

 

From: scim [mailto:scim-bounces@ietf.org] = On Behalf Of Hardt, Dick
Sent: Wednesday, April 6, 2016 = 7:26 AM
To: Phil Hunt (IDM) <phil.hunt@oracle.com>
C= c: scim@ietf.org; oauth@ietf.org
Subject: Re: = [scim] Simple Federation Deployment

 

<= p class=3DMsoNormal>I=E2=80=99m talking about removing manual steps = in what happens today where configuring a SaaS app at an IdP (such as = Google, Azure, Ping, Octa) requires is a bunch of cutting and pasting of = access tokens / keys / certs and doing a bunch of  config that is = error prone and unique for each = relationship.

 

Don=E2=80=99t want to solve on the thread = =E2=80=A6 looking to see if there is = interest!

 

On 4/5/16, 7:11 PM, someone claiming to be = "scim on behalf of Phil Hunt (IDM)" <scim-bounces@ietf.org on = behalf of phil.hunt@oracle.com> = wrote:

 

Is the idp the center of all things for these = users?

 

Usually you have a provisioning system that = coordinates state and uses things like scim connectors to do = this. 

 

Another approach from today would be to pass a = scim event to the remote provider which then decides what needs to be = done to facilitate the thingd you = describe. 

 

Iow. Either the idp (sender) or the sp (receiver) = have a provisioning system to do = this. 

 

The solution and the simplicity depends on where = the control needs to = be. 

Phil


On Apr 5, 2016, at 18:59, Hardt, Dick <dick@amazon.com> = wrote:

Use case: An admin for an organization would like = to enable her users to access a SaaS application at her = IdP. 

 

User = experience: 

  1. Admin authenticates to IdP in = browser
  2. Admin selects SaaS app to federate with from list at = IdP
  3. IdP optionally presents config = options
  4. IdP redirects Admin to SaaS app
  5. Admin authenticates to SaaS app
  6. SaaS app optionally gathers config = options
  7. SaaS app redirects admin to IdP
  8. IdP confirms successful federation =3D> OIDC / SAML and = SCIM are now configured and working between IdP and SaaS = App

Who else is interested in solving = this?

 

Is there interest in working on this in either = SCIM or OAUTH Wgs?

 

Any one in BA interested in meeting on this topic = this week?

 

=E2=80=94 = Dick

_______________________________________________scim mailing list
scim@ietf.org
https://www.ietf.org/= mailman/listinfo/scim

<= /div>
------=_NextPart_000_0036_01D19028.0BC73030-- From nobody Wed Apr 6 04:57:50 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6736112D9B3; Wed, 6 Apr 2016 04:57:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.013 X-Spam-Level: X-Spam-Status: No, score=-0.013 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id as4mZqfsjGg9; Wed, 6 Apr 2016 04:57:46 -0700 (PDT) Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0131.outbound.protection.outlook.com [65.55.169.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7FCC12D9AE; Wed, 6 Apr 2016 04:57:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=mxFp689hcViSh9Tu47qqS1wCFSYg877QgoUwOTb3cCY=; b=NcKGIRGBolbqv0rqnjtWyn7tNprm3OCc2FZVBq4NvllPUmBd5/nEGFxmq7GBacCX/4g+EaKx4Y4ZVHNdmdEc6ObsnoSRxSIBtDXCkOqr30nLAoLXCqeMSZZrjV6isQAihg217b5ykobj/7K0YX+ittsHNZiwSMsE76/sbfhQmIQ= Received: from BN3PR0301MB1234.namprd03.prod.outlook.com (10.161.207.22) by BN3PR0301MB1236.namprd03.prod.outlook.com (10.161.207.24) with Microsoft SMTP Server (TLS) id 15.1.447.15; Wed, 6 Apr 2016 11:57:42 +0000 Received: from BN3PR0301MB1234.namprd03.prod.outlook.com ([10.161.207.22]) by BN3PR0301MB1234.namprd03.prod.outlook.com ([10.161.207.22]) with mapi id 15.01.0447.028; Wed, 6 Apr 2016 11:57:42 +0000 From: Anthony Nadalin To: Gil Kirkpatrick , 'Nat Sakimura' , "'Hardt, Dick'" , "'Phil Hunt (IDM)'" Thread-Topic: [scim] [OAUTH-WG] Simple Federation Deployment Thread-Index: AQHRj9RFOWfh1gvNgUKJY07K1Qps459812SH Date: Wed, 6 Apr 2016 11:57:42 +0000 Message-ID: References: <086477E4-5F4E-4C52-AC91-E26824A9FA7A@oracle.com> <78D87E6B-DBFE-46D9-B7FA-15201924DA12@amazon.com> <015501d18fd1$84935540$8db9ffc0$@nri.co.jp>, <003501d18fd4$3a199990$ae4cccb0$@viewds.com> In-Reply-To: <003501d18fd4$3a199990$ae4cccb0$@viewds.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: viewds.com; dkim=none (message not signed) header.d=none;viewds.com; dmarc=none action=none header.from=microsoft.com; x-originating-ip: [166.173.250.3] x-ms-office365-filtering-correlation-id: b3d9fc6e-abb3-4195-4254-08d35e12a918 x-microsoft-exchange-diagnostics: 1; BN3PR0301MB1236; 5:9e/MBfww4NN4g494MQdDtbZbnANfAMhz8dOi5m7lA1H7/koMoappqwoljxdmQursdvIRwBLZHpO+Cg/yxH6qJWrNOT8Mnxj1XqtKqAVBXI7OmS8s/7HD5aaLxKKi8sHFjPhgTGffZV7atgtHFpUsRg==; 24:HtUNKR3XZjGE03xKW6luQnHFWHSGpxIAqBBeWt0xRfLW//Dpf0uv9tO8Ez1VKzbnC7Y3hiWQ2Ny0XsAcXUP3hXoRU9FwPjBvpXcD91c+ZBk= x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN3PR0301MB1236; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026)(61426038)(61427038); SRVR:BN3PR0301MB1236; BCL:0; PCL:0; RULEID:; SRVR:BN3PR0301MB1236; x-forefront-prvs: 0904004ECB x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(24454002)(377454003)(11100500001)(50986999)(189998001)(10290500002)(19625215002)(3900700001)(76176999)(122556002)(9886003)(81166005)(86362001)(93886004)(10400500002)(54356999)(86612001)(66066001)(5005710100001)(3846002)(586003)(1096002)(1220700001)(5001770100001)(102836003)(5004730100002)(3660700001)(6116002)(74316001)(33656002)(3280700002)(19580395003)(19617315012)(5003600100002)(19580405001)(4326007)(5008740100001)(106116001)(2906002)(5002640100001)(92566002)(99286002)(8990500004)(2900100001)(15975445007)(10090500001)(16236675004)(76576001)(87936001)(2950100001)(77096005)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0301MB1236; H:BN3PR0301MB1234.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; spamdiagnosticoutput: 1:23 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_BN3PR0301MB1234F430620D534738AA233AA69F0BN3PR0301MB1234_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Apr 2016 11:57:42.6389 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0301MB1236 Archived-At: Cc: "scim@ietf.org" , "oauth@ietf.org" Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2016 11:57:49 -0000 --_000_BN3PR0301MB1234F430620D534738AA233AA69F0BN3PR0301MB1234_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I would be interested also Sent from my Windows 10 phone From: Gil Kirkpatrick Sent: Wednesday, April 6, 2016 4:16 AM To: 'Nat Sakimura'; 'Hardt, Dick'; 'Phil Hunt (IDM)' Cc: scim@ietf.org; oauth@ietf.org Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment That's an issue we're facing as well. Definitely interested. -gil From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Nat Sakimura Sent: Wednesday, April 6, 2016 4:57 PM To: 'Hardt, Dick' ; 'Phil Hunt (IDM)' Cc: scim@ietf.org; oauth@ietf.org Subject: Re: [OAUTH-WG] [scim] Simple Federation Deployment +1 for removing the manual cut-n-pastes! Nat -- PLEASE READ :This e-mail is confidential and intended for the named recipient only. If you are not an intended recipient, please notify the sender and delete this e-mail. From: scim [mailto:scim-bounces@ietf.org] On Behalf Of Hardt, Dick Sent: Wednesday, April 6, 2016 7:26 AM To: Phil Hunt (IDM) > Cc: scim@ietf.org; oauth@ietf.org Subject: Re: [scim] Simple Federation Deployment I'm talking about removing manual steps in what happens today where configu= ring a SaaS app at an IdP (such as Google, Azure, Ping, Octa) requires is a= bunch of cutting and pasting of access tokens / keys / certs and doing a b= unch of config that is error prone and unique for each relationship. Don't want to solve on the thread ... looking to see if there is interest! On 4/5/16, 7:11 PM, someone claiming to be "scim on behalf of Phil Hunt (ID= M)" on behalf of phil.= hunt@oracle.com> wrote: Is the idp the center of all things for these users? Usually you have a provisioning system that coordinates state and uses thin= gs like scim connectors to do this. Another approach from today would be to pass a scim event to the remote pro= vider which then decides what needs to be done to facilitate the thingd you= describe. Iow. Either the idp (sender) or the sp (receiver) have a provisioning syste= m to do this. The solution and the simplicity depends on where the control needs to be. Phil On Apr 5, 2016, at 18:59, Hardt, Dick > wrote: Use case: An admin for an organization would like to enable her users to ac= cess a SaaS application at her IdP. User experience: 1. Admin authenticates to IdP in browser 2. Admin selects SaaS app to federate with from list at IdP 3. IdP optionally presents config options 4. IdP redirects Admin to SaaS app 5. Admin authenticates to SaaS app 6. SaaS app optionally gathers config options 7. SaaS app redirects admin to IdP 8. IdP confirms successful federation =3D> OIDC / SAML and SCIM are now = configured and working between IdP and SaaS App Who else is interested in solving this? Is there interest in working on this in either SCIM or OAUTH Wgs? Any one in BA interested in meeting on this topic this week? - Dick _______________________________________________ scim mailing list scim@ietf.org https://www.ietf.org/mailman/listinfo/scim --_000_BN3PR0301MB1234F430620D534738AA233AA69F0BN3PR0301MB1234_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

I would be interested also

 

Sent from my Windows 10 phone

 

From: Gil Kirkpatrick
Sent: Wednesday, April 6, 2016 4:16 AM
To: 'Nat Sakimura'; 'Hardt, Dick'; 'Phil Hunt (IDM)= '
Cc: scim@ietf.org; oauth@ietf.org
Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment

 

That’s an issue we’re f= acing as well. Definitely interested.

 

-gil

 

From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Nat Sakimura
Sent: Wednesday, April 6, 2016 4:57 PM
To: 'Hardt, Dick' <dick@amazon.com>; 'Phil Hunt (IDM)' <phi= l.hunt@oracle.com>
Cc: scim@ietf.org; oauth@ietf.org
Subject: Re: [OAUTH-WG] [scim] Simple Federation Deployment

 

+1 for removing the manual cut-n-pastes!

 

Nat

 

--

PLEASE READ :This e-mail is c= onfidential and intended for the

named recipient only. If you = are not an intended recipient,

please notify the sender = ; and delete this e-mail.

 

From: scim [mailto:scim-bounces@ietf.o= rg] On Behalf Of Hardt, Dick
Sent: Wednesday, April 6, 2016 7:26 AM
To: Phil Hunt (IDM) <phil= .hunt@oracle.com>
Cc: scim@ietf.org; oauth@ietf.org
Subject: Re: [scim] Simple Federation Deployment

 

I’m talking abou= t removing manual steps in what happens today where configuring a SaaS app = at an IdP (such as Google, Azure, Ping, Octa) requires is a bunch of cutting and pasting of access tokens / keys / certs and doin= g a bunch of  config that is error prone and unique for each relations= hip.

 

Don’t want to so= lve on the thread … looking to see if there is interest!

 

On 4/5/16, 7:11 PM, so= meone claiming to be "scim on behalf of Phil Hunt (IDM)" <scim-bounces@ietf.org on behalf of phil.hunt@oracle.com<= /a>> wrote:

 

Is the idp the center = of all things for these users?

 

Usually you have a pro= visioning system that coordinates state and uses things like scim connector= s to do this. 

 

Another approach from = today would be to pass a scim event to the remote provider which then decid= es what needs to be done to facilitate the thingd you describe. 

 

Iow. Either the idp (s= ender) or the sp (receiver) have a provisioning system to do this. 

 

The solution and the s= implicity depends on where the control needs to be. 

Phil

Use case: An admin for= an organization would like to enable her users to access a SaaS applicatio= n at her IdP. 

 

User experience: =

  1. Admin authen= ticates to IdP in browser
  2. Admin selects SaaS app to federate with from list = at IdP
  3. IdP optionally presents config options
  4. IdP redirects Admin to SaaS ap= p
  5. Admin authenticates to SaaS app
  6. SaaS app optionally gathers config option= s
  7. SaaS app redirects admin to IdP
  8. IdP confirms successful federation =3D>= ; OIDC / SAML and SCIM are now configured and working between IdP and SaaS = App

Who else is interested= in solving this?

 

Is there interest in w= orking on this in either SCIM or OAUTH Wgs?

 

Any one in BA interest= ed in meeting on this topic this week?

 

— Dick

______________________= _________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim

--_000_BN3PR0301MB1234F430620D534738AA233AA69F0BN3PR0301MB1234_-- From nobody Wed Apr 6 05:52:43 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA70A12D0B5; Wed, 6 Apr 2016 05:52:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.841 X-Spam-Level: X-Spam-Status: No, score=-9.841 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JTjO1hh8ZA4j; Wed, 6 Apr 2016 05:52:38 -0700 (PDT) Received: from smtp-fw-6001.amazon.com (smtp-fw-6001.amazon.com [52.95.48.154]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0420B12D0AF; Wed, 6 Apr 2016 05:52:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1459947158; x=1491483158; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=A7HBODfRk59enhPLr3+Qlp8VXS3ihuVC8eCIcGkgWfY=; b=MpZLHRvfSXhn2J291tRjwNbNgLYc/DzJEwiG4VyKi9HfXD40ZFka5cdp gKahyIPsnMWwyuvspfozNNuXomAFK30Rwc+EYhyLPkQOQMBLk/52+RLTY mE6KSNZlZFSlwjZHfU/sfjUay0odZOvxCJXV4xrkxmGZxj3zNITsL3e0D k=; X-IronPort-AV: E=Sophos; i="5.24,447,1454976000"; d="scan'208,217"; a="80842596" Received: from iad12-co-svc-p1-lb1-vlan2.amazon.com (HELO email-inbound-relay-64014.pdx4.amazon.com) ([10.43.8.2]) by smtp-border-fw-out-6001.iad6.amazon.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 06 Apr 2016 12:52:35 +0000 Received: from ex10-hub-7001.ant.amazon.com (pdx1-ws-svc-lb16-vlan3.amazon.com [10.239.138.214]) by email-inbound-relay-64014.pdx4.amazon.com (8.14.7/8.14.7) with ESMTP id u36CqVl5001805 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 6 Apr 2016 12:52:34 GMT Received: from EX13D03UWA002.ant.amazon.com (10.43.160.144) by ex10-hub-7001.ant.amazon.com (10.43.103.49) with Microsoft SMTP Server (TLS) id 14.3.181.6; Wed, 6 Apr 2016 05:52:17 -0700 Received: from EX13D03UWA001.ant.amazon.com (10.43.160.141) by EX13D03UWA002.ant.amazon.com (10.43.160.144) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Wed, 6 Apr 2016 12:52:16 +0000 Received: from EX13D03UWA001.ant.amazon.com ([10.43.160.141]) by EX13D03UWA001.ant.amazon.com ([10.43.160.141]) with mapi id 15.00.1104.000; Wed, 6 Apr 2016 12:52:16 +0000 From: "Hardt, Dick" To: Anthony Nadalin Thread-Topic: [scim] [OAUTH-WG] Simple Federation Deployment Thread-Index: AQHRj/uJ5IZw0jcyTEuPMNzkcwLe5p985lMG Date: Wed, 6 Apr 2016 12:52:15 +0000 Message-ID: <9FD402E5-023E-408E-8DE4-BD8E86A7269F@amazon.com> References: <086477E4-5F4E-4C52-AC91-E26824A9FA7A@oracle.com> <78D87E6B-DBFE-46D9-B7FA-15201924DA12@amazon.com> <015501d18fd1$84935540$8db9ffc0$@nri.co.jp>, <003501d18fd4$3a199990$ae4cccb0$@viewds.com>, In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted Content-Type: multipart/alternative; boundary="_000_9FD402E5023E408E8DE4BD8E86A7269Famazoncom_" MIME-Version: 1.0 Archived-At: Cc: "scim@ietf.org" , Gil Kirkpatrick , Nat Sakimura , "oauth@ietf.org" , "Phil Hunt \(IDM\)" Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2016 12:52:41 -0000 --_000_9FD402E5023E408E8DE4BD8E86A7269Famazoncom_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Sounds like there is interest. SCIM or OAUTH? -- Dick On Apr 6, 2016, at 8:57 AM, Anthony Nadalin > wrote: I would be interested also Sent from my Windows 10 phone From: Gil Kirkpatrick Sent: Wednesday, April 6, 2016 4:16 AM To: 'Nat Sakimura'; 'Hardt, Dick'; 'Phil Hunt (IDM)' Cc: scim@ietf.org; oauth@ietf.org Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment That's an issue we're facing as well. Definitely interested. -gil From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Nat Sakimura Sent: Wednesday, April 6, 2016 4:57 PM To: 'Hardt, Dick' >; 'Phil Hunt (ID= M)' > Cc: scim@ietf.org; oauth@ietf.org Subject: Re: [OAUTH-WG] [scim] Simple Federation Deployment +1 for removing the manual cut-n-pastes! Nat -- PLEASE READ :This e-mail is confidential and intended for the named recipient only. If you are not an intended recipient, please notify the sender and delete this e-mail. From: scim [mailto:scim-bounces@ietf.org] On Behalf Of Hardt, Dick Sent: Wednesday, April 6, 2016 7:26 AM To: Phil Hunt (IDM) > Cc: scim@ietf.org; oauth@ietf.org Subject: Re: [scim] Simple Federation Deployment I'm talking about removing manual steps in what happens today where configu= ring a SaaS app at an IdP (such as Google, Azure, Ping, Octa) requires is a= bunch of cutting and pasting of access tokens / keys / certs and doing a b= unch of config that is error prone and unique for each relationship. Don't want to solve on the thread ... looking to see if there is interest! On 4/5/16, 7:11 PM, someone claiming to be "scim on behalf of Phil Hunt (ID= M)" on behalf of phil.= hunt@oracle.com> wrote: Is the idp the center of all things for these users? Usually you have a provisioning system that coordinates state and uses thin= gs like scim connectors to do this. Another approach from today would be to pass a scim event to the remote pro= vider which then decides what needs to be done to facilitate the thingd you= describe. Iow. Either the idp (sender) or the sp (receiver) have a provisioning syste= m to do this. The solution and the simplicity depends on where the control needs to be. Phil On Apr 5, 2016, at 18:59, Hardt, Dick > wrote: Use case: An admin for an organization would like to enable her users to ac= cess a SaaS application at her IdP. User experience: 1. Admin authenticates to IdP in browser 2. Admin selects SaaS app to federate with from list at IdP 3. IdP optionally presents config options 4. IdP redirects Admin to SaaS app 5. Admin authenticates to SaaS app 6. SaaS app optionally gathers config options 7. SaaS app redirects admin to IdP 8. IdP confirms successful federation =3D> OIDC / SAML and SCIM are now = configured and working between IdP and SaaS App Who else is interested in solving this? Is there interest in working on this in either SCIM or OAUTH Wgs? Any one in BA interested in meeting on this topic this week? - Dick _______________________________________________ scim mailing list scim@ietf.org https://www.ietf.org/mailman/listinfo/scim --_000_9FD402E5023E408E8DE4BD8E86A7269Famazoncom_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Sounds like there is interest.

SCIM or OAUTH?

-- Dick

On Apr 6, 2016, at 8:57 AM, Anthony Nadalin <tonynad@microsoft.com> wrote:

I would be interested also

 

Sent from my Windows 10 phone

 

From: Gil Kirkpatrick
Sent: Wednesday, April 6, 2016 4:16 AM
To: 'Nat Sakimura'; 'Hardt, Dick'; 'Phil Hunt (IDM)= '
Cc: scim@ietf.org; oauth@ietf.org
Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment

 

That’s an issue we’re f= acing as well. Definitely interested.

 

-gil

 

From: OAuth [mailto:oauth-bounces@iet= f.org] On Behalf Of Nat Sakimura
Sent: Wednesday, April 6, 2016 4:57 PM
To: 'Hardt, Dick' <dick@amazon= .com>; 'Phil Hunt (IDM)' <phil.hunt@oracle.com>
Cc: scim@ietf.org; oauth@ietf.org
Subject: Re: [OAUTH-WG] [scim] Simple Federation Deployment

 

+1 for removing the manual cut-n-pastes!

 

Nat

 

--

PLEASE READ :This e-mail is c= onfidential and intended for the

named recipient only. If you = are not an intended recipient,

please notify the sender = ; and delete this e-mail.

 

From: scim [mailto:scim-bounces@ietf.o= rg] On Behalf Of Hardt, Dick
Sent: Wednesday, April 6, 2016 7:26 AM
To: Phil Hunt (IDM) <phil= .hunt@oracle.com>
Cc: scim@ietf.org; oauth@ietf.org
Subject: Re: [scim] Simple Federation Deployment

 

I’m talking abou= t removing manual steps in what happens today where configuring a SaaS app = at an IdP (such as Google, Azure, Ping, Octa) requires is a bunch of cutting and pasting of access tokens / keys / certs and doin= g a bunch of  config that is error prone and unique for each relations= hip.

 

Don’t want to so= lve on the thread … looking to see if there is interest!

 

On 4/5/16, 7:11 PM, so= meone claiming to be "scim on behalf of Phil Hunt (IDM)" <scim-bounces@ietf.org on behalf of phil.hunt@oracle.com<= /a>> wrote:

 

Is the idp the center = of all things for these users?

 

Usually you have a pro= visioning system that coordinates state and uses things like scim connector= s to do this. 

 

Another approach from = today would be to pass a scim event to the remote provider which then decid= es what needs to be done to facilitate the thingd you describe. 

 

Iow. Either the idp (s= ender) or the sp (receiver) have a provisioning system to do this. 

 

The solution and the s= implicity depends on where the control needs to be. 

Phil

Use case: An admin for= an organization would like to enable her users to access a SaaS applicatio= n at her IdP. 

 

User experience: =

  1. Admin authen= ticates to IdP in browser
  2. Admin selects SaaS app to federate with from list = at IdP
  3. IdP optionally presents config options
  4. IdP redirects Admin to SaaS ap= p
  5. Admin authenticates to SaaS app
  6. SaaS app optionally gathers config option= s
  7. SaaS app redirects admin to IdP
  8. IdP confirms successful federation =3D>= ; OIDC / SAML and SCIM are now configured and working between IdP and SaaS = App

Who else is interested= in solving this?

 

Is there interest in w= orking on this in either SCIM or OAUTH Wgs?

 

Any one in BA interest= ed in meeting on this topic this week?

 

— Dick

______________________= _________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim

--_000_9FD402E5023E408E8DE4BD8E86A7269Famazoncom_-- From nobody Wed Apr 6 05:59:58 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF1EC12D1A2; Wed, 6 Apr 2016 05:59:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.758 X-Spam-Level: X-Spam-Status: No, score=0.758 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_WEB=0.77, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bd-q0PE35TiV; Wed, 6 Apr 2016 05:59:51 -0700 (PDT) Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0730.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:730]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0D2112D167; Wed, 6 Apr 2016 05:59:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=HSCYcZA7F8EIO1c5UUs2E+lR6WET1DYwPUVObkyo6ts=; b=bMFL2flwrSX3JG45HKg5cwRzNKFmIuJjLJQHdcl4M5SinGkjmoywUz266eOg6hK96YUqBqyxLi7zazR9Mq0RUBki5efHPAdGPYO/Qvl12vB9JCGKKfad7Ip2eH5GHuFHhQx94P7LPqRIS+dIBE5WVLpDHHg4cEfB9TnB9jBxmec= Received: from BN3PR0301MB1234.namprd03.prod.outlook.com (10.161.207.22) by BN3PR0301MB1236.namprd03.prod.outlook.com (10.161.207.24) with Microsoft SMTP Server (TLS) id 15.1.447.15; Wed, 6 Apr 2016 12:59:29 +0000 Received: from BN3PR0301MB1234.namprd03.prod.outlook.com ([10.161.207.22]) by BN3PR0301MB1234.namprd03.prod.outlook.com ([10.161.207.22]) with mapi id 15.01.0447.028; Wed, 6 Apr 2016 12:59:29 +0000 From: Anthony Nadalin To: "Hardt, Dick" Thread-Topic: [scim] [OAUTH-WG] Simple Federation Deployment server to server Thread-Index: AdGQBBeiw/sZG2O0RIq93JZJe7cKvw== Date: Wed, 6 Apr 2016 12:59:29 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: amazon.com; dkim=none (message not signed) header.d=none;amazon.com; dmarc=none action=none header.from=microsoft.com; x-originating-ip: [200.127.148.163] x-ms-office365-filtering-correlation-id: d18e0383-77f6-4350-3218-08d35e1b4a5b x-microsoft-exchange-diagnostics: 1; BN3PR0301MB1236; 5:4yOHmJeMmDBtXKoLe902UZQhhc7/bn+/M23cDPsR4EOzfrBSQh7QLYvtaAwXl4dCrv6DwTJJ8j9K9MMXlDr3upOgXQmKX5XwWaWcRHpNY6dXsSZMFf5yojgL5QvX2EBxE8mVF+NaOyLu11hFigV5mA==; 24:l4pex4yp9/ZhvhJqhgfy70CJ3xVhQdVp1CyxfOTcB5KcV96vX8awg0DvkQlpjEMuU6wJon+gVFoe7iNHiivsmFYk+PGZWBnWvzgoqE7x0gU= x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN3PR0301MB1236; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026)(61426038)(61427038); SRVR:BN3PR0301MB1236; BCL:0; PCL:0; RULEID:; SRVR:BN3PR0301MB1236; x-forefront-prvs: 0904004ECB x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(24454002)(377454003)(11100500001)(50986999)(3900700001)(10290500002)(189998001)(19625215002)(122556002)(81166005)(10400500002)(54356999)(86362001)(86612001)(66066001)(5005710100001)(3846002)(586003)(1096002)(1220700001)(5004730100002)(19300405004)(790700001)(3660700001)(6116002)(102836003)(74316001)(33656002)(110136002)(3280700002)(19580395003)(19617315012)(5003600100002)(19580405001)(4326007)(5008740100001)(5002640100001)(2906002)(92566002)(99286002)(8990500004)(2900100001)(15975445007)(10090500001)(16236675004)(76576001)(87936001)(77096005)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0301MB1236; H:BN3PR0301MB1234.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; spamdiagnosticoutput: 1:23 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_BN3PR0301MB1234A5846EE0DAC385493563A69F0BN3PR0301MB1234_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Apr 2016 12:59:29.2115 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0301MB1236 Archived-At: Cc: "scim@ietf.org" , Gil Kirkpatrick , Nat Sakimura , "oauth@ietf.org" , "Phil Hunt \(IDM\)" Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment server to server X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2016 12:59:55 -0000 --_000_BN3PR0301MB1234A5846EE0DAC385493563A69F0BN3PR0301MB1234_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Good question, since SCIM does not really provide an authorization model an= d Oauth does not do provisioning this is sort of caught in the middle, so i= f I had to pick I would pick Oauth as this is a generic server to server is= sue From: Hardt, Dick [mailto:dick@amazon.com] Sent: Wednesday, April 6, 2016 5:52 AM To: Anthony Nadalin Cc: Gil Kirkpatrick ; Nat Sakimura ; Phil Hunt (IDM) ; scim@ietf.org; oauth@ie= tf.org Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment Sounds like there is interest. SCIM or OAUTH? -- Dick On Apr 6, 2016, at 8:57 AM, Anthony Nadalin > wrote: I would be interested also Sent from my Windows 10 phone From: Gil Kirkpatrick Sent: Wednesday, April 6, 2016 4:16 AM To: 'Nat Sakimura'; 'Hardt, Dick'; 'Phil Hunt (IDM)' Cc: scim@ietf.org; oauth@ietf.org Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment That's an issue we're facing as well. Definitely interested. -gil From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Nat Sakimura Sent: Wednesday, April 6, 2016 4:57 PM To: 'Hardt, Dick' >; 'Phil Hunt (ID= M)' > Cc: scim@ietf.org; oauth@ietf.org Subject: Re: [OAUTH-WG] [scim] Simple Federation Deployment +1 for removing the manual cut-n-pastes! Nat -- PLEASE READ :This e-mail is confidential and intended for the named recipient only. If you are not an intended recipient, please notify the sender and delete this e-mail. From: scim [mailto:scim-bounces@ietf.org] On Behalf Of Hardt, Dick Sent: Wednesday, April 6, 2016 7:26 AM To: Phil Hunt (IDM) > Cc: scim@ietf.org; oauth@ietf.org Subject: Re: [scim] Simple Federation Deployment I'm talking about removing manual steps in what happens today where configu= ring a SaaS app at an IdP (such as Google, Azure, Ping, Octa) requires is a= bunch of cutting and pasting of access tokens / keys / certs and doing a b= unch of config that is error prone and unique for each relationship. Don't want to solve on the thread ... looking to see if there is interest! On 4/5/16, 7:11 PM, someone claiming to be "scim on behalf of Phil Hunt (ID= M)" on behalf of phil.= hunt@oracle.com> wrote: Is the idp the center of all things for these users? Usually you have a provisioning system that coordinates state and uses thin= gs like scim connectors to do this. Another approach from today would be to pass a scim event to the remote pro= vider which then decides what needs to be done to facilitate the thingd you= describe. Iow. Either the idp (sender) or the sp (receiver) have a provisioning syste= m to do this. The solution and the simplicity depends on where the control needs to be. Phil On Apr 5, 2016, at 18:59, Hardt, Dick > wrote: Use case: An admin for an organization would like to enable her users to ac= cess a SaaS application at her IdP. User experience: 1. Admin authenticates to IdP in browser 2. Admin selects SaaS app to federate with from list at IdP 3. IdP optionally presents config options 4. IdP redirects Admin to SaaS app 5. Admin authenticates to SaaS app 6. SaaS app optionally gathers config options 7. SaaS app redirects admin to IdP 8. IdP confirms successful federation =3D> OIDC / SAML and SCIM are now = configured and working between IdP and SaaS App Who else is interested in solving this? Is there interest in working on this in either SCIM or OAUTH Wgs? Any one in BA interested in meeting on this topic this week? - Dick _______________________________________________ scim mailing list scim@ietf.org https://www.ietf.org/mailman/listinfo/scim --_000_BN3PR0301MB1234A5846EE0DAC385493563A69F0BN3PR0301MB1234_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Good question, since SCIM does not really provide an= authorization model and Oauth does not do provisioning this is sort of cau= ght in the middle, so if I had to pick I would pick Oauth as this is a gene= ric server to server issue

 

From: Hardt, Dick [mailto:dick@amazon.com] Sent: Wednesday, April 6, 2016 5:52 AM
To: Anthony Nadalin <tonynad@microsoft.com>
Cc: Gil Kirkpatrick <gil.kirkpatrick@viewds.com>; Nat Sakimura= <n-sakimura@nri.co.jp>; Phil Hunt (IDM) <phil.hunt@oracle.com>= ; scim@ietf.org; oauth@ietf.org
Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment

 

Sounds like there is interest.

 

SCIM or OAUTH?

-- Dick


On Apr 6, 2016, at 8:57 AM, Anthony Nadalin <tonynad@microsoft.com> wrote:

I would be interested also

 

Sent from my Windows 10 phone

 

From: Gil Kirkpatrick
Sent: Wednesday, April 6, 2016 4:16 AM
To: 'Nat Sakimura'; 'Hardt, Dick'; 'Phil Hunt (IDM)= '
Cc: scim@ietf.org; oauth@ietf.org
Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment

 

That’s an issue = we’re facing as well. Definitely interested.

 

-gil=

 

From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Nat Sakimura
Sent: Wednesday, April 6, 2016 4:57 PM
To: 'Hardt, Dick' <dick@amazon= .com>; 'Phil Hunt (IDM)' <phil.hunt@oracle.com>
Cc: scim@ietf.org; oauth@ietf.org
Subject: Re: [OAUTH-WG] [scim] Simple Federation Deployment

 

+1 for removing the manual cut-n-pa= stes!

 

Nat

 

--

PLEASE READ :This e-mail is confidential and i= ntended for the

named recipient only. If you are not an intend= ed recipient,

please notify the sender  and delete this= e-mail.

 

From: scim [mailto:scim-bounces@ietf.org] On Behalf Of Hardt, Dick
Sent: Wednesday, April 6, 2016 7:26 AM
To: Phil Hunt (IDM) <phil= .hunt@oracle.com>
Cc: scim@ietf.org; oauth@ietf.org
Subject: Re: [scim] Simple Federation Deployment

 

I’= ;m talking about removing manual steps in what happens today where configur= ing a SaaS app at an IdP (such as Google, Azure, Ping, Octa) requires is a = bunch of cutting and pasting of access tokens / keys / certs and doing a bunch of  config that is error prone and u= nique for each relationship.

 <= /span>

DonR= 17;t want to solve on the thread … looking to see if there is interes= t!

 <= /span>

On 4/5/= 16, 7:11 PM, someone claiming to be "scim on behalf of Phil Hunt (IDM)= " <scim-bounces@ietf.org on behalf of phil.hunt@oracle.com> wrote:=

 <= /span>

Is the = idp the center of all things for these users?

 <= /span>

Usually= you have a provisioning system that coordinates state and uses things like= scim connectors to do this. 

 <= /span>

Another= approach from today would be to pass a scim event to the remote provider w= hich then decides what needs to be done to facilitate the thingd you descri= be. 

 <= /span>

Iow. Ei= ther the idp (sender) or the sp (receiver) have a provisioning system to do= this. 

 <= /span>

The sol= ution and the simplicity depends on where the control needs to be. 
Phil


On Apr 5, 2016, at 18:59, Hardt, Dick <dick@amazon.com> wrote:

Use cas= e: An admin for an organization would like to enable her users to access a = SaaS application at her IdP. 

 <= /span>

User ex= perience: 

  1. Admin authenticates to IdP in browser
  2. Admin selects SaaS app to federate= with from list at IdP
  3. I= dP optionally presents config options
  4. IdP redirects Admin to SaaS app
  5. Admin authenticates to SaaS app
  6. SaaS app optionally gathers config options
  7. SaaS app redirects admin to = IdP
  8. IdP confirms successf= ul federation =3D> OIDC / SAML and SCIM are now configured and working b= etween IdP and SaaS App

Who els= e is interested in solving this?

 <= /span>

Is ther= e interest in working on this in either SCIM or OAUTH Wgs?

 <= /span>

Any one= in BA interested in meeting on this topic this week?

 <= /span>

—= Dick

_______= ________________________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim

--_000_BN3PR0301MB1234A5846EE0DAC385493563A69F0BN3PR0301MB1234_-- From nobody Wed Apr 6 06:02:01 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B4F6127058; Wed, 6 Apr 2016 06:02:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.221 X-Spam-Level: X-Spam-Status: No, score=-2.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fNi5NDywULpy; Wed, 6 Apr 2016 06:01:56 -0700 (PDT) Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34A1812D0C7; Wed, 6 Apr 2016 06:01:56 -0700 (PDT) Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u36D1rgs001370 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 6 Apr 2016 13:01:54 GMT Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by aserv0021.oracle.com (8.13.8/8.13.8) with ESMTP id u36D1rUB025251 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 6 Apr 2016 13:01:53 GMT Received: from abhmp0011.oracle.com (abhmp0011.oracle.com [141.146.116.17]) by aserv0121.oracle.com (8.13.8/8.13.8) with ESMTP id u36D1reU027201; Wed, 6 Apr 2016 13:01:53 GMT Received: from dhcp-a0b5.meeting.ietf.org (/31.133.160.181) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 06 Apr 2016 06:01:51 -0700 Content-Type: multipart/alternative; boundary="Apple-Mail=_6F784970-221A-49B5-B21B-6C0A3490A0AA" Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\)) From: Phil Hunt In-Reply-To: <9FD402E5-023E-408E-8DE4-BD8E86A7269F@amazon.com> Date: Wed, 6 Apr 2016 10:01:48 -0300 Message-Id: <5E96CC5B-1336-4A38-85A2-89D579A34442@oracle.com> References: <086477E4-5F4E-4C52-AC91-E26824A9FA7A@oracle.com> <78D87E6B-DBFE-46D9-B7FA-15201924DA12@amazon.com> <015501d18fd1$84935540$8db9ffc0$@nri.co.jp> <003501d18fd4$3a199990$ae4cccb0$@viewds.com> <9FD402E5-023E-408E-8DE4-BD8E86A7269F@amazon.com> To: "Hardt, Dick" X-Mailer: Apple Mail (2.3112) X-Source-IP: aserv0021.oracle.com [141.146.126.233] Archived-At: Cc: Tony Nadalin , Gil Kirkpatrick , Nat Sakimura , "oauth@ietf.org" , "scim@ietf.org" Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2016 13:02:00 -0000 --Apple-Mail=_6F784970-221A-49B5-B21B-6C0A3490A0AA Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 I think it is worth discussing in oauth wg. While SCIM has issues, I think it represents a broader use case that = other applications have that are deployed widely. Phil @independentid www.independentid.com = phil.hunt@oracle.com = > On Apr 6, 2016, at 9:52 AM, Hardt, Dick wrote: >=20 > Sounds like there is interest. >=20 > SCIM or OAUTH? >=20 > -- Dick >=20 > On Apr 6, 2016, at 8:57 AM, Anthony Nadalin > wrote: >=20 >> I would be interested also >> =20 >> Sent from my Windows 10 phone >> =20 >> From: Gil Kirkpatrick >> Sent: Wednesday, April 6, 2016 4:16 AM >> To: 'Nat Sakimura' ; 'Hardt, Dick' = ; 'Phil Hunt (IDM)' = >> Cc: scim@ietf.org ; oauth@ietf.org = >> Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment >> =20 >> That=E2=80=99s an issue we=E2=80=99re facing as well. Definitely = interested. >> =20 >> -gil >> =20 >> From: OAuth [mailto:oauth-bounces@ietf.org = ] On Behalf Of Nat Sakimura >> Sent: Wednesday, April 6, 2016 4:57 PM >> To: 'Hardt, Dick' >; 'Phil = Hunt (IDM)' > >> Cc: scim@ietf.org ; oauth@ietf.org = >> Subject: Re: [OAUTH-WG] [scim] Simple Federation Deployment >> =20 >> +1 for removing the manual cut-n-pastes! <> >> =20 >> Nat >> =20 >> -- >> PLEASE READ :This e-mail is confidential and intended for the >> named recipient only. If you are not an intended recipient, >> please notify the sender and delete this e-mail. >> =20 >> From: scim [mailto:scim-bounces@ietf.org = ] On Behalf Of Hardt, Dick >> Sent: Wednesday, April 6, 2016 7:26 AM >> To: Phil Hunt (IDM) > >> Cc: scim@ietf.org ; oauth@ietf.org = >> Subject: Re: [scim] Simple Federation Deployment >> =20 >> I=E2=80=99m talking about removing manual steps in what happens today = where configuring a SaaS app at an IdP (such as Google, Azure, Ping, = Octa) requires is a bunch of cutting and pasting of access tokens / keys = / certs and doing a bunch of config that is error prone and unique for = each relationship. >> =20 >> Don=E2=80=99t want to solve on the thread =E2=80=A6 looking to see if = there is interest! >> =20 >> On 4/5/16, 7:11 PM, someone claiming to be "scim on behalf of Phil = Hunt (IDM)" on = behalf of phil.hunt@oracle.com > wrote: >> =20 >> Is the idp the center of all things for these users? >> =20 >> Usually you have a provisioning system that coordinates state and = uses things like scim connectors to do this.=20 >> =20 >> Another approach from today would be to pass a scim event to the = remote provider which then decides what needs to be done to facilitate = the thingd you describe.=20 >> =20 >> Iow. Either the idp (sender) or the sp (receiver) have a provisioning = system to do this.=20 >> =20 >> The solution and the simplicity depends on where the control needs to = be.=20 >>=20 >> Phil >>=20 >> On Apr 5, 2016, at 18:59, Hardt, Dick > wrote: >>=20 >> Use case: An admin for an organization would like to enable her users = to access a SaaS application at her IdP.=20 >> =20 >> User experience:=20 >> Admin authenticates to IdP in browser >> Admin selects SaaS app to federate with from list at IdP >> IdP optionally presents config options >> IdP redirects Admin to SaaS app >> Admin authenticates to SaaS app >> SaaS app optionally gathers config options >> SaaS app redirects admin to IdP >> IdP confirms successful federation =3D> OIDC / SAML and SCIM are now = configured and working between IdP and SaaS App >> Who else is interested in solving this? >> =20 >> Is there interest in working on this in either SCIM or OAUTH Wgs? >> =20 >> Any one in BA interested in meeting on this topic this week? >> =20 >> =E2=80=94 Dick >> _______________________________________________ >> scim mailing list >> scim@ietf.org >> https://www.ietf.org/mailman/listinfo/scim = --Apple-Mail=_6F784970-221A-49B5-B21B-6C0A3490A0AA Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 I think it is worth discussing in oauth wg.

While = SCIM has issues, I think it represents a broader use case that other = applications have that are deployed widely.

Phil



On Apr 6, 2016, at 9:52 AM, Hardt, Dick <dick@amazon.com> = wrote:

Sounds like there is = interest.

SCIM or = OAUTH?

-- Dick

On Apr 6, = 2016, at 8:57 AM, Anthony Nadalin <tonynad@microsoft.com> = wrote:

I would = be interested also

 

Sent from = my Windows 10 phone

 

From: Gil Kirkpatrick
Sent: Wednesday, April 6, = 2016 4:16 AM
To: 'Nat Sakimura'; 'Hardt, Dick'; 'Phil Hunt (IDM)'
Cc: scim@ietf.org; oauth@ietf.org
Subject: Re: [scim] [OAUTH-WG] = Simple Federation Deployment

 

That=E2=80=99s an issue = we=E2=80=99re facing as well. Definitely interested.

 

-gil

 

From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf = Of Nat Sakimura
Sent: Wednesday, April 6, 2016 = 4:57 PM
To: 'Hardt, Dick' <dick@amazon.com>; 'Phil = Hunt (IDM)' <phil.hunt@oracle.com>
Cc: scim@ietf.org; oauth@ietf.org
Subject: Re: [OAUTH-WG] [scim] = Simple Federation Deployment

 

 

Nat

 

--
PLEASE READ :This e-mail is = confidential and intended for the
named recipient only. = If you are not an intended recipient,
please notify the = sender  and delete this e-mail.

 

From: scim [mailto:scim-bounces@ietf.org] On Behalf = Of Hardt, Dick
Sent: Wednesday, April 6, 2016 = 7:26 AM
To: Phil Hunt (IDM) <phil.hunt@oracle.com>
Cc: scim@ietf.org; oauth@ietf.org
Subject: Re: [scim] Simple = Federation Deployment

 

I=E2=80=99m = talking about removing manual steps in what happens today where = configuring a SaaS app at an IdP (such as Google, Azure, Ping, Octa) = requires is a bunch of cutting and pasting of access tokens / keys / = certs and doing a bunch of  config that is error prone and unique = for each relationship.

 

Don=E2=80=99t want to solve on the = thread =E2=80=A6 looking to see if there is = interest!

 

On 4/5/16, 7:11 PM, someone claiming to be "scim = on behalf of Phil Hunt (IDM)" <scim-bounces@ietf.org on behalf of phil.hunt@oracle.com> = wrote:

 

Is the idp the = center of all things for these users?
 

Usually you have a provisioning system = that coordinates state and uses things like scim connectors to do = this. 

 

Another approach from today would be to pass a scim event to = the remote provider which then decides what needs to be done to = facilitate the thingd you describe. 

 

Iow. Either the idp (sender) or the sp = (receiver) have a provisioning system to do = this. 

 

The solution and the simplicity depends on where the control = needs to be. 

Phil


On Apr 5, = 2016, at 18:59, Hardt, Dick <dick@amazon.com> wrote:

Use case: An admin for an organization would = like to enable her users to access a SaaS application at her = IdP. 

 

User experience: 
  1. Admin authenticates to IdP in browser
  2. Admin selects SaaS app to federate with from list at = IdP
  3. IdP optionally presents config = options
  4. IdP redirects Admin to SaaS app
  5. Admin authenticates to SaaS app
  6. SaaS app optionally gathers config options
  7. SaaS app redirects admin to IdP
  8. IdP confirms successful federation =3D> OIDC / SAML and = SCIM are now configured and working between IdP and SaaS = App
Who else is interested in solving = this?

 

Is there interest in working on this in either SCIM or OAUTH = Wgs?

 

Any one in BA interested in meeting on this topic this = week?

 

=E2=80=94 = Dick
_______________________________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim

= --Apple-Mail=_6F784970-221A-49B5-B21B-6C0A3490A0AA-- From daniel.gioulakis@powerdms.com Wed Mar 30 03:44:28 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7B5612D5D8 for ; Wed, 30 Mar 2016 03:44:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.59 X-Spam-Level: X-Spam-Status: No, score=-2.59 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=powerdms-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7FaAYSB9l_2j for ; Wed, 30 Mar 2016 03:44:26 -0700 (PDT) Received: from mail-yw0-x22a.google.com (mail-yw0-x22a.google.com [IPv6:2607:f8b0:4002:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F73012D56F for ; Wed, 30 Mar 2016 03:44:26 -0700 (PDT) Received: by mail-yw0-x22a.google.com with SMTP id h65so52732773ywe.0 for ; Wed, 30 Mar 2016 03:44:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=powerdms-com.20150623.gappssmtp.com; s=20150623; h=mime-version:date:message-id:subject:from:to; bh=UpY7xHuhm+zrl2QTelQiInUFJss3LhxWYQOFeY95k+U=; b=l2ve1VYu9SL/CcQ8fLa/8L8mU/gtRLZPpXjDH6N3yagy39s+coE95aI6Vgzf1Z+bhT KxRHzYYW85qh8teE5ARkmf4aQ7qeuEZ7opZLS8TOHrLOCY8B/gQeXjQUXPaQLbeFvZjw xAeD950WnSq2vPe0RS/CEjnj0+3KjbK3J0rmw9Wck6sXBM8kR5RBIJgiWFn54T/tgEal TEh/ilj9ZvLKxx2nptM1Yhnx3SoUqMRVu4DaFZQnz/+XjqSRb98wue0CI46IZmp3k+m8 KkT3TymrxUaKeTww8QT6BlR/1zBlice/qRCsYxxtVAs1Aj5IiAY4taZz1KYigMvR05fk XFBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to; bh=UpY7xHuhm+zrl2QTelQiInUFJss3LhxWYQOFeY95k+U=; b=XbW2mHrR2oU2UXu25MW5C6syMeI0rirv2O6c5kYlWLQYq34s5N8EVgR9fS/W0G58uD xwAB8584ORP7erwNY23fpU8zqatCyAv1AMaYcV42TPEeFoynqFcq8k6VFqGzijg2ar5y VivK3WcNTGUzl7IKTdPVohs+7tOemNQxw+Yhb9Xyh+zu4eJgjDO0k3LndlL/NBzFcBJX hmwRV/nH3Xg5DSrpmBI/1q+DBM+a/sjx+Rl6pCjQ/OQA7KdKzbrFOmSiOBceHaZZnHzX njS7bF6zySYZ+dyUctTZmga45QweuDST+UeS3FG2tGyAp9WjnFKKRB/ud2QX9V6vgKQW 8YkA== X-Gm-Message-State: AD7BkJK0JFYxBnpbFI1j/gjH7WYyitZ8k0iGqTe5Wu7EzvQ+8iA1pGRjGoyLiULcaiu1K6Szy1cXvf12HF+oxZiH MIME-Version: 1.0 X-Received: by 10.13.198.199 with SMTP id i190mr3397691ywd.255.1459334665723; Wed, 30 Mar 2016 03:44:25 -0700 (PDT) Received: by 10.129.84.197 with HTTP; Wed, 30 Mar 2016 03:44:25 -0700 (PDT) Date: Wed, 30 Mar 2016 12:44:25 +0200 Message-ID: From: Daniel Gioulakis To: scim@ietf.org Content-Type: multipart/alternative; boundary=001a114e430c5c1440052f41d44d Archived-At: X-Mailman-Approved-At: Wed, 06 Apr 2016 06:22:31 -0700 Subject: [scim] SCIM patch valuePath vs subAttr X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Mar 2016 10:45:49 -0000 --001a114e430c5c1440052f41d44d Content-Type: text/plain; charset=UTF-8 Hi, I'd like to confirm my interpretation of the SCIM specification regarding patch operation filters when a valuePath is specified without a subAttr and when one is specified with a subAttr after a grouping clause. The conversation around this originates in the Owin.Scim project at https://github.com/PowerDMS/Owin.Scim/issues/10. For indexing purposes, here is a copy of the original question and my response I'd like to assert is correct: *Question:* "On a patch remove operation with path:"emails[type eq "work"]" it removes the matching email complex attribute. On a patch remove operation with path:"emails.type eq "work" " it ALSO removes the matching email complex attribute. I was expecting it to clear the type sub-attribute, but the spec is not clear on how to handle this scenario." *My Response:* "Interesting ... I interpreted the spec as both of those are equal paths. In fact I intentionally normalize path/filters by injecting groupings [] where . are used to designate a sub-attribute filter vs a sub-attribute target property. In its current state, the path normalizer will take emails.type eq "work" and turn it into emails[type eq "work"] before being used by the lexer/parser to create an expression-tree predicate. It's my opinion that if you want to modify just the type sub-attribute you have to append it after the filter. Thus, to filter and modify email.type: emails[type eq "work"].type" To further clarify my understanding of the spec using the examples above, a patch remove operation with the above expressions would result in the following actions: > emails.type eq "work" -> will remove the entire email instance whose 'type' attribute satisfies the predicate > emails[type eq "work"].type -> will remove ONLY the email 'type' attribute, not the email instance Thanks for the assistance! Daniel Gioulakis -- *[image: http://www.powerdms.com/] * Daniel M Gioulakis | Software Architect | daniel.gioulakis@powerdms.com | 407.342.5927 --001a114e430c5c1440052f41d44d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi,

I'd like to confirm my interpre= tation of the SCIM specification regarding patch operation filters when a v= aluePath is specified without a subAttr and when one is specified with a su= bAttr after a grouping clause.

The conversation ar= ound this originates in the Owin.Scim project at=C2=A0https://github.com/PowerDMS/Owin.Sci= m/issues/10.=C2=A0 For indexing purposes, here is a copy of the origina= l question and my response I'd like to assert is correct:

Question:
"On a patc= h remove operation with path:"emails[type eq "work"]" i= t removes the matching email complex attribute.=C2=A0On a patch remove operation with path:"emails.type eq "work"= ; " it ALSO removes the matching email complex attribute. I was expect= ing it to clear the type sub-attribute, but the spec is not clear on how to= handle this scenario."

My Response:
"Interesting ... I interpreted the spec as= both of those are equal paths. In fact I intentionally normalize path/filt= ers by injecting groupings=C2=A0[]=C2=A0where= =C2=A0.=C2=A0are u= sed to designate a sub-attribute filter vs a sub-attribute target property.=

In its current = state, the path normalizer will take=C2=A0emails.type eq "work"=C2=A0and turn it into=C2=A0emails[type eq "work"]=C2=A0before being used by the lexer/parser to create an expression-tree = predicate.

It= 9;s my opinion that if you want to modify just the type sub-attribute you h= ave to append it after the filter.
Thus, to filter and modify email.type= :=C2=A0emails[type eq "work&qu= ot;].type"



To further cla= rify my understanding of the spec using the examples above, a patch remove = operation with the above expressions would result in the following actions:=
> emails.type eq "work" -> will remove the entir= e email instance whose 'type' attribute satisfies the predicate
> emails[type eq "work"].type -> will remove ONLY th= e email 'type' attribute, not the email instance


Thanks for the assistance!

D= aniel Gioulakis

--
<= div dir=3D"ltr">3D"http://www.powerdms.com/" =C2=A0<= a href=3D"https://www.facebook.com/PowerDMS" style=3D"color:rgb(17,85,204)"= target=3D"_blank">=C2=A0

Daniel M Gioulakis=C2=A0|=C2=A0Software Architect |=C2=A0daniel.gioulakis@powerdms.com=C2=A0| 407= .342.5927

--001a114e430c5c1440052f41d44d-- From nobody Wed Apr 6 06:22:36 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8E6912D506 for ; Wed, 6 Apr 2016 06:06:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.711 X-Spam-Level: X-Spam-Status: No, score=-0.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a3lpYkEr9P8c for ; Wed, 6 Apr 2016 06:06:43 -0700 (PDT) Received: from mail-io0-x22b.google.com (mail-io0-x22b.google.com [IPv6:2607:f8b0:4001:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4BFA12D532 for ; Wed, 6 Apr 2016 06:05:55 -0700 (PDT) Received: by mail-io0-x22b.google.com with SMTP id g185so54955886ioa.2 for ; Wed, 06 Apr 2016 06:05:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=5EoJG6lqVr/7q5hM8iN0V8Qjh4+mtTCz5ECGWPRcB4Q=; b=G+trvPveyRYz5O73qD70stRMB4z2ArXlrizdRvEyiVCX7wK1g5/zSvT84yQCrsdM9f IXr9NYU6Qhz5cDYWAijWvbHiC3PdDb4NG07Z0ZmVNY4rWCYj0WfcR875m27LtqKUW3wT d5zcRwAa5tcYXR/Gf1erDe2Rnw1p3JtXWVIuA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=5EoJG6lqVr/7q5hM8iN0V8Qjh4+mtTCz5ECGWPRcB4Q=; b=mVdpxRljAM41wklK0cdd8sS1sXkLe7uHoyf9HU0WwE73hwMJyI3aaTbeMsBlRAr2Ta eO3imMMSQDegSGrJfSofneyThStF3kbsczvzOHSxNewEfc49aYHwQrj9hWUmBgEWrMqc VvGgP/w+4DSSWxgcT5dd8x0aSaroh1WXnVwByIsr/AJaJ8dN6zTIoQt/vr1Q4J8O62Gt ETM0FEAHNYnieGSGQpRFw4gLkbfD3OKY+6kLrxIrewI1YY+ds33u5Ej65vxWq0MZnwJb +VaBLCutir8x30Eaj4tPdiLrUNw7KFvJWTv4Q29eYxHiUxb74B8wIasu6IAeMBbtAWbd MGYQ== X-Gm-Message-State: AD7BkJKvGDE5RGFJES+CozTpHCZ134kZFe2uta0kj/vj9hmSLlAYDe2kwvP6hdSBT3TFQ1tEFMGyzUejoMjGtqJ2 X-Received: by 10.107.13.133 with SMTP id 127mr25712945ion.129.1459947955193; Wed, 06 Apr 2016 06:05:55 -0700 (PDT) MIME-Version: 1.0 Received: by 10.64.74.162 with HTTP; Wed, 6 Apr 2016 06:05:25 -0700 (PDT) In-Reply-To: References: From: Brian Campbell Date: Wed, 6 Apr 2016 10:05:25 -0300 Message-ID: To: Anthony Nadalin Content-Type: multipart/alternative; boundary=001a113ffc7042c4f2052fd09fe4 Archived-At: X-Mailman-Approved-At: Wed, 06 Apr 2016 06:22:31 -0700 Cc: "scim@ietf.org" , "Hardt, Dick" , "oauth@ietf.org" Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment server to server X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2016 13:06:52 -0000 --001a113ffc7042c4f2052fd09fe4 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable OpenID ... ? On Wed, Apr 6, 2016 at 9:59 AM, Anthony Nadalin wrote: > Good question, since SCIM does not really provide an authorization model > and Oauth does not do provisioning this is sort of caught in the middle, = so > if I had to pick I would pick Oauth as this is a generic server to server > issue > > > > *From:* Hardt, Dick [mailto:dick@amazon.com] > *Sent:* Wednesday, April 6, 2016 5:52 AM > *To:* Anthony Nadalin > *Cc:* Gil Kirkpatrick ; Nat Sakimura < > n-sakimura@nri.co.jp>; Phil Hunt (IDM) ; > scim@ietf.org; oauth@ietf.org > *Subject:* Re: [scim] [OAUTH-WG] Simple Federation Deployment > > > > Sounds like there is interest. > > > > SCIM or OAUTH? > > -- Dick > > > On Apr 6, 2016, at 8:57 AM, Anthony Nadalin wrote= : > > I would be interested also > > > > Sent from my Windows 10 phone > > > > *From: *Gil Kirkpatrick > *Sent: *Wednesday, April 6, 2016 4:16 AM > *To: *'Nat Sakimura' ; 'Hardt, Dick' > ; 'Phil Hunt (IDM)' > *Cc: *scim@ietf.org; oauth@ietf.org > *Subject: *Re: [scim] [OAUTH-WG] Simple Federation Deployment > > > > That=E2=80=99s an issue we=E2=80=99re facing as well. Definitely interest= ed. > > > > -gil > > > > *From:* OAuth [mailto:oauth-bounces@ietf.org ] *O= n > Behalf Of *Nat Sakimura > *Sent:* Wednesday, April 6, 2016 4:57 PM > *To:* 'Hardt, Dick' ; 'Phil Hunt (IDM)' < > phil.hunt@oracle.com> > *Cc:* scim@ietf.org; oauth@ietf.org > *Subject:* Re: [OAUTH-WG] [scim] Simple Federation Deployment > > > > +1 for removing the manual cut-n-pastes! > > > > Nat > > > > -- > > PLEASE READ :This e-mail is confidential and intended for the > > named recipient only. If you are not an intended recipient, > > please notify the sender and delete this e-mail. > > > > *From:* scim [mailto:scim-bounces@ietf.org ] *On > Behalf Of *Hardt, Dick > *Sent:* Wednesday, April 6, 2016 7:26 AM > *To:* Phil Hunt (IDM) > *Cc:* scim@ietf.org; oauth@ietf.org > *Subject:* Re: [scim] Simple Federation Deployment > > > > I=E2=80=99m talking about removing manual steps in what happens today whe= re > configuring a SaaS app at an IdP (such as Google, Azure, Ping, Octa) > requires is a bunch of cutting and pasting of access tokens / keys / cert= s > and doing a bunch of config that is error prone and unique for each > relationship. > > > > Don=E2=80=99t want to solve on the thread =E2=80=A6 looking to see if the= re is interest! > > > > On 4/5/16, 7:11 PM, someone claiming to be "scim on behalf of Phil Hunt > (IDM)" wrote: > > > > Is the idp the center of all things for these users? > > > > Usually you have a provisioning system that coordinates state and uses > things like scim connectors to do this. > > > > Another approach from today would be to pass a scim event to the remote > provider which then decides what needs to be done to facilitate the thing= d > you describe. > > > > Iow. Either the idp (sender) or the sp (receiver) have a provisioning > system to do this. > > > > The solution and the simplicity depends on where the control needs to be. > > Phil > > > On Apr 5, 2016, at 18:59, Hardt, Dick wrote: > > Use case: An admin for an organization would like to enable her users to > access a SaaS application at her IdP. > > > > User experience: > > 1. Admin authenticates to IdP in browser > 2. Admin selects SaaS app to federate with from list at IdP > 3. IdP optionally presents config options > 4. IdP redirects Admin to SaaS app > 5. Admin authenticates to SaaS app > 6. SaaS app optionally gathers config options > 7. SaaS app redirects admin to IdP > 8. IdP confirms successful federation =3D> OIDC / SAML and SCIM are no= w > configured and working between IdP and SaaS App > > Who else is interested in solving this? > > > > Is there interest in working on this in either SCIM or OAUTH Wgs? > > > > Any one in BA interested in meeting on this topic this week? > > > > =E2=80=94 Dick > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > --001a113ffc7042c4f2052fd09fe4 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
OpenID ... ?

On Wed, Apr 6, 2016 at 9:59 AM, Anthony Nadalin <tonynad@microsoft.com> wrote:

Good question, since SCIM does not really provide an= authorization model and Oauth does not do provisioning this is sort of cau= ght in the middle, so if I had to pick I would pick Oauth as this is a gene= ric server to server issue

<= u>=C2=A0

From: Hardt, Dick [mailto:dick@amazon.com]
Sent: Wednesday, April 6, 2016 5:52 AM
To: Anthony Nadalin <tonynad@microsoft.com>
Cc: Gil Kirkpatrick <gil.kirkpatrick@viewds.com>; Nat Sakimura <n-sakimura@nri.co.j= p>; Phil Hunt (IDM) <phil.hunt@oracle.com>; scim@ietf.org; oauth@ietf.org
Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment

=C2=A0

Sounds like there is interest.

=C2=A0

SCIM or OAUTH?

-- Dick


On Apr 6, 2016, at 8:57 AM, Anthony Nadalin <tonynad@microsoft.com> wrote:=

I would be interested also

=C2=A0

Sent from my Windows 10 phone

=C2=A0

From: Gil Kirkpatrick
Sent: Wednesday, April 6, 2016 4:16 AM
To: 'N= at Sakimura'; 'Hardt, Dick'; 'Phil Hunt (IDM)'
Cc: scim@ietf.org= ; oauth@ietf.org
Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment

=C2=A0

That=E2=80=99s an issu= e we=E2=80=99re facing as well. Definitely interested.=

=C2=A0

-gil<= /u>

=C2=A0

From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Nat Sakimura
Sent: Wednesday, April 6, 2016 4:57 PM
To: 'Hardt, Dick' <dick@amazon.com>; 'Phil Hunt (IDM)' <phil.hunt@oracle.com>
Cc: scim@ietf.org= ; oauth@ietf.org
Subject: Re: [OAUTH-WG] [scim] Simple Federation Deployment

=C2=A0

+1 for removing the manual cut-n-pastes= !

=C2=A0

Nat

=C2=A0

--

PLEASE READ :This e-mail is confidential and i= ntended for the

named recipient only. If you are not an intend= ed recipient,

please notify the sender=C2=A0 and delete this= e-mail.

=C2=A0

From: scim [mailto:scim-bounces@ietf.org] On Behalf Of Hardt, Dick
Sent: Wednesday, April 6, 2016 7:26 AM
To: Phil Hunt (IDM) <phil.hunt@oracle.com>
Cc: scim@ietf.org= ; oauth@ietf.org
Subject: Re: [scim] Simple Federation Deployment

=C2=A0

I=E2=80= =99m talking about removing manual steps in what happens today where config= uring a SaaS app at an IdP (such as Google, Azure, Ping, Octa) requires is = a bunch of cutting and pasting of access tokens / keys / certs and doing a bunch of =C2=A0config that is error prone and u= nique for each relationship.

=C2=A0<= /span>

Don=E2= =80=99t want to solve on the thread =E2=80=A6 looking to see if there is in= terest!

=C2=A0<= /span>

On 4/5/= 16, 7:11 PM, someone claiming to be "scim on behalf of Phil Hunt (IDM)= " <scim-= bounces@ietf.org on behalf of phil.hunt@oracle.= com> wrote:

=C2=A0<= /span>

Is the = idp the center of all things for these users?

=C2=A0<= /span>

Usually= you have a provisioning system that coordinates state and uses things like= scim connectors to do this.=C2=A0

=C2=A0<= /span>

Another= approach from today would be to pass a scim event to the remote provider w= hich then decides what needs to be done to facilitate the thingd you descri= be.=C2=A0

=C2=A0<= /span>

Iow. Ei= ther the idp (sender) or the sp (receiver) have a provisioning system to do= this.=C2=A0

=C2=A0<= /span>

The sol= ution and the simplicity depends on where the control needs to be.=C2=A0
Phil


On Apr 5, 2016, at 18:59, Hardt, Dick <dick@amazon.com> wrote:

Use cas= e: An admin for an organization would like to enable her users to access a = SaaS application at her IdP.=C2=A0

=C2=A0<= /span>

User ex= perience:=C2=A0

  1. Admin authenticates to IdP in browser
  2. Admi= n selects SaaS app to federate with from list at IdP
  3. IdP optionally presents config options
  4. = IdP redirects Admin to SaaS app
  5. Admin authenti= cates to SaaS app
  6. SaaS app optionally gathers = config options
  7. SaaS app redirects admin to IdP=
  8. IdP confirms successful federation =3D> OI= DC / SAML and SCIM are now configured and working between IdP and SaaS App<= /span>

Who els= e is interested in solving this?

=C2=A0<= /span>

Is ther= e interest in working on this in either SCIM or OAUTH Wgs?=

=C2=A0<= /span>

Any one= in BA interested in meeting on this topic this week?<= /p>

=C2=A0<= /span>

=E2=80= =94 Dick

_______= ________________________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim=


_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


--001a113ffc7042c4f2052fd09fe4-- From nobody Wed Apr 6 06:34:34 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30D3E12D51A for ; Wed, 6 Apr 2016 06:34:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.311 X-Spam-Level: X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sunet.se Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3FfXCwNYVyXS for ; Wed, 6 Apr 2016 06:34:31 -0700 (PDT) Received: from e-mailfilter01.sunet.se (e-mailfilter01.sunet.se [IPv6:2001:6b0:8:2::201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB49F12D57A for ; Wed, 6 Apr 2016 06:33:55 -0700 (PDT) Received: from smtp1.sunet.se (smtp1.sunet.se [192.36.171.214]) by e-mailfilter01.sunet.se (8.14.4/8.14.4/Debian-4) with ESMTP id u36DXrVl007479 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Wed, 6 Apr 2016 15:33:53 +0200 Received: from kerio.sunet.se (kerio.sunet.se [192.36.171.210]) by smtp1.sunet.se (8.14.9/8.14.7) with ESMTP id u36DXon0017472 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 6 Apr 2016 15:33:52 +0200 (CEST) VBR-Info: md=sunet.se; mc=all; mv=swamid.se DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sunet.se; s=default; t=1459949632; bh=g8pEJQNk+YdoGEXVciYNdXUkQ6JZ3NAa5/wMR0oomWA=; h=To:From:Subject:Date; b=bFZhnS36aM0WQnucLPNtZBrpIAgMLQ1cVOgBiyu4L7/LIZbWCpRVeFMaAJf6es6yR Ff1dVXQeLw3LiSbK87cF8lw/wovAFJ7X+bqxCMG620KOaqqnIz7fd5t3XzVK894g+e 0DjnWaXtPgcDqMc33u3a3fAJ49sntqytkRelJkQE= X-Footer: c3VuZXQuc2U= Received: from [31.133.153.155] ([31.133.153.155]) (authenticated user leifj@sunet.se) by kerio.sunet.se (Kerio Connect 9.0.1) with ESMTPSA (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128 bits)) for scim@ietf.org; Wed, 6 Apr 2016 15:33:48 +0200 To: "scim@ietf.org" From: Leif Johansson Message-ID: <5705103A.3080102@sunet.se> Date: Wed, 6 Apr 2016 15:33:46 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-CanIt-Geo: ip=192.36.171.210; country=SE; latitude=59.3294; longitude=18.0686; http://maps.google.com/maps?q=59.3294,18.0686&z=6 X-CanItPRO-Stream: outbound-sunet-se:outbound (inherits from outbound-sunet-se:default, sunet-se:default, base:default) X-Canit-Stats-ID: 09QD1xRSX - 6adc235a6115 - 20160406 X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw Received-SPF: neutral (e-mailfilter01.sunet.se: 192.36.171.210 is neither permitted nor denied by domain leifj@sunet.se) receiver=e-mailfilter01.sunet.se; client-ip=192.36.171.210; envelope-from=; helo=smtp1.sunet.se; identity=mailfrom X-Scanned-By: CanIt (www . roaringpenguin . com) on 192.36.171.201 Archived-At: Subject: [scim] next steps for scim X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2016 13:34:33 -0000 Folks, We've done this a couple of times already ... this will be the last attempt to judge interest for next steps in the SCIM WG. We will now generate a definitive list of possible work for SCIM going forward *excluding* the ID events stuff that will probably spin up its own WG. Please respond to this email no later than EOB April 30 with a link to a current (non-expired) I-D describing work that would (in your opinion) fit in the SCIM WG. On May 1:st (or thereabouts) the WG will be asked to +1/-1 the proposed I-Ds in an attempt to judge interest in continuing work on them in the SCIM wg. If there is insufficient interest at this time we will close SCIM (the WG, not the list) while we wait for SCIMEXT to emerge from the ashes at some point in the future. Cheers Leif From nobody Wed Apr 6 06:43:17 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5637412D514 for ; Wed, 6 Apr 2016 06:43:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.21 X-Spam-Level: X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bBQEFKlkrUJw for ; Wed, 6 Apr 2016 06:43:10 -0700 (PDT) Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 501B512D1CF for ; Wed, 6 Apr 2016 06:43:10 -0700 (PDT) Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u36Dh8PI001537 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 6 Apr 2016 13:43:09 GMT Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userv0022.oracle.com (8.14.4/8.13.8) with ESMTP id u36Dh6el018063 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 6 Apr 2016 13:43:08 GMT Received: from abhmp0010.oracle.com (abhmp0010.oracle.com [141.146.116.16]) by aserv0121.oracle.com (8.13.8/8.13.8) with ESMTP id u36Dh5uR017448; Wed, 6 Apr 2016 13:43:06 GMT Received: from dhcp-a0b5.meeting.ietf.org (/31.133.160.181) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 06 Apr 2016 06:43:05 -0700 Content-Type: multipart/alternative; boundary="Apple-Mail=_A020CFF4-A6B3-43CF-A275-6E62B89087FE" Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\)) From: Phil Hunt In-Reply-To: <5705103A.3080102@sunet.se> Date: Wed, 6 Apr 2016 10:43:01 -0300 Message-Id: <6B8F03E3-7040-413A-88F7-C1473C2B026D@oracle.com> References: <5705103A.3080102@sunet.se> To: Leif Johansson X-Mailer: Apple Mail (2.3112) X-Source-IP: userv0022.oracle.com [156.151.31.74] Archived-At: Cc: "scim@ietf.org" Subject: Re: [scim] next steps for scim X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2016 13:43:15 -0000 --Apple-Mail=_A020CFF4-A6B3-43CF-A275-6E62B89087FE Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Few topics for the charter (I=E2=80=99ll think of more): * SCIM Events to be done in parallel with id-events * SCIM Discovery following resolution of the OAuth WG drafts for = discovery * Schema extensions - getting a log of requests for having SCIM = resource types like OAuthClient =E2=80=94 maybe this doesn=E2=80=99t = have to be done as a WG charter item? Phil @independentid www.independentid.com = phil.hunt@oracle.com = > On Apr 6, 2016, at 10:33 AM, Leif Johansson wrote: >=20 >=20 > Folks, >=20 > We've done this a couple of times already ... this will be the > last attempt to judge interest for next steps in the SCIM WG. >=20 > We will now generate a definitive list of possible work for SCIM > going forward *excluding* the ID events stuff that will probably > spin up its own WG. >=20 > Please respond to this email no later than EOB April 30 with a > link to a current (non-expired) I-D describing work that would > (in your opinion) fit in the SCIM WG. >=20 > On May 1:st (or thereabouts) the WG will be asked to +1/-1 the > proposed I-Ds in an attempt to judge interest in continuing work > on them in the SCIM wg. >=20 > If there is insufficient interest at this time we will close > SCIM (the WG, not the list) while we wait for SCIMEXT to emerge > from the ashes at some point in the future. >=20 > Cheers Leif >=20 > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim --Apple-Mail=_A020CFF4-A6B3-43CF-A275-6E62B89087FE Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Few topics for the charter (I=E2=80=99ll think of more):

*  SCIM Events to = be done in parallel with id-events
*  SCIM = Discovery following resolution of the OAuth WG drafts for = discovery
*  Schema extensions - getting a log = of requests for having SCIM resource types like OAuthClient =E2=80=94 = maybe this doesn=E2=80=99t have to be done as a WG charter = item?




On Apr 6, 2016, at 10:33 AM, Leif Johansson <leifj@sunet.se> = wrote:


Folks,

We've done = this a couple of times already ... this will be the
last = attempt to judge interest for next steps in the SCIM WG.
We will now generate a definitive list of possible work for = SCIM
going forward *excluding* the ID events stuff that = will probably
spin up its own WG.

Please respond to this email no later than EOB April 30 with = a
link to a current (non-expired) I-D describing work that = would
(in your opinion) fit in the SCIM WG.

On May 1:st (or thereabouts) the WG will be = asked to +1/-1 the
proposed I-Ds in an attempt to judge = interest in continuing work
on them in the SCIM wg.

If there is insufficient interest at this time = we will close
SCIM (the WG, not the list) while we wait = for SCIMEXT to emerge
from the ashes at some point in the = future.

Cheers Leif

_______________________________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim

= --Apple-Mail=_A020CFF4-A6B3-43CF-A275-6E62B89087FE-- From nobody Wed Apr 6 06:44:17 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A406412D58A for ; Wed, 6 Apr 2016 06:44:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.311 X-Spam-Level: X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sunet.se Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3hkIuJMvBfkL for ; Wed, 6 Apr 2016 06:44:09 -0700 (PDT) Received: from e-mailfilter01.sunet.se (e-mailfilter01.sunet.se [IPv6:2001:6b0:8:2::201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C23312D506 for ; Wed, 6 Apr 2016 06:44:09 -0700 (PDT) Received: from smtp1.sunet.se (smtp1.sunet.se [192.36.171.214]) by e-mailfilter01.sunet.se (8.14.4/8.14.4/Debian-4) with ESMTP id u36Di758014645 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 6 Apr 2016 15:44:07 +0200 Received: from kerio.sunet.se (kerio.sunet.se [192.36.171.210]) by smtp1.sunet.se (8.14.9/8.14.7) with ESMTP id u36Di4MO018139 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 6 Apr 2016 15:44:06 +0200 (CEST) VBR-Info: md=sunet.se; mc=all; mv=swamid.se DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sunet.se; s=default; t=1459950247; bh=OaV9r/AeHFEG8zDFjPJX+tybiEC/8YDJ30EZ1N612oM=; h=Subject:To:References:Cc:From:Date:In-Reply-To; b=lU+1a1O5TFIn0i9Lt08Mn31efAO6dTTWtMjDGye/HwujDI4gvQOzaz25PFggJaGa4 2iaVa9u/vgcvEHrR0KUp7ul/POTHjmKJyoveR1nB0Rir8UdqJcOzTCsiHHskq8d6Pj wLqX/zgPFuD+rWQNc5W1psp0aHXdIIy6rv/B2+tM= X-Footer: c3VuZXQuc2U= Received: from [31.133.153.155] ([31.133.153.155]) (authenticated user leifj@sunet.se) by kerio.sunet.se (Kerio Connect 9.0.1) with ESMTPSA (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128 bits)); Wed, 6 Apr 2016 15:44:02 +0200 To: Phil Hunt References: <5705103A.3080102@sunet.se> <6B8F03E3-7040-413A-88F7-C1473C2B026D@oracle.com> From: Leif Johansson Message-ID: <5705129F.7020000@sunet.se> Date: Wed, 6 Apr 2016 15:43:59 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 In-Reply-To: <6B8F03E3-7040-413A-88F7-C1473C2B026D@oracle.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-CanIt-Geo: ip=192.36.171.210; country=SE; latitude=59.3294; longitude=18.0686; http://maps.google.com/maps?q=59.3294,18.0686&z=6 X-CanItPRO-Stream: outbound-sunet-se:outbound (inherits from outbound-sunet-se:default, sunet-se:default, base:default) X-Canit-Stats-ID: 09QD1I7mK - 70a91909d7dd - 20160406 X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw Received-SPF: neutral (e-mailfilter01.sunet.se: 192.36.171.210 is neither permitted nor denied by domain leifj@sunet.se) receiver=e-mailfilter01.sunet.se; client-ip=192.36.171.210; envelope-from=; helo=smtp1.sunet.se; identity=mailfrom X-Scanned-By: CanIt (www . roaringpenguin . com) on 192.36.171.201 Archived-At: Cc: "scim@ietf.org" Subject: Re: [scim] next steps for scim X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2016 13:44:15 -0000 On 2016-04-06 15:43, Phil Hunt wrote: > Few topics for the charter (I’ll think of more): > > * SCIM Events to be done in parallel with id-events > * SCIM Discovery following resolution of the OAuth WG drafts for discovery > * Schema extensions - getting a log of requests for having SCIM > resource types like OAuthClient — maybe this doesn’t have to be done as > a WG charter item? Can you provide current I-D links to those? > > Phil > > @independentid > www.independentid.com > phil.hunt@oracle.com > > > > > >> On Apr 6, 2016, at 10:33 AM, Leif Johansson > > wrote: >> >> >> Folks, >> >> We've done this a couple of times already ... this will be the >> last attempt to judge interest for next steps in the SCIM WG. >> >> We will now generate a definitive list of possible work for SCIM >> going forward *excluding* the ID events stuff that will probably >> spin up its own WG. >> >> Please respond to this email no later than EOB April 30 with a >> link to a current (non-expired) I-D describing work that would >> (in your opinion) fit in the SCIM WG. >> >> On May 1:st (or thereabouts) the WG will be asked to +1/-1 the >> proposed I-Ds in an attempt to judge interest in continuing work >> on them in the SCIM wg. >> >> If there is insufficient interest at this time we will close >> SCIM (the WG, not the list) while we wait for SCIMEXT to emerge >> from the ashes at some point in the future. >> >> Cheers Leif >> >> _______________________________________________ >> scim mailing list >> scim@ietf.org >> https://www.ietf.org/mailman/listinfo/scim > From nobody Wed Apr 6 06:52:59 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE43912D55D for ; Wed, 6 Apr 2016 06:52:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.21 X-Spam-Level: X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CGqYXe9U_IFb for ; Wed, 6 Apr 2016 06:52:52 -0700 (PDT) Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54BBB12D5AD for ; Wed, 6 Apr 2016 06:52:33 -0700 (PDT) Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u36DqWHF016704 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 6 Apr 2016 13:52:32 GMT Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserv0021.oracle.com (8.13.8/8.13.8) with ESMTP id u36DqWpB012738 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 6 Apr 2016 13:52:32 GMT Received: from abhmp0016.oracle.com (abhmp0016.oracle.com [141.146.116.22]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id u36DqVlc019415; Wed, 6 Apr 2016 13:52:31 GMT Received: from dhcp-a0b5.meeting.ietf.org (/31.133.160.181) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 06 Apr 2016 06:52:31 -0700 Content-Type: multipart/alternative; boundary="Apple-Mail=_87D4519E-0C80-46C0-AD1B-107C76AB8D9A" Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\)) From: Phil Hunt In-Reply-To: <5705129F.7020000@sunet.se> Date: Wed, 6 Apr 2016 10:52:27 -0300 Message-Id: References: <5705103A.3080102@sunet.se> <6B8F03E3-7040-413A-88F7-C1473C2B026D@oracle.com> <5705129F.7020000@sunet.se> To: Leif Johansson X-Mailer: Apple Mail (2.3112) X-Source-IP: aserv0021.oracle.com [141.146.126.233] Archived-At: Cc: "scim@ietf.org" Subject: Re: [scim] next steps for scim X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2016 13:52:55 -0000 --Apple-Mail=_87D4519E-0C80-46C0-AD1B-107C76AB8D9A Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 in line... Phil @independentid www.independentid.com = phil.hunt@oracle.com = > On Apr 6, 2016, at 10:43 AM, Leif Johansson wrote: >=20 > On 2016-04-06 15:43, Phil Hunt wrote: >> Few topics for the charter (I=E2=80=99ll think of more): >>=20 >> * SCIM Events to be done in parallel with id-events [ph] https://tools.ietf.org/html/draft-hunt-idevent-scim-00 >> * SCIM Discovery following resolution of the OAuth WG drafts for = discovery [ph] https://tools.ietf.org/html/draft-hunt-scim-discovery-00 = - (this = needs more work) >> * Schema extensions - getting a log of requests for having SCIM >> resource types like OAuthClient =E2=80=94 maybe this doesn=E2=80=99t = have to be done as >> a WG charter item? [ph] No draft yet, but for example, look to: https://tools.ietf.org/html/rfc7591 = Section 2 I=E2=80=99m not sure there is a strong =E2=80=9Cinterop=E2=80=9D need = here. But what I=E2=80=99m hearing is that a lot of people are doing it = for their own needs. Seems worth while to register it. >=20 > Can you provide current I-D links to those? >=20 >>=20 >> Phil >>=20 >> @independentid >> www.independentid.com = > >> phil.hunt@oracle.com = > >>=20 >>=20 >>=20 >>=20 >>=20 >>> On Apr 6, 2016, at 10:33 AM, Leif Johansson >>> >> wrote: >>>=20 >>>=20 >>> Folks, >>>=20 >>> We've done this a couple of times already ... this will be the >>> last attempt to judge interest for next steps in the SCIM WG. >>>=20 >>> We will now generate a definitive list of possible work for SCIM >>> going forward *excluding* the ID events stuff that will probably >>> spin up its own WG. >>>=20 >>> Please respond to this email no later than EOB April 30 with a >>> link to a current (non-expired) I-D describing work that would >>> (in your opinion) fit in the SCIM WG. >>>=20 >>> On May 1:st (or thereabouts) the WG will be asked to +1/-1 the >>> proposed I-Ds in an attempt to judge interest in continuing work >>> on them in the SCIM wg. >>>=20 >>> If there is insufficient interest at this time we will close >>> SCIM (the WG, not the list) while we wait for SCIMEXT to emerge >>> from the ashes at some point in the future. >>>=20 >>> Cheers Leif >>>=20 >>> _______________________________________________ >>> scim mailing list >>> scim@ietf.org > >>> https://www.ietf.org/mailman/listinfo/scim = >>=20 >=20 >=20 > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim = --Apple-Mail=_87D4519E-0C80-46C0-AD1B-107C76AB8D9A Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 in line...



On Apr 6, 2016, at 10:43 AM, Leif Johansson <leifj@sunet.se> = wrote:

On 2016-04-06 15:43, Phil Hunt wrote:
Few topics for the charter = (I=E2=80=99ll think of more):

*  SCIM = Events to be done in parallel with id-events
[ph]
https://tools.ietf.org/html/draft-hunt-idevent-scim-00
* =  SCIM Discovery following resolution of the OAuth WG drafts for = discovery
[ph]
https://tools.ietf.org/html/draft-hunt-scim-discovery-00&nb= sp; - (this needs more work)

*  Schema extensions - = getting a log of requests for having SCIM
resource types = like OAuthClient =E2=80=94 maybe this doesn=E2=80=99t have to be done = as
a WG charter item?
[ph] = No draft yet, but for example, look to:

I=E2=80=99m not sure there is a = strong =E2=80=9Cinterop=E2=80=9D need here. But what I=E2=80=99m hearing = is that a lot of people are doing it for their own needs. Seems worth = while to register it.

Can you provide current I-D links to = those?


Phil

@independentid
www.independentid.com <http://www.independentid.com>
phil.hunt@oracle.com <mailto:phil.hunt@oracle.com>





On Apr 6, 2016, at 10:33 = AM, Leif Johansson <leifj@sunet.se
<mailto:leifj@sunet.se>> wrote:


Folks,

We've done = this a couple of times already ... this will be the
last = attempt to judge interest for next steps in the SCIM WG.
We will now generate a definitive list of possible work for = SCIM
going forward *excluding* the ID events stuff that = will probably
spin up its own WG.

Please respond to this email no later than EOB April 30 with = a
link to a current (non-expired) I-D describing work that = would
(in your opinion) fit in the SCIM WG.

On May 1:st (or thereabouts) the WG will be = asked to +1/-1 the
proposed I-Ds in an attempt to judge = interest in continuing work
on them in the SCIM wg.

If there is insufficient interest at this time = we will close
SCIM (the WG, not the list) while we wait = for SCIMEXT to emerge
from the ashes at some point in the = future.

Cheers Leif

_______________________________________________
scim mailing list
scim@ietf.org <mailto:scim@ietf.org>
https://www.ietf.org/mailman/listinfo/scim



_______________________________________________
scim mailing = list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim

= --Apple-Mail=_87D4519E-0C80-46C0-AD1B-107C76AB8D9A-- From nobody Wed Apr 6 06:53:53 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9592F12D58A for ; Wed, 6 Apr 2016 06:53:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.311 X-Spam-Level: X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sunet.se Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qpeXEDoGfdOM for ; Wed, 6 Apr 2016 06:53:47 -0700 (PDT) Received: from e-mailfilter01.sunet.se (e-mailfilter01.sunet.se [IPv6:2001:6b0:8:2::201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80BB512D522 for ; Wed, 6 Apr 2016 06:53:47 -0700 (PDT) Received: from smtp1.sunet.se (smtp1.sunet.se [192.36.171.214]) by e-mailfilter01.sunet.se (8.14.4/8.14.4/Debian-4) with ESMTP id u36Drjg0020938 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 6 Apr 2016 15:53:45 +0200 Received: from kerio.sunet.se (kerio.sunet.se [192.36.171.210]) by smtp1.sunet.se (8.14.9/8.14.7) with ESMTP id u36DrgFZ003346 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 6 Apr 2016 15:53:44 +0200 (CEST) VBR-Info: md=sunet.se; mc=all; mv=swamid.se DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sunet.se; s=default; t=1459950825; bh=0138jIOtpLlky27XNLdcsNXEIGodxzaCQ4Y+H8z/qQs=; h=Subject:To:References:Cc:From:Date:In-Reply-To; b=Ce+A6S5H2IRl3dP47n1yPIelXzBwK8VF11ktdnP/PtmUxR6d1Q47U5NGD2YehstFQ RFqyFgMKK2/eylRjJttXZunoAgdOaHCV+4CidkB+cpa3AMuWPeNXO8gkxPbGZTCw93 pLOrIM+ti69O5GwEFFdqCzixdN699NKx5gTHqL+Y= X-Footer: c3VuZXQuc2U= Received: from [31.133.153.155] ([31.133.153.155]) (authenticated user leifj@sunet.se) by kerio.sunet.se (Kerio Connect 9.0.1) with ESMTPSA (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128 bits)); Wed, 6 Apr 2016 15:53:39 +0200 To: Phil Hunt References: <5705103A.3080102@sunet.se> <6B8F03E3-7040-413A-88F7-C1473C2B026D@oracle.com> <5705129F.7020000@sunet.se> From: Leif Johansson Message-ID: <570514E0.7040109@sunet.se> Date: Wed, 6 Apr 2016 15:53:36 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-CanIt-Geo: ip=192.36.171.210; country=SE; latitude=59.3294; longitude=18.0686; http://maps.google.com/maps?q=59.3294,18.0686&z=6 X-CanItPRO-Stream: outbound-sunet-se:outbound (inherits from outbound-sunet-se:default, sunet-se:default, base:default) X-Canit-Stats-ID: 09QD1RJJx - cdd62a38e712 - 20160406 X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw Received-SPF: neutral (e-mailfilter01.sunet.se: 192.36.171.210 is neither permitted nor denied by domain leifj@sunet.se) receiver=e-mailfilter01.sunet.se; client-ip=192.36.171.210; envelope-from=; helo=smtp1.sunet.se; identity=mailfrom X-Scanned-By: CanIt (www . roaringpenguin . com) on 192.36.171.201 Archived-At: Cc: "scim@ietf.org" Subject: Re: [scim] next steps for scim X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2016 13:53:50 -0000 On 2016-04-06 15:52, Phil Hunt wrote: > in line... > Phil > thx! > @independentid > www.independentid.com > phil.hunt@oracle.com > > > > > >> On Apr 6, 2016, at 10:43 AM, Leif Johansson > > wrote: >> >> On 2016-04-06 15:43, Phil Hunt wrote: >>> Few topics for the charter (I’ll think of more): >>> >>> * SCIM Events to be done in parallel with id-events > [ph] > https://tools.ietf.org/html/draft-hunt-idevent-scim-00 >>> * SCIM Discovery following resolution of the OAuth WG drafts for >>> discovery > [ph] > https://tools.ietf.org/html/draft-hunt-scim-discovery-00 - (this needs > more work) > >>> * Schema extensions - getting a log of requests for having SCIM >>> resource types like OAuthClient — maybe this doesn’t have to be done as >>> a WG charter item? > [ph] No draft yet, but for example, look to: > https://tools.ietf.org/html/rfc7591 Section 2 > > I’m not sure there is a strong “interop” need here. But what I’m hearing > is that a lot of people are doing it for their own needs. Seems worth > while to register it. >> >> Can you provide current I-D links to those? >> >>> >>> Phil >>> >>> @independentid >>> www.independentid.com >>> >> > >>> phil.hunt@oracle.com >>> >>> >>> >>> >>> >>> >>>> On Apr 6, 2016, at 10:33 AM, Leif Johansson >>> >>>> > wrote: >>>> >>>> >>>> Folks, >>>> >>>> We've done this a couple of times already ... this will be the >>>> last attempt to judge interest for next steps in the SCIM WG. >>>> >>>> We will now generate a definitive list of possible work for SCIM >>>> going forward *excluding* the ID events stuff that will probably >>>> spin up its own WG. >>>> >>>> Please respond to this email no later than EOB April 30 with a >>>> link to a current (non-expired) I-D describing work that would >>>> (in your opinion) fit in the SCIM WG. >>>> >>>> On May 1:st (or thereabouts) the WG will be asked to +1/-1 the >>>> proposed I-Ds in an attempt to judge interest in continuing work >>>> on them in the SCIM wg. >>>> >>>> If there is insufficient interest at this time we will close >>>> SCIM (the WG, not the list) while we wait for SCIMEXT to emerge >>>> from the ashes at some point in the future. >>>> >>>> Cheers Leif >>>> >>>> _______________________________________________ >>>> scim mailing list >>>> scim@ietf.org >>>> https://www.ietf.org/mailman/listinfo/scim >>> >> >> >> _______________________________________________ >> scim mailing list >> scim@ietf.org >> https://www.ietf.org/mailman/listinfo/scim > From nobody Wed Apr 6 07:07:33 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26E5412D61B for ; Wed, 6 Apr 2016 07:07:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.531 X-Spam-Level: X-Spam-Status: No, score=-14.531 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MAcKxpPnDDBb for ; Wed, 6 Apr 2016 07:07:27 -0700 (PDT) Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3EBC212D65D for ; Wed, 6 Apr 2016 07:07:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1279; q=dns/txt; s=iport; t=1459951642; x=1461161242; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=s7jwbxTYi75vT/BQvzL751Z+xkMUQEadM3g4Z4f+AbI=; b=DDL65psxhYp+AOP/cwtC+iLgv18AqMZWEHxd/de7dJUT0gD9BW3Mk1GR GqOCyY0k2NcE4oRgozb2UBp7XKsEauovPYH8PLkuvR7cr0DTKX3k4CsK1 lPcL06I1pqYRY/f/4N0P4BIkscfGPKuNNRBgq1b1cOrWC+sihqdOE5Byt M=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0D1AQCeFwVX/4MNJK1cgzdTfQa6SwENg?= =?us-ascii?q?XIXCoVsAoFHOBQBAQEBAQEBZSeEQgEBBAEBATc0GwIBCDYQJwslAgQBEognDsB?= =?us-ascii?q?gAQEBAQEBAQEBAQEBAQEBAQEBFASGIYRLhA8RAYV0BYdrhxSJAgGFdYgVgWeET?= =?us-ascii?q?YhajyABHgEBQoNnbIc/Nn4BAQE?= X-IronPort-AV: E=Sophos;i="5.24,447,1454976000"; d="scan'208";a="258200509" Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 06 Apr 2016 14:07:21 +0000 Received: from XCH-RCD-003.cisco.com (xch-rcd-003.cisco.com [173.37.102.13]) by alln-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id u36E7L34011155 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 6 Apr 2016 14:07:21 GMT Received: from xch-rcd-004.cisco.com (173.37.102.14) by XCH-RCD-003.cisco.com (173.37.102.13) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Wed, 6 Apr 2016 09:07:19 -0500 Received: from xch-rcd-004.cisco.com ([173.37.102.14]) by XCH-RCD-004.cisco.com ([173.37.102.14]) with mapi id 15.00.1104.009; Wed, 6 Apr 2016 09:07:19 -0500 From: "Morteza Ansari (moransar)" To: Leif Johansson , "scim@ietf.org" Thread-Topic: [scim] next steps for scim Thread-Index: AQHRkAkTHUNQlqAiikqOqs+rLD+H7J99HLWA Date: Wed, 6 Apr 2016 14:07:19 +0000 Message-ID: References: <5705103A.3080102@sunet.se> In-Reply-To: <5705103A.3080102@sunet.se> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.6.2.160219 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.24.61.30] Content-Type: text/plain; charset="us-ascii" Content-ID: <6A0BB15146C27D479395A23E9DF057F5@emea.cisco.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [scim] next steps for scim X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2016 14:07:32 -0000 SCIM Soft Delete=20 https://tools.ietf.org/html/draft-ansari-scim-soft-delete-00 (though it is not current, but I can easily resubmit it if that makes a difference). Cheers, Morteza On 4/6/16, 10:33 AM, "scim on behalf of Leif Johansson" wrote: > >Folks, > >We've done this a couple of times already ... this will be the >last attempt to judge interest for next steps in the SCIM WG. > >We will now generate a definitive list of possible work for SCIM >going forward *excluding* the ID events stuff that will probably >spin up its own WG. > >Please respond to this email no later than EOB April 30 with a >link to a current (non-expired) I-D describing work that would >(in your opinion) fit in the SCIM WG. > >On May 1:st (or thereabouts) the WG will be asked to +1/-1 the >proposed I-Ds in an attempt to judge interest in continuing work >on them in the SCIM wg. > >If there is insufficient interest at this time we will close >SCIM (the WG, not the list) while we wait for SCIMEXT to emerge >from the ashes at some point in the future. > > Cheers Leif > >_______________________________________________ >scim mailing list >scim@ietf.org >https://www.ietf.org/mailman/listinfo/scim From nobody Wed Apr 6 07:45:28 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C494012D5F9; Wed, 6 Apr 2016 07:45:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -12.541 X-Spam-Level: X-Spam-Status: No, score=-12.541 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OaLiZ1LWH5pe; Wed, 6 Apr 2016 07:45:15 -0700 (PDT) Received: from smtp-fw-33001.amazon.com (smtp-fw-33001.amazon.com [207.171.189.228]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 093D712D67F; Wed, 6 Apr 2016 07:44:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1459953883; x=1491489883; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=19DyrjfzGv8ASl9wfRoXpTM2tZa77H2EgDl2txS/BdQ=; b=mvbuCgf4cPCZOrvR/UwCAcAbeB/z91bSOnguqnyC5UwueB8ZkRP158xM p+YMybb9WTTS8R9DVbyl1NhpOqEWla0INOjYkpM0S7k0x5umGLdy/38+Z zH4uG0BW5wQ6qkO5FoD2JaaNDf0KYVF1TmN4LfIhrtX+iE9ZlMyyjw2Jw s=; X-IronPort-AV: E=Sophos;i="5.24,447,1454976000"; d="scan'208,217";a="471551500" Received: from sea19-co-svc-lb5-vlan2.sea.amazon.com (HELO email-inbound-relay-64017.pdx4.amazon.com) ([10.47.22.162]) by smtp-border-fw-out-33001.sea14.amazon.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 06 Apr 2016 14:44:38 +0000 Received: from ex10-hub-7002.ant.amazon.com (pdx1-ws-svc-lb16-vlan2.amazon.com [10.239.138.210]) by email-inbound-relay-64017.pdx4.amazon.com (8.14.7/8.14.7) with ESMTP id u36EiWOI012425 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 6 Apr 2016 14:44:37 GMT Received: from EX13D03UWA004.ant.amazon.com (10.43.160.250) by ex10-hub-7002.ant.amazon.com (10.43.110.153) with Microsoft SMTP Server (TLS) id 14.3.181.6; Wed, 6 Apr 2016 07:44:10 -0700 Received: from EX13D03UWA001.ant.amazon.com (10.43.160.141) by EX13D03UWA004.ant.amazon.com (10.43.160.250) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Wed, 6 Apr 2016 14:44:09 +0000 Received: from EX13D03UWA001.ant.amazon.com ([10.43.160.141]) by EX13D03UWA001.ant.amazon.com ([10.43.160.141]) with mapi id 15.00.1104.000; Wed, 6 Apr 2016 14:44:09 +0000 From: "Hardt, Dick" To: Brian Campbell Thread-Topic: [OAUTH-WG] [scim] Simple Federation Deployment server to server Thread-Index: AQHRkAUV47DkspjcTE29bhDf8xdvHp99BYNG Date: Wed, 6 Apr 2016 14:44:08 +0000 Message-ID: <5AF80C71-D0E2-4B49-B135-42969B95D851@amazon.com> References: , In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted Content-Type: multipart/alternative; boundary="_000_5AF80C71D0E24B49B13542969B95D851amazoncom_" MIME-Version: 1.0 Precedence: Bulk Archived-At: Cc: Anthony Nadalin , "oauth@ietf.org" , "scim@ietf.org" Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment server to server X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2016 14:45:27 -0000 --_000_5AF80C71D0E24B49B13542969B95D851amazoncom_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Given this is authorization and configuration, both of which are being done= in OAuth, it makes sense to me to do it there. I brought SCIM into the dis= cussion as this type of work may be were that WG wants to go. -- Dick On Apr 6, 2016, at 10:06 AM, Brian Campbell > wrote: OpenID ... ? On Wed, Apr 6, 2016 at 9:59 AM, Anthony Nadalin > wrote: Good question, since SCIM does not really provide an authorization model an= d Oauth does not do provisioning this is sort of caught in the middle, so i= f I had to pick I would pick Oauth as this is a generic server to server is= sue From: Hardt, Dick [mailto:dick@amazon.com] Sent: Wednesday, April 6, 2016 5:52 AM To: Anthony Nadalin > Cc: Gil Kirkpatrick >; Nat Sakimura >;= Phil Hunt (IDM) >; scim@= ietf.org; oauth@ietf.org Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment Sounds like there is interest. SCIM or OAUTH? -- Dick On Apr 6, 2016, at 8:57 AM, Anthony Nadalin > wrote: I would be interested also Sent from my Windows 10 phone From: Gil Kirkpatrick Sent: Wednesday, April 6, 2016 4:16 AM To: 'Nat Sakimura'; 'Hardt, Dick'; 'Phil Hunt (IDM)' Cc: scim@ietf.org; oauth@ietf.org Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment That's an issue we're facing as well. Definitely interested. -gil From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Nat Sakimura Sent: Wednesday, April 6, 2016 4:57 PM To: 'Hardt, Dick' >; 'Phil Hunt (ID= M)' > Cc: scim@ietf.org; oauth@ietf.org Subject: Re: [OAUTH-WG] [scim] Simple Federation Deployment +1 for removing the manual cut-n-pastes! Nat -- PLEASE READ :This e-mail is confidential and intended for the named recipient only. If you are not an intended recipient, please notify the sender and delete this e-mail. From: scim [mailto:scim-bounces@ietf.org] On Behalf Of Hardt, Dick Sent: Wednesday, April 6, 2016 7:26 AM To: Phil Hunt (IDM) > Cc: scim@ietf.org; oauth@ietf.org Subject: Re: [scim] Simple Federation Deployment I'm talking about removing manual steps in what happens today where configu= ring a SaaS app at an IdP (such as Google, Azure, Ping, Octa) requires is a= bunch of cutting and pasting of access tokens / keys / certs and doing a b= unch of config that is error prone and unique for each relationship. Don't want to solve on the thread ... looking to see if there is interest! On 4/5/16, 7:11 PM, someone claiming to be "scim on behalf of Phil Hunt (ID= M)" on behalf of phil.= hunt@oracle.com> wrote: Is the idp the center of all things for these users? Usually you have a provisioning system that coordinates state and uses thin= gs like scim connectors to do this. Another approach from today would be to pass a scim event to the remote pro= vider which then decides what needs to be done to facilitate the thingd you= describe. Iow. Either the idp (sender) or the sp (receiver) have a provisioning syste= m to do this. The solution and the simplicity depends on where the control needs to be. Phil On Apr 5, 2016, at 18:59, Hardt, Dick > wrote: Use case: An admin for an organization would like to enable her users to ac= cess a SaaS application at her IdP. User experience: 1. Admin authenticates to IdP in browser 2. Admin selects SaaS app to federate with from list at IdP 3. IdP optionally presents config options 4. IdP redirects Admin to SaaS app 5. Admin authenticates to SaaS app 6. SaaS app optionally gathers config options 7. SaaS app redirects admin to IdP 8. IdP confirms successful federation =3D> OIDC / SAML and SCIM are now = configured and working between IdP and SaaS App Who else is interested in solving this? Is there interest in working on this in either SCIM or OAUTH Wgs? Any one in BA interested in meeting on this topic this week? - Dick _______________________________________________ scim mailing list scim@ietf.org https://www.ietf.org/mailman/listinfo/scim _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth --_000_5AF80C71D0E24B49B13542969B95D851amazoncom_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Given this is authorization and configuration, both of which are being= done in OAuth, it makes sense to me to do it there. I brought SCIM into th= e discussion as this type of work may be were that WG wants to go.

-- Dick

On Apr 6, 2016, at 10:06 AM, Brian Campbell <bcampbell@pingidentity.com> wrote:

OpenID ... ?

On Wed, Apr 6, 2016 at 9:59 AM, Anthony Nadalin = <tonynad@micr= osoft.com> wrote:

Good question, since SCIM does not really provide an= authorization model and Oauth does not do provisioning this is sort of cau= ght in the middle, so if I had to pick I would pick Oauth as this is a gene= ric server to server issue

<= u> 

From: Hardt, Dick [mailto:dick@amazon.com]
Sent: Wednesday, April 6, 2016 5:52 AM
To: Anthony Nadalin <tonynad@microsoft.com>
Cc: Gil Kirkpatrick <gil.kirkpatrick@viewds.com>; Nat Sakimura <n-sakimura@nri.co.j= p>; Phil Hunt (IDM) <phil.hunt@oracle.com>; scim@ietf.org; oauth@ietf.org
Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment

 

Sounds like there is interest.

 

SCIM or OAUTH?

-- Dick


On Apr 6, 2016, at 8:57 AM, Anthony Nadalin <tonynad@microsoft.com> wrote:=

I would be interested also

 

Sent from my Windows 10 phone

 

From: Gil Kirkpatrick
Sent: Wednesday, April 6, 2016 4:16 AM
To: 'Nat S= akimura'; 'Hardt, Dick'; 'Phil Hunt (IDM)'
Cc: scim@ietf.org= ; oauth@ietf.org
Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment

 

That’s an issue = we’re facing as well. Definitely interested.

 

-gil<= /u>

 

From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Nat Sakimura
Sent: Wednesday, April 6, 2016 4:57 PM
To: 'Hardt, Dick' <dick@amazon.com>; 'Phil Hunt (IDM)' <phil.hunt@oracle.com>
Cc: scim@ietf.org= ; oauth@ietf.org
Subject: Re: [OAUTH-WG] [scim] Simple Federation Deployment

 

+1 for removing the manual cut-n-pa= stes!

 

Nat

 

--

PLEASE READ :This e-mail is confidential and i= ntended for the

named recipient only. If you are not an intend= ed recipient,

please notify the sender  and delete this= e-mail.

 

From: scim [mailto:scim-bounces@ietf.org] On Behalf Of Hardt, Dick
Sent: Wednesday, April 6, 2016 7:26 AM
To: Phil Hunt (IDM) <phil.hunt@oracle.com>
Cc: scim@ietf.org= ; oauth@ietf.org
Subject: Re: [scim] Simple Federation Deployment

 

I’= ;m talking about removing manual steps in what happens today where configur= ing a SaaS app at an IdP (such as Google, Azure, Ping, Octa) requires is a = bunch of cutting and pasting of access tokens / keys / certs and doing a bunch of  config that is error prone and u= nique for each relationship.

 <= /span>

DonR= 17;t want to solve on the thread … looking to see if there is interes= t!

 <= /span>

On 4/5/= 16, 7:11 PM, someone claiming to be "scim on behalf of Phil Hunt (IDM)= " <scim-= bounces@ietf.org on behalf of phil.hunt@oracle.= com> wrote:

 <= /span>

Is the = idp the center of all things for these users?

 <= /span>

Usually= you have a provisioning system that coordinates state and uses things like= scim connectors to do this. 

 <= /span>

Another= approach from today would be to pass a scim event to the remote provider w= hich then decides what needs to be done to facilitate the thingd you descri= be. 

 <= /span>

Iow. Ei= ther the idp (sender) or the sp (receiver) have a provisioning system to do= this. 

 <= /span>

The sol= ution and the simplicity depends on where the control needs to be. 
Phil


On Apr 5, 2016, at 18:59, Hardt, Dick <dick@amazon.com> wrote:

Use cas= e: An admin for an organization would like to enable her users to access a = SaaS application at her IdP. 

 <= /span>

User ex= perience: 

  1. Admin authenticates to IdP in browser
  2. Admi= n selects SaaS app to federate with from list at IdP
  3. IdP optionally presents config options
  4. = IdP redirects Admin to SaaS app
  5. Admin authenti= cates to SaaS app
  6. SaaS app optionally gathers = config options
  7. SaaS app redirects admin to IdP=
  8. IdP confirms successful federation =3D> OI= DC / SAML and SCIM are now configured and working between IdP and SaaS App<= /span>

Who els= e is interested in solving this?

 <= /span>

Is ther= e interest in working on this in either SCIM or OAUTH Wgs?=

 <= /span>

Any one= in BA interested in meeting on this topic this week?<= /p>

 <= /span>

—= Dick

_______= ________________________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim=


_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


--_000_5AF80C71D0E24B49B13542969B95D851amazoncom_-- From nobody Wed Apr 6 08:23:49 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1AAC12D8AC for ; Wed, 6 Apr 2016 08:23:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8S2gI3XLU33f for ; Wed, 6 Apr 2016 08:23:42 -0700 (PDT) Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2962D12D735 for ; Wed, 6 Apr 2016 08:20:21 -0700 (PDT) Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u36FKJbT017859 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 6 Apr 2016 15:20:20 GMT Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserv0021.oracle.com (8.13.8/8.13.8) with ESMTP id u36FKJX5009092 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 6 Apr 2016 15:20:19 GMT Received: from abhmp0010.oracle.com (abhmp0010.oracle.com [141.146.116.16]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id u36FKIb8012913; Wed, 6 Apr 2016 15:20:18 GMT Received: from dhcp-a0b5.meeting.ietf.org (/31.133.160.181) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 06 Apr 2016 08:20:18 -0700 Content-Type: multipart/alternative; boundary="Apple-Mail=_572A7AFD-6BF9-4B21-95A6-0949E1AD7FEB" Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\)) From: Phil Hunt In-Reply-To: Date: Wed, 6 Apr 2016 12:20:15 -0300 Message-Id: <440D5628-8ED8-4C01-B91E-660E88959195@oracle.com> References: To: Daniel Gioulakis X-Mailer: Apple Mail (2.3112) X-Source-IP: aserv0021.oracle.com [141.146.126.233] Archived-At: Cc: scim@ietf.org Subject: Re: [scim] SCIM patch valuePath vs subAttr X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2016 15:23:46 -0000 --Apple-Mail=_572A7AFD-6BF9-4B21-95A6-0949E1AD7FEB Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 in line... Phil @independentid www.independentid.com = phil.hunt@oracle.com = > On Mar 30, 2016, at 7:44 AM, Daniel Gioulakis = wrote: >=20 > Hi, >=20 > I'd like to confirm my interpretation of the SCIM specification = regarding patch operation filters when a valuePath is specified without = a subAttr and when one is specified with a subAttr after a grouping = clause. >=20 > The conversation around this originates in the Owin.Scim project at = https://github.com/PowerDMS/Owin.Scim/issues/10 = . For indexing = purposes, here is a copy of the original question and my response I'd = like to assert is correct: >=20 > Question: > "On a patch remove operation with path:"emails[type eq "work"]" it = removes the matching email complex attribute. On a patch remove = operation with path:"emails.type eq "work" " it ALSO removes the = matching email complex attribute. I was expecting it to clear the type = sub-attribute, but the spec is not clear on how to handle this = scenario." >=20 > My Response: > "Interesting ... I interpreted the spec as both of those are equal = paths. In fact I intentionally normalize path/filters by injecting = groupings [] where . are used to designate a sub-attribute filter vs a = sub-attribute target property. > In its current state, the path normalizer will take emails.type eq = "work" and turn it into emails[type eq "work"] before being used by the = lexer/parser to create an expression-tree predicate. >=20 > It's my opinion that if you want to modify just the type sub-attribute = you have to append it after the filter. > Thus, to filter and modify email.type: emails[type eq "work"].type=E2=80= =9D [PH] This is my interpretation. The [] brackets select the value = record, whereas .type selects the sub attribute allowing you to = intersect with the correct attribute record. >=20 >=20 > To further clarify my understanding of the spec using the examples = above, a patch remove operation with the above expressions would result = in the following actions: > > emails.type eq "work" -> will remove the entire email instance whose = 'type' attribute satisfies the predicate > > emails[type eq "work"].type -> will remove ONLY the email 'type' = attribute, not the email instance >=20 >=20 > Thanks for the assistance! >=20 > Daniel Gioulakis >=20 > --=20 > = = > Daniel M Gioulakis | Software Architect | = daniel.gioulakis@powerdms.com | = 407.342.5927 >=20 > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim --Apple-Mail=_572A7AFD-6BF9-4B21-95A6-0949E1AD7FEB Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 in line...



On Mar 30, 2016, at 7:44 AM, Daniel Gioulakis <daniel.gioulakis@powerdms.com> wrote:

Hi,

I'd = like to confirm my interpretation of the SCIM specification regarding = patch operation filters when a valuePath is specified without a subAttr = and when one is specified with a subAttr after a grouping = clause.

The = conversation around this originates in the Owin.Scim project at https://github.com/PowerDMS/Owin.Scim/issues/10.  = For indexing purposes, here is a copy of the original question and my = response I'd like to assert is correct:

Question:
"On a patch remove = operation with path:"emails[type eq "work"]" it removes the matching = email complex attribute. On a patch remove = operation with path:"emails.type eq "work" " it ALSO removes the = matching email complex attribute. I was expecting it to clear the type = sub-attribute, but the spec is not clear on how to handle this = scenario."

My = Response:
"Interesting ... I = interpreted the spec as both of those are equal paths. In fact I = intentionally normalize path/filters by injecting groupings [] where . are used to = designate a sub-attribute filter vs a sub-attribute target = property.

In its current = state, the path normalizer will take emails.type eq "work" and turn it into emails[type eq "work"] before being used by the = lexer/parser to create an expression-tree predicate.

It's= my opinion that if you want to modify just the type sub-attribute you = have to append it after the filter.
Thus, to filter and = modify email.type: emails[type eq = "work"].type=E2=80=9D

[PH] This is my interpretation.  The [] brackets = select the value record, whereas .type selects the sub attribute = allowing you to intersect with the correct attribute record.


To = further clarify my understanding of the spec using the examples above, a = patch remove operation with the above expressions would result in the = following actions:
> emails.type eq "work" -> = will remove the entire email instance whose 'type' attribute satisfies = the predicate
> emails[type eq "work"].type = -> will remove ONLY the email 'type' attribute, not the email = instance


Thanks for the assistance!

Daniel = Gioulakis

--
3D"http://www.powerdms.com/"   

Daniel M = Gioulakis Software Architect = | daniel.gioulakis@powerdms.com | 407.342.5927

_______________________________________________
scim = mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim

= --Apple-Mail=_572A7AFD-6BF9-4B21-95A6-0949E1AD7FEB-- From nobody Wed Apr 6 14:20:46 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AE3F12D542 for ; Wed, 6 Apr 2016 14:20:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=salesforce.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uKLKxb3ZO55i for ; Wed, 6 Apr 2016 14:20:42 -0700 (PDT) Received: from mail-ig0-x22c.google.com (mail-ig0-x22c.google.com [IPv6:2607:f8b0:4001:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B788A12D174 for ; Wed, 6 Apr 2016 14:20:42 -0700 (PDT) Received: by mail-ig0-x22c.google.com with SMTP id f1so139863257igr.1 for ; Wed, 06 Apr 2016 14:20:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salesforce.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=uQ+bDznJYqqwwaZYyuGX9/49QkOUiFhrzyHJn7c908k=; b=a7Ywn7Gpr5uz9UyWsDfCfYOp420pFeaazEaA4d6Wdi8bdV0CZnBRHJPBZy8AWlsPiz hZLcOo/g2yNpnzAwxKYX83xYFO/zaBEgzCGh8PzY/fNKyV8Tp78Iceu6AdSrm5QM0Lfm Z8y+Rq8C4LMh4E0Wtsbt7ppMpVuh6/4wCPggs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=uQ+bDznJYqqwwaZYyuGX9/49QkOUiFhrzyHJn7c908k=; b=g0YpGr/6xiw+l8TcjEmPE1uOTu9lC6NSPVcuHxN6BceSOvjHHvcgWO2K8hntCKybcR a/0p5Oc6WknG1V5vFCcca6ux7Tz++jemTEXEarGQdx7E2wadsCOH8VxJhjR6oxb1RT9H 6buzlrclB7RetCeIHiguC5wtcKSDTtHD3wXiLBo9jv1nSbvt2/AFNfyiIMYj8uRSI5/Q IwvjBBhSvhlzCJ1h3wUKNKItG2CTvPkMDem1/3ivaax1VAwXHJOOwIRUnGVLdkMAJzUP SxT2J+3MBJP3Y+SDqMW8+q2h1TQVC4aw+okcB39l67cny3M9hYptWw94q4Tjicdphu3X h2fQ== X-Gm-Message-State: AD7BkJJZRLUhPFBvlpu59xmo9USAG/REvhxuHMliEVlrmlQJHS4DvjZPVI5WXijSluiMxjoBwYNQCTYWt93o5CUv X-Received: by 10.50.72.82 with SMTP id b18mr33913igv.79.1459977641942; Wed, 06 Apr 2016 14:20:41 -0700 (PDT) MIME-Version: 1.0 Received: by 10.36.61.16 with HTTP; Wed, 6 Apr 2016 14:20:22 -0700 (PDT) In-Reply-To: References: From: Ian Glazer Date: Wed, 6 Apr 2016 17:20:22 -0400 Message-ID: To: "Hardt, Dick" Content-Type: multipart/alternative; boundary=047d7bdc9e76bab493052fd7886e Archived-At: Cc: "scim@ietf.org" , "oauth@ietf.org" Subject: Re: [scim] Simple Federation Deployment X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2016 21:20:45 -0000 --047d7bdc9e76bab493052fd7886e Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable I'd be interested too On Tue, Apr 5, 2016 at 5:59 PM, Hardt, Dick wrote: > Use case: An admin for an organization would like to enable her users to > access a SaaS application at her IdP. > > User experience: > > 1. Admin authenticates to IdP in browser > 2. Admin selects SaaS app to federate with from list at IdP > 3. IdP optionally presents config options > 4. IdP redirects Admin to SaaS app > 5. Admin authenticates to SaaS app > 6. SaaS app optionally gathers config options > 7. SaaS app redirects admin to IdP > 8. IdP confirms successful federation =3D> OIDC / SAML and SCIM are no= w > configured and working between IdP and SaaS App > > Who else is interested in solving this? > > Is there interest in working on this in either SCIM or OAUTH Wgs? > > Any one in BA interested in meeting on this topic this week? > > =E2=80=94 Dick > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > > --=20 Ian Glazer Senior Director, Identity +1 202 255 3166 @iglazer --047d7bdc9e76bab493052fd7886e Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
I'd be interested too
=
On Tue, Apr 5, 2016 at 5:59 PM, Hardt, Dick = <= dick@amazon.com> wrote:
Use case: An admin for an organization would like to enable her users = to access a SaaS application at her IdP.=C2=A0

User experience:=C2=A0
  1. Admin authenticates to IdP in browser
  2. Admin selects SaaS app to= federate with from list at IdP
  3. IdP optionally presents config opti= ons
  4. IdP redirects Admin to SaaS app
  5. Admin authenticates to = SaaS app
  6. SaaS app optionally gathers config options
  7. SaaS ap= p redirects admin to IdP
  8. IdP confirms successful federation =3D>= OIDC / SAML and SCIM are now configured and working between IdP and SaaS A= pp
Who else is interested in solving this?

Is there interest in working on this in either SCIM or OAUTH Wgs?

Any one in BA interested in meeting on this topic this week?

=E2=80=94 Dick

_______________________________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim




--
Ian Glazer
Senio= r Director, Identity
+1 202 255 3166
--047d7bdc9e76bab493052fd7886e-- From nobody Wed Apr 6 15:14:19 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F49212D149; Wed, 6 Apr 2016 15:14:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.002 X-Spam-Level: X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 43zuuj6s3wmV; Wed, 6 Apr 2016 15:14:13 -0700 (PDT) Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0131.outbound.protection.outlook.com [65.55.169.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF37912D101; Wed, 6 Apr 2016 15:14:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=5Pob+67REjignU4lVpAn7JlH9r0CDGcsIdx9K9urtuw=; b=KtOdk27DX8vGaJ2m6nyYkew2HULV6dGZoOLtH9VnHT4T8OHztxMhIDi684TurX7bRKrtPWqgXK5RcydaoCS8/Q1NWJcuTFevejWAMzFOACN6OjufCM8M1LTKHiAeIoheqDkhxbDJdoDAUsyKOPEo+39KZTzgQXpf4bTChfMs6tI= Received: from SN1PR0301MB1645.namprd03.prod.outlook.com (10.162.130.139) by SN1PR0301MB1648.namprd03.prod.outlook.com (10.162.130.142) with Microsoft SMTP Server (TLS) id 15.1.447.15; Wed, 6 Apr 2016 22:14:10 +0000 Received: from SN1PR0301MB1645.namprd03.prod.outlook.com ([10.162.130.139]) by SN1PR0301MB1645.namprd03.prod.outlook.com ([10.162.130.139]) with mapi id 15.01.0447.028; Wed, 6 Apr 2016 22:14:10 +0000 From: Mike Jones To: "Hardt, Dick" , "Phil Hunt (IDM)" Thread-Topic: [scim] Simple Federation Deployment Thread-Index: AQHRj4qWMk6yJIjegUqu3vwLPN62ep99hBVg Date: Wed, 6 Apr 2016 22:14:09 +0000 Message-ID: References: <086477E4-5F4E-4C52-AC91-E26824A9FA7A@oracle.com> <78D87E6B-DBFE-46D9-B7FA-15201924DA12@amazon.com> In-Reply-To: <78D87E6B-DBFE-46D9-B7FA-15201924DA12@amazon.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: amazon.com; dkim=none (message not signed) header.d=none;amazon.com; dmarc=none action=none header.from=microsoft.com; x-originating-ip: [2001:67c:370:160:e425:92d3:f758:ab2b] x-ms-office365-filtering-correlation-id: c6e7fffe-1f7a-4509-bb5e-08d35e68c72d x-microsoft-exchange-diagnostics: 1; SN1PR0301MB1648; 5:gfyPScsHpjC5fOqw8CN19Kz4HfRgE/shRpnjWo3Upb//ptH36iEMaVJNiKpgA8y5IGUAKz2mACXYYvIQoz2mRujnohwwmSFOzzjraYL/ci9EYqoFS01R1UDUAfXBSvZZTN+xYkvdNHg/0qzysbEUJg==; 24:bpwui8G3WrfL9qHQQicPFA2tYx8BXF4pGzLFr24wn7yE/2siQmfXlia9PgrLGGucUzp9EOa7ZcnXSSlaAGTPU7q4BFagfH1d5CNKc/qKckw= x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SN1PR0301MB1648; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026)(61426038)(61427038); SRVR:SN1PR0301MB1648; BCL:0; PCL:0; RULEID:; SRVR:SN1PR0301MB1648; x-forefront-prvs: 0904004ECB x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(377454003)(24454002)(6116002)(106116001)(102836003)(19300405004)(790700001)(86362001)(586003)(5008740100001)(1096002)(10090500001)(86612001)(76176999)(50986999)(2900100001)(8990500004)(189998001)(3280700002)(19580405001)(19580395003)(5001770100001)(3660700001)(99286002)(74316001)(1220700001)(10400500002)(2906002)(16236675004)(54356999)(15975445007)(77096005)(10290500002)(4326007)(5005710100001)(33656002)(87936001)(92566002)(5004730100002)(19617315012)(19625215002)(19609705001)(122556002)(76576001)(11100500001)(5003600100002)(2950100001)(81166005)(5002640100001)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN1PR0301MB1648; H:SN1PR0301MB1645.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; spamdiagnosticoutput: 1:23 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_SN1PR0301MB16451EB9061C26F639F2FD0AF59F0SN1PR0301MB1645_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Apr 2016 22:14:09.9394 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR0301MB1648 Archived-At: Cc: "scim@ietf.org" , "oauth@ietf.org" Subject: Re: [scim] Simple Federation Deployment X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2016 22:14:15 -0000 --_000_SN1PR0301MB16451EB9061C26F639F2FD0AF59F0SN1PR0301MB1645_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Rm9yIHRoZSByZWNvcmQsIEnigJltIGludGVyZXN0ZWQuDQoNCkZyb206IHNjaW0gW21haWx0bzpz Y2ltLWJvdW5jZXNAaWV0Zi5vcmddIE9uIEJlaGFsZiBPZiBIYXJkdCwgRGljaw0KU2VudDogVHVl c2RheSwgQXByaWwgNSwgMjAxNiA3OjI2IFBNDQpUbzogUGhpbCBIdW50IChJRE0pIDxwaGlsLmh1 bnRAb3JhY2xlLmNvbT4NCkNjOiBzY2ltQGlldGYub3JnOyBvYXV0aEBpZXRmLm9yZw0KU3ViamVj dDogUmU6IFtzY2ltXSBTaW1wbGUgRmVkZXJhdGlvbiBEZXBsb3ltZW50DQoNCknigJltIHRhbGtp bmcgYWJvdXQgcmVtb3ZpbmcgbWFudWFsIHN0ZXBzIGluIHdoYXQgaGFwcGVucyB0b2RheSB3aGVy ZSBjb25maWd1cmluZyBhIFNhYVMgYXBwIGF0IGFuIElkUCAoc3VjaCBhcyBHb29nbGUsIEF6dXJl LCBQaW5nLCBPY3RhKSByZXF1aXJlcyBpcyBhIGJ1bmNoIG9mIGN1dHRpbmcgYW5kIHBhc3Rpbmcg b2YgYWNjZXNzIHRva2VucyAvIGtleXMgLyBjZXJ0cyBhbmQgZG9pbmcgYSBidW5jaCBvZiAgY29u ZmlnIHRoYXQgaXMgZXJyb3IgcHJvbmUgYW5kIHVuaXF1ZSBmb3IgZWFjaCByZWxhdGlvbnNoaXAu DQoNCkRvbuKAmXQgd2FudCB0byBzb2x2ZSBvbiB0aGUgdGhyZWFkIOKApiBsb29raW5nIHRvIHNl ZSBpZiB0aGVyZSBpcyBpbnRlcmVzdCENCg0KT24gNC81LzE2LCA3OjExIFBNLCBzb21lb25lIGNs YWltaW5nIHRvIGJlICJzY2ltIG9uIGJlaGFsZiBvZiBQaGlsIEh1bnQgKElETSkiIDxzY2ltLWJv dW5jZXNAaWV0Zi5vcmc8bWFpbHRvOnNjaW0tYm91bmNlc0BpZXRmLm9yZz4gb24gYmVoYWxmIG9m IHBoaWwuaHVudEBvcmFjbGUuY29tPG1haWx0bzpwaGlsLmh1bnRAb3JhY2xlLmNvbT4+IHdyb3Rl Og0KDQpJcyB0aGUgaWRwIHRoZSBjZW50ZXIgb2YgYWxsIHRoaW5ncyBmb3IgdGhlc2UgdXNlcnM/ DQoNClVzdWFsbHkgeW91IGhhdmUgYSBwcm92aXNpb25pbmcgc3lzdGVtIHRoYXQgY29vcmRpbmF0 ZXMgc3RhdGUgYW5kIHVzZXMgdGhpbmdzIGxpa2Ugc2NpbSBjb25uZWN0b3JzIHRvIGRvIHRoaXMu DQoNCkFub3RoZXIgYXBwcm9hY2ggZnJvbSB0b2RheSB3b3VsZCBiZSB0byBwYXNzIGEgc2NpbSBl dmVudCB0byB0aGUgcmVtb3RlIHByb3ZpZGVyIHdoaWNoIHRoZW4gZGVjaWRlcyB3aGF0IG5lZWRz IHRvIGJlIGRvbmUgdG8gZmFjaWxpdGF0ZSB0aGUgdGhpbmdkIHlvdSBkZXNjcmliZS4NCg0KSW93 LiBFaXRoZXIgdGhlIGlkcCAoc2VuZGVyKSBvciB0aGUgc3AgKHJlY2VpdmVyKSBoYXZlIGEgcHJv dmlzaW9uaW5nIHN5c3RlbSB0byBkbyB0aGlzLg0KDQpUaGUgc29sdXRpb24gYW5kIHRoZSBzaW1w bGljaXR5IGRlcGVuZHMgb24gd2hlcmUgdGhlIGNvbnRyb2wgbmVlZHMgdG8gYmUuDQoNClBoaWwN Cg0KT24gQXByIDUsIDIwMTYsIGF0IDE4OjU5LCBIYXJkdCwgRGljayA8ZGlja0BhbWF6b24uY29t PG1haWx0bzpkaWNrQGFtYXpvbi5jb20+PiB3cm90ZToNClVzZSBjYXNlOiBBbiBhZG1pbiBmb3Ig YW4gb3JnYW5pemF0aW9uIHdvdWxkIGxpa2UgdG8gZW5hYmxlIGhlciB1c2VycyB0byBhY2Nlc3Mg YSBTYWFTIGFwcGxpY2F0aW9uIGF0IGhlciBJZFAuDQoNClVzZXIgZXhwZXJpZW5jZToNCg0KICAx LiAgQWRtaW4gYXV0aGVudGljYXRlcyB0byBJZFAgaW4gYnJvd3Nlcg0KICAyLiAgQWRtaW4gc2Vs ZWN0cyBTYWFTIGFwcCB0byBmZWRlcmF0ZSB3aXRoIGZyb20gbGlzdCBhdCBJZFANCiAgMy4gIElk UCBvcHRpb25hbGx5IHByZXNlbnRzIGNvbmZpZyBvcHRpb25zDQogIDQuICBJZFAgcmVkaXJlY3Rz IEFkbWluIHRvIFNhYVMgYXBwDQogIDUuICBBZG1pbiBhdXRoZW50aWNhdGVzIHRvIFNhYVMgYXBw DQogIDYuICBTYWFTIGFwcCBvcHRpb25hbGx5IGdhdGhlcnMgY29uZmlnIG9wdGlvbnMNCiAgNy4g IFNhYVMgYXBwIHJlZGlyZWN0cyBhZG1pbiB0byBJZFANCiAgOC4gIElkUCBjb25maXJtcyBzdWNj ZXNzZnVsIGZlZGVyYXRpb24gPT4gT0lEQyAvIFNBTUwgYW5kIFNDSU0gYXJlIG5vdyBjb25maWd1 cmVkIGFuZCB3b3JraW5nIGJldHdlZW4gSWRQIGFuZCBTYWFTIEFwcA0KV2hvIGVsc2UgaXMgaW50 ZXJlc3RlZCBpbiBzb2x2aW5nIHRoaXM/DQoNCklzIHRoZXJlIGludGVyZXN0IGluIHdvcmtpbmcg b24gdGhpcyBpbiBlaXRoZXIgU0NJTSBvciBPQVVUSCBXZ3M/DQoNCkFueSBvbmUgaW4gQkEgaW50 ZXJlc3RlZCBpbiBtZWV0aW5nIG9uIHRoaXMgdG9waWMgdGhpcyB3ZWVrPw0KDQrigJQgRGljaw0K X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCnNjaW0gbWFp bGluZyBsaXN0DQpzY2ltQGlldGYub3JnPG1haWx0bzpzY2ltQGlldGYub3JnPg0KaHR0cHM6Ly93 d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zY2ltDQo= --_000_SN1PR0301MB16451EB9061C26F639F2FD0AF59F0SN1PR0301MB1645_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ Zm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIixzZXJpZjt9 DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCglj b2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFu Lk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpw dXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwLm1zb25vcm1hbDAsIGxpLm1z b25vcm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHlsZS1uYW1lOm1zb25vcm1hbDsNCglt c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzsNCgltYXJnaW4tcmlnaHQ6MGluOw0KCW1zby1tYXJnaW4t Ym90dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0OjBpbjsNCglmb250LXNpemU6MTIuMHB0Ow0K CWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4iLHNlcmlmO30NCnNwYW4uRW1haWxTdHlsZTE4 DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmOw0KCWNvbG9yOiMwMDIwNjA7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0 eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBwdDt9DQpAcGFnZSBXb3JkU2Vj dGlvbjENCgl7c2l6ZTo4LjVpbiAxMS4waW47DQoJbWFyZ2luOjEuMGluIDEuMGluIDEuMGluIDEu MGluO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLyogTGlzdCBE ZWZpbml0aW9ucyAqLw0KQGxpc3QgbDANCgl7bXNvLWxpc3QtaWQ6MTY0NDc3NDI4OTsNCgltc28t bGlzdC10ZW1wbGF0ZS1pZHM6LTE3OTk0NDYwMDA7fQ0Kb2wNCgl7bWFyZ2luLWJvdHRvbTowaW47 fQ0KdWwNCgl7bWFyZ2luLWJvdHRvbTowaW47fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28g OV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+ DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5 b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9v OnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4t VVMiIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24x Ij4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2Zv bnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMDAyMDYwIj5G b3IgdGhlIHJlY29yZCwgSeKAmW0gaW50ZXJlc3RlZC48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48YSBuYW1lPSJfTWFpbEVuZENvbXBvc2UiPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1z ZXJpZjtjb2xvcjojMDAyMDYwIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L2E+PC9wPg0KPHNw YW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbEVuZENvbXBvc2UiPjwvc3Bhbj4NCjxkaXY+DQo8 ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFk ZGluZzozLjBwdCAwaW4gMGluIDBpbiI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNh bnMtc2VyaWYiPkZyb206PC9zcGFuPjwvYj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtm b250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPiBzY2ltIFttYWlsdG86 c2NpbS1ib3VuY2VzQGlldGYub3JnXQ0KPGI+T24gQmVoYWxmIE9mIDwvYj5IYXJkdCwgRGljazxi cj4NCjxiPlNlbnQ6PC9iPiBUdWVzZGF5LCBBcHJpbCA1LCAyMDE2IDc6MjYgUE08YnI+DQo8Yj5U bzo8L2I+IFBoaWwgSHVudCAoSURNKSAmbHQ7cGhpbC5odW50QG9yYWNsZS5jb20mZ3Q7PGJyPg0K PGI+Q2M6PC9iPiBzY2ltQGlldGYub3JnOyBvYXV0aEBpZXRmLm9yZzxicj4NCjxiPlN1YmplY3Q6 PC9iPiBSZTogW3NjaW1dIFNpbXBsZSBGZWRlcmF0aW9uIERlcGxveW1lbnQ8bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz cDs8L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fu cy1zZXJpZjtjb2xvcjpibGFjayI+SeKAmW0gdGFsa2luZyBhYm91dCByZW1vdmluZyBtYW51YWwg c3RlcHMgaW4gd2hhdCBoYXBwZW5zIHRvZGF5IHdoZXJlIGNvbmZpZ3VyaW5nIGEgU2FhUyBhcHAg YXQgYW4gSWRQIChzdWNoIGFzIEdvb2dsZSwgQXp1cmUsIFBpbmcsIE9jdGEpIHJlcXVpcmVzIGlz IGEgYnVuY2ggb2YNCiBjdXR0aW5nIGFuZCBwYXN0aW5nIG9mIGFjY2VzcyB0b2tlbnMgLyBrZXlz IC8gY2VydHMgYW5kIGRvaW5nIGEgYnVuY2ggb2YgJm5ic3A7Y29uZmlnIHRoYXQgaXMgZXJyb3Ig cHJvbmUgYW5kIHVuaXF1ZSBmb3IgZWFjaCByZWxhdGlvbnNoaXAuPG86cD48L286cD48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlm O2NvbG9yOmJsYWNrIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250 LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPkRvbuKA mXQgd2FudCB0byBzb2x2ZSBvbiB0aGUgdGhyZWFkIOKApiBsb29raW5nIHRvIHNlZSBpZiB0aGVy ZSBpcyBpbnRlcmVzdCE8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2Zv bnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjayI+PG86 cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZx dW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjayI+T24gNC81LzE2LCA3OjEx IFBNLCBzb21lb25lIGNsYWltaW5nIHRvIGJlICZxdW90O3NjaW0gb24gYmVoYWxmIG9mIFBoaWwg SHVudCAoSURNKSZxdW90OyAmbHQ7PGEgaHJlZj0ibWFpbHRvOnNjaW0tYm91bmNlc0BpZXRmLm9y ZyI+c2NpbS1ib3VuY2VzQGlldGYub3JnPC9hPiBvbiBiZWhhbGYgb2YNCjxhIGhyZWY9Im1haWx0 bzpwaGlsLmh1bnRAb3JhY2xlLmNvbSI+cGhpbC5odW50QG9yYWNsZS5jb208L2E+Jmd0OyB3cm90 ZTo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZx dW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjayI+PG86cD4mbmJzcDs8L286 cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9y ZGVyLWxlZnQ6c29saWQgI0I1QzRERiA0LjVwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDQuMHB0O21h cmdpbi1sZWZ0OjMuNzVwdDttYXJnaW4tcmlnaHQ6MGluIiBpZD0iTUFDX09VVExPT0tfQVRUUklC VVRJT05fQkxPQ0tRVU9URSI+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTomcXVvdDtDYWxp YnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPklzIHRoZSBpZHAgdGhlIGNlbnRlciBv ZiBhbGwgdGhpbmdzIGZvciB0aGVzZSB1c2Vycz88bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rp dj4NCjxkaXYgaWQ9IkFwcGxlTWFpbFNpZ25hdHVyZSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4N CjwvZGl2Pg0KPGRpdiBpZD0iQXBwbGVNYWlsU2lnbmF0dXJlIj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGli cmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjayI+VXN1YWxseSB5b3UgaGF2ZSBhIHByb3Zp c2lvbmluZyBzeXN0ZW0gdGhhdCBjb29yZGluYXRlcyBzdGF0ZSBhbmQgdXNlcyB0aGluZ3MgbGlr ZSBzY2ltIGNvbm5lY3RvcnMgdG8gZG8gdGhpcy4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8L2Rpdj4NCjxkaXYgaWQ9IkFwcGxlTWFpbFNpZ25hdHVyZSI+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTomcXVvdDtDYWxp YnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFu PjwvcD4NCjwvZGl2Pg0KPGRpdiBpZD0iQXBwbGVNYWlsU2lnbmF0dXJlIj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90 O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjayI+QW5vdGhlciBhcHByb2FjaCBm cm9tIHRvZGF5IHdvdWxkIGJlIHRvIHBhc3MgYSBzY2ltIGV2ZW50IHRvIHRoZSByZW1vdGUgcHJv dmlkZXIgd2hpY2ggdGhlbiBkZWNpZGVzIHdoYXQgbmVlZHMgdG8gYmUgZG9uZSB0byBmYWNpbGl0 YXRlIHRoZSB0aGluZ2QgeW91IGRlc2NyaWJlLiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjwvZGl2Pg0KPGRpdiBpZD0iQXBwbGVNYWlsU2lnbmF0dXJlIj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGli cmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjayI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8ZGl2IGlkPSJBcHBsZU1haWxTaWduYXR1cmUiPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOmJsYWNrIj5Jb3cuIEVpdGhlciB0aGUgaWRw IChzZW5kZXIpIG9yIHRoZSBzcCAocmVjZWl2ZXIpIGhhdmUgYSBwcm92aXNpb25pbmcgc3lzdGVt IHRvIGRvIHRoaXMuJm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2IGlk PSJBcHBsZU1haWxTaWduYXR1cmUiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNl cmlmO2NvbG9yOmJsYWNrIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxk aXYgaWQ9IkFwcGxlTWFpbFNpZ25hdHVyZSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNh bnMtc2VyaWY7Y29sb3I6YmxhY2siPlRoZSBzb2x1dGlvbiBhbmQgdGhlIHNpbXBsaWNpdHkgZGVw ZW5kcyBvbiB3aGVyZSB0aGUgY29udHJvbCBuZWVkcyB0byBiZS4mbmJzcDs8YnI+DQo8YnI+DQpQ aGlsPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0Ij48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjEwLjVwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6 YmxhY2siPjxicj4NCk9uIEFwciA1LCAyMDE2LCBhdCAxODo1OSwgSGFyZHQsIERpY2sgJmx0Ozxh IGhyZWY9Im1haWx0bzpkaWNrQGFtYXpvbi5jb20iPmRpY2tAYW1hem9uLmNvbTwvYT4mZ3Q7IHdy b3RlOjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9Im1h cmdpbi10b3A6NS4wcHQ7bWFyZ2luLWJvdHRvbTo1LjBwdCI+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5 OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjayI+VXNlIGNhc2U6IEFu IGFkbWluIGZvciBhbiBvcmdhbml6YXRpb24gd291bGQgbGlrZSB0byBlbmFibGUgaGVyIHVzZXJz IHRvIGFjY2VzcyBhIFNhYVMgYXBwbGljYXRpb24gYXQgaGVyIElkUC4mbmJzcDs8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNh bnMtc2VyaWY7Y29sb3I6YmxhY2siPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAu NXB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFj ayI+VXNlciBleHBlcmllbmNlOiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0K PG9sIHN0YXJ0PSIxIiB0eXBlPSIxIj4NCjxsaSBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0iY29s b3I6YmxhY2s7bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1 dG87bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzEiPg0KPHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41 cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj5BZG1pbiBhdXRo ZW50aWNhdGVzIHRvIElkUCBpbiBicm93c2VyPG86cD48L286cD48L3NwYW4+PC9saT48bGkgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOmJsYWNrO21zby1tYXJnaW4tdG9wLWFsdDphdXRv O21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvO21zby1saXN0OmwwIGxldmVsMSBsZm8xIj4NCjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVv dDssc2Fucy1zZXJpZiI+QWRtaW4gc2VsZWN0cyBTYWFTIGFwcCB0byBmZWRlcmF0ZSB3aXRoIGZy b20gbGlzdCBhdCBJZFA8bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjxsaSBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0iY29sb3I6YmxhY2s7bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i b3R0b20tYWx0OmF1dG87bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzEiPg0KPHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlm Ij5JZFAgb3B0aW9uYWxseSBwcmVzZW50cyBjb25maWcgb3B0aW9uczxvOnA+PC9vOnA+PC9zcGFu PjwvbGk+PGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJjb2xvcjpibGFjazttc28tbWFyZ2lu LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzttc28tbGlzdDpsMCBsZXZl bDEgbGZvMSI+DQo8c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTomcXVv dDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPklkUCByZWRpcmVjdHMgQWRtaW4gdG8gU2FhUyBh cHA8bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjxsaSBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0iY29s b3I6YmxhY2s7bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1 dG87bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzEiPg0KPHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41 cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj5BZG1pbiBhdXRo ZW50aWNhdGVzIHRvIFNhYVMgYXBwPG86cD48L286cD48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1z b05vcm1hbCIgc3R5bGU9ImNvbG9yOmJsYWNrO21zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvO21zby1saXN0OmwwIGxldmVsMSBsZm8xIj4NCjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fu cy1zZXJpZiI+U2FhUyBhcHAgb3B0aW9uYWxseSBnYXRoZXJzIGNvbmZpZyBvcHRpb25zPG86cD48 L286cD48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOmJsYWNr O21zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvO21zby1s aXN0OmwwIGxldmVsMSBsZm8xIj4NCjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQt ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+U2FhUyBhcHAgcmVkaXJlY3Rz IGFkbWluIHRvIElkUDxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PGxpIGNsYXNzPSJNc29Ob3JtYWwi IHN0eWxlPSJjb2xvcjpibGFjazttc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJv dHRvbS1hbHQ6YXV0bzttc28tbGlzdDpsMCBsZXZlbDEgbGZvMSI+DQo8c3BhbiBzdHlsZT0iZm9u dC1zaXplOjEwLjVwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYi PklkUCBjb25maXJtcyBzdWNjZXNzZnVsIGZlZGVyYXRpb24gPSZndDsgT0lEQyAvIFNBTUwgYW5k IFNDSU0gYXJlIG5vdyBjb25maWd1cmVkIGFuZCB3b3JraW5nIGJldHdlZW4gSWRQIGFuZCBTYWFT IEFwcDxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PC9vbD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTomcXVvdDtDYWxp YnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPldobyBlbHNlIGlzIGludGVyZXN0ZWQg aW4gc29sdmluZyB0aGlzPzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFt aWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjayI+PG86cD4mbmJz cDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZx dW90OyxzYW5zLXNlcmlmO2NvbG9yOmJsYWNrIj5JcyB0aGVyZSBpbnRlcmVzdCBpbiB3b3JraW5n IG9uIHRoaXMgaW4gZWl0aGVyIFNDSU0gb3IgT0FVVEggV2dzPzxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtj b2xvcjpibGFjayI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1m YW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOmJsYWNrIj5Bbnkgb25l IGluIEJBIGludGVyZXN0ZWQgaW4gbWVldGluZyBvbiB0aGlzIHRvcGljIHRoaXMgd2Vlaz88bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xv cjpibGFjayI+4oCUIERpY2s8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0K PC9ibG9ja3F1b3RlPg0KPGJsb2NrcXVvdGUgc3R5bGU9Im1hcmdpbi10b3A6NS4wcHQ7bWFyZ2lu LWJvdHRvbTo1LjBwdCI+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNl cmlmO2NvbG9yOmJsYWNrIj5fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fXzxicj4NCnNjaW0gbWFpbGluZyBsaXN0PGJyPg0KPGEgaHJlZj0ibWFpbHRvOnNjaW1A aWV0Zi5vcmciPnNjaW1AaWV0Zi5vcmc8L2E+PGJyPg0KPGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0 Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zY2ltIj5odHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFu L2xpc3RpbmZvL3NjaW08L2E+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Jsb2Nr cXVvdGU+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8L2JvZHk+DQo8 L2h0bWw+DQo= --_000_SN1PR0301MB16451EB9061C26F639F2FD0AF59F0SN1PR0301MB1645_-- From nobody Thu Apr 7 16:19:28 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B444112D6F1; Thu, 7 Apr 2016 16:19:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -12.541 X-Spam-Level: X-Spam-Status: No, score=-12.541 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GOgtbsUhaxyS; Thu, 7 Apr 2016 16:19:24 -0700 (PDT) Received: from smtp-fw-9102.amazon.com (smtp-fw-9102.amazon.com [207.171.184.29]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C312F12D1ED; Thu, 7 Apr 2016 16:19:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1460071163; x=1491607163; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=DCBou+grGxLoCDAE3EDHVqEWFpht4M5ClZ8JrFGoqKA=; b=JVR1XUTCrjET/CpxU7393vX3gljw05SJVfpqBhn3Nf2mL3zSBi4rnKBE /s4apUv/x3/S7BmAmhmDOBXb/GNhYM9iijVbg8+nq+PFAzFw5uiVlt0nB dxr9p2eklkXZ7tfaD8dKO1Bz9WQ65ZQy/X41sNMDpRNqG8l+wK5VeV4z+ Y=; X-IronPort-AV: E=Sophos;i="5.24,449,1454976000"; d="scan'208,217";a="417069202" Received: from sea19-co-svc-lb5-vlan2.sea.amazon.com (HELO email-inbound-relay-71008.iad55.amazon.com) ([10.47.22.162]) by smtp-border-fw-out-9102.sea19.amazon.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 07 Apr 2016 23:19:22 +0000 Received: from ex10-hub-7002.ant.amazon.com (iad1-ws-svc-lb91-vlan2.amazon.com [10.0.103.146]) by email-inbound-relay-71008.iad55.amazon.com (8.14.7/8.14.7) with ESMTP id u37NJGiM014277 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 7 Apr 2016 23:19:20 GMT Received: from EX13D03UWA001.ant.amazon.com (10.43.160.141) by ex10-hub-7002.ant.amazon.com (10.43.110.153) with Microsoft SMTP Server (TLS) id 14.3.181.6; Thu, 7 Apr 2016 16:19:07 -0700 Received: from EX13D03UWA001.ant.amazon.com (10.43.160.141) by EX13D03UWA001.ant.amazon.com (10.43.160.141) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Thu, 7 Apr 2016 23:19:06 +0000 Received: from EX13D03UWA001.ant.amazon.com ([10.43.160.141]) by EX13D03UWA001.ant.amazon.com ([10.43.160.141]) with mapi id 15.00.1104.000; Thu, 7 Apr 2016 23:19:06 +0000 From: "Hardt, Dick" To: Justin Richer Thread-Topic: [OAUTH-WG] [scim] Simple Federation Deployment server to server Thread-Index: AQHRkAUV47DkspjcTE29bhDf8xdvHp9/JscAgAAA8H0= Date: Thu, 7 Apr 2016 23:19:05 +0000 Message-ID: References: , In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted Content-Type: multipart/alternative; boundary="_000_C75E2AC872B34D46A78EBEBA27400EF3amazoncom_" MIME-Version: 1.0 Archived-At: Cc: "scim@ietf.org" , Brian Campbell , "" Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment server to server X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2016 23:19:26 -0000 --_000_C75E2AC872B34D46A78EBEBA27400EF3amazoncom_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable I'm writing an ID to submit in the OAuth WG -- Dick On Apr 7, 2016, at 8:16 PM, Justin Richer > wrote: +1, this seems a better fit for openid. =97 Justin On Apr 6, 2016, at 9:05 AM, Brian Campbell > wrote: OpenID ... ? On Wed, Apr 6, 2016 at 9:59 AM, Anthony Nadalin > wrote: Good question, since SCIM does not really provide an authorization model an= d Oauth does not do provisioning this is sort of caught in the middle, so i= f I had to pick I would pick Oauth as this is a generic server to server is= sue From: Hardt, Dick [mailto:dick@amazon.com] Sent: Wednesday, April 6, 2016 5:52 AM To: Anthony Nadalin > Cc: Gil Kirkpatrick >; Nat Sakimura >;= Phil Hunt (IDM) >; scim@= ietf.org; oauth@ietf.org Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment Sounds like there is interest. SCIM or OAUTH? -- Dick On Apr 6, 2016, at 8:57 AM, Anthony Nadalin > wrote: I would be interested also Sent from my Windows 10 phone From: Gil Kirkpatrick Sent: Wednesday, April 6, 2016 4:16 AM To: 'Nat Sakimura'; 'Hardt, Dick'; 'Phil Hunt (IDM)' Cc: scim@ietf.org; oauth@ietf.org Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment That=92s an issue we=92re facing as well. Definitely interested. -gil From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Nat Sakimura Sent: Wednesday, April 6, 2016 4:57 PM To: 'Hardt, Dick' >; 'Phil Hunt (ID= M)' > Cc: scim@ietf.org; oauth@ietf.org Subject: Re: [OAUTH-WG] [scim] Simple Federation Deployment +1 for removing the manual cut-n-pastes! Nat -- PLEASE READ :This e-mail is confidential and intended for the named recipient only. If you are not an intended recipient, please notify the sender and delete this e-mail. From: scim [mailto:scim-bounces@ietf.org] On Behalf Of Hardt, Dick Sent: Wednesday, April 6, 2016 7:26 AM To: Phil Hunt (IDM) > Cc: scim@ietf.org; oauth@ietf.org Subject: Re: [scim] Simple Federation Deployment I=92m talking about removing manual steps in what happens today where confi= guring a SaaS app at an IdP (such as Google, Azure, Ping, Octa) requires is= a bunch of cutting and pasting of access tokens / keys / certs and doing a= bunch of config that is error prone and unique for each relationship. Don=92t want to solve on the thread =85 looking to see if there is interest= ! On 4/5/16, 7:11 PM, someone claiming to be "scim on behalf of Phil Hunt (ID= M)" on behalf of phil.= hunt@oracle.com> wrote: Is the idp the center of all things for these users? Usually you have a provisioning system that coordinates state and uses thin= gs like scim connectors to do this. Another approach from today would be to pass a scim event to the remote pro= vider which then decides what needs to be done to facilitate the thingd you= describe. Iow. Either the idp (sender) or the sp (receiver) have a provisioning syste= m to do this. The solution and the simplicity depends on where the control needs to be. Phil On Apr 5, 2016, at 18:59, Hardt, Dick > wrote: Use case: An admin for an organization would like to enable her users to ac= cess a SaaS application at her IdP. User experience: 1. Admin authenticates to IdP in browser 2. Admin selects SaaS app to federate with from list at IdP 3. IdP optionally presents config options 4. IdP redirects Admin to SaaS app 5. Admin authenticates to SaaS app 6. SaaS app optionally gathers config options 7. SaaS app redirects admin to IdP 8. IdP confirms successful federation =3D> OIDC / SAML and SCIM are now = configured and working between IdP and SaaS App Who else is interested in solving this? Is there interest in working on this in either SCIM or OAUTH Wgs? Any one in BA interested in meeting on this topic this week? =97 Dick _______________________________________________ scim mailing list scim@ietf.org https://www.ietf.org/mailman/listinfo/scim _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth --_000_C75E2AC872B34D46A78EBEBA27400EF3amazoncom_ Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable
I'm writing an ID to submit in the OAuth WG

-- Dick

On Apr 7, 2016, at 8:16 PM, Justin Richer <jricher@mit.edu> wrote:

+1, this seems a better fit for openid.

 =97 Justin

On Apr 6, 2016, at 9:05 AM, Brian Campbell <bcampbell@pingidentity.com= > wrote:

OpenID ... ?

On Wed, Apr 6, 2016 at 9:59 AM, Anthony Nadalin = <t= onynad@microsoft.com> wrote:

Good question, since SCIM does not really provide an= authorization model and Oauth does not do provisioning this is sort of cau= ght in the middle, so if I had to pick I would pick Oauth as this is a gene= ric server to server issue

 

From: Hardt, Dick [mailto:dick@amazon.com]
Sent: Wednesday, April 6, 2016 5:52 AM
To: Anthony Nadalin <tonynad@microsoft.com>
Cc: Gil Kirkpatrick <gil.kirkpatrick@viewds.com>= ;; Nat Sakimura <n-sakimura@nri.co.jp>; Phil Hunt (IDM) <p= hil.hunt@oracle.com>; scim@ietf.org= ; oauth@ietf.org
Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployme= nt

 

Sounds like there is interest.

 

SCIM or OAUTH?

-- Dick


On Apr 6, 2016, at 8:57 AM, Anthony Nadalin <tonynad@microsoft.com> wr= ote:

I would be interested also

 

Sent from my Windows 10 phone

 

From: Gil Kirkpatrick
Sent: Wednesday, April 6, 2016 4:16 AM
To: 'Nat Sakimura'; 'Hardt, Dic= k'; 'Phil Hunt (IDM)'
Cc: scim@ietf.org; oauth@ietf.o= rg
Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployme= nt

 

That=92s an= issue we=92re facing as well. Definitely interested.<= /u>

 

-gil=

 

From: OAuth [mailto:oauth-bounces@ietf= .org] On Behalf Of Nat Sakimura
Sent: Wednesday, April 6, 2016 4:57 PM
To: 'Hardt, Dick' <dick@amazon.com>; 'Phil Hunt (IDM)' <= ;phil.= hunt@oracle.com>
Cc: scim@ietf.org; oauth@ietf.o= rg
Subject: Re: [OAUTH-WG] [scim] Simple Federation Deployme= nt

 

+1 for removing the manu= al cut-n-pastes!

 <= /u>

Nat=

 <= /u>

--

PLEASE READ :This e-mail is confide= ntial and intended for the

named recipient only. If you are no= t an intended recipient,

please notify the sender  and = delete this e-mail.

 <= /u>

From: scim [mailto:scim-bounces@ietf.or= g] On Behalf Of Hardt, Dick
Sent: Wednesday, April 6, 2016 7:26 AM
To: Phil Hunt (IDM) <phil.hunt@oracle.com>
Cc: scim@ietf.org; oauth@ietf.o= rg
Subject: Re: [scim] Simple Federation Deployment

 

I=92m = talking about removing manual steps in what happens today where configuring= a SaaS app at an IdP (such as Google, Azure, Ping, Octa) requires is a bun= ch of cutting and pasting of access tokens / keys / certs and doing a bunch of  config that is error prone and u= nique for each relationship.

 =

Don=92= t want to solve on the thread =85 looking to see if there is interest!

 =

On 4/5= /16, 7:11 PM, someone claiming to be "scim on behalf of Phil Hunt (IDM= )" <scim-bounces@ietf.org on behalf of phil.h= unt@oracle.com> wrote:

 =

Is the= idp the center of all things for these users?

 =

Usuall= y you have a provisioning system that coordinates state and uses things lik= e scim connectors to do this. <= /u>

 =

Anothe= r approach from today would be to pass a scim event to the remote provider = which then decides what needs to be done to facilitate the thingd you descr= ibe. 

 =

Iow. E= ither the idp (sender) or the sp (receiver) have a provisioning system to d= o this. 

 =

The so= lution and the simplicity depends on where the control needs to be. 
Phil


On Apr 5, 2016, at 18:59, Hardt, Dick <dick@amazon.com> wrote:

Use ca= se: An admin for an organization would like to enable her users to access a= SaaS application at her IdP. <= /u>

 =

User e= xperience: 

  1. Admin authenticates to IdP in browser
  2. Admin selects SaaS app to federate with from list at Id= P
  3. IdP optionally present= s config options
  4. IdP r= edirects Admin to SaaS app
    5. <= li class=3D"MsoNormal" style=3D"">Admin authenticates to SaaS app
  5. SaaS app optionally gathers config options<= /u>
  6. SaaS app redirects admin to IdP
  7. IdP confirms successful federation = =3D> OIDC / SAML and SCIM are now configured and working between IdP and= SaaS App

Who el= se is interested in solving this?

 =

Is the= re interest in working on this in either SCIM or OAUTH Wgs?

 =

Any on= e in BA interested in meeting on this topic this week?=

 =

=97 Di= ck

______= _________________________________________
scim mailing list
scim@ietf.org=
https://www.ietf.org/mailman/listinfo/scim=


_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.or= g/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.i= etf.org/mailman/listinfo/oauth
--_000_C75E2AC872B34D46A78EBEBA27400EF3amazoncom_-- From nobody Fri Apr 8 13:32:38 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F51812D722; Wed, 6 Apr 2016 16:18:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9CccI8X5q-Da; Wed, 6 Apr 2016 16:18:01 -0700 (PDT) Received: from mail-pf0-x229.google.com (mail-pf0-x229.google.com [IPv6:2607:f8b0:400e:c00::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7A8212D71A; Wed, 6 Apr 2016 16:18:01 -0700 (PDT) Received: by mail-pf0-x229.google.com with SMTP id n1so42714067pfn.2; Wed, 06 Apr 2016 16:18:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=9mMm/knuzWl1aHW8qRBsl/5V8Ku248iEjj9rm/maTnM=; b=0jxvXXGz0xuV7fTV65ZKBI+4JvRiqd0abhJzskDmnGopkbC49Lua75aQVEjcVcJMhO 5LPYMKYFVHiSNueOJsmo2bTFounc1jsH442sUv8DFFOx+sioyaam40TEjEMD7Tx24eq8 C6hRjC0Re1FLdHf5uP+5N6ytLV2DjQZgYbw1lODi3+EVDiIGQG9Q6aQ5AcHS9UUfdqFK siBdGuGJkEqpDWfpYftCBodUdk/UKMu1p+3prvtySBKcPIFWflcmLHkzqwevuMSi4FcV iL7lsiGdJcfqKzMR/I1djJPuOPX5EzLyWu+6toNlAmiqI2pgjmjBVEyDOGFBfRZx3DyU IkWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=9mMm/knuzWl1aHW8qRBsl/5V8Ku248iEjj9rm/maTnM=; b=JQWZXIrRz+o8XNM+GYniqpucosWsVQ/RQciuojWLN7gedxvuaCjm2hzbg8xqy6XbAj ftbr9HLwoqdQry+PSLQwhKUdIkxkQAH+xaMWfogLesmT73f8ab2QnprbDl9DvTBNTeug 4P/J+yw4HZAbwFzGAXW3Wydn9DwMjwOdu+so6tc8xzIjp+HEUD39BfwEBQhvWLTKXhBt ytuUbhfTI/+5ZfLBcjrDgAx3Xack/R/K917/e6AT2AMZuBVhdoe08Jzb0ae24aCjWwhp HTRCYS8vON9+TEAQkvntvrLF8U8NslH9VPSiWoYqjXZoKx+x2m4YhLGqI2yHQnYO7A5r UMUQ== X-Gm-Message-State: AD7BkJJ0NfCh4qMO0itVuKoZdRV4fQeHT3zo/5gZRgHCWpKnDQq5Rm16Q7CqaekD6ZYxXQ== X-Received: by 10.98.10.20 with SMTP id s20mr74466572pfi.109.1459984681409; Wed, 06 Apr 2016 16:18:01 -0700 (PDT) Received: from [172.16.80.127] (122x210x153x65.ap122.ftth.ucom.ne.jp. [122.210.153.65]) by smtp.gmail.com with ESMTPSA id 79sm7266084pfq.65.2016.04.06.16.18.00 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 06 Apr 2016 16:18:00 -0700 (PDT) Content-Type: multipart/alternative; boundary=Apple-Mail-A6B4F314-793C-4656-8371-87DB6865591F Mime-Version: 1.0 (1.0) From: Nov Matake X-Mailer: iPhone Mail (13E238) In-Reply-To: Date: Thu, 7 Apr 2016 08:17:58 +0900 Content-Transfer-Encoding: 7bit Message-Id: <63C77E0A-1FE3-4AD6-A03C-4E045C5DC607@gmail.com> References: <086477E4-5F4E-4C52-AC91-E26824A9FA7A@oracle.com> <78D87E6B-DBFE-46D9-B7FA-15201924DA12@amazon.com> To: Mike Jones Archived-At: X-Mailman-Approved-At: Fri, 08 Apr 2016 13:32:36 -0700 Cc: "scim@ietf.org" , "Hardt, Dick" , "oauth@ietf.org" , "Phil Hunt \(IDM\)" Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2016 23:18:04 -0000 --Apple-Mail-A6B4F314-793C-4656-8371-87DB6865591F Content-Type: text/plain; charset=cp932 Content-Transfer-Encoding: quoted-printable I'm interested in too. nov > On Apr 7, 2016, at 07:14, Mike Jones wrote: >=20 > For the record, I=81fm interested. > =20 > From: scim [mailto:scim-bounces@ietf.org] On Behalf Of Hardt, Dick > Sent: Tuesday, April 5, 2016 7:26 PM > To: Phil Hunt (IDM) > Cc: scim@ietf.org; oauth@ietf.org > Subject: Re: [scim] Simple Federation Deployment > =20 > I=81fm talking about removing manual steps in what happens today where con= figuring a SaaS app at an IdP (such as Google, Azure, Ping, Octa) requires i= s a bunch of cutting and pasting of access tokens / keys / certs and doing a= bunch of config that is error prone and unique for each relationship. > =20 > Don=81ft want to solve on the thread =81c looking to see if there is inter= est! > =20 > On 4/5/16, 7:11 PM, someone claiming to be "scim on behalf of Phil Hunt (I= DM)" wrote: > =20 > Is the idp the center of all things for these users? > =20 > Usually you have a provisioning system that coordinates state and uses thi= ngs like scim connectors to do this.=20 > =20 > Another approach from today would be to pass a scim event to the remote pr= ovider which then decides what needs to be done to facilitate the thingd you= describe.=20 > =20 > Iow. Either the idp (sender) or the sp (receiver) have a provisioning syst= em to do this.=20 > =20 > The solution and the simplicity depends on where the control needs to be.=20= >=20 > Phil >=20 > On Apr 5, 2016, at 18:59, Hardt, Dick wrote: >=20 > Use case: An admin for an organization would like to enable her users to a= ccess a SaaS application at her IdP.=20 > =20 > User experience:=20 > Admin authenticates to IdP in browser > Admin selects SaaS app to federate with from list at IdP > IdP optionally presents config options > IdP redirects Admin to SaaS app > Admin authenticates to SaaS app > SaaS app optionally gathers config options > SaaS app redirects admin to IdP > IdP confirms successful federation =3D> OIDC / SAML and SCIM are now confi= gured and working between IdP and SaaS App > Who else is interested in solving this? > =20 > Is there interest in working on this in either SCIM or OAUTH Wgs? > =20 > Any one in BA interested in meeting on this topic this week? > =20 > =81\ Dick > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth --Apple-Mail-A6B4F314-793C-4656-8371-87DB6865591F Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
I'm interested in too.

nov

On Apr 7, 2016, at 07:14, Mike Jones <Michael.Jones@microsoft.com> wrote:

For the record, I=E2=80=99m interested.=

 =

From: scim [mailto:scim-bounces@ietf.org] On Behalf Of Hardt, Dick
Sent: Tuesday, April 5, 2016 7:26 PM
To: Phil Hunt (IDM) <phil.= hunt@oracle.com>
Cc: scim@ietf.org; oauth@ietf.org
Subject: Re: [scim] Simple Federation Deployment

 

I=E2=80=99m talking about removing manual= steps in what happens today where configuring a SaaS app at an IdP (such as= Google, Azure, Ping, Octa) requires is a bunch of cutting and pasting of access tokens / keys / certs and doing a bunch of &n= bsp;config that is error prone and unique for each relationship.<= /span>

 

Don=E2=80=99t want to solve on the thread= =E2=80=A6 looking to see if there is interest!

 

On 4/5/16, 7:11 PM, someone claiming to b= e "scim on behalf of Phil Hunt (IDM)" <scim-bounces@ietf.org on behalf of phil.hunt@oracle.com> wrote:<= o:p>

 

Is the idp the center of all things for t= hese users?

 

Usually you have a provisioning system th= at coordinates state and uses things like scim connectors to do this. <= o:p>

 

Another approach from today would be to p= ass a scim event to the remote provider which then decides what needs to be d= one to facilitate the thingd you describe. 

 

Iow. Either the idp (sender) or the sp (r= eceiver) have a provisioning system to do this. 

 

The solution and the simplicity depends o= n where the control needs to be. 

Phil


On Apr 5, 2016, at 18:59, Hardt, Dick <dick@amazon.com> wrote:

Use case: An admin for an organization wo= uld like to enable her users to access a SaaS application at her IdP. <= o:p>

 

User experience: <= /p>

  1. = Admin authenticates to IdP in browser
  2. = Admin selects SaaS app to federate with from list at IdP
  3. = IdP optionally presents config options
  4. = IdP redirects Admin to SaaS app
  5. = Admin authenticates to SaaS app
  6. = SaaS app optionally gathers config options
  7. = SaaS app redirects admin to IdP
  8. = IdP confirms successful federation =3D> OIDC / SAML and SCIM are now conf= igured and working between IdP and SaaS App

Who else is interested in solving this?

 

Is there interest in working on this in e= ither SCIM or OAUTH Wgs?

 

Any one in BA interested in meeting on th= is topic this week?

 

=E2=80=94 Dick

_________________________________________= ______
scim mailing list
scim@ietf.org
https://www.ietf.org/= mailman/listinfo/scim

____________________= ___________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mai= lman/listinfo/oauth
= --Apple-Mail-A6B4F314-793C-4656-8371-87DB6865591F-- From nobody Fri Apr 8 13:32:40 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E90A312D17B; Thu, 7 Apr 2016 00:59:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UEUL095qein3; Thu, 7 Apr 2016 00:59:39 -0700 (PDT) Received: from smtpauth.rollernet.us (smtpauth.rollernet.us [IPv6:2607:fe70:0:3::d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53C9812D11E; Thu, 7 Apr 2016 00:59:39 -0700 (PDT) Received: from smtpauth.rollernet.us (localhost [127.0.0.1]) by smtpauth.rollernet.us (Postfix) with ESMTP id DC21B2800C38; Thu, 7 Apr 2016 00:59:31 -0700 (PDT) Received: from lingon.ladok.umu.se (lingon.ladok.umu.se [130.239.200.165]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtpauth.rollernet.us (Postfix) with ESMTPSA; Thu, 7 Apr 2016 00:59:31 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) From: Roland Hedberg In-Reply-To: <63C77E0A-1FE3-4AD6-A03C-4E045C5DC607@gmail.com> Date: Thu, 7 Apr 2016 09:59:28 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: References: <086477E4-5F4E-4C52-AC91-E26824A9FA7A@oracle.com> <78D87E6B-DBFE-46D9-B7FA-15201924DA12@amazon.com> <63C77E0A-1FE3-4AD6-A03C-4E045C5DC607@gmail.com> To: Nov Matake X-Mailer: Apple Mail (2.3124) X-Rollernet-Abuse: Processed by Roller Network Mail Services. Contact abuse@rollernet.us to report violations. Abuse policy: http://www.rollernet.us/policy X-Rollernet-Submit: Submit ID 478d.57061363.94ed2.0 Archived-At: X-Mailman-Approved-At: Fri, 08 Apr 2016 13:32:36 -0700 Cc: "scim@ietf.org" , Mike Jones , "oauth@ietf.org" Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2016 07:59:42 -0000 Count me in ! > 7 apr. 2016 kl. 01:17 skrev Nov Matake : >=20 > I'm interested in too. >=20 > nov >=20 > On Apr 7, 2016, at 07:14, Mike Jones = wrote: >=20 >> For the record, I=E2=80=99m interested. >> =20 >> From: scim [mailto:scim-bounces@ietf.org] On Behalf Of Hardt, Dick >> Sent: Tuesday, April 5, 2016 7:26 PM >> To: Phil Hunt (IDM) >> Cc: scim@ietf.org; oauth@ietf.org >> Subject: Re: [scim] Simple Federation Deployment >> =20 >> I=E2=80=99m talking about removing manual steps in what happens today = where configuring a SaaS app at an IdP (such as Google, Azure, Ping, = Octa) requires is a bunch of cutting and pasting of access tokens / keys = / certs and doing a bunch of config that is error prone and unique for = each relationship. >> =20 >> Don=E2=80=99t want to solve on the thread =E2=80=A6 looking to see if = there is interest! >> =20 >> On 4/5/16, 7:11 PM, someone claiming to be "scim on behalf of Phil = Hunt (IDM)" = wrote: >> =20 >> Is the idp the center of all things for these users? >> =20 >> Usually you have a provisioning system that coordinates state and = uses things like scim connectors to do this.=20 >> =20 >> Another approach from today would be to pass a scim event to the = remote provider which then decides what needs to be done to facilitate = the thingd you describe.=20 >> =20 >> Iow. Either the idp (sender) or the sp (receiver) have a provisioning = system to do this.=20 >> =20 >> The solution and the simplicity depends on where the control needs to = be.=20 >>=20 >> Phil >>=20 >> On Apr 5, 2016, at 18:59, Hardt, Dick wrote: >>=20 >> Use case: An admin for an organization would like to enable her users = to access a SaaS application at her IdP.=20 >> =20 >> User experience:=20 >> =E2=80=A2 Admin authenticates to IdP in browser >> =E2=80=A2 Admin selects SaaS app to federate with from list at = IdP >> =E2=80=A2 IdP optionally presents config options >> =E2=80=A2 IdP redirects Admin to SaaS app >> =E2=80=A2 Admin authenticates to SaaS app >> =E2=80=A2 SaaS app optionally gathers config options >> =E2=80=A2 SaaS app redirects admin to IdP >> =E2=80=A2 IdP confirms successful federation =3D> OIDC / SAML = and SCIM are now configured and working between IdP and SaaS App >> Who else is interested in solving this? >> =20 >> Is there interest in working on this in either SCIM or OAUTH Wgs? >> =20 >> Any one in BA interested in meeting on this topic this week? >> =20 >> =E2=80=94 Dick >> _______________________________________________ >> scim mailing list >> scim@ietf.org >> https://www.ietf.org/mailman/listinfo/scim >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth -- Roland "Education is the path from cocky ignorance to miserable uncertainty.=E2=80= =9D - Mark Twain From nobody Fri Apr 8 13:32:43 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B017E12D546; Thu, 7 Apr 2016 16:15:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.241 X-Spam-Level: X-Spam-Status: No, score=-2.241 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H-PdnNk0W8nk; Thu, 7 Apr 2016 16:15:52 -0700 (PDT) Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E43312D1ED; Thu, 7 Apr 2016 16:15:51 -0700 (PDT) X-AuditID: 1209190e-823ff700000035f6-da-5706ea264e1a Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id D8.EA.13814.62AE6075; Thu, 7 Apr 2016 19:15:50 -0400 (EDT) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id u37NFnBD030330; Thu, 7 Apr 2016 19:15:50 -0400 Received: from [10.40.6.58] ([63.88.116.178]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id u37NFjTt020940 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 7 Apr 2016 19:15:46 -0400 Content-Type: multipart/alternative; boundary="Apple-Mail=_1545E06C-937A-43D7-B52F-A0FCC49D4C76" Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\)) From: Justin Richer In-Reply-To: Date: Thu, 7 Apr 2016 19:15:44 -0400 Message-Id: References: To: Brian Campbell X-Mailer: Apple Mail (2.3112) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprOKsWRmVeSWpSXmKPExsUixG6noqv2ii3c4Nc6RYvV/28yWpx8+4rN YtHpjcwWm+ZuY3Rg8Viy5CeTR+uOv+wed49eZAlgjuKySUnNySxLLdK3S+DKWHX1JGvBolOM FTtnLmdvYDyxibGLkZNDQsBE4vPBz6xdjFwcQgJtTBLTTq1khnA2MErsmnGWCcJZySTRsWM7 M0gLs0CCROP3P2wgNq+AnsSJVbtZQWxhAR+JOzfbwWw2AVWJ6WtamEBsToFAiacfprGD2CwC KhL7505ihZhTJfHm8n2oOVYSi/evZoRYtpRRYun/H2ANIgL6ErefzmGHuFVWYt+GBWwTGPln IbljFpI7IOLaEssWvmaGsDUl9ncvZ8EU15Do/DaRdQEj2ypG2ZTcKt3cxMyc4tRk3eLkxLy8 1CJdY73czBK91JTSTYyg8OeU5NvBOKnB+xCjAAejEg+vRSdruBBrYllxZe4hRkkOJiVRXpmd bOFCfEn5KZUZicUZ8UWlOanFhxglOJiVRHhbXgDleFMSK6tSi/JhUtIcLErivIwMDAxCAumJ JanZqakFqUUwWRkODiUJXuOXQI2CRanpqRVpmTklCGkmDk6Q4TxAw1VAaniLCxJzizPTIfKn GBWlxHk3gWwVAElklObB9YLSk31EyaZXjOJArwjz1oK08wBTG1z3K6DBTECDL/CDDS5JREhJ NTAmTuPmaHneIHTBzEh1q7Mt68SGdDb7gLYHE3KVD5+Ieb6iQJSBby+PFFfcN/7aGJbAoLPL goRfq7x99H1marF8aY3dv/0zY1X7pk5g3LXz03q1PZNO3Pm2R/3Nh1Ml6anHT4eFNU0u6j3p 63+81Ly8M25/4xkbqaKn4la6d5yr1JWMFkksjFNiKc5INNRiLipOBABF1F3VKgMAAA== Archived-At: X-Mailman-Approved-At: Fri, 08 Apr 2016 13:32:36 -0700 Cc: Anthony Nadalin , "" , "scim@ietf.org" Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment server to server X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2016 23:15:54 -0000 --Apple-Mail=_1545E06C-937A-43D7-B52F-A0FCC49D4C76 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 +1, this seems a better fit for openid. =E2=80=94 Justin > On Apr 6, 2016, at 9:05 AM, Brian Campbell = wrote: >=20 > OpenID ... ?=20 >=20 > On Wed, Apr 6, 2016 at 9:59 AM, Anthony Nadalin > wrote: > Good question, since SCIM does not really provide an authorization = model and Oauth does not do provisioning this is sort of caught in the = middle, so if I had to pick I would pick Oauth as this is a generic = server to server issue >=20 > =C2=A0 <> > From: Hardt, Dick [mailto:dick@amazon.com ]=20 > Sent: Wednesday, April 6, 2016 5:52 AM > To: Anthony Nadalin > > Cc: Gil Kirkpatrick >; Nat Sakimura >; Phil Hunt (IDM) >; scim@ietf.org ; = oauth@ietf.org > Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment >=20 > =20 >=20 > Sounds like there is interest. >=20 > =20 >=20 > SCIM or OAUTH? >=20 > -- Dick >=20 >=20 > On Apr 6, 2016, at 8:57 AM, Anthony Nadalin > wrote: >=20 > I would be interested also >=20 > =20 >=20 > Sent from my Windows 10 phone >=20 > =20 >=20 > From: Gil Kirkpatrick > Sent: Wednesday, April 6, 2016 4:16 AM > To: 'Nat Sakimura' ; 'Hardt, Dick' = ; 'Phil Hunt (IDM)' = > Cc: scim@ietf.org ; oauth@ietf.org = > Subject: Re: [scim] [OAUTH-WG] Simple Federation Deployment >=20 > =20 >=20 > That=E2=80=99s an issue we=E2=80=99re facing as well. Definitely = interested. >=20 > =20 >=20 > -gil >=20 > =20 >=20 > From: OAuth [mailto:oauth-bounces@ietf.org = ] On Behalf Of Nat Sakimura > Sent: Wednesday, April 6, 2016 4:57 PM > To: 'Hardt, Dick' >; 'Phil = Hunt (IDM)' > > Cc: scim@ietf.org ; oauth@ietf.org = > Subject: Re: [OAUTH-WG] [scim] Simple Federation Deployment >=20 > =20 >=20 > +1 for removing the manual cut-n-pastes! >=20 > =20 >=20 > Nat >=20 > =20 >=20 > -- >=20 > PLEASE READ :This e-mail is confidential and intended for the >=20 > named recipient only. If you are not an intended recipient, >=20 > please notify the sender and delete this e-mail. >=20 > =20 >=20 > From: scim [mailto:scim-bounces@ietf.org = ] On Behalf Of Hardt, Dick > Sent: Wednesday, April 6, 2016 7:26 AM > To: Phil Hunt (IDM) > > Cc: scim@ietf.org ; oauth@ietf.org = > Subject: Re: [scim] Simple Federation Deployment >=20 > =20 >=20 > I=E2=80=99m talking about removing manual steps in what happens today = where configuring a SaaS app at an IdP (such as Google, Azure, Ping, = Octa) requires is a bunch of cutting and pasting of access tokens / keys = / certs and doing a bunch of config that is error prone and unique for = each relationship. >=20 > =20 >=20 > Don=E2=80=99t want to solve on the thread =E2=80=A6 looking to see if = there is interest! >=20 > =20 >=20 > On 4/5/16, 7:11 PM, someone claiming to be "scim on behalf of Phil = Hunt (IDM)" on = behalf of phil.hunt@oracle.com > wrote: >=20 > =20 >=20 > Is the idp the center of all things for these users? >=20 > =20 >=20 > Usually you have a provisioning system that coordinates state and uses = things like scim connectors to do this.=20 >=20 > =20 >=20 > Another approach from today would be to pass a scim event to the = remote provider which then decides what needs to be done to facilitate = the thingd you describe.=20 >=20 > =20 >=20 > Iow. Either the idp (sender) or the sp (receiver) have a provisioning = system to do this.=20 >=20 > =20 >=20 > The solution and the simplicity depends on where the control needs to = be.=20 >=20 > Phil >=20 >=20 > On Apr 5, 2016, at 18:59, Hardt, Dick > wrote: >=20 > Use case: An admin for an organization would like to enable her users = to access a SaaS application at her IdP.=20 >=20 > =20 >=20 > User experience:=20 >=20 > Admin authenticates to IdP in browser > Admin selects SaaS app to federate with from list at IdP > IdP optionally presents config options > IdP redirects Admin to SaaS app > Admin authenticates to SaaS app > SaaS app optionally gathers config options > SaaS app redirects admin to IdP > IdP confirms successful federation =3D> OIDC / SAML and SCIM are now = configured and working between IdP and SaaS App > Who else is interested in solving this? >=20 > =20 >=20 > Is there interest in working on this in either SCIM or OAUTH Wgs? >=20 > =20 >=20 > Any one in BA interested in meeting on this topic this week? >=20 > =20 >=20 > =E2=80=94 Dick >=20 > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim = > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth = >=20 >=20 > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth --Apple-Mail=_1545E06C-937A-43D7-B52F-A0FCC49D4C76 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 +1, this seems a better fit for openid.

 =E2=80=94 Justin

On Apr 6, 2016, at 9:05 AM, Brian Campbell <bcampbell@pingidentity.com> wrote:

OpenID ... ?

On Wed, Apr 6, 2016 at 9:59 AM, Anthony Nadalin = <tonynad@microsoft.com> = wrote:

Good question, since SCIM does = not really provide an authorization model and Oauth does not do = provisioning this is sort of caught in the middle, so if I had to pick I = would pick Oauth as this is a generic server to server issue

 

From: = Hardt, Dick [mailto:dick@amazon.com]
Sent: Wednesday, April 6, 2016 5:52 AM
To: Anthony Nadalin <tonynad@microsoft.com>
Cc: Gil Kirkpatrick <gil.kirkpatrick@viewds.com>; Nat Sakimura <n-sakimura@nri.co.jp>; Phil Hunt (IDM) <phil.hunt@oracle.com>; scim@ietf.org; oauth@ietf.org
Subject: Re: [scim] [OAUTH-WG] Simple Federation = Deployment

 

Sounds like there is = interest.

 

SCIM or OAUTH?

-- Dick


On Apr 6, 2016, at 8:57 AM, Anthony Nadalin <tonynad@microsoft.com> wrote:

I would be interested also

 

Sent from my = Windows 10 phone

 

From: = Gil Kirkpatrick
Sent: Wednesday, April 6, 2016 4:16 AM
To: 'Nat Sakimura'; 'Hardt, Dick'; 'Phil Hunt (IDM)'
Cc: scim@ietf.org; oauth@ietf.org
Subject: Re: [scim] [OAUTH-WG] Simple Federation = Deployment

 

That=E2=80=99s an issue we=E2=80=99re facing as well. = Definitely interested.

 

-gil

 

From: = OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Nat Sakimura
Sent: Wednesday, April 6, 2016 4:57 PM
To: 'Hardt, Dick' <dick@amazon.com>; 'Phil Hunt (IDM)' = <phil.hunt@oracle.com>
Cc: scim@ietf.org; oauth@ietf.org
Subject: Re: [OAUTH-WG] [scim] Simple Federation = Deployment

 

+1 for removing the manual cut-n-pastes!

 

Nat

 

--

PLEASE READ :This e-mail is = confidential and intended for the

named recipient only. If you are = not an intended recipient,

please notify the sender  = and delete this e-mail.

 

From: = scim [mailto:scim-bounces@ietf.org] On Behalf Of Hardt, Dick
Sent: Wednesday, April 6, 2016 7:26 AM
To: Phil Hunt (IDM) <phil.hunt@oracle.com>
Cc: scim@ietf.org; oauth@ietf.org
Subject: Re: [scim] Simple Federation Deployment

 

I=E2=80=99m talking about removing manual steps in = what happens today where configuring a SaaS app at an IdP (such as = Google, Azure, Ping, Octa) requires is a bunch of cutting and pasting of = access tokens / keys / certs and doing a bunch of  config that is error prone = and unique for each relationship.

 

Don=E2=80=99t want to solve on the thread =E2=80=A6 = looking to see if there is interest!

 

On 4/5/16, 7:11 PM, someone claiming to be "scim on = behalf of Phil Hunt (IDM)" <scim-bounces@ietf.org on behalf of phil.hunt@oracle.com> wrote:

 

Is the idp the center of all things for these = users?

 

Usually you have a provisioning system that = coordinates state and uses things like scim connectors to do = this. 

 

Another approach from today would be to pass a scim = event to the remote provider which then decides what needs to be done to = facilitate the thingd you describe. 

 

Iow. Either the idp (sender) or the sp (receiver) = have a provisioning system to do this. 

 

The solution and the simplicity depends on where the = control needs to be. 

Phil


On Apr 5, 2016, at 18:59, Hardt, Dick <dick@amazon.com> wrote:

Use case: An admin for an organization would like to = enable her users to access a SaaS application at her IdP. 

 

User experience: 

  1. Admin authenticates to IdP in browser
  2. Admin selects = SaaS app to federate with from list at IdP
  3. IdP optionally presents config = options
  4. IdP redirects Admin to SaaS app
  5. Admin authenticates to SaaS = app
  6. SaaS app = optionally gathers config options
  7. SaaS app redirects admin to = IdP
  8. IdP confirms = successful federation =3D> OIDC / SAML and SCIM are now configured = and working between IdP and SaaS App

Who else is interested in solving this?

 

Is there interest in working on this in either SCIM = or OAUTH Wgs?

 

Any one in BA interested in meeting on this topic = this week?

 

=E2=80=94 Dick

_______________________________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim


_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


_______________________________________________
OAuth = mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

= --Apple-Mail=_1545E06C-937A-43D7-B52F-A0FCC49D4C76-- From nobody Sun Apr 10 19:18:28 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BD7412DF8F for ; Sun, 10 Apr 2016 19:18:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.696 X-Spam-Level: X-Spam-Status: No, score=-3.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6SEWwZCu3Ym7 for ; Sun, 10 Apr 2016 19:18:26 -0700 (PDT) Received: from mail-vk0-x22a.google.com (mail-vk0-x22a.google.com [IPv6:2607:f8b0:400c:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C038612DF8E for ; Sun, 10 Apr 2016 19:18:25 -0700 (PDT) Received: by mail-vk0-x22a.google.com with SMTP id t129so109158820vkg.2 for ; Sun, 10 Apr 2016 19:18:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=W/nqJhZhk74N2f6Yn5QzFx2r7lHjjfyB40wIqmgMpk4=; b=c/G2+QdObprrrNciwk2n9NoGkO2+ka6mc1+RnLCAQvJj3TA0avHdtrCOMx11x5sKfR buWmwRrxbhoeirr/O+LYAxm1xtNHeSSp/E3DE8bIj3Aph1+cMD314ArBndxJ/4aoJBKh o4mSRprOWfOlCECe76Yhlza3wFScQ/J85mKLVofHTrn7xjRYBxUIjA2WKo6JpeWfJ5Zd VRPKeTm2wORBbjab/0QZCZLlN3pNq3tShWdyl7RW7YWVKCobmIcT8ohNXnWZxEA3dpYe BupKEkxMGkYLD375wS78kNLWQ+vQphmmuDG+MebVBGP7IS7cw05YDDiPEFBNUFIeT+o7 o4Kw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=W/nqJhZhk74N2f6Yn5QzFx2r7lHjjfyB40wIqmgMpk4=; b=Dn+Pc+uInepDQeKW4qhFCgbIaU3Gw9qDAAlUhGGYuVWdcXGR2pKrwe6LGNz7DkaYqk nuyKfbfAyck8QDPLChuPtgzqjDsWm5VvDFD5H0y1jWrICE3X9tbsLpB77Qnr3iF2yS8M DhZGku7aCHUgkr3VtSuSyk/cSJxFIo7pJPZKqQnL+Km0oUXFmWrIMUQ1dcj/ZVgf3P1L 8jFi1lIoLDC/UopxR5Ctz/WJUr9VCBe6skVOeetysoU8HKqxcudGyg8iLTj+Ib6RrGWs /hfkVEfsfh9PtoibTm/ZolD6cYqYxFkYbGiExQ8nms9/yJAYOq+2AykDx1E2Mkujj4iP 4ySA== X-Gm-Message-State: AD7BkJLFtHRs6zxR2j32/PBWMKWM0LGOkiItXW7bGvwOBoSJTDRpHXdj6E5HoOR4rmI4H4ILNvuWBOpbdEx8DaTr X-Received: by 10.159.37.242 with SMTP id 105mr10792956uaf.73.1460341104748; Sun, 10 Apr 2016 19:18:24 -0700 (PDT) MIME-Version: 1.0 Received: by 10.31.137.15 with HTTP; Sun, 10 Apr 2016 19:18:05 -0700 (PDT) From: Shalini Gupta Date: Mon, 11 Apr 2016 07:48:05 +0530 Message-ID: To: scim@ietf.org Content-Type: multipart/alternative; boundary=001a113ac86accef2b05302c286c Archived-At: Subject: [scim] CIS Interop X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Apr 2016 02:18:27 -0000 --001a113ac86accef2b05302c286c Content-Type: text/plain; charset=UTF-8 Hi Folks, Sorry about jumping in a little late into this. I was on a long vacation and came back this week. I would be interested in participating in the CIS interop. Could you please loop me in? Do we have a wiki or something for it? -- Regards, Shalini --001a113ac86accef2b05302c286c Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi Folks,

Sorry about jumping in a litt= le late into this. I was on a long vacation and came back this week.

I would be interested in participating in the C= IS interop.
Could you please loop me in? Do we have a wiki or som= ething for it?=C2=A0

--=C2=A0
R= egards,
Shalini
--001a113ac86accef2b05302c286c-- From nobody Mon Apr 11 09:30:43 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2ED912F137 for ; Mon, 11 Apr 2016 09:30:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=salesforce.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6VzC_m3oCa3Y for ; Mon, 11 Apr 2016 09:30:40 -0700 (PDT) Received: from mail-yw0-x229.google.com (mail-yw0-x229.google.com [IPv6:2607:f8b0:4002:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE83012F126 for ; Mon, 11 Apr 2016 09:30:39 -0700 (PDT) Received: by mail-yw0-x229.google.com with SMTP id o66so124882288ywc.3 for ; Mon, 11 Apr 2016 09:30:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salesforce.com; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=n8yFqHL9MiqwCBdKieIzlag90Xv+wu6J6F5mVpuYl8M=; b=Y3nBbovkDG33MxY6kjYqIJU16hP02KQ812pL2aFWGvilsRmbmP3bAYPbe3waeO458i /KphqfZw+kZPsSLzDJ2QnWQ3Xf4Sb/p4v9uPpqyZ0ayZgkEuChQtN+Y9qz4RYZcN5XaG CDGNIvN0fnx5OEGevYUUTCI+j24xmRWJ1yspo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=n8yFqHL9MiqwCBdKieIzlag90Xv+wu6J6F5mVpuYl8M=; b=dEa5Emjt8uvP/Ap8lZvaSL9MejGxmLSe/lJIBNAqbbRn7PwoaH7M6ohUKUIGogxyTY aMdkf7kCWF+Hr9HpUCpsYt3sMEJPBQ2tHuydk0L+bV+fytqNS202YEny0IEKvX7eRWLC 5g0sFQvlHdyd5DWw6SOubPZT2jUdOlzQ9N3+7UroegZCgvY6C4IFnji4+NEZ4vt9/LMV WDNvZ/EJtsKKQd9tEIEMC7jkBVUNHEDBFKM0RUni1MQtS9DlZgHXT67QXTGjJlSxZkLQ I2L7vQNhUeCjETsCfErBKuNzTjYMRIolSWWklDFrBoY6/F6U93OPyJfrC3dlssBqKX0l xeMA== X-Gm-Message-State: AD7BkJKf6KjLVRClSSjPzamuwFdN1leYwRr35gHCaOEUgypWdEIKoAXML6ktLnFB+3+99BfMZw/PuDXmsOgCqWh4 MIME-Version: 1.0 X-Received: by 10.37.17.136 with SMTP id 130mr11871726ybr.173.1460392239021; Mon, 11 Apr 2016 09:30:39 -0700 (PDT) Received: by 10.37.209.142 with HTTP; Mon, 11 Apr 2016 09:30:38 -0700 (PDT) In-Reply-To: References: Date: Mon, 11 Apr 2016 09:30:38 -0700 Message-ID: From: Matthew Bahrenburg To: Shalini Gupta Content-Type: multipart/alternative; boundary=001a113e640ca41f3d053038109b Archived-At: Cc: scim@ietf.org Subject: Re: [scim] CIS Interop X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Apr 2016 16:30:42 -0000 --001a113e640ca41f3d053038109b Content-Type: text/plain; charset=UTF-8 Hi Shalini, I just shared the document we've been using for collaboration. Later this week we'll be meeting to review and finalize the test plan for the interop, with testing planned for May 1 - May 15. At the CIS session, we'll share the results then focus on evangelizing SCIM and training the attendees. Morteza, are you scheduling the meeting for this week? Thanks, Matt On Sun, Apr 10, 2016 at 7:18 PM, Shalini Gupta wrote: > Hi Folks, > > Sorry about jumping in a little late into this. I was on a long vacation > and came back this week. > > I would be interested in participating in the CIS interop. > Could you please loop me in? Do we have a wiki or something for it? > > -- > Regards, > Shalini > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > > --001a113e640ca41f3d053038109b Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi Shalini,

I just shared the document = we've been using for collaboration. Later this week we'll be meetin= g to review and finalize the test plan for the interop, with testing planne= d for May 1 - May 15.

At the CIS session, we'l= l share the results then focus on=C2=A0evangelizing SCIM and training the a= ttendees.

Morteza= , are you scheduling the meeting for this week?

Thanks,
Matt

<= div class=3D"gmail_quote">On Sun, Apr 10, 2016 at 7:18 PM, Shalini Gupta <shalinigupta@google.com> wrote:
Hi Folks,

Sorry about jumpin= g in a little late into this. I was on a long vacation and came back this w= eek.

I would be interested in participati= ng in the CIS interop.
Could you please loop me in? Do we have a = wiki or something for it?=C2=A0

--=C2=A0
Regards,
Shali= ni

_______________________________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim


--001a113e640ca41f3d053038109b-- From nobody Mon Apr 11 15:13:31 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6E7612F533 for ; Mon, 11 Apr 2016 15:13:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.786 X-Spam-Level: X-Spam-Status: No, score=-2.786 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RP_MATCHES_RCVD=-0.996, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=gluu.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i7099AlObpAr for ; Mon, 11 Apr 2016 15:13:28 -0700 (PDT) Received: from webmail.gluu.org (webmail.gluu.org [104.130.217.77]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03D2812F530 for ; Mon, 11 Apr 2016 15:13:27 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by webmail.gluu.org (Postfix) with ESMTP id 09945B40D4 for ; Mon, 11 Apr 2016 22:12:28 +0000 (UTC) Authentication-Results: webmail.gluu.org (amavisd-new); dkim=pass reason="pass (just generated, assumed good)" header.d=gluu.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gluu.org; h= user-agent:message-id:references:in-reply-to:organization :subject:subject:to:from:from:date:date :content-transfer-encoding:content-type:content-type :mime-version; s=dkim; t=1460412747; x=1461276748; bh=PyMO2tINLm 1DmJsBgUIrpImmIyAdOshXNpNal8uvado=; b=EXHGk2sL+u4P35FtYv7k19VjBq bvYdUBU+JVsnIEinm2aUZ0AvtPfobwQxPMTy1v1Js6a2x3Jn2Yk7/W3UMCNmL9ZE PpAM38L7+yAax0Xq3t7R5B5SnLQ8b+ToOdZBOeRjQ1MqQ1jGxkcuNRLJuqR2NC4q 54DIdH0Amvwo0qxnM= Received: from webmail.gluu.org ([127.0.0.1]) by localhost (webmail.gluu.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id amnDxK6WJ_4m for ; Mon, 11 Apr 2016 22:12:27 +0000 (UTC) Received: from webmail.gluu.org (localhost [127.0.0.1]) by webmail.gluu.org (Postfix) with ESMTPSA id C4CF9B40D3 for ; Mon, 11 Apr 2016 22:12:27 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Mon, 11 Apr 2016 17:12:27 -0500 From: Mike Schwartz To: scim@ietf.org Organization: Gluu In-Reply-To: References: Message-ID: <5a37d8b8c1ac816a142417581eab00da@gluu.org> X-Sender: mike@gluu.org User-Agent: Roundcube Webmail Archived-At: Subject: [scim] Gluu SCIM 2 Tests X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Apr 2016 22:13:30 -0000 SCIM interop geeks: Per our conversation at last week's interop planning call, the links to our initial test suite is here: https://github.com/GluuFederation/SCIM-Client/tree/master/src/test/java/gluu/scim2/client - Mike ------------------------------------- Michael Schwartz Gluu Founder / CEO mike@gluu.org From nobody Tue Apr 12 19:33:58 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69E4012D8FC for ; Tue, 12 Apr 2016 19:33:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.696 X-Spam-Level: X-Spam-Status: No, score=-3.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4FM2V_ZVpa6G for ; Tue, 12 Apr 2016 19:33:55 -0700 (PDT) Received: from mail-vk0-x233.google.com (mail-vk0-x233.google.com [IPv6:2607:f8b0:400c:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6A9312D528 for ; Tue, 12 Apr 2016 19:33:54 -0700 (PDT) Received: by mail-vk0-x233.google.com with SMTP id c4so51215320vkb.3 for ; Tue, 12 Apr 2016 19:33:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=zsaLymcPPSg1+nqrTG2IEdkgfkLm3FNekiyfmI4s6SI=; b=USjPeImroQEadXW3nzThDeSFSdE7OtBXYdUgNkJa7/ToJOCd5YLOxbTuScabWgZbhm sDJ4gyJ4ztGxcoKKOSi9qvHvJLfxSYoriT4UHdvZgU1DtNOA0fGQgVQ4AeidGNZlXb+a BHP6lNvLA1JhVkPtrZZKGH2KESBliU6U/1nzjhcwuyl3lUAdduNiamg9pQLV+D8oRc6z tfBhipEEYYn/LwYZv9omQJ7COgxRe16gD1MrM6Hjg/lotxkzWAqL0AWXJ1/XVxhz3ZuH A2DM8xfDrydB9GNBnVSR0ypSAH2j6Y3SZdxe+iQ+754k9EGN5kTAEQPF8SZiOYuckhOx 0ayw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=zsaLymcPPSg1+nqrTG2IEdkgfkLm3FNekiyfmI4s6SI=; b=F71m/ssPKemAcdaaM+4T3TgQfcpOpaX0WhfjLOOL3LYSi6fRlB7RTgnLeOZDnhLQSx 2CngVqkx1jJoGPFdATPbb2EIUF1+cngVEE1ICLacmO5pZDWA+wox804qvpSvYJVNZbEg 7mZIyqBettUJGAvkcuOSL1qaI3bmWW++B+ZL20lsZo1QAD1aFNJRwL2KSm91fuVGL7Jy Ctgw97R3ZqTQ14rX0ivDsGp3tpsObhJKrV/CPBiZyOJMVgpYDHRpZrcYvZ6z+qpDEGZp BOoXAKAmvvLq2wb7wE5vO7ZS9c/y6vdJ/97qKwA9Z3WrLmazqnOtZMxNyHFcocTmpDkL BeAA== X-Gm-Message-State: AOPr4FWa5oQsVM+VTG6CT3DxHxNiKu93Lc5wZts8SI+B12WoXjqEwf+BBuPyRwOBK0KVs/OPna4ga8LFRhmizz/g X-Received: by 10.31.149.78 with SMTP id x75mr3634869vkd.103.1460514833698; Tue, 12 Apr 2016 19:33:53 -0700 (PDT) MIME-Version: 1.0 Received: by 10.31.137.15 with HTTP; Tue, 12 Apr 2016 19:33:34 -0700 (PDT) In-Reply-To: References: From: Shalini Gupta Date: Wed, 13 Apr 2016 08:03:34 +0530 Message-ID: To: Matthew Bahrenburg Content-Type: multipart/alternative; boundary=001a11426748da87590530549b12 Archived-At: Cc: scim@ietf.org Subject: Re: [scim] CIS Interop X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Apr 2016 02:33:57 -0000 --001a11426748da87590530549b12 Content-Type: text/plain; charset=UTF-8 Thanks Matt for looping me in. Sounds like a good plan. Looking forward to the interop and putting forth its learnings in CIS. On Mon, Apr 11, 2016 at 10:00 PM, Matthew Bahrenburg < mbahrenburg@salesforce.com> wrote: > Hi Shalini, > > I just shared the document we've been using for collaboration. Later this > week we'll be meeting to review and finalize the test plan for the interop, > with testing planned for May 1 - May 15. > > At the CIS session, we'll share the results then focus on evangelizing > SCIM and training the attendees. > > Morteza, are you scheduling the meeting for this week? > > Thanks, > Matt > > On Sun, Apr 10, 2016 at 7:18 PM, Shalini Gupta > wrote: > >> Hi Folks, >> >> Sorry about jumping in a little late into this. I was on a long vacation >> and came back this week. >> >> I would be interested in participating in the CIS interop. >> Could you please loop me in? Do we have a wiki or something for it? >> >> -- >> Regards, >> Shalini >> >> _______________________________________________ >> scim mailing list >> scim@ietf.org >> https://www.ietf.org/mailman/listinfo/scim >> >> > -- Regards, Shalini --001a11426748da87590530549b12 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Thanks Matt for looping me in.=C2=A0
Sounds like a goo= d plan.

Looking forward to the interop and putting= forth its learnings in CIS.


On Mon, Apr 11, 2016 at 10:00 PM, Matthew B= ahrenburg <mbahrenburg@salesforce.com> wrote:
Hi Shalini,

I just shared the document we've been using for collaboration. Later = this week we'll be meeting to review and finalize the test plan for the= interop, with testing planned for May 1 - May 15.

At the CIS session, we'll share the results then focus on=C2=A0evangel= izing SCIM and training the attendees.

Morteza, are you scheduling the meeting for this week= ?

Thanks,
Matt

On Sun, Ap= r 10, 2016 at 7:18 PM, Shalini Gupta <shalinigupta@google.com>= ; wrote:
Hi Folks,

Sorry about jumping in a little = late into this. I was on a long vacation and came back this week.
=

I would be interested in participating in the CIS = interop.
Could you please loop me in? Do we have a wiki or someth= ing for it?=C2=A0

--= =C2=A0
Regards,
Shalini

_______________________________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim





--
Regards= ,
Shalini
--001a11426748da87590530549b12-- From nobody Wed Apr 13 11:55:31 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC38012DC04 for ; Wed, 13 Apr 2016 11:55:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.216 X-Spam-Level: X-Spam-Status: No, score=-5.216 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0luUvdtwtTuB for ; Wed, 13 Apr 2016 11:55:27 -0700 (PDT) Received: from tr21g12.aset.psu.edu (tr21g12.aset.psu.edu [146.186.149.142]) by ietfa.amsl.com (Postfix) with ESMTP id 13F3B12D7E2 for ; Wed, 13 Apr 2016 11:55:26 -0700 (PDT) Received: from ucs20.ait.psu.edu (ucs20.ait.psu.edu [128.118.73.22]) by tr21g12.aset.psu.edu (8.14.3/8.14.3) with ESMTP id u3DItP0g2461792 for ; Wed, 13 Apr 2016 14:55:25 -0400 Date: Wed, 13 Apr 2016 14:55:25 -0400 (EDT) From: Steve Moyer To: scim@ietf.org Message-ID: <1200429876.6668152.1460573725189.JavaMail.zimbra@psu.edu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_6668150_1587382962.1460573725187" X-Originating-IP: [75.102.103.112] X-Mailer: Zimbra 8.6.0_GA_1194 (ZimbraWebClient - FF47 (Linux)/8.6.0_GA_1194) Thread-Topic: SCIM compliance Thread-Index: ZlZcCtOjBpn6u9fVCDJUmQXiul5ivQ== X-Virus-Scanned: by amavisd-new Archived-At: Subject: [scim] SCIM compliance X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: Steve Moyer List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Apr 2016 18:55:29 -0000 ------=_Part_6668150_1587382962.1460573725187 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable All, We've been working on a first-principles rewrite of our SCIM 2.0 system (ba= sed on a pre-ratified version of the specification) but we've also been pro= moting SCIM for its intended use in the higher-ed community. Recently there's been a discussion about what it really means to be "compli= ant". I'm taking the hard-line view that without inter-operability, there'= s not really a point in being technically compatible. The TIER group withi= n the Internet2 is talking about creating TierUser and TierGroup ResourceTy= pes and using those instead of the core User and Group ResourceType. Technically, the specification allows *any* resource type to be added (per = section 3.2 of the Schema specification) and while it implies the core User= and core Group are required (using the word "provided") the specification = doesn't technically say a service MUST provide those end-points. I've attached a document with the two favorite TIER proposals and my view i= s that neither of them are compliant. Proposal two *could* be inter-operab= le if the persisted TIER user object was exposed via both the TierUsers and= Users endpoints. This violates a principle of REST (a resource has a uniq= ue URL) though. I should also note that the use of query parameters, heade= rs and HTTP status codes proposed by TIER are also "interesting". What are this group's opinions? Thanks, Steve =E2=80=9CAll the easy stuff=E2=80=99s been done=E2=80=A6. We=E2=80=99ve got= the wheel, fire, the TV clicker=E2=80=94what else do you need?=E2=80=9D - = Dean Kamen ------=_Part_6668150_1587382962.1460573725187 Content-Type: application/pdf; name=DSAWG-AlternativeProposalsontheRelationshipBetweenTIERandSCIMAPIsandSchema-130416-1845-2144.pdf Content-Disposition: attachment; filename=DSAWG-AlternativeProposalsontheRelationshipBetweenTIERandSCIMAPIsandSchema-130416-1845-2144.pdf Content-Transfer-Encoding: base64 JVBERi0xLjQKJeLjz9MKNSAwIG9iago8PC9GaWx0ZXIvRmxhdGVEZWNvZGUvTGVuZ3RoIDI0NDU+ PnN0cmVhbQp4nKVZTXPbyBG981d07UXrKhkhQRAkdXHZjp1SapWsZab2EOUwBIYkbABD40MUf0mu +ql53TMgQFleQHG5yiZBzPTX635vxt9G71ajMc2XPq3i0YfV6NPo22jsjafzGR1GPv0dP34ZTcZ0 M/r3f8YUj4IFzYOAstEsDORTKp+ChTfmz/i589H+vhv9McpHE+I/xXYUzL1l+Owmr/E8db93Pzfb bOAM/8Em8PovHyeEn5e02mBzfj6hMPQWIYXjwFssaJWNfp14RK9WXziyP10yW8483y7xe5cs7ZLF zAvnskQNtTIPvbG1Mh26ZBY2sQRDlyB8P3xR+MEy8MJwYPhuCcIfhy+KZTqbeMHsRY5Np77nz17k 2NT3vXD2MsfG08axoUn2Z2NvEQyMxQLGDyaeH7wIMP504oXBi2DpT3wvGGrFLRn7TSzr/iVzb4pO Xkwbx6KBVibzgAcDL4mHLglmTcZ0/5KlN4FjfthY2Qy0goicke3AsizmTfD9CGuGRZPh74syWXTf D5bejOb+aYK9TStd5KpK7jX9Xpi9KVVaksmp2mm61Sl+MXm5S/b0TlcHrXNaXX+4JZXH/VZQ96m1 8vn99Q29/f265IX0OdrpTHXX+zQZY8XTHcJw4U3sDGx8o8ndK+vCk+1opxBCaTJN5l4XqdrTIal2 9Jxpj1aILtb3OjX7TOfVEF9m08YXsxEPXsd6k+Q65t27jiQl5aaitanxbH20HpR7HSWbJLL5dPbG nj9d+j49/bdhoB+5AhAGTVbKq8dmtx72mi+61HWjHpKszmhTaB2bjJKcJJ4k39roGo/b5JXf1e1Z Ix2yk9Ajk+3TROWRpo0pqEzwVUvSIpUCbJHKaa1JRbsEFZGU7VFtXWBlvkm2dSFJI6SdQblXRZXo 0vtzPyYgwg6FvjcZ1/mK/oHKIFRFZ65VdFDH/sBafr1BojKgsYMh0huEV3H5C/2tTgqEUhkO5T6J dRO2mC10uQcKEAR9fu4xkJumnBOdm3q7420yrSsJP1NfTJFUR6Sj32HMk8AmoNAqfX0wRRpbW3Wp kfiyN4+8S6sR0Dnv4SHiKRgnKB98UhVtDZxOcvipqNTFfYJaXzQ5snm5kOJzBGex4nWdlZTqEl2j I/yjiqP3c/0x82fefOnqnpdXw/ujo21+Y4+e4pcniwsaeEQwhUD1bGhWap3q3qR2JNE/863hbEY7 bK3zreZ664d9qgBUfHQY04XtQjELiOBvLQ925mAnYowhXmxRiU2Bhmbf+91oZdatLk1doAKksHGa VCAGQFiG6AU6rrhArJgQD08w84MiBLNZI61Os9u/e/U4ZKm/9Oazp8TB0VJZFUlUUVmvS/SD2Tye qMB7vFVSEKlNodMj57Q0KT5xaWSnfwGckrO/FabeD3FlEjSuNPmh1XGvy0uXcqEAW5iaOzfXBzp/ 84pWSJ4YlNf4m/hRl/BwgA/T5Vk6TrQD5EU6rtFJ3uPPNcx07nvLecsowxumo7k/1miMJw1zRe+b 4W4fljs4DljzZDdFJk3V0vTtx/elTQv9IFIZIieeQrJ7ET6FLF48V0EpBhCTMM8AXJbd+sdh58zw 0XGnNCm7StifzIHx50xVJ1N2f4nW1BXLFQ5BGIK7ijQIkFQFgK/rSlOuMt1tvn6/2oPJ23uTxKXM eEea0c7s940UsY7oh0pjlKM1Mo3RkydlJtllbJZtk5R0Z7sQxYpVxcGgzpKxk7Mlwthq7r5+LydT b2y93Jg0NQdL+KWORBixv2Lt5J11RZqtfXb3akCd2lPXh4ekrBpUUZQmoGurO4BLnvOyfdEOQFjs BOdK9piZ+CTh/pvItDfFEW8foR5+krN8tOA0/H84q3NUlDDOZ9yTYUQHU0MCiFb+hSfRL2QDQRcw 4phXEugRy21nKG5+lw1Y4N79CrTYr3j7+ObuVb8k6xxST5LsI7aJUiWiRnoSKoIBLEMixbi/5AGw Bq0exZC16dG72ioiKCjoCxZx60TkFz90IC/0FqW3ArIfMp3z8MqAZPa88XPMQWb9BYhtWMDlRJ8r vnXyOoYKFGCr9JJUXZkMHRSjlfZ7huPaHanY4RMtfHe0es5R9Lo7hrbk4kJ2Y41b1Iqs+IR8N+Ie B9SpPeZ/uqK/srwToZdpNM0B6a1YocbN8GILTt7xzLHJeTPATHs18Ja1+SVdX2BSqiPLG2EJKBrp XLcn55dDuYQTeDNOKh6aosi0rUWDd4b72YRi92OTX1QW/YpscfqdnCynDWYjnOkgi/gIwn3DnvBZ Usn5wQ2uPN5DzlVNp0Df0h7UZV8eYK29+vhk6RPpZn5IyrJ2w8hZ8raeDQtvHBj/SI7ZbBhDDC04 Km4xJBWryl0hpwm0Gr4BG3VaQUUNqVPncgV1+pwIbfMJmvvWJV5xw4A6RJedioQachYcPbrMgHMw ZlC59iDvtGsrXeXxJaF4dA3Xk/zrADfDoEEtY3TnClDBN+C0wnzZJUjAWhVOR0SJNEdSXXROH0Ln RjLr0bXwZ6HxAt8tsCNbOhSG/24qIXE6a5ukKCvi01bac6AUh2dBg//KGgaNwh0uuBVKjOscxMeK VitL6IKkR7rO8XbOB5LLptypiFG8ArWV1bnjKuvp6ejlfkM2MCsVzm4mlgRvh6CzvTJr5wK2aeYC OBUNpmK3o/QrG77RlXI9/IYe/9Ai59cq+sovOCmk7FtCvjIO5SsXir+cyGiAk9NZ00Iiv4YAvL3X A8BRdMTypUYlM/UVteX+baaMFUPiaTtdzkYKPRkTcmznBSih3BRI60hDcHQi/LgTBrg5CRuAn/H6 JdvIT04LE5ncWbVp9+jGsY60mDqflrKLMK9T4mfPLadCLQ3wcBw2iGbeRbtVJ7oTXHZJqU0gKD6t oe4Tvo6Ud9H33bneXkd1MznkFqi9fz0pDuDPMkHP6uXCCyadDU6TQTcxebwXC8lEICNzyg4MTtq9 SmstN2vGHkbP3J1+b3AxZuC2BrmQvWKgvS5ecSviyHuvrQhi2YREkbuwFJJwGkXv99pex1h4EMSt Tu2k4DNstzQ8gw/MM2pt5COgkOSQAFVtRXtDPtz3Q85k80XTbF0zVtuxrpBu4kuQRGSo65WOydN1 6tODlqUVmWupESI6mOIrGR74fNpw2jDJuscfGzmv7PU8XDT9BxtRWudfj4MuIpueuHXXXsAgpOUO A6OM6rIUJF1f8C1slMqRF9GzDBJ6lxHYvXB+qulP7KMkxtREKiW5WGS82ytn7Ogc5f+D/TT6H82v QBsKZW5kc3RyZWFtCmVuZG9iagoxIDAgb2JqCjw8L0NvbnRlbnRzIDUgMCBSL1R5cGUvUGFnZS9S ZXNvdXJjZXM8PC9Qcm9jU2V0IFsvUERGIC9UZXh0IC9JbWFnZUIgL0ltYWdlQyAvSW1hZ2VJXS9G b250PDwvRjEgMiAwIFIvRjIgMyAwIFIvRjMgNCAwIFI+Pj4+L1BhcmVudCA2IDAgUi9NZWRpYUJv eFswIDAgNjEyIDc5Ml0+PgplbmRvYmoKNyAwIG9iago8PC9GaWx0ZXIvRmxhdGVEZWNvZGUvTGVu Z3RoIDExODk+PnN0cmVhbQp4nI1WTW/jNhC961cMckkWSFQ7dvzRS7ANssAWXWy2cbGHpgdaoiMm FKmQVBTvr+lP7RvSsl0URQTBBi1yZt68eTP0S/bLKhvRfHlJqzK7XWXfspdslI8m8yvqskv6FZtP 2XhEX7I//xpRmU0XNJ9Oqc6uZtO40nE1XeQjXmP7aJn2q+x7ZrIx8eMes+k8X85oPJ2Odl7isnfD hvHA0XJ3oMo2QMMPvAD2T5/GhP0lrTbwzu/HNJvlixnNF5Mc3lZ1djbJiT6snji1/zFZJpOrab5I JmKgyWyxyCfLaLJ+32SeTwBvOupNiqFRJqN8nkzKd03GI5A+mfUxfNs0WtbSBAqVpNXn29/JF5Ws BYlAndIaX6EibQuh9failBtlZInN4NS6DdITvkkZrzy7ENHPlhqHg29YWy+PDytDgjqxjUcHIL2c 9anVyqha/YAPBlpUwhSS7IYKLXylzCNFaCooa3xOK0ZSCENrhC8KWzda+QrA11ty8qVVjk3Y06Up L7R8lZr4lDVMBdzyVkx6AMjxPB/v+Le1QIpG1JIezthHI1ygp5bJscmp3MQAuSzbhw8kPAhJbDFq BYq8OQ302AonTJCADMPOumfaWEfGmgsYkldg85x89OmQIz6FdUa6AXhH8/xqJzHhmVBLz1I2BLrk FqQaRiIN1aJpmKaNszVQRjrAnretA/dOArYHXYI5p9J2hj2d3rUuCemUADj9vL/5/OV0V4/3Ac6W 6S132nHtohIhH6n1QYimBBk4ImmjdJCxrq7VMh8Q59Cev8Xcop+6T8lHwCXY38u6Q0nOo+JFWXKk I2l3ttXQl5PiOeZLCTnrNKe/QSgZ2f3HYADK+aLvAWMDCxoKYyXtK7FrWN/IQm1UEcEj5FcjeyWL 8hXIxSOi4o0obRMievIBBApXnsfORE6xlihjJV75hFYh6CElmy0PPVC0ew7ZFRgETi/1K0tW+TQm OhnpDeL5CF5Ep0FhCa4dYkOFEKHeJeVjubVaO+GU7B1xb0RpINMBSK+Wvfr75MHVR8JMKJ7JS+GK Cq3Wsq4wFhxkcQjILRhryzjuthhvR0R3lYJpEiZ39ckt+tc1Tnn5h5fuZF8wmNzbAUiny74NutTh XH8u50a5NFAaZxuesAGDI6fvleRpQHFOBEIKu1L8e2AfC1UYJMGFRlla82zQxEMa53BJ3Suewyqw A6DsKgvdm+CsjkiTNM9RVG27GMf4oEKbqnmUAZitQXUvQU++ijB3krftfiq/tNJHhQ/AebgZb2zN TPwMkqAZ+SaKoLcM+qTQSHx7QmLNQTiCfIPuPKu3lnzRKF+nnmOSPOvWy2v6BJrjffnx7nMa40he 91wgrzVmCWRbDMB5Oe67Zy0LwTE6Hhdp+J84mUQFjJg9BiLjNtkXNA0klmYh6qb1B/w+YU5U8q1S oZkkJPtw9tWR1FE5cmc2AOZ4vG+dVJ0y3Wme77ukI26MAtIKUCzdRMd30nlwCXw8SLmnclx895Zp Uv3luBuxh7RIizUuZZzR0jyGantNcIQEWGcDsI7GffNEHgXL8hUK4LIyV5GkOMPjnJZvR4xe7/zz X91v2T86j0rlCmVuZHN0cmVhbQplbmRvYmoKOCAwIG9iago8PC9Db250ZW50cyA3IDAgUi9UeXBl L1BhZ2UvUmVzb3VyY2VzPDwvUHJvY1NldCBbL1BERiAvVGV4dCAvSW1hZ2VCIC9JbWFnZUMgL0lt YWdlSV0vRm9udDw8L0YxIDIgMCBSPj4+Pi9QYXJlbnQgNiAwIFIvTWVkaWFCb3hbMCAwIDYxMiA3 OTJdPj4KZW5kb2JqCjEwIDAgb2JqCjw8L0Rlc3RbMSAwIFIvWFlaIDAgNzQ0IDBdL1RpdGxlKEFs dGVybmF0aXZlIFByb3Bvc2FscyBvbiB0aGUgUmVsYXRpb25zaGlwIEJldHdlZW4gVElFUiBhbmQg U0NJTSBBUElzIGFuZCBTY2hlbWEpL1BhcmVudCA5IDAgUj4+CmVuZG9iago5IDAgb2JqCjw8L1R5 cGUvT3V0bGluZXMvQ291bnQgMS9GaXJzdCAxMCAwIFIvTGFzdCAxMCAwIFI+PgplbmRvYmoKMiAw IG9iago8PC9TdWJ0eXBlL1R5cGUxL1R5cGUvRm9udC9CYXNlRm9udC9IZWx2ZXRpY2EvRW5jb2Rp bmcvV2luQW5zaUVuY29kaW5nPj4KZW5kb2JqCjMgMCBvYmoKPDwvU3VidHlwZS9UeXBlMS9UeXBl L0ZvbnQvQmFzZUZvbnQvSGVsdmV0aWNhLUJvbGQvRW5jb2RpbmcvV2luQW5zaUVuY29kaW5nPj4K ZW5kb2JqCjQgMCBvYmoKPDwvU3VidHlwZS9UeXBlMS9UeXBlL0ZvbnQvQmFzZUZvbnQvSGVsdmV0 aWNhLU9ibGlxdWUvRW5jb2RpbmcvV2luQW5zaUVuY29kaW5nPj4KZW5kb2JqCjYgMCBvYmoKPDwv S2lkc1sxIDAgUiA4IDAgUl0vVHlwZS9QYWdlcy9Db3VudCAyL0lUWFQoMi4xLjcpPj4KZW5kb2Jq CjExIDAgb2JqCjw8L1BhZ2VNb2RlL1VzZU91dGxpbmVzL1R5cGUvQ2F0YWxvZy9PdXRsaW5lcyA5 IDAgUi9QYWdlcyA2IDAgUj4+CmVuZG9iagoxMiAwIG9iago8PC9Nb2REYXRlKEQ6MjAxNjA0MTMx ODQ1MThaKS9DcmVhdGlvbkRhdGUoRDoyMDE2MDQxMzE4NDUxOFopL1Byb2R1Y2VyKGlUZXh0IDIu MS43IGJ5IDFUM1hUKT4+CmVuZG9iagp4cmVmCjAgMTMKMDAwMDAwMDAwMCA2NTUzNSBmIAowMDAw MDAyNTI4IDAwMDAwIG4gCjAwMDAwMDQzMjkgMDAwMDAgbiAKMDAwMDAwNDQxNyAwMDAwMCBuIAow MDAwMDA0NTEwIDAwMDAwIG4gCjAwMDAwMDAwMTUgMDAwMDAgbiAKMDAwMDAwNDYwNiAwMDAwMCBu IAowMDAwMDAyNzAzIDAwMDAwIG4gCjAwMDAwMDM5NjAgMDAwMDAgbiAKMDAwMDAwNDI2MiAwMDAw MCBuIAowMDAwMDA0MTE3IDAwMDAwIG4gCjAwMDAwMDQ2NzUgMDAwMDAgbiAKMDAwMDAwNDc1NyAw MDAwMCBuIAp0cmFpbGVyCjw8L0luZm8gMTIgMCBSL0lEIFs8N2Q4YjcxNjlmMGIxNWNkODc5MDhm MGNkODJiMjZjOGE+PGQ0MTlkMTVhOGVjNzAzODkyZTkxNDY0NzM0YzJiZWRlPl0vUm9vdCAxMSAw IFIvU2l6ZSAxMz4+CnN0YXJ0eHJlZgo0ODY4CiUlRU9GCg== ------=_Part_6668150_1587382962.1460573725187-- From nobody Wed Apr 13 12:33:18 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7182E12E47A for ; Wed, 13 Apr 2016 12:33:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -15.516 X-Spam-Level: X-Spam-Status: No, score=-15.516 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x8mGa3pCXJj8 for ; Wed, 13 Apr 2016 12:33:15 -0700 (PDT) Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7844912E487 for ; Wed, 13 Apr 2016 12:33:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=31526; q=dns/txt; s=iport; t=1460575993; x=1461785593; h=from:to:subject:date:message-id:mime-version; bh=5SFhM/Hesv7gUYDZ2fYinqX6g6DsX2iSWEJv/aPpKUo=; b=NrJwm+Mk52Nb77tJjGvTN8yT6GmPj/YmM7fFWD9Qmhvu/uPgNZyVXF38 bZDnMlTG9nuH2nmwcOGNrtEGWsiuhgGMjn797yDvvpBGIR+6sCV3tANYn KF/CK7tu7tWwt87rjesD7ESxCvTXyqNzzoiT404hgO2I+jiJpHW1rFWj6 M=; X-Files: WebEx_Meeting.ics : 4238 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CGAQAIng5X/4ENJK1EFwOCa0xTfQaEJ?= =?us-ascii?q?bEtgmSCDw6BcSSFaoFDOBQBAQEBAQEBZRwLhEYCgQcEATQEDAwZFyQDAQMTDog?= =?us-ascii?q?bDiygTZRojSgBAQEBAQEBAwEBAQEBAQEBEAQEBIYdgWqFP4EjLT0BGgeFCAWHf?= =?us-ascii?q?oYKigABgyOBZm2FX4I3gWcXhDeIW4YgiQYBHgFDggQZf0tsAYh7fgEBAQ?= X-IronPort-AV: E=Sophos;i="5.24,481,1454976000"; d="ics'?scan'208,217";a="260258331" Received: from alln-core-9.cisco.com ([173.36.13.129]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 13 Apr 2016 19:33:12 +0000 Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by alln-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id u3DJXCfS015932 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL) for ; Wed, 13 Apr 2016 19:33:12 GMT Received: from xch-rcd-004.cisco.com (173.37.102.14) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Wed, 13 Apr 2016 14:33:11 -0500 Received: from xch-rcd-004.cisco.com ([173.37.102.14]) by XCH-RCD-004.cisco.com ([173.37.102.14]) with mapi id 15.00.1104.009; Wed, 13 Apr 2016 14:33:11 -0500 From: "Morteza Ansari (moransar)" To: "scim@ietf.org" Thread-Topic: SCIM interop meeting update Thread-Index: AQHRlbtQG1nZlmnDJkytSx/kaPu8QQ== Date: Wed, 13 Apr 2016 19:33:11 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.6.2.160219 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.24.98.68] Content-Type: multipart/mixed; boundary="_004_D333ED052789Emoransarciscocom_" MIME-Version: 1.0 Archived-At: Subject: [scim] SCIM interop meeting update X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Apr 2016 19:33:17 -0000 --_004_D333ED052789Emoransarciscocom_ Content-Type: multipart/alternative; boundary="_000_D333ED052789Emoransarciscocom_" --_000_D333ED052789Emoransarciscocom_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable If you are interested in participating in SCIM interop at CIS 2016, please = join us on a planning meeting tomorrow at 11AM Pacific time. See attached = information. This is in addition to the bi-weekly meeting I sent earlier given we didn't= have the bi-weekly meeting last week. Cheers, Morteza --- You can forward this invitation to others. Hello, Morteza Ansari invites you to join this WebEx meeting. CIS16 SCIM Interop planning Thursday, April 14, 2016 11:00 am | Pacific Daylight Time (San Francisco, GMT-07:00) | 1 hr Meeting number (access code): 345 768 432 Meeting password: scim Add to Calendar When it's time, join the meeting. Join from a video system or application Dial 345768432@go.webex.com Join by phone 1-877-668-4488 US Toll Free +1-415-655-0000 US Toll Global call-in numbers | Toll-free calling restrictions Can't join the meeting? IMPORTANT NOTICE: Please note that this WebEx service allows audio and othe= r information sent during the session to be recorded, which may be discover= able in a legal matter. By joining this session, you automatically consent = to such recordings. If you do not consent to being recorded, discuss your c= oncerns with the host or do not join the session. --_000_D333ED052789Emoransarciscocom_ Content-Type: text/html; charset="iso-8859-1" Content-ID: <8D11BFACB7EEC746893376FC527C5DDF@emea.cisco.com> Content-Transfer-Encoding: quoted-printable
If you are interested in participating in SCIM interop at CIS 2016, pl= ease join us on a planning meeting tomorrow at 11AM Pacific time.  See= attached information.

This is in addition to the bi-weekly meeting I sent earlier given we d= idn’t have the bi-weekly meeting last week.


Cheers,
Morteza
---

You can forward this invitation to others. 
Hello, 
Morteza Ansari invites you to join this WebEx meeting.
 
CIS16 SCIM Interop planning
Thursday, April 14, 2016 
11:00 am  |  Pacific Daylight Time (San Francisco, GMT-= 07:00)  |  1 hr 
Meeting number (access code): 345 768 432 
Meeting password: scim
 
Add to Calendar
When it's time, join the meeting.
 
Join from a video system or application
Dial 345768432@go.webex.com=
 
Join by phone
1-877-668-4488 US Toll Free
+1-415-655-0000 US Toll
Global call-in numbers&nbs= p; |  Toll-free calling restrictions
 
Can't join the meeting?
 
IMPORTANT NOTICE: Please note that this WebEx service allows audio and othe= r information sent during the session to be recorded, which may be discover= able in a legal matter. By joining this session, you automatically consent = to such recordings. If you do not consent to being recorded, discuss your concerns with the host or do not j= oin the session.

--_000_D333ED052789Emoransarciscocom_-- --_004_D333ED052789Emoransarciscocom_ Content-Type: message/rfc822 Content-Disposition: attachment; creation-date="Wed, 13 Apr 2016 19:33:11 GMT"; modification-date="Wed, 13 Apr 2016 19:33:11 GMT" Content-ID: Received: from xch-aln-004.cisco.com (173.36.7.14) by xch-rcd-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1104.5 via Mailbox Transport; Wed, 13 Apr 2016 12:09:27 -0500 Received: from xch-aln-003.cisco.com (173.36.7.13) by XCH-ALN-004.cisco.com (173.36.7.14) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Wed, 13 Apr 2016 12:09:27 -0500 Received: from alln-iport-5.cisco.com (173.37.142.92) by mail.cisco.com (173.36.7.13) with Microsoft SMTP Server (TLS) id 15.0.1104.5 via Frontend Transport; Wed, 13 Apr 2016 12:09:26 -0500 X-Files: WebEx_Meeting.ics : 4238 Received: from alln-core-9.cisco.com ([173.36.13.129]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 13 Apr 2016 17:09:26 +0000 Received: from alln-inbound-a.cisco.com (alln-inbound-a.cisco.com [173.37.147.231]) by alln-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id u3DH9MRh016796 (version=TLSv1/SSLv3 cipher=DHE-RSA-SEED-SHA bits=128 verify=OK) for ; Wed, 13 Apr 2016 17:09:26 GMT Authentication-Results: alln-inbound-a.cisco.com; dkim=none (message not signed) header.i=none; spf=Pass smtp.mailfrom=messenger@webex.com; spf=None smtp.helo=postmaster@sjmda14.webex.com Received-SPF: Pass (alln-inbound-a.cisco.com: domain of messenger@webex.com designates 64.68.124.162 as permitted sender) identity=mailfrom; client-ip=64.68.124.162; receiver=alln-inbound-a.cisco.com; envelope-from="messenger@webex.com"; x-sender="messenger@webex.com"; x-conformance=spf_only; x-record-type="v=spf1" Received-SPF: None (alln-inbound-a.cisco.com: no sender authenticity information available from domain of postmaster@sjmda14.webex.com) identity=helo; client-ip=64.68.124.162; receiver=alln-inbound-a.cisco.com; envelope-from="messenger@webex.com"; x-sender="postmaster@sjmda14.webex.com"; x-conformance=spf_only X-from-outside-Cisco: 64.68.124.162 X-Files: WebEx_Meeting.ics : 4238 IronPort-PHdr: =?us-ascii?q?9a23=3AtC8x+RzwLZ3+inPXCy+O+j09IxM/srCxBDY+r6Qd?= =?us-ascii?q?0ewTIJqq85mqBkHD//Il1AaPBtWLra8fwLuG+4nbGkU+or+5+EgYd5JNUxJXwe?= =?us-ascii?q?43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6anHS+4HYoFwnlMkIt?= =?us-ascii?q?f6KuSt6U0p/8hrD60qaQSjsLrQL1Wal1IhSyoFeZnegtqqwmFJwMzADUqGBDYe?= =?us-ascii?q?VcyDAgD1uSmxHh+pX4p8Y7oGwD884mostHS6z8ZK0iZbdZFz8hdWsy4Z7RuAHH?= =?us-ascii?q?XDeIs34bSGwQiRNSKwPE9xr9GJz2t3jUrO14jQydJ9H7X7l8cDK55r1qAEvthT?= =?us-ascii?q?wcOjg2/Xv/lcF6gbIdqxWk8U8si7XIaZ2YYaItNpjWeskXEDJM?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0FAAABTfA5Xk6J8REBEFwMZAQEBAYJOg?= =?us-ascii?q?R99hCu0EYIPDoEuQySFah6BJTgUAQEBAQEBAQECDwEBAQEHDQkJIS+CLQo4BgQ?= =?us-ascii?q?yAQEBAQEBAQEBAQEBAQEBAQEBFwI9EwEBHhEBE2QHDgUcAwQMBgIEGTsEFhGIG?= =?us-ascii?q?AUJLKBgjnUBAWaFC4EWjBwBAQEBAQEEAQEBAQEBAQEQBAQEiAcThAYBgSVWTS0?= =?us-ascii?q?nCwwaBQKCMoJWBZgIgySBZm2FX4QeF4Q3gxyFP45dSh4BgkcRCH9LbAGJeQEBA?= =?us-ascii?q?Q?= X-IPAS-Result: =?us-ascii?q?A0FAAABTfA5Xk6J8REBEFwMZAQEBAYJOgR99hCu0EYIPDoE?= =?us-ascii?q?uQySFah6BJTgUAQEBAQEBAQECDwEBAQEHDQkJIS+CLQo4BgQyAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBFwI9EwEBHhEBE2QHDgUcAwQMBgIEGTsEFhGIGAUJLKBgjnUBAWa?= =?us-ascii?q?FC4EWjBwBAQEBAQEEAQEBAQEBAQEQBAQEiAcThAYBgSVWTS0nCwwaBQKCMoJWB?= =?us-ascii?q?ZgIgySBZm2FX4QeF4Q3gxyFP45dSh4BgkcRCH9LbAGJeQEBAQ?= X-IronPort-AV: E=Sophos;i="5.24,480,1454976000"; d="ics'?scan'208,217";a="82962899" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from unknown (HELO sjmda14.webex.com) ([64.68.124.162]) by alln-inbound-a.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 13 Apr 2016 17:09:25 +0000 Received: from jbts1tc104.webex.com (sjc02-wxp00-lbace03-core-vl120-np10-2.webex.com [64.68.121.246]) by sjmda14.webex.com (Postfix) with ESMTP id 072FB80DB5 for ; Wed, 13 Apr 2016 17:09:25 +0000 (GMT) Received: from jbts1tc104.webex.com (localhost [127.0.0.1]) by jbts1tc104.webex.com (Postfix) with ESMTP id 04F068006B for ; Wed, 13 Apr 2016 17:09:25 +0000 (GMT) Date: Wed, 13 Apr 2016 17:09:25 +0000 From: Morteza Ansari Reply-To: To: Message-ID: <32845722.281.1460567365019.JavaMail.nobody@jbts1tc104.webex.com> Subject: (Forward to others) WebEx meeting invitation: CIS16 SCIM Interop planning Return-Path: messenger@webex.com X-MS-Exchange-Organization-AuthSource: XCH-ALN-003.cisco.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 10 X-MS-Exchange-Organization-Network-Message-Id: 904e35a5-a097-4004-9dd4-08d363be5e95 X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0 X-MS-Exchange-Organization-SCL: -1 Content-Type: multipart/mixed; boundary="B_3543395454_39641428" MIME-Version: 1.0 --B_3543395454_39641428 Content-Type: multipart/alternative; boundary="B_3543395454_39699852" --B_3543395454_39699852 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit You can forward this invitation to others. Hello, Morteza Ansari invites you to join this WebEx meeting. CIS16 SCIM Interop planning Thursday, April 14, 2016 11:00 am | Pacific Daylight Time (San Francisco, GMT-07:00) | 1 hr Meeting number (access code): 345 768 432 Meeting password: scim Add to Calendar When it's time, join the meeting . Join from a video system or application Dial 345768432@go.webex.com < sip:345768432@go.webex.com> Join by phone 1-877-668-4488 US Toll Free +1-415-655-0000 US Toll Global call-in numbers | Toll-free calling restrictions Can't join the meeting? IMPORTANT NOTICE: Please note that this WebEx service allows audio and other information sent during the session to be recorded, which may be discoverable in a legal matter. By joining this session, you automatically consent to such recordings. If you do not consent to being recorded, discuss your concerns with the host or do not join the session. --B_3543395454_39699852 Content-Type: text/html; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable
You can forward this invitation to o= thers.
Hello,
Morteza Ansari invites you to join this WebEx meeting.
 
CIS16 SCIM Interop planning<= /b>
Thursday, April 14, 2016
11:00 am  |  Pacific Daylight Time (San Francisco, = GMT-07:00)  |  1 hr
Meeting number (access code): 345 768 432
Meeting password: scim
 
Add to Cal= endar
When it's time, join the meeting.
 
Join from a video system or application=
Dial 345768432@go.webex.com
 
Join by phone
1-877-668-4488 US Toll Free
+1-415-655-0000 US Toll
Global call-in numbers  |  Toll-free calling restrictions
 
Can't join th= e meeting?
 
IMPORTANT NOTICE: Please note = that this WebEx service allows audio and other information sent during the = session to be recorded, which may be discoverable in a legal matter. By joi= ning this session, you automatically consent to such recordings. If you do not consent to being recorded, discu= ss your concerns with the host or do not join the session.
--B_3543395454_39699852-- --B_3543395454_39641428 Content-Type: application/octet-stream; name="WebEx_Meeting.ics" Content-ID: Content-Disposition: attachment; filename="WebEx_Meeting.ics" Content-Transfer-Encoding: base64 QkVHSU46VkNBTEVOREFSClBST0RJRDotLy9NaWNyb3NvZnQgQ29ycG9yYXRpb24vL091dGxvb2sg MTAuMCBNSU1FRElSLy9FTgpWRVJTSU9OOjIuMApNRVRIT0Q6UkVRVUVTVApCRUdJTjpWVElNRVpP TkUKVFpJRDpQYWNpZmljIFRpbWUKQkVHSU46U1RBTkRBUkQKRFRTVEFSVDoyMDE0MTEwMVQwMjAw MDAKUlJVTEU6RlJFUT1ZRUFSTFk7SU5URVJWQUw9MTtCWURBWT0xU1U7QllNT05USD0xMQpUWk9G RlNFVEZST006LTA3MDAKVFpPRkZTRVRUTzotMDgwMApUWk5BTUU6U3RhbmRhcmQgVGltZQpFTkQ6 U1RBTkRBUkQKQkVHSU46REFZTElHSFQKRFRTVEFSVDoyMDE0MDMwMVQwMjAwMDAKUlJVTEU6RlJF UT1ZRUFSTFk7SU5URVJWQUw9MTtCWURBWT0yU1U7QllNT05USD0zClRaT0ZGU0VURlJPTTotMDgw MApUWk9GRlNFVFRPOi0wNzAwClRaTkFNRTpEYXlsaWdodCBTYXZpbmdzIFRpbWUKRU5EOkRBWUxJ R0hUCkVORDpWVElNRVpPTkUKQkVHSU46VkVWRU5UCkFUVEVOREVFO0NOPSJNb3J0ZXphIEFuc2Fy aSI7Uk9MRT1SRVEtUEFSVElDSVBBTlQ7UlNWUD1UUlVFOk1BSUxUTzptb3JhbnNhckBjaXNjby5j b20KT1JHQU5JWkVSO0NOPSJNb3J0ZXphIEFuc2FyaSI6TUFJTFRPOm1vcmFuc2FyQGNpc2NvLmNv bQpEVFNUQVJUO1RaSUQ9IlBhY2lmaWMgVGltZSI6MjAxNjA0MTRUMTEwMDAwCkRURU5EO1RaSUQ9 IlBhY2lmaWMgVGltZSI6MjAxNjA0MTRUMTIwMDAwCkxPQ0FUSU9OOmh0dHBzOi8vZ28ud2ViZXgu Y29tL2dvClRSQU5TUDpPUEFRVUUKU0VRVUVOQ0U6MTQ2MDU2NzM2NApVSUQ6M2RkYWRmYzUtN2Zh Mi00ZjYzLWJmZDEtMzQwM2MzMTMxNmMxCkRUU1RBTVA6MjAxNjA0MTRUMTgwMDAwWgpERVNDUklQ VElPTjpcblxuXG5KT0lOIFdFQkVYIE1FRVRJTkdcbmh0dHBzOi8vZ28ud2ViZXguY29tL2dvL2ou cGhwP01USUQ9bTljOTdhYjQ5NTc0NDFmZGIxYzg4ODhhMzAyMDIzMjcyXG5NZWV0aW5nIG51bWJl ciAoYWNjZXNzIGNvZGUpOiAzNDUgNzY4IDQzMlxuTWVldGluZyBwYXNzd29yZDogc2NpbVxuXG5c bkpPSU4gRlJPTSBBIFZJREVPIFNZU1RFTSBPUiBBUFBMSUNBVElPTlxuRGlhbCBzaXA6MzQ1NzY4 NDMyQGdvLndlYmV4LmNvbVxuXG5cbkpPSU4gQlkgUEhPTkVcbjEtODc3LTY2OC00NDg4IFVTIFRv bGwgRnJlZSBcbisxLTQxNS02NTUtMDAwMCBVUyBUb2xsXG5cbkdsb2JhbCBjYWxsLWluIG51bWJl cnM6XG5odHRwczovL2dvLndlYmV4LmNvbS9nby9nbG9iYWxjYWxsaW4ucGhwP3NlcnZpY2VUeXBl PU1DJkVEPTE4MzE4NDE5MiZ0b2xsRnJlZT0xXG5cblRvbGwtZnJlZSBkaWFsaW5nIHJlc3RyaWN0 aW9uczogXG5odHRwczovL3d3dy53ZWJleC5jb20vcGRmL3RvbGxmcmVlX3Jlc3RyaWN0aW9ucy5w ZGZcblxuXG5cbkNhbid0IGpvaW4gdGhlIG1lZXRpbmc/XG5odHRwczovL2hlbHAud2ViZXguY29t L2RvY3MvRE9DLTU0MTJcblxuXG5JTVBPUlRBTlQgTk9USUNFOiBQbGVhc2Ugbm90ZSB0aGF0IHRo aXMgV2ViRXggc2VydmljZSBhbGxvd3MgYXVkaW8gYW5kIG90aGVyIGluZm9ybWF0aW9uIHNlbnQg ZHVyaW5nIHRoZSBzZXNzaW9uIHRvIGJlIHJlY29yZGVkLCB3aGljaCBtYXkgYmUgZGlzY292ZXJh YmxlIGluIGEgbGVnYWwgbWF0dGVyLiBCeSBqb2luaW5nIHRoaXMgc2Vzc2lvbiwgeW91IGF1dG9t YXRpY2FsbHkgY29uc2VudCB0byBzdWNoIHJlY29yZGluZ3MuIElmIHlvdSBkbyBub3QgY29uc2Vu dCB0byBiZWluZyByZWNvcmRlZCwgZGlzY3VzcyB5b3VyIGNvbmNlcm5zIHdpdGggdGhlIGhvc3Qg b3IgZG8gbm90IGpvaW4gdGhlIHNlc3Npb24uXG4KWC1BTFQtREVTQztGTVRUWVBFPXRleHQvaHRt bDoJPEZPTlQgU0laRT0iMSIgRkFDRT0iQVJJQUwiPiZuYnNwOzxCUj4mbmJzcDs8QlI+Jm5ic3A7 PEJSPjxGT05UIFNJWkU9IjQiIEZBQ0U9IkFSSUFMIj4JCTxhIGhyZWY9Imh0dHBzOi8vZ28ud2Vi ZXguY29tL2dvL2oucGhwP01USUQ9bTljOTdhYjQ5NTc0NDFmZGIxYzg4ODhhMzAyMDIzMjcyIj48 Rk9OVCBTSVpFPSIzIiBDT0xPUj0iIzAwQUZGOSIgRkFDRT0iQXJpYWwiPkpvaW4gV2ViRXggbWVl dGluZzwvRk9OVD48L2E+CQkJPHRhYmxlPgkJCQk8dHI+CQkJCQk8dGQ+CQkJCQkJPEZPTlQgU0la RT0iMiIgQ09MT1I9IiM2NjY2NjYiIEZBQ0U9ImFyaWFsIj5NZWV0aW5nIG51bWJlciAoYWNjZXNz IGNvZGUpOiAzNDUgNzY4IDQzMjwvRk9OVD4JCQkJCTwvdGQ+CQkJCTwvdHI+CQkJPC90YWJsZT4J CQkJCQk8dGFibGU+PHRyPjx0ZD48Rk9OVCBTSVpFPSIyIiBDT0xPUj0iIzY2NjY2NiIgRkFDRT0i YXJpYWwiPk1lZXRpbmcgcGFzc3dvcmQ6PC9GT05UPjwvdGQ+PHRkPjxGT05UIFNJWkU9IjIiICBD T0xPUj0iIzY2NjY2NiIgRkFDRT0iYXJpYWwiPnNjaW08L0ZPTlQ+PC90ZD48L3RyPjwvdGFibGU+ CQk8L0ZPTlQ+PEZPTlQgU0laRT0iMSIgRkFDRT0iQVJJQUwiPiZuYnNwOzxCUj4mbmJzcDs8QlI+ PC9GT05UPjxGT05UIFNJWkU9IjQiIEZBQ0U9IkFSSUFMIj48Rk9OVCBTSVpFPSIzIiBDT0xPUj0i IzY2NjY2NiIgRkFDRT0iYXJpYWwiPkpvaW4gZnJvbSBhIHZpZGVvIHN5c3RlbSBvciBhcHBsaWNh dGlvbjwvRk9OVD48QlI+PEZPTlQgU0laRT0iMiIgQ09MT1I9IiM2NjY2NjYiIEZBQ0U9ImFyaWFs Ij5EaWFsPC9GT05UPiA8YSBocmVmPSJzaXA6MzQ1NzY4NDMyQGdvLndlYmV4LmNvbSI+PEZPTlQg U0laRT0iMiIgQ09MT1I9IiMwMEFGRjkiIEZBQ0U9ImFyaWFsIj4zNDU3Njg0MzJAZ28ud2ViZXgu Y29tPC9GT05UPjwvYT4mbmJzcDsgPEJSPjwvRk9OVD4mbmJzcDsgPEJSPiZuYnNwOyA8QlI+PEZP TlQgU0laRT0iNCIgRkFDRT0iQVJJQUwiPjxGT05UIFNJWkU9IjMiIENPTE9SPSIjNjY2NjY2IiBG QUNFPSJhcmlhbCI+Sm9pbiBieSBwaG9uZTwvRk9OVD4mbmJzcDsgPEJSPjxGT05UIFNJWkU9IjIi IENPTE9SPSIjNjY2NjY2IiBGQUNFPSJhcmlhbCI+PHN0cm9uZz4xLTg3Ny02NjgtNDQ4ODwvc3Ry b25nPiZuYnNwO1VTIFRvbGwgRnJlZTwvRk9OVD4mbmJzcDsgPEJSPjxGT05UIFNJWkU9IjIiIENP TE9SPSIjNjY2NjY2IiBGQUNFPSJhcmlhbCI+PHN0cm9uZz4rMS00MTUtNjU1LTAwMDA8L3N0cm9u Zz4mbmJzcDtVUyBUb2xsPC9GT05UPiZuYnNwOyA8QlI+PGEgaHJlZj0iaHR0cHM6Ly9nby53ZWJl eC5jb20vZ28vZ2xvYmFsY2FsbGluLnBocD9zZXJ2aWNlVHlwZT1NQyZFRD0xODMxODQxOTImdG9s bEZyZWU9MSI+PEZPTlQgU0laRT0iMSIgQ09MT1I9IiMwMEFGRjkiIEZBQ0U9ImFyaWFsIj5HbG9i YWwgY2FsbC1pbiBudW1iZXJzPC9GT05UPjwvYT48Rk9OVCBTSVpFPSIxIiBGQUNFPSJBUklBTCI+ Jm5ic3A7Jm5ic3A7fCZuYnNwOyZuYnNwOzwvRk9OVD48YSBocmVmPSJodHRwczovL3d3dy53ZWJl eC5jb20vcGRmL3RvbGxmcmVlX3Jlc3RyaWN0aW9ucy5wZGYiPjxGT05UIFNJWkU9IjEiIENPTE9S PSIjMDBBRkY5IiBGQUNFPSJhcmlhbCI+VG9sbC1mcmVlIGNhbGxpbmcgcmVzdHJpY3Rpb25zPC9G T05UPjwvYT4gJm5ic3A7IDxCUj48L0ZPTlQ+PEJSPjxCUj4JJm5ic3A7PEJSPgk8YSBocmVmPSJo dHRwczovL2hlbHAud2ViZXguY29tL2RvY3MvRE9DLTU0MTIiPgk8Rk9OVCBTSVpFPSIxIiBDT0xP Uj0iIzAwQUZGOSIgRkFDRT0iQXJpYWwiPkNhbid0IGpvaW4gdGhlIG1lZXRpbmc/PC9GT05UPjwv YT4JJm5ic3A7PEJSPiZuYnNwOzxCUj48Rk9OVCBDT0xPUj0iI0EwQTBBMCIgc2l6ZT0iMSIgRkFD RT0iYXJpYWwiPklNUE9SVEFOVCBOT1RJQ0U6IFBsZWFzZSBub3RlIHRoYXQgdGhpcyBXZWJFeCBz ZXJ2aWNlIGFsbG93cyBhdWRpbyBhbmQgb3RoZXIgaW5mb3JtYXRpb24gc2VudCBkdXJpbmcgdGhl IHNlc3Npb24gdG8gYmUgcmVjb3JkZWQsIHdoaWNoIG1heSBiZSBkaXNjb3ZlcmFibGUgaW4gYSBs ZWdhbCBtYXR0ZXIuIEJ5IGpvaW5pbmcgdGhpcyBzZXNzaW9uLCB5b3UgYXV0b21hdGljYWxseSBj b25zZW50IHRvIHN1Y2ggcmVjb3JkaW5ncy4gSWYgeW91IGRvIG5vdCBjb25zZW50IHRvIGJlaW5n IHJlY29yZGVkLCBkaXNjdXNzIHlvdXIgY29uY2VybnMgd2l0aCB0aGUgaG9zdCBvciBkbyBub3Qg am9pbiB0aGUgc2Vzc2lvbi48L0ZPTlQ+PC9GT05UPgpTVU1NQVJZOkNJUzE2IFNDSU0gSW50ZXJv cCBwbGFubmluZwpQUklPUklUWTo1CkNMQVNTOlBVQkxJQwpCRUdJTjpWQUxBUk0KVFJJR0dFUjot UFQ1TQpBQ1RJT046RElTUExBWQpERVNDUklQVElPTjpSZW1pbmRlcgpFTkQ6VkFMQVJNCkVORDpW RVZFTlQKRU5EOlZDQUxFTkRBUgo= --B_3543395454_39641428-- --_004_D333ED052789Emoransarciscocom_-- From nobody Wed Apr 13 12:44:42 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0242612D0F8 for ; Wed, 13 Apr 2016 12:44:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -15.517 X-Spam-Level: X-Spam-Status: No, score=-15.517 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F07kWk53IuTI for ; Wed, 13 Apr 2016 12:44:39 -0700 (PDT) Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6823312D1AA for ; Wed, 13 Apr 2016 12:44:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1687; q=dns/txt; s=iport; t=1460576679; x=1461786279; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=kiIpMsiyGHVe9xU5vpd+eMFtV9bndpK5cftpbaJPfuw=; b=kvJK6PPHJMYSv2kQ8Y7NujQZsUzVwqjqbCmn1E/OcJpwb3yReP3+7dw9 /Pd3/QGUqN30Sy6SJdu70wCfpPH4juyrtXw05aySmFfOTegabG+vqIrse KQfJOO6hCgkG0xFRqr3K9zeKdaGj3HaC+JWa+tqj8v8dNjLJUO3WDHAGE g=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AFAgBaoQ5X/5ldJa1egzdTbw4GukUBD?= =?us-ascii?q?YFxFwuFbAKBQTgUAQEBAQEBAWUnhEIBAQQBAQFrGwIBCBguJwslAgQBEogpDsM?= =?us-ascii?q?IAQEBAQEBAQEBAQEBAQEBAQEBFASGIYRLhA8RAYV0BYduhxSJBgGFdogWgWeET?= =?us-ascii?q?ohbjyYBHgEBQoNnbIhGNn4BAQE?= X-IronPort-AV: E=Sophos;i="5.24,481,1454976000"; d="scan'208";a="91474808" Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Apr 2016 19:44:38 +0000 Received: from XCH-ALN-003.cisco.com (xch-aln-003.cisco.com [173.36.7.13]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id u3DJiceM026960 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 13 Apr 2016 19:44:38 GMT Received: from xch-rcd-004.cisco.com (173.37.102.14) by XCH-ALN-003.cisco.com (173.36.7.13) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Wed, 13 Apr 2016 14:44:37 -0500 Received: from xch-rcd-004.cisco.com ([173.37.102.14]) by XCH-RCD-004.cisco.com ([173.37.102.14]) with mapi id 15.00.1104.009; Wed, 13 Apr 2016 14:44:37 -0500 From: "Morteza Ansari (moransar)" To: "Morteza Ansari (moransar)" , Leif Johansson , "scim@ietf.org" Thread-Topic: [scim] next steps for scim Thread-Index: AQHRkAkTHUNQlqAiikqOqs+rLD+H7J99HLWAgAsbhIA= Date: Wed, 13 Apr 2016 19:44:37 +0000 Message-ID: References: <5705103A.3080102@sunet.se> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.6.2.160219 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.24.98.68] Content-Type: text/plain; charset="Windows-1252" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [scim] next steps for scim X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Apr 2016 19:44:42 -0000 Any other extensions/drafts/=8A? Or thoughts about next steps for SCIM WG? Cheers, Morteza On 4/6/16, 11:07 AM, "scim on behalf of Morteza Ansari (moransar)" wrote: >SCIM Soft Delete=20 >https://tools.ietf.org/html/draft-ansari-scim-soft-delete-00 (though it is >not current, but I can easily resubmit it if that makes a difference). > > >Cheers, >Morteza > >On 4/6/16, 10:33 AM, "scim on behalf of Leif Johansson" > wrote: > >> >>Folks, >> >>We've done this a couple of times already ... this will be the >>last attempt to judge interest for next steps in the SCIM WG. >> >>We will now generate a definitive list of possible work for SCIM >>going forward *excluding* the ID events stuff that will probably >>spin up its own WG. >> >>Please respond to this email no later than EOB April 30 with a >>link to a current (non-expired) I-D describing work that would >>(in your opinion) fit in the SCIM WG. >> >>On May 1:st (or thereabouts) the WG will be asked to +1/-1 the >>proposed I-Ds in an attempt to judge interest in continuing work >>on them in the SCIM wg. >> >>If there is insufficient interest at this time we will close >>SCIM (the WG, not the list) while we wait for SCIMEXT to emerge >>from the ashes at some point in the future. >> >> Cheers Leif >> >>_______________________________________________ >>scim mailing list >>scim@ietf.org >>https://www.ietf.org/mailman/listinfo/scim > >_______________________________________________ >scim mailing list >scim@ietf.org >https://www.ietf.org/mailman/listinfo/scim From nobody Wed Apr 13 12:47:41 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AB7C12E1EE for ; Wed, 13 Apr 2016 12:47:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -15.516 X-Spam-Level: X-Spam-Status: No, score=-15.516 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 72L_9SFQZFrG for ; Wed, 13 Apr 2016 12:47:38 -0700 (PDT) Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 416CF12E14E for ; Wed, 13 Apr 2016 12:47:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=35106; q=dns/txt; s=iport; t=1460576858; x=1461786458; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=7XYpJvg1udvjKCCgj8IoFSLntppXDED4EN71HYkeVFI=; b=hSTfrKekqjWD+xnHDELLG+A3jh+TMQyXXOobOiBuoHytv3K8D/KQaHCU aUsEPHVowMPlhETcr12L4wetApT1vwr803LfbJMEloJDMOc0OUL8F7xkk GjpOVzl/1oHNQK2aIlBWeHO8kebDVNtb3yTpNl1dJ5Gn1YBo5L40n8orM w=; X-Files: WebEx_Meeting.ics : 4518 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CHAQDPoQ5X/5tdJa1EFwOCa0xTfQaEJ?= =?us-ascii?q?bEthHMOgXEXAQyFagKBQTgUAQEBAQEBAWUnhEEBAQECAgEBAWsLDgICAQgRAwE?= =?us-ascii?q?CFQQMAwcCGQwLFAkHAQIBAwENBQ4OiA0OLLU3jSUBAQEBAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQENCASGHYFqgmGEAS0nCgEMCQgJB4UIBZgIAYMjgWZthV+CN4FnFzeEAIh?= =?us-ascii?q?bjyYBDw8BQ4IEGX9LbAGIe34BAQE?= X-IronPort-AV: E=Sophos;i="5.24,481,1454976000"; d="ics'217?scan'217,208,217";a="261198038" Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Apr 2016 19:47:37 +0000 Received: from XCH-RCD-002.cisco.com (xch-rcd-002.cisco.com [173.37.102.12]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id u3DJlahM031491 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 13 Apr 2016 19:47:37 GMT Received: from xch-rcd-004.cisco.com (173.37.102.14) by XCH-RCD-002.cisco.com (173.37.102.12) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Wed, 13 Apr 2016 14:47:36 -0500 Received: from xch-rcd-004.cisco.com ([173.37.102.14]) by XCH-RCD-004.cisco.com ([173.37.102.14]) with mapi id 15.00.1104.009; Wed, 13 Apr 2016 14:47:36 -0500 From: "Morteza Ansari (moransar)" To: Shalini Gupta , Matthew Bahrenburg Thread-Topic: [scim] CIS Interop Thread-Index: AQHRk5hzXxHD8TQUnEuOgWJBJvzsv5+FS5YAgAI6ygCAAKuNAA== Date: Wed, 13 Apr 2016 19:47:36 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.6.2.160219 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.24.98.68] Content-Type: multipart/mixed; boundary="_004_D333EFCF278C2moransarciscocom_" MIME-Version: 1.0 Archived-At: Cc: "scim@ietf.org" Subject: Re: [scim] CIS Interop X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Apr 2016 19:47:40 -0000 --_004_D333EFCF278C2moransarciscocom_ Content-Type: multipart/alternative; boundary="_000_D333EFCF278C2moransarciscocom_" --_000_D333EFCF278C2moransarciscocom_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable This is the webex info for the biweekly meeting and I sent the one time mee= ting for tomorrow a few minutes ago. CIS16 SCIM Interop planning Every 2 weeks on Thursday, from Thursday, March 10, 2016, to no end date 11:00 am | Pacific Standard Time (San Francisco, GMT-08:00) | 1 hr Join WebEx meeting Meeting number: 345 510 827 Meeting password: scim Join from a video conferencing system or application Dial 345510827@go.webex.com Join by phone 1-877-668-4488 US Toll Free +1-415-655-0000 US Toll Access code: 345 510 827 Global call-in numbers | Toll-free calling restrictions Add this meeting to your calendar. (Cannot add from mobile devices.) Need help? Go to http://help.webex.com. IMPORTANT NOTICE: Please note that this WebEx service allows audio and othe= r information sent during the session to be recorded, which may be discover= able in a legal matter. By joining this session, you automatically consent = to such recordings. If you do not consent to being recorded, discuss your c= oncerns with the host or do not join the session. From: scim > on behalf = of Shalini Gupta > Date: Tuesday, April 12, 2016 at 7:33 PM To: Matthew Bahrenburg > Cc: "scim@ietf.org" > Subject: Re: [scim] CIS Interop Thanks Matt for looping me in. Sounds like a good plan. Looking forward to the interop and putting forth its learnings in CIS. On Mon, Apr 11, 2016 at 10:00 PM, Matthew Bahrenburg > wrote: Hi Shalini, I just shared the document we've been using for collaboration. Later this w= eek we'll be meeting to review and finalize the test plan for the interop, = with testing planned for May 1 - May 15. At the CIS session, we'll share the results then focus on evangelizing SCIM= and training the attendees. Morteza, are you scheduling the meeting for this week? Thanks, Matt On Sun, Apr 10, 2016 at 7:18 PM, Shalini Gupta > wrote: Hi Folks, Sorry about jumping in a little late into this. I was on a long vacation an= d came back this week. I would be interested in participating in the CIS interop. Could you please loop me in? Do we have a wiki or something for it? -- Regards, Shalini _______________________________________________ scim mailing list scim@ietf.org https://www.ietf.org/mailman/listinfo/scim -- Regards, Shalini --_000_D333EFCF278C2moransarciscocom_ Content-Type: text/html; charset="us-ascii" Content-ID: <7DEC622F8E364E47A754C7A1F8F4BB00@emea.cisco.com> Content-Transfer-Encoding: quoted-printable
This is the webex info for the biweekly meeting and I sent the one tim= e meeting for tomorrow a few minutes ago.

CIS16 SCIM Interop planning
Every 2 weeks on Thursday, from Thursday, March 10, 2016, to no end date&nb= sp;
11:00 am  |  Pacific Standard Time (San Francisco, GMT-= 08:00)  |  1 hr 
 
Join WebEx meeting
Meeting number:  345 510 827 
Meeting password: scim
Join from a video conferencing system or application
Dial 345510827@go.webex.com=
 
Join by phone
1-877-668-4488 US Toll Free
+1-415-655-0000 US Toll
Access code: 345 510 827
Global call-in numbers&nbs= p; |  Toll-free calling restrictions
 
Add this meeting to your calendar. (Cannot add from mobile de= vices.)
 
Need help? Go to http://help.webex.com=
 
IMPORTANT NOTICE: Please note that this WebEx service allows audio and othe= r information sent during the session to be recorded, which may be discover= able in a legal matter. By joining this session, you automatically consent = to such recordings. If you do not consent to being recorded, discuss your concerns with the host or do not j= oin the session.


Thanks Matt for looping me in. 
Sounds like a good plan.

Looking forward to the interop and putting forth its learnings in CIS.=


On Mon, Apr 11, 2016 at 10:00 PM, Matthew Bahren= burg <mbahren= burg@salesforce.com> wrote:
Hi Shalini,

I just shared the document we've been using for collaboration. Later t= his week we'll be meeting to review and finalize the test plan for the inte= rop, with testing planned for May 1 - May 15.

At the CIS session, we'll share the results then focus on evangel= izing SCIM and training the attendees.

Morteza, are you scheduling the meeti= ng for this week?

Thanks,
Matt

On Sun, Apr 10, 2016 at 7:18 PM, Shalini Gupta <<= a href=3D"mailto:shalinigupta@google.com" target=3D"_blank">shalinigupta@go= ogle.com> wrote:
Hi Folks,

Sorry about jumping in a little late into this. I was on a long vacati= on and came back this week.

I would be interested in participating in the CIS interop.
Could you please loop me in? Do we have a wiki or something for it?&nb= sp;

-- 
Regards,
Shalini

_______________________________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim





--
Regards,
Shalini
 --_000_D333EFCF278C2moransarciscocom_-- --_004_D333EFCF278C2moransarciscocom_ Content-Type: message/rfc822 Content-Disposition: attachment; creation-date="Wed, 13 Apr 2016 19:47:36 GMT"; modification-date="Wed, 13 Apr 2016 19:47:36 GMT" Content-ID: Received: from xch-rcd-005.cisco.com (173.37.102.15) by xch-rcd-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1104.5 via Mailbox Transport; Mon, 7 Mar 2016 15:51:34 -0600 Received: from xch-rcd-004.cisco.com (173.37.102.14) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Mon, 7 Mar 2016 15:51:34 -0600 Received: from alln-iport-3.cisco.com (173.37.142.90) by mail.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1104.5 via Frontend Transport; Mon, 7 Mar 2016 15:51:34 -0600 X-Files: WebEx_Meeting.ics : 4518 Received: from alln-core-3.cisco.com ([173.36.13.136]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 07 Mar 2016 21:51:33 +0000 Received: from alln-inbound-l.cisco.com (alln-inbound-l.cisco.com [173.37.147.242]) by alln-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id u27LpUcL009550 for ; Mon, 7 Mar 2016 21:51:33 GMT Authentication-Results: alln-inbound-l.cisco.com; dkim=none (message not signed) header.i=none; spf=Pass smtp.mailfrom=messenger@webex.com; spf=None smtp.helo=postmaster@sjmda13.webex.com Received-SPF: Pass (alln-inbound-l.cisco.com: domain of messenger@webex.com designates 64.68.124.151 as permitted sender) identity=mailfrom; client-ip=64.68.124.151; receiver=alln-inbound-l.cisco.com; envelope-from="messenger@webex.com"; x-sender="messenger@webex.com"; x-conformance=spf_only; x-record-type="v=spf1" Received-SPF: None (alln-inbound-l.cisco.com: no sender authenticity information available from domain of postmaster@sjmda13.webex.com) identity=helo; client-ip=64.68.124.151; receiver=alln-inbound-l.cisco.com; envelope-from="messenger@webex.com"; x-sender="postmaster@sjmda13.webex.com"; x-conformance=spf_only X-from-outside-Cisco: 64.68.124.151 X-Files: WebEx_Meeting.ics : 4518 IronPort-PHdr: =?us-ascii?q?9a23=3A050YZBNGgLVLw/EP6KYl6mtUPXoX/o7sNwtQ0KIM?= =?us-ascii?q?zox0KPz6rarrMEGX3/hxlliBBdydsKIbzbqP+Pm9ACRAuc/H6y9SNsQUFlcsso?= =?us-ascii?q?Y/oU8JOIa9E0r1LfrnPWQRPf9pcxtbxUy9KlVfA83kZlff8TWY5D8WHQjjZ0Iu?= =?us-ascii?q?frymUt2as8Pi0ueo8pvIah9gjzumarQ0JxKz/j/crs0HvYw3L6Erwx3Sq2FgcO?= =?us-ascii?q?VNzmQuLlWWzDjm4cLl2Zl57ylCsroI8dVJS6SyK6E1VqdVCjsrKUgq6cfmpV/I?= =?us-ascii?q?Sg7ZtShUaXkfjhcdW1uN1xr9RJqk6iY=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0E5AAAX991Wlpd8REBCFwMZAQEBAQ8BA?= =?us-ascii?q?QEBBgEBAQGCNIEebYQmtAeCEw6BJ0IjhWwegRQ4FAEBAQEBAQEBAg4BAQEBCQs?= =?us-ascii?q?JCSEvgi0KOAYEMgEBAQEBAQEBAQEBAQEBAQEBARcCPRMBAR4RARNkBw4FHAMED?= =?us-ascii?q?AYCBBk7BBYRiBMFCSyfIo51AQFmhQuBFoh9AQEBAQEFAQEBAQEBAQEQCASHdxO?= =?us-ascii?q?DfQGBIlZMLScLAwkaBQKCMoE6BZcqgxKBZWyFU4QaFjWDeYMZhTqOCksPDwGCR?= =?us-ascii?q?hEIfUtqAYk8AQEB?= X-IPAS-Result: =?us-ascii?q?A0E5AAAX991Wlpd8REBCFwMZAQEBAQ8BAQEBBgEBAQGCNIE?= =?us-ascii?q?ebYQmtAeCEw6BJ0IjhWwegRQ4FAEBAQEBAQEBAg4BAQEBCQsJCSEvgi0KOAYEM?= =?us-ascii?q?gEBAQEBAQEBAQEBAQEBAQEBARcCPRMBAR4RARNkBw4FHAMEDAYCBBk7BBYRiBM?= =?us-ascii?q?FCSyfIo51AQFmhQuBFoh9AQEBAQEFAQEBAQEBAQEQCASHdxODfQGBIlZMLScLA?= =?us-ascii?q?wkaBQKCMoE6BZcqgxKBZWyFU4QaFjWDeYMZhTqOCksPDwGCRhEIfUtqAYk8AQE?= =?us-ascii?q?B?= X-IronPort-AV: E=Sophos;i="5.22,553,1449532800"; d="ics'217?scan'217,208,217";a="195885101" X-Amp-Result: Clean X-Amp-Original-Verdict: file unknown X-Amp-File-Uploaded: False X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from unknown (HELO sjmda13.webex.com) ([64.68.124.151]) by alln-inbound-l.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 07 Mar 2016 21:51:32 +0000 Received: from jbts1tc102.webex.com (sjc02-wxp00-lbace03-core-vl120-np10b-6.webex.com [64.68.121.241]) by sjmda13.webex.com (Postfix) with ESMTP id C8B98C2BFC for ; Mon, 7 Mar 2016 21:51:31 +0000 (GMT) Received: from jbts1tc102.webex.com (localhost [127.0.0.1]) by jbts1tc102.webex.com (Postfix) with ESMTP id C6C22200F8 for ; Mon, 7 Mar 2016 21:51:31 +0000 (GMT) Date: Mon, 7 Mar 2016 21:51:31 +0000 From: Morteza Ansari Reply-To: To: Message-ID: <1443435171.404.1457387491812.JavaMail.nobody@jbts1tc102.webex.com> Subject: (Forward to others) WebEx meeting invitation: CIS16 SCIM Interop planning Return-Path: messenger@webex.com X-MS-Exchange-Organization-AuthSource: XCH-RCD-004.cisco.com X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 10 X-MS-Exchange-Organization-Network-Message-Id: 9717381c-6de8-4171-8b0b-08d346d2a69e X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0 X-MS-Exchange-Organization-SCL: -1 Content-Type: multipart/mixed; boundary="B_3543396392_39739830" MIME-Version: 1.0 --B_3543396392_39739830 Content-Type: multipart/alternative; boundary="B_3543396392_39742209" --B_3543396392_39742209 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit You can forward this invitation to others. Hello, Morteza Ansari invites you to join this WebEx meeting. CIS16 SCIM Interop planning Every 2 weeks on Thursday, from Thursday, March 10, 2016, to no end date 11:00 am | Pacific Standard Time (San Francisco, GMT-08:00) | 1 hr Join WebEx meeting Meeting number: 345 510 827 Meeting password: scim Join from a video conferencing system or application Dial 345510827@go.webex.com < sip:345510827@go.webex.com> Join by phone 1-877-668-4488 US Toll Free +1-415-655-0000 US Toll Access code: 345 510 827 Global call-in numbers | Toll-free calling restrictions Add this meeting to your calendar. (Cannot add from mobile devices.) Need help? Go to http://help.webex.com. IMPORTANT NOTICE: Please note that this WebEx service allows audio and other information sent during the session to be recorded, which may be discoverable in a legal matter. By joining this session, you automatically consent to such recordings. If you do not consent to being recorded, discuss your concerns with the host or do not join the session. --B_3543396392_39742209 Content-Type: text/html; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable
You can forward this invitation to o= thers.
Hello,
Morteza Ansari invites you to join this WebEx meeting.
 
CIS16 SCIM Interop planning<= /b>
Every 2 weeks on Thursday, from Thursday, March 10, 2016, to no end dat= e
11:00 am  |  Pacific Standard Time (San Francisco, = GMT-08:00)  |  1 hr
 
Join WebEx meeting
Meeting number: 345 510 827
Meeting password: scim
Join from a video conferencing system or ap= plication
Dial 345510827@go.webex.com
 
Join by phone
1-877-668-4488 US Toll Free
+1-415-655-0000 US Toll
Access code: 345 510 827
Global call-in numbers  |  Toll-free calling restrictions
 
Add this meeting to your calendar. (Cannot add = from mobile devices.)
 
Need help?= Go to http://help.webex.com.
 
IMPORTANT NOTICE: Please note = that this WebEx service allows audio and other information sent during the = session to be recorded, which may be discoverable in a legal matter. By joi= ning this session, you automatically consent to such recordings. If you do not consent to being recorded, discu= ss your concerns with the host or do not join the session.
--B_3543396392_39742209-- --B_3543396392_39739830 Content-Type: application/octet-stream; name="WebEx_Meeting.ics" Content-ID: Content-Disposition: attachment; filename="WebEx_Meeting.ics" Content-Transfer-Encoding: base64 QkVHSU46VkNBTEVOREFSClBST0RJRDotLy9NaWNyb3NvZnQgQ29ycG9yYXRpb24vL091dGxvb2sg MTAuMCBNSU1FRElSLy9FTgpWRVJTSU9OOjIuMApNRVRIT0Q6UkVRVUVTVApCRUdJTjpWVElNRVpP TkUKVFpJRDpQYWNpZmljIFRpbWUKQkVHSU46U1RBTkRBUkQKRFRTVEFSVDoyMDE0MTEwMVQwMjAw MDAKUlJVTEU6RlJFUT1ZRUFSTFk7SU5URVJWQUw9MTtCWURBWT0xU1U7QllNT05USD0xMQpUWk9G RlNFVEZST006LTA3MDAKVFpPRkZTRVRUTzotMDgwMApUWk5BTUU6U3RhbmRhcmQgVGltZQpFTkQ6 U1RBTkRBUkQKQkVHSU46REFZTElHSFQKRFRTVEFSVDoyMDE0MDMwMVQwMjAwMDAKUlJVTEU6RlJF UT1ZRUFSTFk7SU5URVJWQUw9MTtCWURBWT0yU1U7QllNT05USD0zClRaT0ZGU0VURlJPTTotMDgw MApUWk9GRlNFVFRPOi0wNzAwClRaTkFNRTpEYXlsaWdodCBTYXZpbmdzIFRpbWUKRU5EOkRBWUxJ R0hUCkVORDpWVElNRVpPTkUKQkVHSU46VkVWRU5UCkNMQVNTOlBVQkxJQwpERVNDUklQVElPTjpc blxuXG5KT0lOIFdFQkVYIE1FRVRJTkdcbmh0dHBzOi8vZ28ud2ViZXguY29tL2dvL2oucGhwP01U SUQ9bTM4NDExMjFmNDVhZTk4M2NlMDlmNDg2OWU4ZDcwMDEyXG5NZWV0aW5nIG51bWJlcjogMzQ1 IDUxMCA4Mjdcbk1lZXRpbmcgcGFzc3dvcmQ6IHNjaW1cblxuXG5KT0lOIEZST00gQSBWSURFTyBD T05GRVJFTkNJTkcgU1lTVEVNIE9SIEFQUExJQ0FUSU9OXG5EaWFsIHNpcDozNDU1MTA4MjdAZ28u d2ViZXguY29tXG5cblxuSk9JTiBCWSBQSE9ORVxuMS04NzctNjY4LTQ0ODggVVMgVG9sbCBGcmVl IFxuKzEtNDE1LTY1NS0wMDAwIFVTIFRvbGxcbkFjY2VzcyBjb2RlOiAzNDUgNTEwIDgyN1xuXG5H bG9iYWwgY2FsbC1pbiBudW1iZXJzOlxuaHR0cHM6Ly9nby53ZWJleC5jb20vZ28vZ2xvYmFsY2Fs bGluLnBocD9zZXJ2aWNlVHlwZT1NQyZFRD0xODE3NjA5ODcmdG9sbEZyZWU9MVxuXG5Ub2xsLWZy ZWUgZGlhbGluZyByZXN0cmljdGlvbnM6IFxuaHR0cHM6Ly93d3cud2ViZXguY29tL3BkZi90b2xs ZnJlZV9yZXN0cmljdGlvbnMucGRmXG5cblxuXG5DYW4ndCBqb2luIHRoZSBtZWV0aW5nPyBDb250 YWN0IHN1cHBvcnQgaGVyZTpcbmh0dHBzOi8vZ28ud2ViZXguY29tL2dvL21jXG5cblxuSU1QT1JU QU5UIE5PVElDRTogUGxlYXNlIG5vdGUgdGhhdCB0aGlzIFdlYkV4IHNlcnZpY2UgYWxsb3dzIGF1 ZGlvIGFuZCBvdGhlciBpbmZvcm1hdGlvbiBzZW50IGR1cmluZyB0aGUgc2Vzc2lvbiB0byBiZSBy ZWNvcmRlZCwgd2hpY2ggbWF5IGJlIGRpc2NvdmVyYWJsZSBpbiBhIGxlZ2FsIG1hdHRlci4gQnkg am9pbmluZyB0aGlzIHNlc3Npb24sIHlvdSBhdXRvbWF0aWNhbGx5IGNvbnNlbnQgdG8gc3VjaCBy ZWNvcmRpbmdzLiBJZiB5b3UgZG8gbm90IGNvbnNlbnQgdG8gYmVpbmcgcmVjb3JkZWQsIGRpc2N1 c3MgeW91ciBjb25jZXJucyB3aXRoIHRoZSBob3N0IG9yIGRvIG5vdCBqb2luIHRoZSBzZXNzaW9u LlxuClgtQUxULURFU0M7Rk1UVFlQRT10ZXh0L2h0bWw6CTxGT05UIFNJWkU9IjEiIEZBQ0U9IkFS SUFMIj4mbmJzcDs8QlI+IDxGT05UIFNJWkU9IjQiIEZBQ0U9IkFSSUFMIj4JCTxhCQkJCQlocmVm PSJodHRwczovL2dvLndlYmV4LmNvbS9nby9qLnBocD9NVElEPW0zODQxMTIxZjQ1YWU5ODNjZTA5 ZjQ4NjllOGQ3MDAxMiI+PEZPTlQgU0laRT0iMyIgQ09MT1I9IiMwMEFGRjkiIEZBQ0U9IkFyaWFs Ij5Kb2luIFdlYkV4IG1lZXRpbmc8L0ZPTlQ+PC9hPgkJCTx0YWJsZT4JCQkJPHRyPgkJCQkJPHRk PgkJCQkJCTxGT05UIFNJWkU9IjIiIENPTE9SPSIjNjY2NjY2IiBGQUNFPSJhcmlhbCI+TWVldGlu ZyBudW1iZXI6PC9GT05UPgkJCQkJPC90ZD4JCQkJCTx0ZD4JCQkJCQk8Rk9OVCBTSVpFPSIyIiBD T0xPUj0iIzY2NjY2NiIgRkFDRT0iYXJpYWwiPjM0NSA1MTAgODI3PC9GT05UPgkJCQkJPC90ZD4J CQkJPC90cj4JCQk8L3RhYmxlPgkJCTx0YWJsZT48dHI+PHRkPjxGT05UIFNJWkU9IjIiIENPTE9S PSIjNjY2NjY2IiBGQUNFPSJhcmlhbCI+TWVldGluZyBwYXNzd29yZDo8L0ZPTlQ+PC90ZD48dGQ+ PEZPTlQgU0laRT0iMiIgIENPTE9SPSIjNjY2NjY2IiBGQUNFPSJhcmlhbCI+c2NpbTwvRk9OVD48 L3RkPjwvdHI+PC90YWJsZT4JCTwvRk9OVD48Rk9OVCBTSVpFPSIxIiBGQUNFPSJBUklBTCI+Jm5i c3A7PEJSPiZuYnNwOzxCUj48L0ZPTlQ+PEZPTlQgU0laRT0iNCIgRkFDRT0iQVJJQUwiPjxGT05U IFNJWkU9IjMiIENPTE9SPSIjNjY2NjY2IiBGQUNFPSJhcmlhbCI+Sm9pbiBmcm9tIGEgdmlkZW8g Y29uZmVyZW5jaW5nIHN5c3RlbSBvciBhcHBsaWNhdGlvbjwvRk9OVD48QlI+PEZPTlQgU0laRT0i MiIgQ09MT1I9IiM2NjY2NjYiIEZBQ0U9ImFyaWFsIj5EaWFsPC9GT05UPiA8YSBocmVmPSJzaXA6 MzQ1NTEwODI3QGdvLndlYmV4LmNvbSI+PEZPTlQgU0laRT0iMiIgQ09MT1I9IiMwMEFGRjkiIEZB Q0U9ImFyaWFsIj4zNDU1MTA4MjdAZ28ud2ViZXguY29tPC9GT05UPjwvYT4mbmJzcDsgPEJSPjwv Rk9OVD4mbmJzcDsgPEJSPiZuYnNwOyA8QlI+PEZPTlQgU0laRT0iNCIgRkFDRT0iQVJJQUwiPjxG T05UIFNJWkU9IjMiIENPTE9SPSIjNjY2NjY2IiBGQUNFPSJhcmlhbCI+Sm9pbiBieSBwaG9uZTwv Rk9OVD4mbmJzcDsgPEJSPjxGT05UIFNJWkU9IjIiIENPTE9SPSIjNjY2NjY2IiBGQUNFPSJhcmlh bCI+PHN0cm9uZz4xLTg3Ny02NjgtNDQ4ODwvc3Ryb25nPiZuYnNwO1VTIFRvbGwgRnJlZTwvRk9O VD4mbmJzcDsgPEJSPjxGT05UIFNJWkU9IjIiIENPTE9SPSIjNjY2NjY2IiBGQUNFPSJhcmlhbCI+ PHN0cm9uZz4rMS00MTUtNjU1LTAwMDA8L3N0cm9uZz4mbmJzcDtVUyBUb2xsPC9GT05UPiZuYnNw OyA8QlI+PEZPTlQgU0laRT0iMiIgQ09MT1I9IiM2NjY2NjYiIEZBQ0U9ImFyaWFsIj5BY2Nlc3Mg Y29kZTogMzQ1IDUxMCA4Mjc8L0ZPTlQ+Jm5ic3A7IDxCUj48YSBocmVmPSJodHRwczovL2dvLndl YmV4LmNvbS9nby9nbG9iYWxjYWxsaW4ucGhwP3NlcnZpY2VUeXBlPU1DJkVEPTE4MTc2MDk4NyZ0 b2xsRnJlZT0xIj48Rk9OVCBTSVpFPSIxIiBDT0xPUj0iIzAwQUZGOSIgRkFDRT0iYXJpYWwiPkds b2JhbCBjYWxsLWluIG51bWJlcnM8L0ZPTlQ+PC9hPjxGT05UIFNJWkU9IjEiIEZBQ0U9IkFSSUFM Ij4mbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7PC9GT05UPjxhIGhyZWY9Imh0dHBzOi8vd3d3Lndl YmV4LmNvbS9wZGYvdG9sbGZyZWVfcmVzdHJpY3Rpb25zLnBkZiI+PEZPTlQgU0laRT0iMSIgQ09M T1I9IiMwMEFGRjkiIEZBQ0U9ImFyaWFsIj5Ub2xsLWZyZWUgY2FsbGluZyByZXN0cmljdGlvbnM8 L0ZPTlQ+PC9hPiAmbmJzcDsgPEJSPjwvRk9OVD48QlI+PEJSPgkmbmJzcDs8QlI+CTxGT05UIFNJ WkU9IjEiIENPTE9SPSIjNjY2NjY2IiBGQUNFPSJhcmlhbCI+CQkJCUNhbid0IGpvaW4gdGhlIG1l ZXRpbmc/PC9GT05UPgk8YSBocmVmPSJodHRwczovL2dvLndlYmV4LmNvbS9nby9tYyI+CTxGT05U IFNJWkU9IjEiIENPTE9SPSIjMDBBRkY5IiBGQUNFPSJBcmlhbCI+Q29udGFjdCBzdXBwb3J0Ljwv Rk9OVD48L2E+CSZuYnNwOzxCUj4mbmJzcDs8QlI+PEZPTlQgQ09MT1I9IiNBMEEwQTAiIHNpemU9 IjEiIEZBQ0U9ImFyaWFsIj5JTVBPUlRBTlQgTk9USUNFOiBQbGVhc2Ugbm90ZSB0aGF0IHRoaXMg V2ViRXggc2VydmljZSBhbGxvd3MgYXVkaW8gYW5kIG90aGVyIGluZm9ybWF0aW9uIHNlbnQgZHVy aW5nIHRoZSBzZXNzaW9uIHRvIGJlIHJlY29yZGVkLCB3aGljaCBtYXkgYmUgZGlzY292ZXJhYmxl IGluIGEgbGVnYWwgbWF0dGVyLiBCeSBqb2luaW5nIHRoaXMgc2Vzc2lvbiwgeW91IGF1dG9tYXRp Y2FsbHkgY29uc2VudCB0byBzdWNoIHJlY29yZGluZ3MuIElmIHlvdSBkbyBub3QgY29uc2VudCB0 byBiZWluZyByZWNvcmRlZCwgZGlzY3VzcyB5b3VyIGNvbmNlcm5zIHdpdGggdGhlIGhvc3Qgb3Ig ZG8gbm90IGpvaW4gdGhlIHNlc3Npb24uPC9GT05UPjwvRk9OVD4KQVRURU5ERUU7Q049Ik1vcnRl emEgQW5zYXJpIjtST0xFPVJFUS1QQVJUSUNJUEFOVDtSU1ZQPVRSVUU6TUFJTFRPOm1vcmFuc2Fy QGNpc2NvLmNvbQpEVFNUQU1QOjIwMTYwMzEwVDE5MDAwMFoKVUlEOmM0ZmI0OWM4LWQ4NzUtNGI4 Yy05NGY3LTRjZWVjYmMyODllYwpQUklPUklUWTo1CkRUU1RBUlQ7VFpJRD0iUGFjaWZpYyBUaW1l IjoyMDE2MDMxMFQxMTAwMDAKRFRFTkQ7VFpJRD0iUGFjaWZpYyBUaW1lIjoyMDE2MDMxMFQxMjAw MDAKUlJVTEU6RlJFUT1XRUVLTFk7SU5URVJWQUw9MjtCWURBWT1USApTRVFVRU5DRToxNDU3Mzg3 NDkxClNVTU1BUlk6Q0lTMTYgU0NJTSBJbnRlcm9wIHBsYW5uaW5nClRSQU5TUDpPUEFRVUUKT1JH QU5JWkVSO0NOPSJNb3J0ZXphIEFuc2FyaSI6TUFJTFRPOm1vcmFuc2FyQGNpc2NvLmNvbQpMT0NB VElPTjpodHRwczovL2dvLndlYmV4LmNvbS9nbwpCRUdJTjpWQUxBUk0KVFJJR0dFUjotUFQxNU0K QUNUSU9OOkRJU1BMQVkKREVTQ1JJUFRJT046UmVtaW5kZXIKRU5EOlZBTEFSTQpFTkQ6VkVWRU5U CkVORDpWQ0FMRU5EQVIK --B_3543396392_39739830-- --_004_D333EFCF278C2moransarciscocom_-- From nobody Wed Apr 13 13:07:02 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B63EC12E2B5 for ; Wed, 13 Apr 2016 13:07:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.198 X-Spam-Level: X-Spam-Status: No, score=-5.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oTG4PD4pFeqZ for ; Wed, 13 Apr 2016 13:06:59 -0700 (PDT) Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2E4612E209 for ; Wed, 13 Apr 2016 13:06:58 -0700 (PDT) Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u3DK6vL6020406 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 13 Apr 2016 20:06:58 GMT Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by userv0021.oracle.com (8.13.8/8.13.8) with ESMTP id u3DK6vw5006935 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 13 Apr 2016 20:06:57 GMT Received: from abhmp0016.oracle.com (abhmp0016.oracle.com [141.146.116.22]) by userv0121.oracle.com (8.13.8/8.13.8) with ESMTP id u3DK6uqR002034; Wed, 13 Apr 2016 20:06:57 GMT Received: from [10.0.1.3] (/24.86.216.17) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 13 Apr 2016 13:06:56 -0700 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) From: "Phil Hunt (IDM)" X-Mailer: iPhone Mail (13E238) In-Reply-To: <1200429876.6668152.1460573725189.JavaMail.zimbra@psu.edu> Date: Wed, 13 Apr 2016 13:06:54 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: <1200429876.6668152.1460573725189.JavaMail.zimbra@psu.edu> To: Steve Moyer X-Source-IP: userv0021.oracle.com [156.151.31.71] Archived-At: Cc: scim@ietf.org Subject: Re: [scim] SCIM compliance X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Apr 2016 20:07:00 -0000 I would think you would want to use the core user resource and then extend i= t as we did with eduperson in ldap.=20 Phil > On Apr 13, 2016, at 11:55, Steve Moyer wrote: >=20 > All, >=20 > We've been working on a first-principles rewrite of our SCIM 2.0 system (b= ased on a pre-ratified version of the specification) but we've also been pro= moting SCIM for its intended use in the higher-ed community. >=20 > Recently there's been a discussion about what it really means to be "compl= iant". I'm taking the hard-line view that without inter-operability, there'= s not really a point in being technically compatible. The TIER group within= the Internet2 is talking about creating TierUser and TierGroup ResourceType= s and using those instead of the core User and Group ResourceType. >=20 > Technically, the specification allows *any* resource type to be added (per= section 3.2 of the Schema specification) and while it implies the core User= and core Group are required (using the word "provided") the specification d= oesn't technically say a service MUST provide those end-points. >=20 > I've attached a document with the two favorite TIER proposals and my view i= s that neither of them are compliant. Proposal two *could* be inter-operabl= e if the persisted TIER user object was exposed via both the TierUsers and U= sers endpoints. This violates a principle of REST (a resource has a unique U= RL) though. I should also note that the use of query parameters, headers an= d HTTP status codes proposed by TIER are also "interesting". >=20 > What are this group's opinions? >=20 > Thanks, >=20 > Steve >=20 > =E2=80=9CAll the easy stuff=E2=80=99s been done=E2=80=A6. We=E2=80=99ve go= t the wheel, fire, the TV clicker=E2=80=94what else do you need?=E2=80=9D - D= ean Kamen > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim From nobody Wed Apr 13 13:29:00 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FFB412D8F8 for ; Wed, 13 Apr 2016 13:28:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.892 X-Spam-Level: X-Spam-Status: No, score=-1.892 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=penno365.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rboxfHHoFq4U for ; Wed, 13 Apr 2016 13:28:54 -0700 (PDT) Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0243.outbound.protection.outlook.com [207.46.163.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9DA012D5B8 for ; Wed, 13 Apr 2016 13:28:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=PennO365.onmicrosoft.com; s=selector1-isc-upenn-edu; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=nQgSWn1E5SXVFfrUZLje095ZBHIGXLnJ7VoqXBICHzM=; b=legBk1UnIIwldnphPLmRUQ+yYHNJiRo6mLWK22B0JAv8CU5XucskADOG5/kzhxymfOikeGANUXj2K77ypobhKQss5TOBrgaQ+dAC/q7a47+Gh+Vu+tKaSvvLWQlKN5844hovj/2fT5d5ScdLmd1bAWlHWQDSVn14Lp7420IxWN8= Received: from BY1PR10MB0456.namprd10.prod.outlook.com (10.162.145.153) by BY1PR10MB0454.namprd10.prod.outlook.com (10.162.145.151) with Microsoft SMTP Server (TLS) id 15.1.453.26; Wed, 13 Apr 2016 20:28:53 +0000 Received: from BY1PR10MB0456.namprd10.prod.outlook.com ([10.162.145.153]) by BY1PR10MB0456.namprd10.prod.outlook.com ([10.162.145.153]) with mapi id 15.01.0453.029; Wed, 13 Apr 2016 20:28:53 +0000 From: "Hyzer, Chris" To: "Phil Hunt (IDM)" , Steve Moyer Thread-Topic: [scim] SCIM compliance Thread-Index: ZlZcCtOjBpn6u9fVCDJUmQXiul5ivfZzamUAgAAGInA= Date: Wed, 13 Apr 2016 20:28:53 +0000 Message-ID: References: <1200429876.6668152.1460573725189.JavaMail.zimbra@psu.edu> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: oracle.com; dkim=none (message not signed) header.d=none;oracle.com; dmarc=none action=none header.from=isc.upenn.edu; x-originating-ip: [130.91.219.176] x-ms-office365-filtering-correlation-id: 137e35ce-439c-457b-828f-08d363da3b2c x-microsoft-exchange-diagnostics: 1; BY1PR10MB0454; 5:PGaj0yE/TheO3FQYkefsIHw+wKBMsaEIqzlsxj0a1A9b2s+MuP+HOrcRyiPrhZV6zVc5IbH1P/hU7DZas6rHRGcJENvrhGPdIyFqlCp3P1UA7IWFSJv7SXJVrOnkUME6UDH3XGPNbH20Oeu6lMDvPg==; 24:ovHddZODkWMgD1b6G+YEukU/V6Ayqzx0lYcKwEjLTFVzN94boDiLtYdeyiE2l/lU7HY+8+7W3/2fGC0dATd1VN7E543A2dmBgVSlh7ODiBY= x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY1PR10MB0454; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046); SRVR:BY1PR10MB0454; BCL:0; PCL:0; RULEID:; SRVR:BY1PR10MB0454; x-forefront-prvs: 0911D5CE78 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(24454002)(13464003)(377454003)(1740400002)(19300405004)(81166005)(88552002)(11100500001)(74316001)(102836003)(9686002)(33656002)(122556002)(92566002)(16236675004)(50986999)(76176999)(19625215002)(561944003)(4326007)(2906002)(75432002)(87936001)(6116002)(790700001)(5002640100001)(3846002)(89122001)(66066001)(5003600100002)(19617315012)(1096002)(1220700001)(586003)(164054004)(54356999)(2950100001)(2900100001)(5004730100002)(189998001)(99286002)(10400500002)(5890100001)(15975445007)(86362001)(76576001)(19580395003)(19580405001)(5001770100001)(2171001)(5008740100001)(77096005); DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR10MB0454; H:BY1PR10MB0456.namprd10.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; spamdiagnosticoutput: 1:23 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_BY1PR10MB0456B5C218DF36BECCFD9151E5960BY1PR10MB0456namp_" MIME-Version: 1.0 X-OriginatorOrg: isc.upenn.edu X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Apr 2016 20:28:53.5227 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 6c4d949d-b91c-4c45-9aae-66d76443110d X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR10MB0454 Archived-At: Cc: "scim@ietf.org" Subject: Re: [scim] SCIM compliance X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Apr 2016 20:28:57 -0000 --_000_BY1PR10MB0456B5C218DF36BECCFD9151E5960BY1PR10MB0456namp_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Q2FuIHlvdSBleHRlbmQgYXR0cmlidXRlcyBpbnNpZGUgdGhlIHJlcHJlc2VudGF0aW9uPyAgVGhp cyBpcyBub3QgYSByZWFsIGV4YW1wbGUsIGp1c3QgYSBoeXBvdGhldGljYWwuDQoNCg0KDQppLmUu IGlmIHRoaXMgaXMgdGhlIFNDSU0gcmVwcmVzZW50YXRpb246DQoNCg0KDQp7DQoNCiAgInNjaGVt YXMiOg0KDQogICAgWyJ1cm46aWV0ZjpwYXJhbXM6c2NpbTpzY2hlbWFzOmNvcmU6Mi4wOlVzZXIi LA0KDQogICAgICAidXJuOmlldGY6cGFyYW1zOnNjaW06c2NoZW1hczpleHRlbnNpb246ZW50ZXJw cmlzZToyLjA6VXNlciJdLA0KDQogICJpZCI6ICIyODE5YzIyMy03Zjc2LTQ1M2EtOTE5ZC00MTM4 NjE5MDQ2NDYiLA0KDQogICJleHRlcm5hbElkIjogIjcwMTk4NCIsDQoNCiAgInVzZXJOYW1lIjog ImJqZW5zZW5AZXhhbXBsZS5jb20iLA0KDQogICJlbWFpbHMiOiBbDQoNCiAgICB7DQoNCiAgICAg ICJ2YWx1ZSI6ICJiamVuc2VuQGV4YW1wbGUuY29tIiwNCg0KICAgICAgInR5cGUiOiAid29yayIs DQoNCiAgICAgICJwcmltYXJ5IjogdHJ1ZQ0KDQogICAgfSwNCg0KICAgIHsNCg0KICAgICAgInZh bHVlIjogImJhYnNAamVuc2VuLm9yZyIsDQoNCiAgICAgICJ0eXBlIjogImhvbWUiDQoNCiAgICB9 DQoNCiAgXSwNCg0KICAibWV0YSI6IHsNCg0KICAgICJyZXNvdXJjZVR5cGUiOiAiVXNlciIsDQoN CiAgICAiY3JlYXRlZCI6ICIyMDEwLTAxLTIzVDA0OjU2OjIyWiIsDQoNCiAgICAibGFzdE1vZGlm aWVkIjogIjIwMTEtMDUtMTNUMDQ6NDI6MzRaIiwNCg0KICAgICJ2ZXJzaW9uIjogIldcL1wiMzY5 NGUwNWU5ZGZmNTkxXCIiLA0KDQogICAgImxvY2F0aW9uIjoNCg0KImh0dHBzOi8vZXhhbXBsZS5j b20vdjIvVXNlcnMvMjgxOWMyMjMtN2Y3Ni00NTNhLTkxOWQtNDEzODYxOTA0NjQ2Ig0KDQogIH0N Cg0KfQ0KDQoNCg0KQW5kIHdlIHdhbnRlZCB0byBhZGQgYW4gYXR0cmlidXRlIHRvIGVtYWlscywg d2Ugd291bGQgd2FudCBpdCB0byBsb29rIGxpa2UgdGhpcy4gIEJ1dCB5b3UgY2FudCBhZGQgYXR0 cmlidXRlcyB0aHJvdWdob3V0IHRoZSBvYmplY3QgbW9kZWwgcmlnaHQ/ICBTbyBpZiB3ZSBhZGQg YXR0cmlidXRlcyB0byBNZXRhLCB3ZSBuZWVkIG91ciBvd24gTWV0YSBvYmplY3QuICBJZiB3ZSBh ZGQgYXR0cmlidXRlcyB0byBHcm91cCwgd2Ugd291bGRu4oCZdCBzZWUgdGhvc2UgaW4gdGhlIGdy b3VwcyBhdHRyaWJ1dGUgb2YgdGhlIFVzZXI/ICBUaGUgZXh0ZW5zaW9ucyBzZWVtIHVzYWJsZSBp ZiB5b3UgYXJlIGFkZGluZyB0b3AgbGV2ZWwgYXR0cmlidXRlcyB0byB0aGUgcmV0dXJuZWQgcmVz b3VyY2UsIG5vdCBpZiB5b3UgYXJlIGFkZGluZyBhdHRyaWJ1dGVzIHRvIG5lc3RlZCBvYmplY3Rz Li4uDQoNCg0KDQp7DQoNCiAgInNjaGVtYXMiOg0KDQogICAgWyJ1cm46aWV0ZjpwYXJhbXM6c2Np bTpzY2hlbWFzOmNvcmU6Mi4wOlVzZXIiLA0KDQogICAgICAidXJuOmlldGY6cGFyYW1zOnNjaW06 c2NoZW1hczpleHRlbnNpb246ZW50ZXJwcmlzZToyLjA6VXNlciJdLA0KDQogICJpZCI6ICIyODE5 YzIyMy03Zjc2LTQ1M2EtOTE5ZC00MTM4NjE5MDQ2NDYiLA0KDQogICJleHRlcm5hbElkIjogIjcw MTk4NCIsDQoNCiAgInVzZXJOYW1lIjogImJqZW5zZW5AZXhhbXBsZS5jb20iLA0KDQogICJlbWFp bHMiOiBbDQoNCiAgICB7DQoNCiAgICAgICJ2YWx1ZSI6ICJiamVuc2VuQGV4YW1wbGUuY29tIiwN Cg0KICAgICAgInR5cGUiOiAid29yayIsDQoNCiAgICAgICJwcmltYXJ5IjogdHJ1ZSwNCg0KICAg ICAgInVybjppZXRmOnBhcmFtczpzY2ltOnNjaGVtYXM6ZXh0ZW5zaW9uOmVudGVycHJpc2U6Mi4w OlVzZXI6dmlld1R5cGUiOiAicHVibGljIg0KDQogICAgfSwNCg0KICAgIHsNCg0KICAgICAgInZh bHVlIjogImJhYnNAamVuc2VuLm9yZyIsDQoNCiAgICAgICJ0eXBlIjogImhvbWUiLA0KDQogICAg ICAidXJuOmlldGY6cGFyYW1zOnNjaW06c2NoZW1hczpleHRlbnNpb246ZW50ZXJwcmlzZToyLjA6 VXNlcjp2aWV3VHlwZSI6ICJhdXRoZW50aWNhdGVkIg0KDQogICAgfQ0KDQogIF0sDQoNCiAgIm1l dGEiOiB7DQoNCiAgICAicmVzb3VyY2VUeXBlIjogIlVzZXIiLA0KDQogICAgImNyZWF0ZWQiOiAi MjAxMC0wMS0yM1QwNDo1NjoyMloiLA0KDQogICAgImxhc3RNb2RpZmllZCI6ICIyMDExLTA1LTEz VDA0OjQyOjM0WiIsDQoNCiAgICAidmVyc2lvbiI6ICJXXC9cIjM2OTRlMDVlOWRmZjU5MVwiIiwN Cg0KICAgICJsb2NhdGlvbiI6DQoNCiJodHRwczovL2V4YW1wbGUuY29tL3YyL1VzZXJzLzI4MTlj MjIzLTdmNzYtNDUzYS05MTlkLTQxMzg2MTkwNDY0NiINCg0KICB9DQoNCn0NCg0KDQoNCg0KDQot LS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJvbTogc2NpbSBbbWFpbHRvOnNjaW0tYm91bmNl c0BpZXRmLm9yZ10gT24gQmVoYWxmIE9mIFBoaWwgSHVudCAoSURNKQ0KU2VudDogV2VkbmVzZGF5 LCBBcHJpbCAxMywgMjAxNiA0OjA3IFBNDQpUbzogU3RldmUgTW95ZXIgPHNtb3llckBwc3UuZWR1 Pg0KQ2M6IHNjaW1AaWV0Zi5vcmcNClN1YmplY3Q6IFJlOiBbc2NpbV0gU0NJTSBjb21wbGlhbmNl DQoNCg0KDQpJIHdvdWxkIHRoaW5rIHlvdSB3b3VsZCB3YW50IHRvIHVzZSB0aGUgY29yZSB1c2Vy IHJlc291cmNlIGFuZCB0aGVuIGV4dGVuZCBpdCBhcyB3ZSBkaWQgd2l0aCBlZHVwZXJzb24gaW4g bGRhcC4NCg0KDQoNClBoaWwNCg0KDQoNCj4gT24gQXByIDEzLCAyMDE2LCBhdCAxMTo1NSwgU3Rl dmUgTW95ZXIgPHNtb3llckBwc3UuZWR1PG1haWx0bzpzbW95ZXJAcHN1LmVkdT4+IHdyb3RlOg0K DQo+DQoNCj4gQWxsLA0KDQo+DQoNCj4gV2UndmUgYmVlbiB3b3JraW5nIG9uIGEgZmlyc3QtcHJp bmNpcGxlcyByZXdyaXRlIG9mIG91ciBTQ0lNIDIuMCBzeXN0ZW0gKGJhc2VkIG9uIGEgcHJlLXJh dGlmaWVkIHZlcnNpb24gb2YgdGhlIHNwZWNpZmljYXRpb24pIGJ1dCB3ZSd2ZSBhbHNvIGJlZW4g cHJvbW90aW5nIFNDSU0gZm9yIGl0cyBpbnRlbmRlZCB1c2UgaW4gdGhlIGhpZ2hlci1lZCBjb21t dW5pdHkuDQoNCj4NCg0KPiBSZWNlbnRseSB0aGVyZSdzIGJlZW4gYSBkaXNjdXNzaW9uIGFib3V0 IHdoYXQgaXQgcmVhbGx5IG1lYW5zIHRvIGJlICJjb21wbGlhbnQiLiAgSSdtIHRha2luZyB0aGUg aGFyZC1saW5lIHZpZXcgdGhhdCB3aXRob3V0IGludGVyLW9wZXJhYmlsaXR5LCB0aGVyZSdzIG5v dCByZWFsbHkgYSBwb2ludCBpbiBiZWluZyB0ZWNobmljYWxseSBjb21wYXRpYmxlLiAgVGhlIFRJ RVIgZ3JvdXAgd2l0aGluIHRoZSBJbnRlcm5ldDIgaXMgdGFsa2luZyBhYm91dCBjcmVhdGluZyBU aWVyVXNlciBhbmQgVGllckdyb3VwIFJlc291cmNlVHlwZXMgYW5kIHVzaW5nIHRob3NlIGluc3Rl YWQgb2YgdGhlIGNvcmUgVXNlciBhbmQgR3JvdXAgUmVzb3VyY2VUeXBlLg0KDQo+DQoNCj4gVGVj aG5pY2FsbHksIHRoZSBzcGVjaWZpY2F0aW9uIGFsbG93cyAqYW55KiByZXNvdXJjZSB0eXBlIHRv IGJlIGFkZGVkIChwZXIgc2VjdGlvbiAzLjIgb2YgdGhlIFNjaGVtYSBzcGVjaWZpY2F0aW9uKSBh bmQgd2hpbGUgaXQgaW1wbGllcyB0aGUgY29yZSBVc2VyIGFuZCBjb3JlIEdyb3VwIGFyZSByZXF1 aXJlZCAodXNpbmcgdGhlIHdvcmQgInByb3ZpZGVkIikgdGhlIHNwZWNpZmljYXRpb24gZG9lc24n dCB0ZWNobmljYWxseSBzYXkgYSBzZXJ2aWNlIE1VU1QgcHJvdmlkZSB0aG9zZSBlbmQtcG9pbnRz Lg0KDQo+DQoNCj4gSSd2ZSBhdHRhY2hlZCBhIGRvY3VtZW50IHdpdGggdGhlIHR3byBmYXZvcml0 ZSBUSUVSIHByb3Bvc2FscyBhbmQgbXkgdmlldyBpcyB0aGF0IG5laXRoZXIgb2YgdGhlbSBhcmUg Y29tcGxpYW50LiAgUHJvcG9zYWwgdHdvICpjb3VsZCogYmUgaW50ZXItb3BlcmFibGUgaWYgdGhl IHBlcnNpc3RlZCBUSUVSIHVzZXIgb2JqZWN0IHdhcyBleHBvc2VkIHZpYSBib3RoIHRoZSBUaWVy VXNlcnMgYW5kIFVzZXJzIGVuZHBvaW50cy4gIFRoaXMgdmlvbGF0ZXMgYSBwcmluY2lwbGUgb2Yg UkVTVCAoYSByZXNvdXJjZSBoYXMgYSB1bmlxdWUgVVJMKSB0aG91Z2guICBJIHNob3VsZCBhbHNv IG5vdGUgdGhhdCB0aGUgdXNlIG9mIHF1ZXJ5IHBhcmFtZXRlcnMsIGhlYWRlcnMgYW5kIEhUVFAg c3RhdHVzIGNvZGVzIHByb3Bvc2VkIGJ5IFRJRVIgYXJlIGFsc28gImludGVyZXN0aW5nIi4NCg0K Pg0KDQo+IFdoYXQgYXJlIHRoaXMgZ3JvdXAncyBvcGluaW9ucz8NCg0KPg0KDQo+IFRoYW5rcywN Cg0KPg0KDQo+IFN0ZXZlDQoNCj4NCg0KPiDigJxBbGwgdGhlIGVhc3kgc3R1ZmbigJlzIGJlZW4g ZG9uZeKApi4gV2XigJl2ZSBnb3QgdGhlIHdoZWVsLCBmaXJlLCB0aGUgVFYgY2xpY2tlcuKAlHdo YXQgZWxzZSBkbyB5b3UgbmVlZD/igJ0gLSBEZWFuIEthbWVuDQoNCj4gPERTQVdHLUFsdGVybmF0 aXZlUHJvcG9zYWxzb250aGVSZWxhdGlvbnNoaXBCZXR3ZWVuVElFUmFuZFNDSU1BUElzYW5kU2No ZW1hLTEzMDQxNi0xODQ1LTIxNDQucGRmPg0KDQo+IF9fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fDQoNCj4gc2NpbSBtYWlsaW5nIGxpc3QNCg0KPiBzY2ltQGll dGYub3JnPG1haWx0bzpzY2ltQGlldGYub3JnPg0KDQo+IGh0dHBzOi8vd3d3LmlldGYub3JnL21h aWxtYW4vbGlzdGluZm8vc2NpbQ0KDQoNCg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX18NCg0Kc2NpbSBtYWlsaW5nIGxpc3QNCg0Kc2NpbUBpZXRmLm9yZzxt YWlsdG86c2NpbUBpZXRmLm9yZz4NCg0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0 aW5mby9zY2ltDQo= --_000_BY1PR10MB0456B5C218DF36BECCFD9151E5960BY1PR10MB0456namp_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ Zm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQph OmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xv cjojMDU2M0MxOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFu Lk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjoj OTU0RjcyOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcC5Nc29QbGFpblRleHQsIGxp Lk1zb1BsYWluVGV4dCwgZGl2Lk1zb1BsYWluVGV4dA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7 DQoJbXNvLXN0eWxlLWxpbms6IlBsYWluIFRleHQgQ2hhciI7DQoJbWFyZ2luOjBpbjsNCgltYXJn aW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2Fs aWJyaSIsc2Fucy1zZXJpZjt9DQpzcGFuLlBsYWluVGV4dENoYXINCgl7bXNvLXN0eWxlLW5hbWU6 IlBsYWluIFRleHQgQ2hhciI7DQoJbXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCW1zby1zdHlsZS1s aW5rOiJQbGFpbiBUZXh0IjsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQou TXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LWZhbWls eToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo4LjVp biAxMS4waW47DQoJbWFyZ2luOjEuMGluIDEuMGluIDEuMGluIDEuMGluO30NCmRpdi5Xb3JkU2Vj dGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28g OV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+ DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5 b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9v OnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4t VVMiIGxpbms9IiMwNTYzQzEiIHZsaW5rPSIjOTU0RjcyIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0 aW9uMSI+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij5DYW4geW91IGV4dGVuZCBhdHRyaWJ1dGVz IGluc2lkZSB0aGUgcmVwcmVzZW50YXRpb24/Jm5ic3A7IFRoaXMgaXMgbm90IGEgcmVhbCBleGFt cGxlLCBqdXN0IGEgaHlwb3RoZXRpY2FsLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij5p LmUuIGlmIHRoaXMgaXMgdGhlIFNDSU0gcmVwcmVzZW50YXRpb246PG86cD48L286cD48L3A+DQo8 cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29QbGFpblRleHQiPns8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPiZu YnNwOyAmcXVvdDtzY2hlbWFzJnF1b3Q7OjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7IFsmcXVvdDt1cm46aWV0ZjpwYXJhbXM6c2NpbTpz Y2hlbWFzOmNvcmU6Mi4wOlVzZXImcXVvdDssPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNv UGxhaW5UZXh0Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgJnF1b3Q7dXJuOmlldGY6 cGFyYW1zOnNjaW06c2NoZW1hczpleHRlbnNpb246ZW50ZXJwcmlzZToyLjA6VXNlciZxdW90O10s PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4mbmJzcDsgJnF1b3Q7aWQm cXVvdDs6ICZxdW90OzI4MTljMjIzLTdmNzYtNDUzYS05MTlkLTQxMzg2MTkwNDY0NiZxdW90Oyw8 bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPiZuYnNwOyAmcXVvdDtleHRl cm5hbElkJnF1b3Q7OiAmcXVvdDs3MDE5ODQmcXVvdDssPG86cD48L286cD48L3A+DQo8cCBjbGFz cz0iTXNvUGxhaW5UZXh0Ij4mbmJzcDsgJnF1b3Q7dXNlck5hbWUmcXVvdDs6ICZxdW90O2JqZW5z ZW5AZXhhbXBsZS5jb20mcXVvdDssPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5U ZXh0Ij4mbmJzcDsgJnF1b3Q7ZW1haWxzJnF1b3Q7OiBbPG86cD48L286cD48L3A+DQo8cCBjbGFz cz0iTXNvUGxhaW5UZXh0Ij4mbmJzcDsmbmJzcDsmbmJzcDsgezxvOnA+PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb1BsYWluVGV4dCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICZxdW90 O3ZhbHVlJnF1b3Q7OiAmcXVvdDtiamVuc2VuQGV4YW1wbGUuY29tJnF1b3Q7LDxvOnA+PC9vOnA+ PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7ICZxdW90O3R5cGUmcXVvdDs6ICZxdW90O3dvcmsmcXVvdDssPG86cD48L286cD48L3A+DQo8 cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgJnF1 b3Q7cHJpbWFyeSZxdW90OzogdHJ1ZTxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWlu VGV4dCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7IH0sPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNv UGxhaW5UZXh0Ij4mbmJzcDsmbmJzcDsmbmJzcDsgezxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9 Ik1zb1BsYWluVGV4dCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICZxdW90O3ZhbHVl JnF1b3Q7OiAmcXVvdDtiYWJzQGplbnNlbi5vcmcmcXVvdDssPG86cD48L286cD48L3A+DQo8cCBj bGFzcz0iTXNvUGxhaW5UZXh0Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgJnF1b3Q7 dHlwZSZxdW90OzogJnF1b3Q7aG9tZSZxdW90OzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1z b1BsYWluVGV4dCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7IH08bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNz PSJNc29QbGFpblRleHQiPiZuYnNwOyBdLDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCI+Jm5ic3A7ICZxdW90O21ldGEmcXVvdDs6IHs8bzpwPjwvbzpwPjwvcD4NCjxwIGNs YXNzPSJNc29QbGFpblRleHQiPiZuYnNwOyZuYnNwOyZuYnNwOyAmcXVvdDtyZXNvdXJjZVR5cGUm cXVvdDs6ICZxdW90O1VzZXImcXVvdDssPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxh aW5UZXh0Ij4mbmJzcDsmbmJzcDsmbmJzcDsgJnF1b3Q7Y3JlYXRlZCZxdW90OzogJnF1b3Q7MjAx MC0wMS0yM1QwNDo1NjoyMlomcXVvdDssPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxh aW5UZXh0Ij4mbmJzcDsmbmJzcDsmbmJzcDsgJnF1b3Q7bGFzdE1vZGlmaWVkJnF1b3Q7OiAmcXVv dDsyMDExLTA1LTEzVDA0OjQyOjM0WiZxdW90Oyw8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29QbGFpblRleHQiPiZuYnNwOyZuYnNwOyZuYnNwOyAmcXVvdDt2ZXJzaW9uJnF1b3Q7OiAmcXVv dDtXXC9cJnF1b3Q7MzY5NGUwNWU5ZGZmNTkxXCZxdW90OyZxdW90Oyw8bzpwPjwvbzpwPjwvcD4N CjxwIGNsYXNzPSJNc29QbGFpblRleHQiPiZuYnNwOyZuYnNwOyZuYnNwOyAmcXVvdDtsb2NhdGlv biZxdW90Ozo8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPiZxdW90O2h0 dHBzOi8vZXhhbXBsZS5jb20vdjIvVXNlcnMvMjgxOWMyMjMtN2Y3Ni00NTNhLTkxOWQtNDEzODYx OTA0NjQ2JnF1b3Q7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4mbmJz cDsgfTxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+fTxvOnA+PC9vOnA+ PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBj bGFzcz0iTXNvUGxhaW5UZXh0Ij5BbmQgd2Ugd2FudGVkIHRvIGFkZCBhbiBhdHRyaWJ1dGUgdG8g ZW1haWxzLCB3ZSB3b3VsZCB3YW50IGl0IHRvIGxvb2sgbGlrZSB0aGlzLiZuYnNwOyBCdXQgeW91 IGNhbnQgYWRkIGF0dHJpYnV0ZXMgdGhyb3VnaG91dCB0aGUgb2JqZWN0IG1vZGVsIHJpZ2h0PyZu YnNwOyBTbyBpZiB3ZSBhZGQgYXR0cmlidXRlcyB0byBNZXRhLCB3ZSBuZWVkIG91ciBvd24gTWV0 YSBvYmplY3QuJm5ic3A7IElmIHdlIGFkZCBhdHRyaWJ1dGVzIHRvDQogR3JvdXAsIHdlIHdvdWxk buKAmXQgc2VlIHRob3NlIGluIHRoZSBncm91cHMgYXR0cmlidXRlIG9mIHRoZSBVc2VyPyZuYnNw OyBUaGUgZXh0ZW5zaW9ucyBzZWVtIHVzYWJsZSBpZiB5b3UgYXJlIGFkZGluZyB0b3AgbGV2ZWwg YXR0cmlidXRlcyB0byB0aGUgcmV0dXJuZWQgcmVzb3VyY2UsIG5vdCBpZiB5b3UgYXJlIGFkZGlu ZyBhdHRyaWJ1dGVzIHRvIG5lc3RlZCBvYmplY3RzLi4uPG86cD48L286cD48L3A+DQo8cCBjbGFz cz0iTXNvUGxhaW5UZXh0Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFp blRleHQiPns8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPiZuYnNwOyAm cXVvdDtzY2hlbWFzJnF1b3Q7OjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4 dCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7IFsmcXVvdDt1cm46aWV0ZjpwYXJhbXM6c2NpbTpzY2hlbWFz OmNvcmU6Mi4wOlVzZXImcXVvdDssPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5U ZXh0Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgJnF1b3Q7dXJuOmlldGY6cGFyYW1z OnNjaW06c2NoZW1hczpleHRlbnNpb246ZW50ZXJwcmlzZToyLjA6VXNlciZxdW90O10sPG86cD48 L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4mbmJzcDsgJnF1b3Q7aWQmcXVvdDs6 ICZxdW90OzI4MTljMjIzLTdmNzYtNDUzYS05MTlkLTQxMzg2MTkwNDY0NiZxdW90Oyw8bzpwPjwv bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPiZuYnNwOyAmcXVvdDtleHRlcm5hbElk JnF1b3Q7OiAmcXVvdDs3MDE5ODQmcXVvdDssPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNv UGxhaW5UZXh0Ij4mbmJzcDsgJnF1b3Q7dXNlck5hbWUmcXVvdDs6ICZxdW90O2JqZW5zZW5AZXhh bXBsZS5jb20mcXVvdDssPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4m bmJzcDsgJnF1b3Q7ZW1haWxzJnF1b3Q7OiBbPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNv UGxhaW5UZXh0Ij4mbmJzcDsmbmJzcDsmbmJzcDsgezxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9 Ik1zb1BsYWluVGV4dCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICZxdW90O3ZhbHVl JnF1b3Q7OiAmcXVvdDtiamVuc2VuQGV4YW1wbGUuY29tJnF1b3Q7LDxvOnA+PC9vOnA+PC9wPg0K PHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICZx dW90O3R5cGUmcXVvdDs6ICZxdW90O3dvcmsmcXVvdDssPG86cD48L286cD48L3A+DQo8cCBjbGFz cz0iTXNvUGxhaW5UZXh0Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgJnF1b3Q7cHJp bWFyeSZxdW90OzogdHJ1ZSw8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQi PiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyA8c3BhbiBzdHlsZT0iYmFja2dyb3VuZDp5 ZWxsb3c7bXNvLWhpZ2hsaWdodDp5ZWxsb3ciPg0KJnF1b3Q7dXJuOmlldGY6cGFyYW1zOnNjaW06 c2NoZW1hczpleHRlbnNpb246ZW50ZXJwcmlzZToyLjA6VXNlcjp2aWV3VHlwZSZxdW90OzogJnF1 b3Q7cHVibGljJnF1b3Q7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWlu VGV4dCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7IH0sPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNv UGxhaW5UZXh0Ij4mbmJzcDsmbmJzcDsmbmJzcDsgezxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9 Ik1zb1BsYWluVGV4dCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICZxdW90O3ZhbHVl JnF1b3Q7OiAmcXVvdDtiYWJzQGplbnNlbi5vcmcmcXVvdDssPG86cD48L286cD48L3A+DQo8cCBj bGFzcz0iTXNvUGxhaW5UZXh0Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgJnF1b3Q7 dHlwZSZxdW90OzogJnF1b3Q7aG9tZSZxdW90Oyw8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29QbGFpblRleHQiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyA8c3BhbiBzdHlsZT0i YmFja2dyb3VuZDp5ZWxsb3c7bXNvLWhpZ2hsaWdodDp5ZWxsb3ciPg0KJnF1b3Q7dXJuOmlldGY6 cGFyYW1zOnNjaW06c2NoZW1hczpleHRlbnNpb246ZW50ZXJwcmlzZToyLjA6VXNlcjp2aWV3VHlw ZSZxdW90OzogJnF1b3Q7YXV0aGVudGljYXRlZCZxdW90Ozwvc3Bhbj48bzpwPjwvbzpwPjwvcD4N CjxwIGNsYXNzPSJNc29QbGFpblRleHQiPiZuYnNwOyZuYnNwOyZuYnNwOyB9PG86cD48L286cD48 L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4mbmJzcDsgXSw8bzpwPjwvbzpwPjwvcD4NCjxw IGNsYXNzPSJNc29QbGFpblRleHQiPiZuYnNwOyAmcXVvdDttZXRhJnF1b3Q7OiB7PG86cD48L286 cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4mbmJzcDsmbmJzcDsmbmJzcDsgJnF1b3Q7 cmVzb3VyY2VUeXBlJnF1b3Q7OiAmcXVvdDtVc2VyJnF1b3Q7LDxvOnA+PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb1BsYWluVGV4dCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7ICZxdW90O2NyZWF0ZWQmcXVv dDs6ICZxdW90OzIwMTAtMDEtMjNUMDQ6NTY6MjJaJnF1b3Q7LDxvOnA+PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb1BsYWluVGV4dCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7ICZxdW90O2xhc3RNb2RpZmll ZCZxdW90OzogJnF1b3Q7MjAxMS0wNS0xM1QwNDo0MjozNFomcXVvdDssPG86cD48L286cD48L3A+ DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4mbmJzcDsmbmJzcDsmbmJzcDsgJnF1b3Q7dmVyc2lv biZxdW90OzogJnF1b3Q7V1wvXCZxdW90OzM2OTRlMDVlOWRmZjU5MVwmcXVvdDsmcXVvdDssPG86 cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4mbmJzcDsmbmJzcDsmbmJzcDsg JnF1b3Q7bG9jYXRpb24mcXVvdDs6PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5U ZXh0Ij4mcXVvdDtodHRwczovL2V4YW1wbGUuY29tL3YyL1VzZXJzLzI4MTljMjIzLTdmNzYtNDUz YS05MTlkLTQxMzg2MTkwNDY0NiZxdW90OzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCI+Jm5ic3A7IH08bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQi Pn08bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxvOnA+Jm5ic3A7PC9v OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8 cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4tLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLTxicj4NCkZy b206IHNjaW0gW21haWx0bzpzY2ltLWJvdW5jZXNAaWV0Zi5vcmddIE9uIEJlaGFsZiBPZiBQaGls IEh1bnQgKElETSk8YnI+DQpTZW50OiBXZWRuZXNkYXksIEFwcmlsIDEzLCAyMDE2IDQ6MDcgUE08 YnI+DQpUbzogU3RldmUgTW95ZXIgJmx0O3Ntb3llckBwc3UuZWR1Jmd0Ozxicj4NCkNjOiBzY2lt QGlldGYub3JnPGJyPg0KU3ViamVjdDogUmU6IFtzY2ltXSBTQ0lNIGNvbXBsaWFuY2U8L3A+DQo8 cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29QbGFpblRleHQiPkkgd291bGQgdGhpbmsgeW91IHdvdWxkIHdhbnQgdG8gdXNlIHRoZSBjb3Jl IHVzZXIgcmVzb3VyY2UgYW5kIHRoZW4gZXh0ZW5kIGl0IGFzIHdlIGRpZCB3aXRoIGVkdXBlcnNv biBpbiBsZGFwLg0KPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48bzpw PiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPlBoaWw8bzpwPjwvbzpw PjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb1BsYWluVGV4dCI+Jmd0OyBPbiBBcHIgMTMsIDIwMTYsIGF0IDExOjU1LCBTdGV2 ZSBNb3llciAmbHQ7PGEgaHJlZj0ibWFpbHRvOnNtb3llckBwc3UuZWR1Ij48c3BhbiBzdHlsZT0i Y29sb3I6d2luZG93dGV4dDt0ZXh0LWRlY29yYXRpb246bm9uZSI+c21veWVyQHBzdS5lZHU8L3Nw YW4+PC9hPiZndDsgd3JvdGU6PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0 Ij4mZ3Q7IDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+Jmd0OyBBbGws PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4mZ3Q7IDxvOnA+PC9vOnA+ PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+Jmd0OyBXZSd2ZSBiZWVuIHdvcmtpbmcgb24g YSBmaXJzdC1wcmluY2lwbGVzIHJld3JpdGUgb2Ygb3VyIFNDSU0gMi4wIHN5c3RlbSAoYmFzZWQg b24gYSBwcmUtcmF0aWZpZWQgdmVyc2lvbiBvZiB0aGUgc3BlY2lmaWNhdGlvbikgYnV0IHdlJ3Zl IGFsc28gYmVlbiBwcm9tb3RpbmcgU0NJTSBmb3IgaXRzIGludGVuZGVkIHVzZSBpbiB0aGUgaGln aGVyLWVkIGNvbW11bml0eS48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQi PiZndDsgPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4mZ3Q7IFJlY2Vu dGx5IHRoZXJlJ3MgYmVlbiBhIGRpc2N1c3Npb24gYWJvdXQgd2hhdCBpdCByZWFsbHkgbWVhbnMg dG8gYmUgJnF1b3Q7Y29tcGxpYW50JnF1b3Q7LiZuYnNwOyBJJ20gdGFraW5nIHRoZSBoYXJkLWxp bmUgdmlldyB0aGF0IHdpdGhvdXQgaW50ZXItb3BlcmFiaWxpdHksIHRoZXJlJ3Mgbm90IHJlYWxs eSBhIHBvaW50IGluIGJlaW5nIHRlY2huaWNhbGx5IGNvbXBhdGlibGUuJm5ic3A7IFRoZSBUSUVS IGdyb3VwIHdpdGhpbiB0aGUNCiBJbnRlcm5ldDIgaXMgdGFsa2luZyBhYm91dCBjcmVhdGluZyBU aWVyVXNlciBhbmQgVGllckdyb3VwIFJlc291cmNlVHlwZXMgYW5kIHVzaW5nIHRob3NlIGluc3Rl YWQgb2YgdGhlIGNvcmUgVXNlciBhbmQgR3JvdXAgUmVzb3VyY2VUeXBlLjxvOnA+PC9vOnA+PC9w Pg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+Jmd0OyA8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNz PSJNc29QbGFpblRleHQiPiZndDsgVGVjaG5pY2FsbHksIHRoZSBzcGVjaWZpY2F0aW9uIGFsbG93 cyAqYW55KiByZXNvdXJjZSB0eXBlIHRvIGJlIGFkZGVkIChwZXIgc2VjdGlvbiAzLjIgb2YgdGhl IFNjaGVtYSBzcGVjaWZpY2F0aW9uKSBhbmQgd2hpbGUgaXQgaW1wbGllcyB0aGUgY29yZSBVc2Vy IGFuZCBjb3JlIEdyb3VwIGFyZSByZXF1aXJlZCAodXNpbmcgdGhlIHdvcmQgJnF1b3Q7cHJvdmlk ZWQmcXVvdDspIHRoZSBzcGVjaWZpY2F0aW9uIGRvZXNuJ3QNCiB0ZWNobmljYWxseSBzYXkgYSBz ZXJ2aWNlIE1VU1QgcHJvdmlkZSB0aG9zZSBlbmQtcG9pbnRzLjxvOnA+PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb1BsYWluVGV4dCI+Jmd0OyA8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Q bGFpblRleHQiPiZndDsgSSd2ZSBhdHRhY2hlZCBhIGRvY3VtZW50IHdpdGggdGhlIHR3byBmYXZv cml0ZSBUSUVSIHByb3Bvc2FscyBhbmQgbXkgdmlldyBpcyB0aGF0IG5laXRoZXIgb2YgdGhlbSBh cmUgY29tcGxpYW50LiZuYnNwOyBQcm9wb3NhbCB0d28gKmNvdWxkKiBiZSBpbnRlci1vcGVyYWJs ZSBpZiB0aGUgcGVyc2lzdGVkIFRJRVIgdXNlciBvYmplY3Qgd2FzIGV4cG9zZWQgdmlhIGJvdGgg dGhlIFRpZXJVc2VycyBhbmQgVXNlcnMNCiBlbmRwb2ludHMuJm5ic3A7IFRoaXMgdmlvbGF0ZXMg YSBwcmluY2lwbGUgb2YgUkVTVCAoYSByZXNvdXJjZSBoYXMgYSB1bmlxdWUgVVJMKSB0aG91Z2gu Jm5ic3A7IEkgc2hvdWxkIGFsc28gbm90ZSB0aGF0IHRoZSB1c2Ugb2YgcXVlcnkgcGFyYW1ldGVy cywgaGVhZGVycyBhbmQgSFRUUCBzdGF0dXMgY29kZXMgcHJvcG9zZWQgYnkgVElFUiBhcmUgYWxz byAmcXVvdDtpbnRlcmVzdGluZyZxdW90Oy48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Q bGFpblRleHQiPiZndDsgPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4m Z3Q7IFdoYXQgYXJlIHRoaXMgZ3JvdXAncyBvcGluaW9ucz88bzpwPjwvbzpwPjwvcD4NCjxwIGNs YXNzPSJNc29QbGFpblRleHQiPiZndDsgPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxh aW5UZXh0Ij4mZ3Q7IFRoYW5rcyw8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl eHQiPiZndDsgPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4mZ3Q7IFN0 ZXZlPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4mZ3Q7IDxvOnA+PC9v OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+Jmd0OyDigJxBbGwgdGhlIGVhc3kgc3R1 ZmbigJlzIGJlZW4gZG9uZeKApi4gV2XigJl2ZSBnb3QgdGhlIHdoZWVsLCBmaXJlLCB0aGUgVFYg Y2xpY2tlcuKAlHdoYXQgZWxzZSBkbyB5b3UgbmVlZD/igJ0gLSBEZWFuIEthbWVuPG86cD48L286 cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4mZ3Q7ICZsdDtEU0FXRy1BbHRlcm5hdGl2 ZVByb3Bvc2Fsc29udGhlUmVsYXRpb25zaGlwQmV0d2VlblRJRVJhbmRTQ0lNQVBJc2FuZFNjaGVt YS0xMzA0MTYtMTg0NS0yMTQ0LnBkZiZndDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Q bGFpblRleHQiPiZndDsgX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX188bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPiZndDsgc2NpbSBt YWlsaW5nIGxpc3Q8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPiZndDsg PGEgaHJlZj0ibWFpbHRvOnNjaW1AaWV0Zi5vcmciPjxzcGFuIHN0eWxlPSJjb2xvcjp3aW5kb3d0 ZXh0O3RleHQtZGVjb3JhdGlvbjpub25lIj5zY2ltQGlldGYub3JnPC9zcGFuPjwvYT48bzpwPjwv bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPiZndDsgPGEgaHJlZj0iaHR0cHM6Ly93 d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zY2ltIj48c3BhbiBzdHlsZT0iY29sb3I6d2lu ZG93dGV4dDt0ZXh0LWRlY29yYXRpb246bm9uZSI+aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1h bi9saXN0aW5mby9zY2ltPC9zcGFuPjwvYT48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Q bGFpblRleHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+ X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX188bzpwPjwvbzpw PjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPnNjaW0gbWFpbGluZyBsaXN0PG86cD48L286 cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48YSBocmVmPSJtYWlsdG86c2NpbUBpZXRm Lm9yZyI+PHNwYW4gc3R5bGU9ImNvbG9yOndpbmRvd3RleHQ7dGV4dC1kZWNvcmF0aW9uOm5vbmUi PnNjaW1AaWV0Zi5vcmc8L3NwYW4+PC9hPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCI+PGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9z Y2ltIj48c3BhbiBzdHlsZT0iY29sb3I6d2luZG93dGV4dDt0ZXh0LWRlY29yYXRpb246bm9uZSI+ aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zY2ltPC9zcGFuPjwvYT48bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_BY1PR10MB0456B5C218DF36BECCFD9151E5960BY1PR10MB0456namp_-- From Mark.Wahl@microsoft.com Wed Apr 13 13:12:34 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 198AE12E156 for ; Wed, 13 Apr 2016 13:12:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.003 X-Spam-Level: X-Spam-Status: No, score=-2.003 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nigappOF3WW1 for ; Wed, 13 Apr 2016 13:12:32 -0700 (PDT) Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0120.outbound.protection.outlook.com [207.46.100.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B500812E1E3 for ; Wed, 13 Apr 2016 13:12:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=cZ+UfkjAoizX3+iAMMIQiogRhET4/VPuW7Y64WoX+wg=; b=fzqB7oNEePP62+lswG+X2bKBpgSRxTV09q+no5WdiLXFoSQLfkvEV1RFFdUIVHRRVHf6qUrTX1dj45k6Md2n/iM9bP1GA4pgRra7U90OPdDbtjT6qhXeAoAYsjCG1u8X10OteyRKKr3uZGRrabB0Rrvsz1J8Etp7Z7LSArcFrdQ= Received: from CY1PR0301MB0729.namprd03.prod.outlook.com (10.160.159.147) by CY1PR0301MB0729.namprd03.prod.outlook.com (10.160.159.147) with Microsoft SMTP Server (TLS) id 15.1.447.15; Wed, 13 Apr 2016 20:12:29 +0000 Received: from CY1PR0301MB0729.namprd03.prod.outlook.com ([10.160.159.147]) by CY1PR0301MB0729.namprd03.prod.outlook.com ([10.160.159.147]) with mapi id 15.01.0447.029; Wed, 13 Apr 2016 20:12:29 +0000 From: Mark Wahl To: "Morteza Ansari (moransar)" , Leif Johansson Thread-Topic: [scim] next steps for scim Thread-Index: AQHRlb2wa6kZIqF/A0WPnxwewyPt7J+IVSqA Date: Wed, 13 Apr 2016 20:12:29 +0000 Message-ID: References: <5705103A.3080102@sunet.se> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: cisco.com; dkim=none (message not signed) header.d=none;cisco.com; dmarc=none action=none header.from=microsoft.com; x-originating-ip: [70.112.199.129] x-ms-office365-filtering-correlation-id: c9b90853-fc53-4af4-9051-08d363d7f068 x-microsoft-exchange-diagnostics: 1; CY1PR0301MB0729; 5:SrGtdu4Wbgs2m/OdrNKZxSc5ygW9BejAXUEUWxHRd1KOUFETik+P2twAFiawG7rbq57CFUXNWAe6eml/lw0X5P7iK0bkXdncFfQLur4mvv3xVK+0iCyasCU15faeGNafhXDCBYxzjA3Jwut969v0lQ==; 24:fP7mIIVJvHGLHbBmUpdfawnJhePXLbaaG6FgPAQYxhAkyWebppjy/jZfPo1ICGDaNYjiXTDIP63c8hItg5GvdtSfnS2El3R4mfq1PwD6nBM= x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR0301MB0729; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(95692535739014); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(61426038)(61427038); SRVR:CY1PR0301MB0729; BCL:0; PCL:0; RULEID:; SRVR:CY1PR0301MB0729; x-forefront-prvs: 0911D5CE78 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(13464003)(377454003)(24454002)(5004730100002)(86362001)(5001770100001)(54356999)(76176999)(10090500001)(189998001)(66066001)(2906002)(9686002)(5002640100001)(92566002)(74316001)(86612001)(50986999)(5003600100002)(76576001)(77096005)(15975445007)(87936001)(99286002)(122556002)(2900100001)(5005710100001)(10400500002)(106116001)(1220700001)(10290500002)(1096002)(11100500001)(4326007)(102836003)(5008740100001)(19580395003)(3846002)(81166005)(19580405001)(2950100001)(6116002)(33656002)(586003); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR0301MB0729; H:CY1PR0301MB0729.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; spamdiagnosticoutput: 1:23 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Apr 2016 20:12:29.0312 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0301MB0729 Archived-At: X-Mailman-Approved-At: Wed, 13 Apr 2016 14:34:05 -0700 Cc: "scim@ietf.org" Subject: Re: [scim] next steps for scim X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Apr 2016 20:13:21 -0000 Extensions for use by polling clients? https://datatracker.ietf.org/doc/dra= ft-mcmurtry-scim-polling/=20 Profiles for SCIM alongside OpenID Connect? E.g., https://tools.ietf.org/i= d/draft-wahl-scim-jit-profile-02.txt=20 Mark Wahl Microsoft Corporation -----Original Message----- From: Morteza Ansari (moransar) [mailto:moransar@cisco.com]=20 Sent: Wednesday, April 13, 2016 12:45 PM To: Morteza Ansari (moransar) ; Leif Johansson ; scim@ietf.org Subject: Re: [scim] next steps for scim Any other extensions/drafts/=A9? Or thoughts about next steps for SCIM WG? Cheers, Morteza On 4/6/16, 11:07 AM, "scim on behalf of Morteza Ansari (moransar)" wrote: >SCIM Soft Delete >https://tools.ietf.org/html/draft-ansari-scim-soft-delete-00 (though it=20 >is not current, but I can easily resubmit it if that makes a difference). > > >Cheers, >Morteza > >On 4/6/16, 10:33 AM, "scim on behalf of Leif Johansson" > wrote: > >> >>Folks, >> >>We've done this a couple of times already ... this will be the last=20 >>attempt to judge interest for next steps in the SCIM WG. >> >>We will now generate a definitive list of possible work for SCIM going=20 >>forward *excluding* the ID events stuff that will probably spin up its=20 >>own WG. >> >>Please respond to this email no later than EOB April 30 with a link to=20 >>a current (non-expired) I-D describing work that would (in your=20 >>opinion) fit in the SCIM WG. >> >>On May 1:st (or thereabouts) the WG will be asked to +1/-1 the=20 >>proposed I-Ds in an attempt to judge interest in continuing work on=20 >>them in the SCIM wg. >> >>If there is insufficient interest at this time we will close SCIM (the=20 >>WG, not the list) while we wait for SCIMEXT to emerge from the ashes=20 >>at some point in the future. >> >> Cheers Leif >> >>_______________________________________________ >>scim mailing list >>scim@ietf.org >>https://www.ietf.org/mailman/listinfo/scim > >_______________________________________________ >scim mailing list >scim@ietf.org >https://www.ietf.org/mailman/listinfo/scim From nobody Wed Apr 13 15:07:18 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99CB612E4FC for ; Wed, 13 Apr 2016 15:07:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.198 X-Spam-Level: X-Spam-Status: No, score=-5.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wCyBToLOTHsa for ; Wed, 13 Apr 2016 15:07:14 -0700 (PDT) Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 142BD12E4F5 for ; Wed, 13 Apr 2016 15:07:14 -0700 (PDT) Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u3DM7CZ1029657 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 13 Apr 2016 22:07:12 GMT Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserv0022.oracle.com (8.13.8/8.13.8) with ESMTP id u3DM7Bli016693 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 13 Apr 2016 22:07:11 GMT Received: from abhmp0007.oracle.com (abhmp0007.oracle.com [141.146.116.13]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id u3DM7AV7021158; Wed, 13 Apr 2016 22:07:10 GMT Received: from [25.81.251.214] (/72.143.225.184) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 13 Apr 2016 15:07:10 -0700 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) From: "Phil Hunt (IDM)" X-Mailer: iPhone Mail (13E238) In-Reply-To: Date: Wed, 13 Apr 2016 15:07:08 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: <5705103A.3080102@sunet.se> To: Mark Wahl X-Source-IP: aserv0022.oracle.com [141.146.126.234] Archived-At: Cc: "scim@ietf.org" , "Morteza Ansari \(moransar\)" , Leif Johansson Subject: Re: [scim] next steps for scim X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Apr 2016 22:07:15 -0000 I spoke with Craig and Tony and it looks like this could be folded into the i= dentity events work possibly with a scim specific profile.=20 Phil > On Apr 13, 2016, at 13:12, Mark Wahl wrote: >=20 > Extensions for use by polling clients? https://datatracker.ietf.org/doc/dr= aft-mcmurtry-scim-polling/=20 > Profiles for SCIM alongside OpenID Connect? E.g., https://tools.ietf.org/= id/draft-wahl-scim-jit-profile-02.txt=20 >=20 >=20 >=20 >=20 > Mark Wahl > Microsoft Corporation >=20 > -----Original Message----- > From: Morteza Ansari (moransar) [mailto:moransar@cisco.com]=20 > Sent: Wednesday, April 13, 2016 12:45 PM > To: Morteza Ansari (moransar) ; Leif Johansson ; scim@ietf.org > Subject: Re: [scim] next steps for scim >=20 > Any other extensions/drafts/=C5=A0? Or thoughts about next steps for SCIM= WG? >=20 >=20 > Cheers, > Morteza >=20 > On 4/6/16, 11:07 AM, "scim on behalf of Morteza Ansari (moransar)" > wrote: >=20 >> SCIM Soft Delete >> https://tools.ietf.org/html/draft-ansari-scim-soft-delete-00 (though it=20= >> is not current, but I can easily resubmit it if that makes a difference).= >>=20 >>=20 >> Cheers, >> Morteza >>=20 >> On 4/6/16, 10:33 AM, "scim on behalf of Leif Johansson" >> wrote: >>=20 >>>=20 >>> Folks, >>>=20 >>> We've done this a couple of times already ... this will be the last=20 >>> attempt to judge interest for next steps in the SCIM WG. >>>=20 >>> We will now generate a definitive list of possible work for SCIM going=20= >>> forward *excluding* the ID events stuff that will probably spin up its=20= >>> own WG. >>>=20 >>> Please respond to this email no later than EOB April 30 with a link to=20= >>> a current (non-expired) I-D describing work that would (in your=20 >>> opinion) fit in the SCIM WG. >>>=20 >>> On May 1:st (or thereabouts) the WG will be asked to +1/-1 the=20 >>> proposed I-Ds in an attempt to judge interest in continuing work on=20 >>> them in the SCIM wg. >>>=20 >>> If there is insufficient interest at this time we will close SCIM (the=20= >>> WG, not the list) while we wait for SCIMEXT to emerge from the ashes=20 >>> at some point in the future. >>>=20 >>> Cheers Leif >>>=20 >>> _______________________________________________ >>> scim mailing list >>> scim@ietf.org >>> https://www.ietf.org/mailman/listinfo/scim >>=20 >> _______________________________________________ >> scim mailing list >> scim@ietf.org >> https://www.ietf.org/mailman/listinfo/scim >=20 >=20 > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim From nobody Wed Apr 13 16:08:40 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28B7712DD42 for ; Wed, 13 Apr 2016 16:08:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.187 X-Spam-Level: X-Spam-Status: No, score=-5.187 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id luxR8P3gTQ5X for ; Wed, 13 Apr 2016 16:08:36 -0700 (PDT) Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 592BE12D606 for ; Wed, 13 Apr 2016 16:08:36 -0700 (PDT) Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u3DN8YRS031286 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 13 Apr 2016 23:08:35 GMT Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by userv0022.oracle.com (8.14.4/8.13.8) with ESMTP id u3DN8Yhm028212 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 13 Apr 2016 23:08:34 GMT Received: from abhmp0018.oracle.com (abhmp0018.oracle.com [141.146.116.24]) by userv0121.oracle.com (8.13.8/8.13.8) with ESMTP id u3DN8W6b023752; Wed, 13 Apr 2016 23:08:32 GMT Received: from [10.0.1.20] (/24.86.216.17) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 13 Apr 2016 16:08:31 -0700 Content-Type: multipart/alternative; boundary="Apple-Mail=_E24DD3ED-71B6-48EB-88FA-4C7F87E69929" Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) From: Phil Hunt In-Reply-To: Date: Wed, 13 Apr 2016 16:08:29 -0700 Message-Id: References: <1200429876.6668152.1460573725189.JavaMail.zimbra@psu.edu> To: "Hyzer, Chris" X-Mailer: Apple Mail (2.3124) X-Source-IP: userv0022.oracle.com [156.151.31.74] Archived-At: Cc: "scim@ietf.org" , Steve Moyer Subject: Re: [scim] SCIM compliance X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Apr 2016 23:08:39 -0000 --Apple-Mail=_E24DD3ED-71B6-48EB-88FA-4C7F87E69929 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Adding extensions to attributes is not a supported (or at least = expected) way to extend the schema. The expectation for each extension is there is a single JSON structure = whose attribute name corresponds to the schema extension in the schemas = attribute. Existing implementations would not look for embedded extensions anywhere = other than the root level of the top JSON structure. Note also that you have =E2=80=9Cpublic=E2=80=9D and =E2=80=9Cauthenticate= d=E2=80=9D as not valid in their own right. They need a name value = pair. =20 So assuming these are attributes with a true / false value, here is a = structure that might work. Note also that you can=E2=80=99t just = overright a published schema (e.g. enterprise user). I=E2=80=99ve = changed the schema URN to something unique (it could be anything = really). Note that in viewEmails I use the same =E2=80=9Ctype=E2=80=9D = to associate the new attribute with the standard emails attribute.=20 Also, you could use just =E2=80=9Cemails=E2=80=9D in your extension and = that would generate no conflicts. HOWEVER, it means that every time you = want to reference emails in the extended schema you=E2=80=99d have to = reference the attribute with the full urn namespace as well (e.g. = urn:ietf:params:scim:schemas:extension:someorg:viewType:emails) in order = to distinguish it from emails in the parent block (whose schema is = urn:ietf:params:scim:schemas:core:2.0:User:emails).=20 { "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User", =E2=80=9Curn:ietf:params:scim:schemas:extension:someorg:viewType"], "id": "2819c223-7f76-453a-919d-413861904646", "externalId": "701984", "userName": "bjensen@example.com ", "emails": [ { "value": "bjensen@example.com ", "type": "work", "primary": true }, { "value": "babs@jensen.org ", "type": "home" } ], "urn:ietf:params:scim:schemas:extension:someorg:viewType=E2=80=9D:{ =E2=80=9CviewEmails=E2=80=9D: [{ "authenticated=E2=80=9D:true, =E2=80=9Ctype=E2=80=9D:=E2=80=9Dhome=E2=80=9D }, { =E2=80=9Cpublic=E2=80=9D:true, =E2=80=9Ctype=E2=80=9D:=E2=80=9Dwork=E2=80=9D } ], "meta": { "resourceType": "User", "created": "2010-01-23T04:56:22Z", "lastModified": "2011-05-13T04:42:34Z", "version": "W\/\"3694e05e9dff591\"", "location": "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646 = " } } Phil @independentid www.independentid.com = phil.hunt@oracle.com = > On Apr 13, 2016, at 1:28 PM, Hyzer, Chris = wrote: >=20 > Can you extend attributes inside the representation? This is not a = real example, just a hypothetical. > =20 > i.e. if this is the SCIM representation: > =20 > { > "schemas": > ["urn:ietf:params:scim:schemas:core:2.0:User", > "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"], > "id": "2819c223-7f76-453a-919d-413861904646", > "externalId": "701984", > "userName": "bjensen@example.com ", > "emails": [ > { > "value": "bjensen@example.com ", > "type": "work", > "primary": true > }, > { > "value": "babs@jensen.org ", > "type": "home" > } > ], > "meta": { > "resourceType": "User", > "created": "2010-01-23T04:56:22Z", > "lastModified": "2011-05-13T04:42:34Z", > "version": "W\/\"3694e05e9dff591\"", > "location": > "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646 = " > } > } > =20 > And we wanted to add an attribute to emails, we would want it to look = like this. But you cant add attributes throughout the object model = right? So if we add attributes to Meta, we need our own Meta object. = If we add attributes to Group, we wouldn=E2=80=99t see those in the = groups attribute of the User? The extensions seem usable if you are = adding top level attributes to the returned resource, not if you are = adding attributes to nested objects... > =20 > { > "schemas": > ["urn:ietf:params:scim:schemas:core:2.0:User", > "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"], > "id": "2819c223-7f76-453a-919d-413861904646", > "externalId": "701984", > "userName": "bjensen@example.com ", > "emails": [ > { > "value": "bjensen@example.com ", > "type": "work", > "primary": true, > = "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:viewType": = "public" > }, > { > "value": "babs@jensen.org ", > "type": "home", > = "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:viewType": = "authenticated" > } > ], > "meta": { > "resourceType": "User", > "created": "2010-01-23T04:56:22Z", > "lastModified": "2011-05-13T04:42:34Z", > "version": "W\/\"3694e05e9dff591\"", > "location": > "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646 = " > } > } > =20 > =20 > -----Original Message----- > From: scim [mailto:scim-bounces@ietf.org] On Behalf Of Phil Hunt (IDM) > Sent: Wednesday, April 13, 2016 4:07 PM > To: Steve Moyer > Cc: scim@ietf.org > Subject: Re: [scim] SCIM compliance > =20 > I would think you would want to use the core user resource and then = extend it as we did with eduperson in ldap. > =20 > Phil > =20 > > On Apr 13, 2016, at 11:55, Steve Moyer > wrote: > >=20 > > All, > >=20 > > We've been working on a first-principles rewrite of our SCIM 2.0 = system (based on a pre-ratified version of the specification) but we've = also been promoting SCIM for its intended use in the higher-ed = community. > >=20 > > Recently there's been a discussion about what it really means to be = "compliant". I'm taking the hard-line view that without = inter-operability, there's not really a point in being technically = compatible. The TIER group within the Internet2 is talking about = creating TierUser and TierGroup ResourceTypes and using those instead of = the core User and Group ResourceType. > >=20 > > Technically, the specification allows *any* resource type to be = added (per section 3.2 of the Schema specification) and while it implies = the core User and core Group are required (using the word "provided") = the specification doesn't technically say a service MUST provide those = end-points. > >=20 > > I've attached a document with the two favorite TIER proposals and my = view is that neither of them are compliant. Proposal two *could* be = inter-operable if the persisted TIER user object was exposed via both = the TierUsers and Users endpoints. This violates a principle of REST (a = resource has a unique URL) though. I should also note that the use of = query parameters, headers and HTTP status codes proposed by TIER are = also "interesting". > >=20 > > What are this group's opinions? > >=20 > > Thanks, > >=20 > > Steve > >=20 > > =E2=80=9CAll the easy stuff=E2=80=99s been done=E2=80=A6. We=E2=80=99v= e got the wheel, fire, the TV clicker=E2=80=94what else do you need?=E2=80= =9D - Dean Kamen > > = > > _______________________________________________ > > scim mailing list > > scim@ietf.org > > https://www.ietf.org/mailman/listinfo/scim = > =20 > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim = --Apple-Mail=_E24DD3ED-71B6-48EB-88FA-4C7F87E69929 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Adding extensions to attributes is not a supported (or at = least expected) way to extend the schema.

The expectation for each = extension is there is a single JSON structure whose attribute name = corresponds to the schema extension in the schemas attribute.

Existing implementations = would not look for embedded extensions anywhere other than the root = level of the top JSON structure.

Note also that you have =E2=80=9Cpublic=E2= =80=9D and =E2=80=9Cauthenticated=E2=80=9D as not valid in their own = right.  They need a name value pair.  

So assuming these are attributes with a = true / false value, here is a structure that might work.  Note also = that you can=E2=80=99t just overright a published schema (e.g. = enterprise user). I=E2=80=99ve changed the schema URN to something = unique (it could be anything really).  Note that in viewEmails I = use the same =E2=80=9Ctype=E2=80=9D to associate the new attribute with = the standard emails attribute. 

Also, you could use just =E2=80=9Cemails=E2= =80=9D in your extension and that would generate no conflicts. =  HOWEVER, it means that every time you want to reference emails in = the extended schema you=E2=80=99d have to reference the attribute with = the full urn namespace as well (e.g. urn:ietf:params:scim:schemas:extension:someorg:viewType:emails<= /b>) in order to distinguish it from emails in the parent block = (whose schema is urn:ietf:params:scim:schemas:core:2.0:User:emails). 

{
  "schemas":
    = ["urn:ietf:params:scim:schemas:core:2.0:User",
      =E2=80=9Curn:ietf:params:scim:schemas:extension:someorg:viewType"],<= o:p class=3D"">
  = "id": "2819c223-7f76-453a-919d-413861904646",
  = "externalId": "701984",
  "userName": "bjensen@example.com",
  "emails": [
    {
      "value": = "bjensen@example.com",
      "type": "work",
      "primary": true
    },
    {
      "value": = "babs@jensen.org",
      "type": = "home"
    }
  = ],
"urn:ietf:params:scim:schemas:extension:someorg:viewType=E2=80=9D:{
  =E2=80=9CviewEmails=E2=80=9D: = [{
    =  "authenticated=E2=80=9D:true,
    =E2=80=9Ctype=E2=80=9D:=E2=80=9Dhome=E2=80=9D
  =  },
  = {
    =E2=80=9Cpublic=E2=80=9D:true,
    =E2=80=9Ctype=E2=80=9D:=E2=80=9Dwork=E2=80=9D
  = }
  = ],
  "meta": {
    "resourceType": "User",
    "created": "2010-01-23T04:56:22Z",
    "lastModified": = "2011-05-13T04:42:34Z",
    "version": "W\/\"3694e05e9dff591\"",
    "location":
"https://example.com/v2/Users/2819c223-7f76-453a-919d-4138619046= 46"
  }
}



On Apr 13, 2016, at 1:28 PM, Hyzer, Chris <mchyzer@isc.upenn.edu> wrote:

Can you extend attributes = inside the representation?  This is not a real example, just a = hypothetical.
 
i.e. if this is the SCIM representation:
 
{
  = "schemas":
    = ["urn:ietf:params:scim:schemas:core:2.0:User",
      = "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],
  = "id": "2819c223-7f76-453a-919d-413861904646",
  = "externalId": "701984",
  "userName": "bjensen@example.com",
  "emails": [
    {
      "value": = "bjensen@example.com",
      "type": = "work",
      "primary": true
    },
    {
      "value": "babs@jensen.org",
      "type": "home"
    }
  ],
  "meta": {
    "resourceType": "User",
    "created": "2010-01-23T04:56:22Z",
    "lastModified": = "2011-05-13T04:42:34Z",
    "version": "W\/\"3694e05e9dff591\"",
    "location":
"https://example.com/v2/Users/2819c223-7f76-453a-919d-4138619046= 46"
  }
}
 
And we wanted to add an attribute to emails, we would want it = to look like this.  But you cant add attributes throughout the = object model right?  So if we add attributes to Meta, we need our = own Meta object.  If we add attributes to Group, we wouldn=E2=80=99t = see those in the groups attribute of the User?  The extensions seem = usable if you are adding top level attributes to the returned resource, = not if you are adding attributes to nested objects...
 
{
  = "schemas":
    = ["urn:ietf:params:scim:schemas:core:2.0:User",
      = "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],
  = "id": "2819c223-7f76-453a-919d-413861904646",
  = "externalId": "701984",
  "userName": "bjensen@example.com",
  "emails": [
    {
      "value": = "bjensen@example.com",
      "type": = "work",
      "primary": true,
      "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:vie= wType": "public"
    },
    {
      "value": "babs@jensen.org",
      "type": "home",
      "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:vie= wType": "authenticated"
    }
  = ],
  = "meta": {
    "resourceType": "User",
    "created": "2010-01-23T04:56:22Z",
    "lastModified": = "2011-05-13T04:42:34Z",
    "version": "W\/\"3694e05e9dff591\"",
    "location":
"https://example.com/v2/Users/2819c223-7f76-453a-919d-4138619046= 46"
  }
}
 
 
-----Original Message-----
From: scim [mailto:scim-bounces@ietf.org] On Behalf Of Phil Hunt = (IDM)
Sent: Wednesday, April 13, 2016 4:07 PM
To: Steve Moyer <smoyer@psu.edu>
Cc: scim@ietf.org
Subject: Re: [scim] SCIM compliance
 
I would think you would want to use the core user resource = and then extend it as we did with eduperson in ldap.
 
Phil
 
> On = Apr 13, 2016, at 11:55, Steve Moyer <smoyer@psu.edu> wrote:
> 
> = All,
> 
> = We've been working on a first-principles rewrite of our SCIM 2.0 system = (based on a pre-ratified version of the specification) but we've also = been promoting SCIM for its intended use in the higher-ed community.
> 
> = Recently there's been a discussion about what it really means to be = "compliant".  I'm taking the hard-line view that without = inter-operability, there's not really a point in being technically = compatible.  The TIER group within the Internet2 is talking about = creating TierUser and TierGroup ResourceTypes and using those instead of = the core User and Group ResourceType.
> 
> = Technically, the specification allows *any* resource type to be added = (per section 3.2 of the Schema specification) and while it implies the = core User and core Group are required (using the word "provided") the = specification doesn't technically say a service MUST provide those = end-points.
> 
> I've = attached a document with the two favorite TIER proposals and my view is = that neither of them are compliant.  Proposal two *could* be = inter-operable if the persisted TIER user object was exposed via both = the TierUsers and Users endpoints.  This violates a principle of = REST (a resource has a unique URL) though.  I should also note that = the use of query parameters, headers and HTTP status codes proposed by = TIER are also "interesting".
> 
> What = are this group's opinions?
> 
> = Thanks,
> 
> = Steve
> 
> = =E2=80=9CAll the easy stuff=E2=80=99s been done=E2=80=A6. We=E2=80=99ve = got the wheel, fire, the TV clicker=E2=80=94what else do you need?=E2=80=9D= - Dean Kamen
> = <DSAWG-AlternativeProposalsontheRelationshipBetweenTIERandSCIMAPIsandSc= hema-130416-1845-2144.pdf>
> = _______________________________________________
> scim = mailing list
> https://www.ietf.org/mailman/listinfo/scim
 
_______________________________________________
scim = mailing list
https://www.ietf.org/mailman/listinfo/scim

= --Apple-Mail=_E24DD3ED-71B6-48EB-88FA-4C7F87E69929-- From nobody Wed Apr 13 21:41:40 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE26312E6B2 for ; Wed, 13 Apr 2016 21:41:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.622 X-Spam-Level: X-Spam-Status: No, score=-2.622 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z9x45Cr51GYT for ; Wed, 13 Apr 2016 21:41:37 -0700 (PDT) Received: from cluster-d.mailcontrol.com (cluster-d.mailcontrol.com [85.115.60.190]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49AF112E6AD for ; Wed, 13 Apr 2016 21:41:37 -0700 (PDT) Received: from BLRXCAHT02.microfocus.com ([192.31.114.137]) by rly10d.srv.mailcontrol.com (MailControl) with ESMTPS id u3E4fWs1082323 (version=TLSv1 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 14 Apr 2016 05:41:33 +0100 Received: from BLRXMB01.microfocus.com ([169.254.1.4]) by BLRXCAHT02.microfocus.com ([164.99.147.111]) with mapi id 14.03.0174.001; Thu, 14 Apr 2016 10:11:31 +0530 From: Koushik Narayanan To: "scim@ietf.org" , "smoyer@psu.edu" Thread-Topic: [scim] SCIM compliance Thread-Index: ZlZcCtOjBpn6u9fVCDJUmQXiul5ivfZznfmA Date: Thu, 14 Apr 2016 04:41:31 +0000 Message-ID: <1460608891.2242.1.camel@microfocus.com> References: <1200429876.6668152.1460573725189.JavaMail.zimbra@psu.edu> In-Reply-To: <1200429876.6668152.1460573725189.JavaMail.zimbra@psu.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [164.99.136.45] Content-Type: text/plain; charset="utf-8" Content-ID: <6127050602CD8347AB7AFA86D202A143@microfocus.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Scanned-By: MailControl 44278.1202 (www.mailcontrol.com) on 10.68.0.120 Archived-At: Subject: Re: [scim] SCIM compliance X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Apr 2016 04:41:39 -0000 SGksDQoNCk9uIFdlZCwgMjAxNi0wNC0xMyBhdCAxNDo1NSAtMDQwMCwgU3RldmUgTW95ZXIgd3Jv dGU6DQo+IHRoZSBUaWVyVXNlcnMgYW5kIFVzZXJzIGVuZHBvaW50cy4gIFRoaXMgdmlvbGF0ZXMg YSBwcmluY2lwbGUgb2YgUkVTVA0KPiAoYSByZXNvdXJjZSBoYXMgYSB1bmlxdWUgVVJMKSB0aG91 Z2guDQoNCklzIFNDSU0gYSBSRVNUIHByb3RvY29sPyBJIGRvbid0IHNlZSB0aGF0IGJlaW5nIG1l bnRpb25lZCBpbiBhbnkgb2YgdGhlDQpTQ0lNIFJGQ3MuIA0KDQpSZWdhcmRzLA0KS291c2hpaw== From nobody Thu Apr 14 05:16:56 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5472C12DCA6 for ; Thu, 14 Apr 2016 05:16:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.196 X-Spam-Level: X-Spam-Status: No, score=-5.196 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XY5I1rwt4Txz for ; Thu, 14 Apr 2016 05:16:53 -0700 (PDT) Received: from tr21g10.aset.psu.edu (tr21g10.aset.psu.edu [146.186.149.132]) by ietfa.amsl.com (Postfix) with ESMTP id B485812DC6F for ; Thu, 14 Apr 2016 05:16:53 -0700 (PDT) Received: from ucs20.ait.psu.edu (ucs20.ait.psu.edu [128.118.73.22]) by tr21g10.aset.psu.edu (8.14.3/8.14.3) with ESMTP id u3ECGqx03420356 for ; Thu, 14 Apr 2016 08:16:52 -0400 Date: Thu, 14 Apr 2016 08:16:50 -0400 (EDT) From: Steve Moyer To: scim@ietf.org Message-ID: <651216878.7667819.1460636210653.JavaMail.zimbra@psu.edu> In-Reply-To: <1460608891.2242.1.camel@microfocus.com> References: <1200429876.6668152.1460573725189.JavaMail.zimbra@psu.edu> <1460608891.2242.1.camel@microfocus.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Originating-IP: [71.162.47.19] X-Mailer: Zimbra 8.6.0_GA_1194 (ZimbraWebClient - FF46 (Linux)/8.6.0_GA_1194) Thread-Topic: SCIM compliance Thread-Index: ZlZcCtOjBpn6u9fVCDJUmQXiul5ivfZznfmAKU27MqQ= X-Virus-Scanned: by amavisd-new Archived-At: Subject: Re: [scim] SCIM compliance X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: Steve Moyer List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Apr 2016 12:16:55 -0000 I originally asked the question since I have a vested interest in "at least= " compatibility between TIER and SCIM, but I should point out that even in = our current integrations, we've seen cases where extensions are cumbersome.= Yes, they technically work but also lead to what I'd call "dangerous" dat= a structures. To add an example to what Chris Hyzer posted below, we've go= t a system that stores multiple names. Our extension allows you to retriev= e this array of names, but you have to be very careful when allowing someon= e to update this resource as the User.name and Extension.names might contai= n conflicting data. I understand the pros related to the extension mechanism, especially for in= ter-operability but perhaps we can at least describe the best-practices for= using them. One idea (that I believe would be backwards compatible with the released 2.= 0 specification: What if single-valued and multi-valued complex attributes= (such as name and address) were defined by their own core schema? Then a = core.User would contain a core.Name and an array of core.Address? Making i= t possible for ResourceTypes to nest would promote reuse and would allow th= e "registration" of extensions against "defined attributes" (those with a c= orresponding schema). It would also simplify the including schemas. Any other ideas? I appreciate the work that went into create the SCIM spec= ifications and am excited by their potential. I suspect that some of the h= arder parts of creating an implementation will be recurring themes as more = projects adopt the SCIM standard. Steve =E2=80=9CAll the easy stuff=E2=80=99s been done=E2=80=A6. We=E2=80=99ve got= the wheel, fire, the TV clicker=E2=80=94what else do you need?=E2=80=9D - = Dean Kamen ----- Original Message ----- From: "Koushik Narayanan" To: scim@ietf.org, smoyer@psu.edu Sent: Thursday, April 14, 2016 12:41:31 AM Subject: Re: [scim] SCIM compliance Hi, On Wed, 2016-04-13 at 14:55 -0400, Steve Moyer wrote: > the TierUsers and Users endpoints. This violates a principle of REST > (a resource has a unique URL) though. Is SCIM a REST protocol? I don't see that being mentioned in any of the SCIM RFCs.=20 Regards, Koushik From nobody Thu Apr 14 07:03:11 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9F1412DF06 for ; Thu, 14 Apr 2016 07:03:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.198 X-Spam-Level: X-Spam-Status: No, score=-5.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4Z5l-p82upHm for ; Thu, 14 Apr 2016 07:03:06 -0700 (PDT) Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79D1512E337 for ; Thu, 14 Apr 2016 07:03:06 -0700 (PDT) Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u3EE35Uc026465 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 14 Apr 2016 14:03:05 GMT Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserv0021.oracle.com (8.13.8/8.13.8) with ESMTP id u3EE34Tu000645 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 14 Apr 2016 14:03:05 GMT Received: from abhmp0003.oracle.com (abhmp0003.oracle.com [141.146.116.9]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id u3EE338v028166; Thu, 14 Apr 2016 14:03:04 GMT Received: from [10.0.1.3] (/24.86.216.17) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 14 Apr 2016 07:03:03 -0700 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) From: "Phil Hunt (IDM)" X-Mailer: iPhone Mail (13E238) In-Reply-To: <1460608891.2242.1.camel@microfocus.com> Date: Thu, 14 Apr 2016 07:03:01 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <7018818A-9765-47C1-8475-CB1E201BDF79@oracle.com> References: <1200429876.6668152.1460573725189.JavaMail.zimbra@psu.edu> <1460608891.2242.1.camel@microfocus.com> To: Koushik Narayanan X-Source-IP: aserv0021.oracle.com [141.146.126.233] Archived-At: Cc: "scim@ietf.org" , "smoyer@psu.edu" Subject: Re: [scim] SCIM compliance X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Apr 2016 14:03:09 -0000 Yes. SCIM is restful. =20 There is no published standard for REST so it is tricky to cite in a normati= ve way in a specification.=20 Phil > On Apr 13, 2016, at 21:41, Koushik Narayanan wrote: >=20 > Hi, >=20 >> On Wed, 2016-04-13 at 14:55 -0400, Steve Moyer wrote: >> the TierUsers and Users endpoints. This violates a principle of REST >> (a resource has a unique URL) though. >=20 > Is SCIM a REST protocol? I don't see that being mentioned in any of the > SCIM RFCs.=20 >=20 > Regards, > Koushik > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim From nobody Thu Apr 14 07:40:22 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E90C312E040 for ; Thu, 14 Apr 2016 07:40:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.198 X-Spam-Level: X-Spam-Status: No, score=-5.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v0RDwidWtDSf for ; Thu, 14 Apr 2016 07:40:19 -0700 (PDT) Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5710912DE4A for ; Thu, 14 Apr 2016 07:40:19 -0700 (PDT) Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u3EEeHOR023228 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 14 Apr 2016 14:40:18 GMT Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by userv0022.oracle.com (8.14.4/8.13.8) with ESMTP id u3EEeHW7027719 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 14 Apr 2016 14:40:17 GMT Received: from abhmp0010.oracle.com (abhmp0010.oracle.com [141.146.116.16]) by aserv0122.oracle.com (8.13.8/8.13.8) with ESMTP id u3EEeDO6029332; Thu, 14 Apr 2016 14:40:14 GMT Received: from [10.0.1.3] (/24.86.216.17) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 14 Apr 2016 07:40:13 -0700 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) From: "Phil Hunt (IDM)" X-Mailer: iPhone Mail (13E238) In-Reply-To: <651216878.7667819.1460636210653.JavaMail.zimbra@psu.edu> Date: Thu, 14 Apr 2016 07:40:10 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <14EA4265-125C-49B1-8A89-3ED399D46B67@oracle.com> References: <1200429876.6668152.1460573725189.JavaMail.zimbra@psu.edu> <1460608891.2242.1.camel@microfocus.com> <651216878.7667819.1460636210653.JavaMail.zimbra@psu.edu> To: Steve Moyer X-Source-IP: userv0022.oracle.com [156.151.31.74] Archived-At: Cc: scim@ietf.org Subject: Re: [scim] SCIM compliance X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Apr 2016 14:40:21 -0000 I don't think there is much interest in further extension features. The obje= ctive is to have a standard user object that represents a neutral format ins= pired by vcard that can be used to provision users between domains.=20 You can extend scim in many ways. The catch is what do you expect other impl= ementations to accept and to parse? Scim's processing rules do ensure that a= t least most servers won't throw errors (scim2 has a "robust" model), they w= ill just accept the data they understand--which means your extensions would l= ikely be ignored.=20 IMO, Scim compliance then is about cross platform expectations and conventio= ns. Like any rest service you are still free to do what you want in your dom= ain.=20 Phil > On Apr 14, 2016, at 05:16, Steve Moyer wrote: >=20 > I originally asked the question since I have a vested interest in "at leas= t" compatibility between TIER and SCIM, but I should point out that even in o= ur current integrations, we've seen cases where extensions are cumbersome. Y= es, they technically work but also lead to what I'd call "dangerous" data st= ructures. To add an example to what Chris Hyzer posted below, we've got a s= ystem that stores multiple names. Our extension allows you to retrieve this= array of names, but you have to be very careful when allowing someone to up= date this resource as the User.name and Extension.names might contain confli= cting data. >=20 > I understand the pros related to the extension mechanism, especially for i= nter-operability but perhaps we can at least describe the best-practices for= using them. >=20 > One idea (that I believe would be backwards compatible with the released 2= .0 specification: What if single-valued and multi-valued complex attributes= (such as name and address) were defined by their own core schema? Then a c= ore.User would contain a core.Name and an array of core.Address? Making it p= ossible for ResourceTypes to nest would promote reuse and would allow the "r= egistration" of extensions against "defined attributes" (those with a corres= ponding schema). It would also simplify the including schemas. >=20 > Any other ideas? I appreciate the work that went into create the SCIM spe= cifications and am excited by their potential. I suspect that some of the h= arder parts of creating an implementation will be recurring themes as more p= rojects adopt the SCIM standard. >=20 > Steve >=20 > =E2=80=9CAll the easy stuff=E2=80=99s been done=E2=80=A6. We=E2=80=99ve go= t the wheel, fire, the TV clicker=E2=80=94what else do you need?=E2=80=9D - D= ean Kamen >=20 > ----- Original Message ----- > From: "Koushik Narayanan" > To: scim@ietf.org, smoyer@psu.edu > Sent: Thursday, April 14, 2016 12:41:31 AM > Subject: Re: [scim] SCIM compliance >=20 > Hi, >=20 >> On Wed, 2016-04-13 at 14:55 -0400, Steve Moyer wrote: >> the TierUsers and Users endpoints. This violates a principle of REST >> (a resource has a unique URL) though. >=20 > Is SCIM a REST protocol? I don't see that being mentioned in any of the > SCIM RFCs.=20 >=20 > Regards, > Koushik >=20 > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim From nobody Thu Apr 14 08:16:19 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4211512DC35 for ; Thu, 14 Apr 2016 08:16:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.076 X-Spam-Level: X-Spam-Status: No, score=-5.076 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=uwprod.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZlNsqoU08x8T for ; Thu, 14 Apr 2016 08:16:13 -0700 (PDT) Received: from smtpauth1.wiscmail.wisc.edu (wmauth1.doit.wisc.edu [144.92.197.141]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F320712D979 for ; Thu, 14 Apr 2016 08:16:12 -0700 (PDT) MIME-version: 1.0 Content-type: multipart/mixed; boundary="Boundary_(ID_ff4hIzRy/eFWhd3I+vqy0w)" Received: from avs-daemon.smtpauth1.wiscmail.wisc.edu by smtpauth1.wiscmail.wisc.edu (Oracle Communications Messaging Server 7.0.5.33.0 64bit (built Aug 27 2014)) id <0O5M00900PQ9I100@smtpauth1.wiscmail.wisc.edu> for scim@ietf.org; Thu, 14 Apr 2016 10:16:11 -0500 (CDT) X-Spam-PmxInfo: Server=avs-1, Version=6.2.1.2493963, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2016.4.14.150917, SenderIP=0.0.0.0 Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1blp0184.outbound.protection.outlook.com [207.46.163.184]) by smtpauth1.wiscmail.wisc.edu (Oracle Communications Messaging Server 7.0.5.33.0 64bit (built Aug 27 2014)) with ESMTPS id <0O5M00MJZQET7K90@smtpauth1.wiscmail.wisc.edu>; Thu, 14 Apr 2016 10:16:07 -0500 (CDT) Received: from CY1PR0601MB1927.namprd06.prod.outlook.com (10.164.221.9) by CY1PR0601MB1926.namprd06.prod.outlook.com (10.164.221.8) with Microsoft SMTP Server (TLS) id 15.1.466.19; Thu, 14 Apr 2016 15:16:04 +0000 Received: from CY1PR0601MB1927.namprd06.prod.outlook.com ([10.164.221.9]) by CY1PR0601MB1927.namprd06.prod.outlook.com ([10.164.221.9]) with mapi id 15.01.0466.019; Thu, 14 Apr 2016 15:16:04 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uwprod.onmicrosoft.com; s=selector1-wisc-edu; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=tIGlE+XLVmpZoOF8x6pB7V6uH3PYNaqZB8VbKx2pyk0=; b=XDH1bqekiToaF6mtLrK13E6G0KKK30iM1evNWQ6dtG8YoXpIh9OuIY6xEHZ87DH4PFDAwld4oJndQI8eS4eh18ilPcDDhQVn1S8SJtydEKifhyP9fxYp0kOQEaSDa1nlKa2vAAInYm0VvlAZVPAeRqcLDCLyUjT0HUsOVdRV1R0= Date: Thu, 14 Apr 2016 15:16:04 +0000 From: Keith Hazelton In-reply-to: X-Originating-IP: [68.190.167.202] To: TIER-API Message-id: Content-language: en-US Accept-Language: en-US Thread-topic: Choosing a path regarding TIER-SCIM relationship Thread-index: AQHRlXnja25hoZJdw0Gwlk3Az0bJqp+JiVMQ//+5BAA= spamdiagnosticoutput: 1:23 spamdiagnosticmetadata: NSPM X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-office365-filtering-correlation-id: 0d15cd73-90ea-4937-7ccb-08d36477b246 x-microsoft-exchange-diagnostics: 1; CY1PR0601MB1926; 5:5Lx9O4AO2TyRQaGvhBBCzB6beHPLFAZThik/wgFVMagRBnR+GoLiZ34TCysT+jenWsJETnoFioBPGIeJ5bmoWoEXEAJGo4a/gnZRYZmmPMO3fmipFYtLYXBrZqicih4yeurUEhqh1rHxN1ArQZhTB9BlcV0Mvehc6wpgAIilR1iR3ufGXe1TNobCIxTpHfk+; 24:1S1EFzDqqwn5iIWlfcqo2Fb92dz25p8eEXnSnQu3WS52bA5UA9uPU8UzCEhgPDfY1sQphd777GG6li+8lT3z7aHHfh2++GRIjX8K7x/pCnc=; 7:wumZexqcpBMM/TsiNxIFxJbGhq+Hc7I0m7wN6frhjl9/MNIGh10H2Q+OajWiQxXDQ9Wlqr35aPsk0i+MqkcJ+meubn9wVQ3enwCN1MHelyueX0TkY/oQh2G+Cmto467+IgKZkeQ0ihDLE4AkNfWjJShoXYKmSKDjNKTeF0mIZbfK8uAjZArJUBo0rAyWy8rZ5A03wyOHCNLzfUHFfULLDpo3uNtm9LSHemagqpKvKd8= x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR0601MB1926; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415293)(102615271)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026); SRVR:CY1PR0601MB1926; BCL:0; PCL:0; RULEID:; SRVR:CY1PR0601MB1926; x-forefront-prvs: 0912297777 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(377454003)(99286002)(15975445007)(5890100001)(19625215002)(90282001)(5008740100001)(10400500002)(83716003)(77096005)(561944003)(81166005)(4326007)(82746002)(1220700001)(1096002)(75432002)(86362001)(87936001)(11100500001)(19300405004)(89122001)(2171001)(19617315012)(106116001)(102836003)(6116002)(3846002)(790700001)(92566002)(66066001)(110136002)(5004730100002)(586003)(88552002)(36756003)(3660700001)(3280700002)(19580405001)(19580395003)(2950100001)(2900100001)(33656002)(122556002)(54356999)(16236675004)(99936001)(5002640100001)(2906002)(76176999)(189998001)(50986999); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR0601MB1926; H:CY1PR0601MB1927.namprd06.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; X-OriginatorOrg: wisc.edu X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Apr 2016 15:16:04.2190 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ca68321-0eda-4908-88b2-424a8cb4b0f9 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0601MB1926 References: Authentication-results: internet2.edu; dkim=none (message not signed) header.d=none;internet2.edu; dmarc=none action=none header.from=wisc.edu; Archived-At: Cc: SCIM WG Subject: Re: [scim] Choosing a path regarding TIER-SCIM relationship X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Apr 2016 15:16:16 -0000 --Boundary_(ID_ff4hIzRy/eFWhd3I+vqy0w) Content-type: multipart/alternative; boundary="Boundary_(ID_mkC8VoEn2A6M3O1H2pL0gw)" --Boundary_(ID_mkC8VoEn2A6M3O1H2pL0gw) Content-type: text/plain; charset=utf-8 Content-transfer-encoding: base64 Q2hyaXMsDQoNCldlbGwsIGJlbG93IHlvdSdsbCBzZWUgb25lIG9mIHRoZSBwcmluY2lwYWwgU0NJ TSBhdXRob3JzIHNob3dpbmcgYSBmYWlybHkgcmVsYXhlZCBhdHRpdHVkZSBhYm91dCBob3cgc2No ZW1hIGdldCBoYW5kbGVkLiBUbyBtZSwgdGhpcyByZWFkcyBhcyAiZG8gd2hhdCB5b3Ugd2FudCAn aW4geW91ciBvd24gZG9tYWluJyBidXQgaWYgeW91IGV4cGVjdCBpbnRlcm9wZXJhYmlsaXR5IGFj cm9zcyBkb21haW5zLCBzdGljayB0byAxMDAlIHB1cmUgU0NJTS4iIFNlZW1zIHJlYXNvbmFibGUu IFRoYXQncyB3aGF0IEkgdGhpbmsgd2UnZCB3YW50IHRvIGRvOiBXaGVyZSB3ZSB3YW50L25lZWQg dG8gaW50ZXJvcGVyYXRlIHdpdGggU0NJTS1zcGVha2luZyBkb21haW5zLCAgbWFwL2ZpbHRlciBv dXIgSW50ZXJuZXQyIFRJRVIgc3R1ZmYgZG93biB0byBwdXJlIFNDSU0gYW5kIGV4cG9zZSBpdCBv biBlbmRwb2ludHMgdGhhdCBhcmUgZXhwbGljaXRseSBTQ0lNIGVuZHBvaW50cy4NCg0KSSBhbHNv IGhlYXIgaGltIGJlaW5nIGRpc2luY2xpbmVkIHRvIHJlLW9wZW4gZGlzY3Vzc2lvbiBvZiB0aGUg U0NJTSBleHRlbnNpb24gbW9kZWwsIHNvIHRoYXQgbWFrZXMgaXQgbGVzcyBsaWtlbHkgdGhhdCB3 ZSB3aWxsIHNlZSBzaWduaWZpY2FudCBjaGFuZ2VzIHRoZXJlLg0KDQpEb2VzIGFsbCB0aGF0IG1l YW4gd2UgcmV2aXNpdCBvdXIgY2hvaWNlIHRvIGRlZmluZSBUSUVSLXNwZWNpZmljIFVzZXIgYW5k IEdyb3VwIHJlc291cmNlIHR5cGVzIHVzaW5nIFNDSU0tcHJvdmlkZWQgbWVjaGFuaXNtcz8gSSBk b24ndCB0aGluayB0aGVyZSdzIG11Y2ggdG8gZ2FpbiBieSB0aGF0Lg0KDQpUaGluayBvZiBhIHNt YWxsIHV0aWxpdHk6IFlvdSBzZW5kIGl0IGEgVGllclVzZXIgcmVwcmVzZW50YXRpb24gYW5kIHlv dSBnZXQgYmFjayBhIHB1cmUgU0NJTSByZXByZXNlbnRhdGlvbjsgWW91IHNlbmQgaXQgYSBTQ0lN IFVzZXIgYW5kIHlvdSBnZXQgYmFjayBhIFRpZXJVc2VyIHJlcHJlc2VudGF0aW9uIHdoZXJlIG9u bHkgdGhlIGRpcmVjdGx5IGNvcnJlc3BvbmRpbmcgYXR0cmlidXRlcyBhcmUgY2FycmllZCBvdmVy LiBZb3UndmUgZ290IGJpLWRpcmVjdGlvbmFsIHRyYW5zbGF0aW9uLCBzbyBUSUVSIGRvbWFpbiA8 PT0+IFNDSU0gZG9tYWluIGludGVyb3BlcmFiaWxpdHkgaXMgbmV2ZXIgbW9yZSB0aGFuIG9uZSB1 dGlsaXR5IGNhbGwgYXdheS4NCg0KLS0tLS0tLQ0KIkkgZG9uJ3QgdGhpbmsgdGhlcmUgaXMgbXVj aCBpbnRlcmVzdCBpbiBmdXJ0aGVyIGV4dGVuc2lvbiBmZWF0dXJlcy4gVGhlIG9iamVjdGl2ZSBp cyB0byBoYXZlIGEgc3RhbmRhcmQgdXNlciBvYmplY3QgdGhhdCByZXByZXNlbnRzIGEgbmV1dHJh bCBmb3JtYXQgaW5zcGlyZWQgYnkgdmNhcmQgdGhhdCBjYW4gYmUgdXNlZCB0byBwcm92aXNpb24g dXNlcnMgYmV0d2VlbiBkb21haW5zLg0KDQpZb3UgY2FuIGV4dGVuZCBzY2ltIGluIG1hbnkgd2F5 cy4gVGhlIGNhdGNoIGlzIHdoYXQgZG8geW91IGV4cGVjdCBvdGhlciBpbXBsZW1lbnRhdGlvbnMg dG8gYWNjZXB0IGFuZCB0byBwYXJzZT8gU2NpbSdzIHByb2Nlc3NpbmcgcnVsZXMgZG8gZW5zdXJl IHRoYXQgYXQgbGVhc3QgbW9zdCBzZXJ2ZXJzIHdvbid0IHRocm93IGVycm9ycyAoc2NpbTIgaGFz IGEgInJvYnVzdCIgbW9kZWwpLCB0aGV5IHdpbGwganVzdCBhY2NlcHQgdGhlIGRhdGEgdGhleSB1 bmRlcnN0YW5kLS13aGljaCBtZWFucyB5b3VyIGV4dGVuc2lvbnMgd291bGQgbGlrZWx5IGJlIGln bm9yZWQuDQoNCklNTywgU2NpbSBjb21wbGlhbmNlIHRoZW4gaXMgYWJvdXQgY3Jvc3MgcGxhdGZv cm0gZXhwZWN0YXRpb25zIGFuZCBjb252ZW50aW9ucy4gTGlrZSBhbnkgcmVzdCBzZXJ2aWNlIHlv dSBhcmUgc3RpbGwgZnJlZSB0byBkbyB3aGF0IHlvdSB3YW50IGluIHlvdXIgZG9tYWluLiINCg0K UGhpbCBIdW50DQotLS0tLS0NCkZyb206IENocmlzIEh5emVyIDxtY2h5emVyQGlzYy51cGVubi5l ZHU8bWFpbHRvOm1jaHl6ZXJAaXNjLnVwZW5uLmVkdT4+DQpEYXRlOiBUaHVyc2RheSwgQXByaWwg MTQsIDIwMTYgYXQgOTozNiBBTQ0KVG86IEtlaXRoIEhhemVsdG9uIDxrZWl0aC5oYXplbHRvbkB3 aXNjLmVkdTxtYWlsdG86a2VpdGguaGF6ZWx0b25Ad2lzYy5lZHU+PiwgVElFUi1BUEkgPHRpZXIt YXBpQGludGVybmV0Mi5lZHU8bWFpbHRvOnRpZXItYXBpQGludGVybmV0Mi5lZHU+Pg0KU3ViamVj dDogUkU6IENob29zaW5nIGEgcGF0aCByZWdhcmRpbmcgVElFUi1TQ0lNIHJlbGF0aW9uc2hpcA0K DQpJIHVuZGVyc3RhbmQgdGhlIHJlYXNvbnMgZm9yIHdhbnRpbmcgdG8gZm9sbG93IHRoZSBzdGFu ZGFyZCBhbmQgdXNlIFNDSU0sIGJ1dCBJIGZlZWwgbGlrZSBpZiB3ZSB3YW50IHRvIGRvIHRoYXQg d2Ugc2hvdWxkIHRha2Ugb3VyIGN1cnJlbnQgcGxhbiBhbmQgY29tcGFyZSBpdCB0byBwdXJlIHNj aW0gb25lIG1vcmUgdGltZS4gIGkuZS4gbm90IGhhdmUgVGllclVzZXIgYW5kIFRpZXJHcm91cCBh bmQganVzdCBoYXZlIFVzZXIgYW5kIEdyb3VwIGFuZCBzZWUgd2hhdCB0aGV5IHdvdWxkIGxvb2sg bGlrZSB3aGVuIHdlIGFkZCBpbiBvdXIgVGllciBleHRlbnNpb24gc2NoZW1hcy4gIEkga25vdyBp dHMgbm90IGlkZWFsIG5vdCB0byBoYXZlIGEgcHJpc3RpbmUgcmVwcmVzZW50YXRpb24sIGJ1dCBJ bSBib3RoZXJlZCBieSBoYXZpbmcgdHdvIHNlcGFyYXRlIHJlc291cmNlcywgc2VlbXMgbGlrZSBp dCB3aWxsIGNhdXNlIGlzc3VlcyBkb3duIHRoZSByb2Fk4oCmDQoNCkkga25vdyB0aGVyZSBhcmUg cHJvcyBhbmQgY29ucyBoZXJlLCBidXQgSSB0aGluayB3ZSBzaG91bGQgYXQgbGVhc3QgZ2l2ZSBp dCBhbm90aGVyIGxvb2suICBNYXliZSBpdHMgbm90IHRoYXQgYmFk4oCmDQoNCkF0dGFjaGVkIGlz IHNvbWUgZGlzY3Vzc2lvbiBvbiB0aGUgc2NpbSBsaXN0IGFuZCB0aGV5IGRvIG5vdCByZWNvbW1l bmQgb3VyIGN1cnJlbnQgYXBwcm9hY2jigKYNCg0KVGhhbmtzDQpDaHJpcw0KDQpGcm9tOiB0aWVy LWFwaS1yZXF1ZXN0QGludGVybmV0Mi5lZHU8bWFpbHRvOnRpZXItYXBpLXJlcXVlc3RAaW50ZXJu ZXQyLmVkdT4gW21haWx0bzp0aWVyLWFwaS1yZXF1ZXN0QGludGVybmV0Mi5lZHVdIE9uIEJlaGFs ZiBPZiBLZWl0aCBIYXplbHRvbg0KU2VudDogV2VkbmVzZGF5LCBBcHJpbCAxMywgMjAxNiA3OjQ1 IEFNDQpUbzogVElFUi1BUEkgPHRpZXItYXBpQGludGVybmV0Mi5lZHU8bWFpbHRvOnRpZXItYXBp QGludGVybmV0Mi5lZHU+Pg0KU3ViamVjdDogW3RpZXItYXBpXSBDaG9vc2luZyBhIHBhdGggcmVn YXJkaW5nIFRJRVItU0NJTSByZWxhdGlvbnNoaXANCg0KSSBoYXZlIGRvbmUgbXkgYmVzdCB0byBj YXB0dXJlIHRoZSB0d28gcHJpbWFyeSBwcm9wb3NhbHMgSSBoYXZlIGhlYXJkIGluIHRoaXMgb25n b2luZyBkaXNjdXNzaW9uLiAgRWFjaCBvZiB5b3Ugc2hvdWxkIGZlZWwgZW1wb3dlcmVkIHRvIGVk aXQgdGhlIHByb3Bvc2FsIGRlZmluaXRpb25zIGFzIHdlbGwgYXMgdGhlIHByb3MgYW5kIGNvbnMu ICBTZWUNCmh0dHBzOi8vc3BhY2VzLmludGVybmV0Mi5lZHUvZGlzcGxheS9EU0FXRy9BbHRlcm5h dGl2ZStQcm9wb3NhbHMrb24rdGhlK1JlbGF0aW9uc2hpcCtCZXR3ZWVuK1RJRVIrYW5kK1NDSU0r QVBJcythbmQrU2NoZW1hDQoNCkFnYWluLCB0aGUgVElFUi1BUEkgV29ya2luZyBHcm91cCBXSUxM IG1ha2UgYSBkZWZpbml0aXZlIGNob2ljZSBiZXR3ZWVuIGFsdGVybmF0aXZlcyBubyBsYXRlciB0 aGFuIDU6MDAgcG0sIEZyaWRheSBBcHJpbCAxNS4NCg0KICAgICAgICAgICAgUmVnYXJkcywgICAt LUtlaXRoDQo= --Boundary_(ID_mkC8VoEn2A6M3O1H2pL0gw) Content-id: <25D296F1BECE3F4AAACD8DD150CBF625@namprd06.prod.outlook.com> Content-type: text/html; charset=utf-8 Content-transfer-encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsgY29sb3I6IHJnYigwLCAwLCAwKTsgZm9udC1zaXplOiAx NHB4OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiPg0KPGRpdj4NCjxkaXY+Q2hy aXMsPC9kaXY+DQo8ZGl2Pjxicj4NCjwvZGl2Pg0KPGRpdj5XZWxsLCBiZWxvdyB5b3UnbGwgc2Vl IG9uZSBvZiB0aGUgcHJpbmNpcGFsIFNDSU0gYXV0aG9ycyBzaG93aW5nIGEgZmFpcmx5IHJlbGF4 ZWQgYXR0aXR1ZGUgYWJvdXQgaG93IHNjaGVtYSBnZXQgaGFuZGxlZC4gVG8gbWUsIHRoaXMgcmVh ZHMgYXMgJnF1b3Q7ZG8gd2hhdCB5b3Ugd2FudCAnaW4geW91ciBvd24gZG9tYWluJyBidXQgaWYg eW91IGV4cGVjdCBpbnRlcm9wZXJhYmlsaXR5IGFjcm9zcyBkb21haW5zLCBzdGljayB0byAxMDAl IHB1cmUgU0NJTS4mcXVvdDsNCiBTZWVtcyByZWFzb25hYmxlLiBUaGF0J3Mgd2hhdCBJIHRoaW5r IHdlJ2Qgd2FudCB0byBkbzogV2hlcmUgd2Ugd2FudC9uZWVkIHRvIGludGVyb3BlcmF0ZSB3aXRo IFNDSU0tc3BlYWtpbmcgZG9tYWlucywgJm5ic3A7bWFwL2ZpbHRlciBvdXIgSW50ZXJuZXQyIFRJ RVIgc3R1ZmYgZG93biB0byBwdXJlIFNDSU0gYW5kIGV4cG9zZSBpdCBvbiBlbmRwb2ludHMgdGhh dCBhcmUgZXhwbGljaXRseSBTQ0lNIGVuZHBvaW50cy48L2Rpdj4NCjxkaXY+PGJyPg0KPC9kaXY+ DQo8ZGl2PkkgYWxzbyBoZWFyIGhpbSBiZWluZyBkaXNpbmNsaW5lZCB0byByZS1vcGVuIGRpc2N1 c3Npb24gb2YgdGhlIFNDSU0gZXh0ZW5zaW9uIG1vZGVsLCBzbyB0aGF0IG1ha2VzIGl0IGxlc3Mg bGlrZWx5IHRoYXQgd2Ugd2lsbCBzZWUgc2lnbmlmaWNhbnQgY2hhbmdlcyB0aGVyZS48L2Rpdj4N CjxkaXY+PGJyPg0KPC9kaXY+DQo8ZGl2PkRvZXMgYWxsIHRoYXQgbWVhbiB3ZSByZXZpc2l0IG91 ciBjaG9pY2UgdG8gZGVmaW5lIFRJRVItc3BlY2lmaWMgVXNlciBhbmQgR3JvdXAgcmVzb3VyY2Ug dHlwZXMgdXNpbmcgU0NJTS1wcm92aWRlZCBtZWNoYW5pc21zPyBJIGRvbid0IHRoaW5rIHRoZXJl J3MgbXVjaCB0byBnYWluIGJ5IHRoYXQuPC9kaXY+DQo8ZGl2Pjxicj4NCjwvZGl2Pg0KPGRpdj5U aGluayBvZiBhIHNtYWxsIHV0aWxpdHk6IFlvdSBzZW5kIGl0IGEgVGllclVzZXIgcmVwcmVzZW50 YXRpb24gYW5kIHlvdSBnZXQgYmFjayBhIHB1cmUgU0NJTSByZXByZXNlbnRhdGlvbjsgWW91IHNl bmQgaXQgYSBTQ0lNIFVzZXIgYW5kIHlvdSBnZXQgYmFjayBhIFRpZXJVc2VyIHJlcHJlc2VudGF0 aW9uIHdoZXJlIG9ubHkgdGhlIGRpcmVjdGx5IGNvcnJlc3BvbmRpbmcgYXR0cmlidXRlcyBhcmUg Y2FycmllZCBvdmVyLiBZb3UndmUgZ290DQogYmktZGlyZWN0aW9uYWwgdHJhbnNsYXRpb24sIHNv IFRJRVIgZG9tYWluICZsdDs9PSZndDsgU0NJTSBkb21haW4gaW50ZXJvcGVyYWJpbGl0eSBpcyBu ZXZlciBtb3JlIHRoYW4gb25lIHV0aWxpdHkgY2FsbCBhd2F5LjwvZGl2Pg0KPGRpdj48YnI+DQo8 L2Rpdj4NCjxkaXY+LS0tLS0tLTwvZGl2Pg0KPGRpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5 OiAtd2Via2l0LXN0YW5kYXJkOyI+JnF1b3Q7SSBkb24ndCB0aGluayB0aGVyZSBpcyBtdWNoIGlu dGVyZXN0IGluIGZ1cnRoZXIgZXh0ZW5zaW9uIGZlYXR1cmVzLiBUaGUgb2JqZWN0aXZlIGlzIHRv IGhhdmUgYSBzdGFuZGFyZCB1c2VyIG9iamVjdCB0aGF0IHJlcHJlc2VudHMgYSBuZXV0cmFsIGZv cm1hdCBpbnNwaXJlZCBieSB2Y2FyZCB0aGF0IGNhbiBiZSB1c2VkIHRvIHByb3Zpc2lvbiB1c2Vy cyBiZXR3ZWVuIGRvbWFpbnMuJm5ic3A7PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTog LXdlYmtpdC1zdGFuZGFyZDsiPjxicj4NCjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6 IC13ZWJraXQtc3RhbmRhcmQ7Ij5Zb3UgY2FuIGV4dGVuZCBzY2ltIGluIG1hbnkgd2F5cy4gVGhl IGNhdGNoIGlzIHdoYXQgZG8geW91IGV4cGVjdCBvdGhlciBpbXBsZW1lbnRhdGlvbnMgdG8gYWNj ZXB0IGFuZCB0byBwYXJzZT8gU2NpbSdzIHByb2Nlc3NpbmcgcnVsZXMgZG8gZW5zdXJlIHRoYXQg YXQgbGVhc3QgbW9zdCBzZXJ2ZXJzIHdvbid0IHRocm93IGVycm9ycyAoc2NpbTIgaGFzIGEgJnF1 b3Q7cm9idXN0JnF1b3Q7DQogbW9kZWwpLCB0aGV5IHdpbGwganVzdCBhY2NlcHQgdGhlIGRhdGEg dGhleSB1bmRlcnN0YW5kLS13aGljaCBtZWFucyB5b3VyIGV4dGVuc2lvbnMgd291bGQgbGlrZWx5 IGJlIGlnbm9yZWQuJm5ic3A7PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogLXdlYmtp dC1zdGFuZGFyZDsiPjxicj4NCjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IC13ZWJr aXQtc3RhbmRhcmQ7Ij5JTU8sIFNjaW0gY29tcGxpYW5jZSB0aGVuIGlzIGFib3V0IGNyb3NzIHBs YXRmb3JtIGV4cGVjdGF0aW9ucyBhbmQgY29udmVudGlvbnMuIExpa2UgYW55IHJlc3Qgc2Vydmlj ZSB5b3UgYXJlIHN0aWxsIGZyZWUgdG8gZG8gd2hhdCB5b3Ugd2FudCBpbiB5b3VyIGRvbWFpbi4m cXVvdDsmbmJzcDs8L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiAtd2Via2l0LXN0YW5k YXJkOyI+PGJyPg0KPC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogLXdlYmtpdC1zdGFu ZGFyZDsiPlBoaWwgSHVudDwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdiBpZD0iTUFDX09VVExP T0tfU0lHTkFUVVJFIj48L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pi0tLS0tLTwvZGl2Pg0K PHNwYW4gaWQ9Ik9MS19TUkNfQk9EWV9TRUNUSU9OIj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5 OkNhbGlicmk7IGZvbnQtc2l6ZToxMnB0OyB0ZXh0LWFsaWduOmxlZnQ7IGNvbG9yOmJsYWNrOyBC T1JERVItQk9UVE9NOiBtZWRpdW0gbm9uZTsgQk9SREVSLUxFRlQ6IG1lZGl1bSBub25lOyBQQURE SU5HLUJPVFRPTTogMGluOyBQQURESU5HLUxFRlQ6IDBpbjsgUEFERElORy1SSUdIVDogMGluOyBC T1JERVItVE9QOiAjYjVjNGRmIDFwdCBzb2xpZDsgQk9SREVSLVJJR0hUOiBtZWRpdW0gbm9uZTsg UEFERElORy1UT1A6IDNwdCI+DQo8c3BhbiBzdHlsZT0iZm9udC13ZWlnaHQ6Ym9sZCI+RnJvbTog PC9zcGFuPkNocmlzIEh5emVyICZsdDs8YSBocmVmPSJtYWlsdG86bWNoeXplckBpc2MudXBlbm4u ZWR1Ij5tY2h5emVyQGlzYy51cGVubi5lZHU8L2E+Jmd0Ozxicj4NCjxzcGFuIHN0eWxlPSJmb250 LXdlaWdodDpib2xkIj5EYXRlOiA8L3NwYW4+VGh1cnNkYXksIEFwcmlsIDE0LCAyMDE2IGF0IDk6 MzYgQU08YnI+DQo8c3BhbiBzdHlsZT0iZm9udC13ZWlnaHQ6Ym9sZCI+VG86IDwvc3Bhbj5LZWl0 aCBIYXplbHRvbiAmbHQ7PGEgaHJlZj0ibWFpbHRvOmtlaXRoLmhhemVsdG9uQHdpc2MuZWR1Ij5r ZWl0aC5oYXplbHRvbkB3aXNjLmVkdTwvYT4mZ3Q7LCBUSUVSLUFQSSAmbHQ7PGEgaHJlZj0ibWFp bHRvOnRpZXItYXBpQGludGVybmV0Mi5lZHUiPnRpZXItYXBpQGludGVybmV0Mi5lZHU8L2E+Jmd0 Ozxicj4NCjxzcGFuIHN0eWxlPSJmb250LXdlaWdodDpib2xkIj5TdWJqZWN0OiA8L3NwYW4+UkU6 IENob29zaW5nIGEgcGF0aCByZWdhcmRpbmcgVElFUi1TQ0lNIHJlbGF0aW9uc2hpcDxicj4NCjwv ZGl2Pg0KPGRpdj48YnI+DQo8L2Rpdj4NCjxkaXYgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9z b2Z0LWNvbTp2bWwiIHhtbG5zOm89InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9m ZmljZSIgeG1sbnM6dz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1s bnM6bT0iaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4 bWxucz0iaHR0cDovL3d3dy53My5vcmcvVFIvUkVDLWh0bWw0MCI+DQo8bWV0YSBuYW1lPSJHZW5l cmF0b3IiIGNvbnRlbnQ9Ik1pY3Jvc29mdCBXb3JkIDE1IChmaWx0ZXJlZCBtZWRpdW0pIj4NCjxz dHlsZT48IS0tDQovKiBGb250IERlZmluaXRpb25zICovDQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFt aWx5OiJDYW1icmlhIE1hdGgiOw0KCXBhbm9zZS0xOjIgNCA1IDMgNSA0IDYgMyAyIDQ7fQ0KQGZv bnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJpOw0KCXBhbm9zZS0xOjIgMTUgNSAyIDIgMiA0 IDMgMiA0O30NCi8qIFN0eWxlIERlZmluaXRpb25zICovDQpwLk1zb05vcm1hbCwgbGkuTXNvTm9y bWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjowaW47DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0 Ow0KCWZvbnQtc2l6ZToxMi4wcHQ7DQoJZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiIsc2Vy aWY7fQ0KYTpsaW5rLCBzcGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7 DQoJY29sb3I6Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwg c3Bhbi5Nc29IeXBlcmxpbmtGb2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29s b3I6cHVycGxlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0Kc3Bhbi5FbWFpbFN0eWxl MTcNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGli cmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6IzFGNDk3RDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28t c3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30NCkBwYWdlIFdvcmRT ZWN0aW9uMQ0KCXtzaXplOjguNWluIDExLjBpbjsNCgltYXJnaW46MS4waW4gMS4waW4gMS4waW4g MS4waW47fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9DQotLT48L3N0 eWxlPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVkZWZhdWx0cyB2OmV4dD0iZWRp dCIgc3BpZG1heD0iMTAyNiIgLz4NCjwveG1sPjwhW2VuZGlmXS0tPjwhLS1baWYgZ3RlIG1zbyA5 XT48eG1sPg0KPG86c2hhcGVsYXlvdXQgdjpleHQ9ImVkaXQiPg0KPG86aWRtYXAgdjpleHQ9ImVk aXQiIGRhdGE9IjEiIC8+DQo8L286c2hhcGVsYXlvdXQ+PC94bWw+PCFbZW5kaWZdLS0+DQo8ZGl2 IGxhbmc9IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9Ildv cmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6 IzFGNDk3RCI+SSB1bmRlcnN0YW5kIHRoZSByZWFzb25zIGZvciB3YW50aW5nIHRvIGZvbGxvdyB0 aGUgc3RhbmRhcmQgYW5kIHVzZSBTQ0lNLCBidXQgSSBmZWVsIGxpa2UgaWYgd2Ugd2FudCB0byBk byB0aGF0IHdlIHNob3VsZCB0YWtlIG91ciBjdXJyZW50IHBsYW4gYW5kIGNvbXBhcmUgaXQNCiB0 byBwdXJlIHNjaW0gb25lIG1vcmUgdGltZS4mbmJzcDsgaS5lLiBub3QgaGF2ZSBUaWVyVXNlciBh bmQgVGllckdyb3VwIGFuZCBqdXN0IGhhdmUgVXNlciBhbmQgR3JvdXAgYW5kIHNlZSB3aGF0IHRo ZXkgd291bGQgbG9vayBsaWtlIHdoZW4gd2UgYWRkIGluIG91ciBUaWVyIGV4dGVuc2lvbiBzY2hl bWFzLiZuYnNwOyBJIGtub3cgaXRzIG5vdCBpZGVhbCBub3QgdG8gaGF2ZSBhIHByaXN0aW5lIHJl cHJlc2VudGF0aW9uLCBidXQgSW0gYm90aGVyZWQgYnkgaGF2aW5nDQogdHdvIHNlcGFyYXRlIHJl c291cmNlcywgc2VlbXMgbGlrZSBpdCB3aWxsIGNhdXNlIGlzc3VlcyBkb3duIHRoZSByb2Fk4oCm PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNl cmlmO2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZx dW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj5JIGtub3cgdGhlcmUg YXJlIHByb3MgYW5kIGNvbnMgaGVyZSwgYnV0IEkgdGhpbmsgd2Ugc2hvdWxkIGF0IGxlYXN0IGdp dmUgaXQgYW5vdGhlciBsb29rLiZuYnNwOyBNYXliZSBpdHMgbm90IHRoYXQgYmFk4oCmJm5ic3A7 DQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMt c2VyaWY7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6 JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPkF0dGFjaGVkIGlz IHNvbWUgZGlzY3Vzc2lvbiBvbiB0aGUgc2NpbSBsaXN0IGFuZCB0aGV5IGRvIG5vdCByZWNvbW1l bmQgb3VyIGN1cnJlbnQgYXBwcm9hY2jigKY8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom cXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2Nv bG9yOiMxRjQ5N0QiPlRoYW5rczxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nh bGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj5DaHJpczxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEu MHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0 OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0iYm9y ZGVyOm5vbmU7Ym9yZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6My4wcHQgMGlu IDBpbiAwaW4iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj5Gcm9t Ojwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1 b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj4NCjxhIGhyZWY9Im1haWx0bzp0aWVyLWFwaS1y ZXF1ZXN0QGludGVybmV0Mi5lZHUiPnRpZXItYXBpLXJlcXVlc3RAaW50ZXJuZXQyLmVkdTwvYT4g WzxhIGhyZWY9Im1haWx0bzp0aWVyLWFwaS1yZXF1ZXN0QGludGVybmV0Mi5lZHUiPm1haWx0bzp0 aWVyLWFwaS1yZXF1ZXN0QGludGVybmV0Mi5lZHU8L2E+XQ0KPGI+T24gQmVoYWxmIE9mIDwvYj5L ZWl0aCBIYXplbHRvbjxicj4NCjxiPlNlbnQ6PC9iPiBXZWRuZXNkYXksIEFwcmlsIDEzLCAyMDE2 IDc6NDUgQU08YnI+DQo8Yj5Ubzo8L2I+IFRJRVItQVBJICZsdDs8YSBocmVmPSJtYWlsdG86dGll ci1hcGlAaW50ZXJuZXQyLmVkdSI+dGllci1hcGlAaW50ZXJuZXQyLmVkdTwvYT4mZ3Q7PGJyPg0K PGI+U3ViamVjdDo8L2I+IFt0aWVyLWFwaV0gQ2hvb3NpbmcgYSBwYXRoIHJlZ2FyZGluZyBUSUVS LVNDSU0gcmVsYXRpb25zaGlwPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41 cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOmJsYWNr Ij5JIGhhdmUgZG9uZSBteSBiZXN0IHRvIGNhcHR1cmUgdGhlIHR3byBwcmltYXJ5IHByb3Bvc2Fs cyBJIGhhdmUgaGVhcmQgaW4gdGhpcyBvbmdvaW5nIGRpc2N1c3Npb24uICZuYnNwO0VhY2ggb2Yg eW91IHNob3VsZCBmZWVsIGVtcG93ZXJlZCB0byBlZGl0IHRoZSBwcm9wb3NhbCBkZWZpbml0aW9u cw0KIGFzIHdlbGwgYXMgdGhlIHByb3MgYW5kIGNvbnMuICZuYnNwO1NlZTxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1z ZXJpZjtjb2xvcjpibGFjayI+PGEgaHJlZj0iaHR0cHM6Ly9zcGFjZXMuaW50ZXJuZXQyLmVkdS9k aXNwbGF5L0RTQVdHL0FsdGVybmF0aXZlJiM0MztQcm9wb3NhbHMmIzQzO29uJiM0Mzt0aGUmIzQz O1JlbGF0aW9uc2hpcCYjNDM7QmV0d2VlbiYjNDM7VElFUiYjNDM7YW5kJiM0MztTQ0lNJiM0MztB UElzJiM0MzthbmQmIzQzO1NjaGVtYSI+aHR0cHM6Ly9zcGFjZXMuaW50ZXJuZXQyLmVkdS9kaXNw bGF5L0RTQVdHL0FsdGVybmF0aXZlJiM0MztQcm9wb3NhbHMmIzQzO29uJiM0Mzt0aGUmIzQzO1Jl bGF0aW9uc2hpcCYjNDM7QmV0d2VlbiYjNDM7VElFUiYjNDM7YW5kJiM0MztTQ0lNJiM0MztBUElz JiM0MzthbmQmIzQzO1NjaGVtYTwvYT4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEw LjVwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6Ymxh Y2siPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZx dW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjayI+QWdhaW4sIHRoZSBUSUVS LUFQSSBXb3JraW5nIEdyb3VwIFdJTEwgbWFrZSBhIGRlZmluaXRpdmUgY2hvaWNlIGJldHdlZW4g YWx0ZXJuYXRpdmVzIG5vIGxhdGVyIHRoYW4gNTowMCBwbSwgRnJpZGF5IEFwcmlsIDE1LjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVv dDssc2Fucy1zZXJpZjtjb2xvcjpibGFjayI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9y OmJsYWNrIj4mbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBSZWdhcmRz LCAmbmJzcDsgLS1LZWl0aDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8 L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvc3Bhbj4NCjwvYm9keT4NCjwvaHRtbD4N Cg== --Boundary_(ID_mkC8VoEn2A6M3O1H2pL0gw)-- --Boundary_(ID_ff4hIzRy/eFWhd3I+vqy0w) Content-id: Content-type: message/rfc822 Received: from CY1PR10MB0459.namprd10.prod.outlook.com (10.163.90.139) by BY1PR10MB0456.namprd10.prod.outlook.com (10.162.145.153) with Microsoft SMTP Server (TLS) id 15.1.453.26 via Mailbox Transport; Wed, 13 Apr 2016 23:08:40 +0000 Received: from DM2PR10CA0018.namprd10.prod.outlook.com (10.160.213.28) by CY1PR10MB0459.namprd10.prod.outlook.com (10.163.90.139) with Microsoft SMTP Server (TLS) id 15.1.453.26; Wed, 13 Apr 2016 23:08:38 +0000 Received: from BL2FFO11OLC005.protection.gbl (2a01:111:f400:7c09::126) by DM2PR10CA0018.outlook.office365.com (2a01:111:e400:5014::28) with Microsoft SMTP Server (TLS) id 15.1.453.26 via Frontend Transport; Wed, 13 Apr 2016 23:08:39 +0000 Received: from mr-mx2.net.isc.upenn.edu (128.91.3.185) by BL2FFO11OLC005.mail.protection.outlook.com (10.173.160.91) with Microsoft SMTP Server (TLS) id 15.1.453.6 via Frontend Transport; Wed, 13 Apr 2016 23:08:38 +0000 Received: from mail6.bemta8.messagelabs.com (mr-haproxy1.net.isc.upenn.edu [128.91.3.176]) by mr-mx2.net.isc.upenn.edu (Postfix) with ESMTPS id 827DB5FC5D for ; Wed, 13 Apr 2016 19:08:38 -0400 (EDT) Received: from [216.82.242.34] by server-15.bemta-8.messagelabs.com id 9B/2C-24415-671DE075; Wed, 13 Apr 2016 23:08:38 +0000 Received: (qmail 130778 invoked from network); 13 Apr 2016 23:08:37 -0000 Received: from aserp1040.oracle.com (HELO aserp1040.oracle.com) (141.146.126.69) by server-5.tower-73.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 13 Apr 2016 23:08:37 -0000 Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u3DN8YRS031286 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 13 Apr 2016 23:08:35 GMT Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by userv0022.oracle.com (8.14.4/8.13.8) with ESMTP id u3DN8Yhm028212 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 13 Apr 2016 23:08:34 GMT Received: from abhmp0018.oracle.com (abhmp0018.oracle.com [141.146.116.24]) by userv0121.oracle.com (8.13.8/8.13.8) with ESMTP id u3DN8W6b023752; Wed, 13 Apr 2016 23:08:32 GMT Received: from [10.0.1.20] (/24.86.216.17) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 13 Apr 2016 16:08:31 -0700 Received-SPF: SoftFail (protection.outlook.com: domain of transitioning oracle.com discourages use of 128.91.3.185 as permitted sender) Date: Wed, 13 Apr 2016 23:08:29 +0000 From: Phil Hunt Subject: Re: [scim] SCIM compliance In-reply-to: To: "Hyzer, Chris" Cc: Steve Moyer , "scim@ietf.org" Message-id: MIME-version: 1.0 Content-type: multipart/alternative; boundary="Boundary_(ID_hMLpKdHdjBu5TU49TDNVfA)" Content-language: en-US Thread-topic: [scim] SCIM compliance Thread-index: ZlZcCtOjBpn6u9fVCDJUmQXiul5ivfZzamUAgAAGInCAACyZgA== X-MS-Exchange-Organization-AuthSource: BL2FFO11OLC005.protection.gbl X-MS-Has-Attach: X-MS-Exchange-Organization-Network-Message-Id: f40f5f20-1f44-4f49-86be-08d363f08c88 X-MS-TNEF-Correlator: References: <1200429876.6668152.1460573725189.JavaMail.zimbra@psu.edu> X-Message-flag: Follow up --Boundary_(ID_hMLpKdHdjBu5TU49TDNVfA) Content-type: text/plain; charset=utf-8 Content-transfer-encoding: base64 QWRkaW5nIGV4dGVuc2lvbnMgdG8gYXR0cmlidXRlcyBpcyBub3QgYSBzdXBwb3J0ZWQgKG9yIGF0 IGxlYXN0IGV4cGVjdGVkKSB3YXkgdG8gZXh0ZW5kIHRoZSBzY2hlbWEuDQoNCg0KVGhlIGV4cGVj dGF0aW9uIGZvciBlYWNoIGV4dGVuc2lvbiBpcyB0aGVyZSBpcyBhIHNpbmdsZSBKU09OIHN0cnVj dHVyZSB3aG9zZSBhdHRyaWJ1dGUgbmFtZSBjb3JyZXNwb25kcyB0byB0aGUgc2NoZW1hIGV4dGVu c2lvbiBpbiB0aGUgc2NoZW1hcyBhdHRyaWJ1dGUuDQoNCkV4aXN0aW5nIGltcGxlbWVudGF0aW9u cyB3b3VsZCBub3QgbG9vayBmb3IgZW1iZWRkZWQgZXh0ZW5zaW9ucyBhbnl3aGVyZSBvdGhlciB0 aGFuIHRoZSByb290IGxldmVsIG9mIHRoZSB0b3AgSlNPTiBzdHJ1Y3R1cmUuDQoNCk5vdGUgYWxz byB0aGF0IHlvdSBoYXZlIOKAnHB1YmxpY+KAnSBhbmQg4oCcYXV0aGVudGljYXRlZOKAnSBhcyBu b3QgdmFsaWQgaW4gdGhlaXIgb3duIHJpZ2h0LiAgVGhleSBuZWVkIGEgbmFtZSB2YWx1ZSBwYWly Lg0KDQpTbyBhc3N1bWluZyB0aGVzZSBhcmUgYXR0cmlidXRlcyB3aXRoIGEgdHJ1ZSAvIGZhbHNl IHZhbHVlLCBoZXJlIGlzIGEgc3RydWN0dXJlIHRoYXQgbWlnaHQgd29yay4gIE5vdGUgYWxzbyB0 aGF0IHlvdSBjYW7igJl0IGp1c3Qgb3ZlcnJpZ2h0IGEgcHVibGlzaGVkIHNjaGVtYSAoZS5nLiBl bnRlcnByaXNlIHVzZXIpLiBJ4oCZdmUgY2hhbmdlZCB0aGUgc2NoZW1hIFVSTiB0byBzb21ldGhp bmcgdW5pcXVlIChpdCBjb3VsZCBiZSBhbnl0aGluZyByZWFsbHkpLiAgTm90ZSB0aGF0IGluIHZp ZXdFbWFpbHMgSSB1c2UgdGhlIHNhbWUg4oCcdHlwZeKAnSB0byBhc3NvY2lhdGUgdGhlIG5ldyBh dHRyaWJ1dGUgd2l0aCB0aGUgc3RhbmRhcmQgZW1haWxzIGF0dHJpYnV0ZS4NCg0KQWxzbywgeW91 IGNvdWxkIHVzZSBqdXN0IOKAnGVtYWlsc+KAnSBpbiB5b3VyIGV4dGVuc2lvbiBhbmQgdGhhdCB3 b3VsZCBnZW5lcmF0ZSBubyBjb25mbGljdHMuICBIT1dFVkVSLCBpdCBtZWFucyB0aGF0IGV2ZXJ5 IHRpbWUgeW91IHdhbnQgdG8gcmVmZXJlbmNlIGVtYWlscyBpbiB0aGUgZXh0ZW5kZWQgc2NoZW1h IHlvdeKAmWQgaGF2ZSB0byByZWZlcmVuY2UgdGhlIGF0dHJpYnV0ZSB3aXRoIHRoZSBmdWxsIHVy biBuYW1lc3BhY2UgYXMgd2VsbCAoZS5nLiB1cm46aWV0ZjpwYXJhbXM6c2NpbTpzY2hlbWFzOmV4 dGVuc2lvbjpzb21lb3JnOnZpZXdUeXBlOmVtYWlscykgaW4gb3JkZXIgdG8gZGlzdGluZ3Vpc2gg aXQgZnJvbSBlbWFpbHMgaW4gdGhlIHBhcmVudCBibG9jayAod2hvc2Ugc2NoZW1hIGlzIHVybjpp ZXRmOnBhcmFtczpzY2ltOnNjaGVtYXM6Y29yZToyLjA6VXNlcjplbWFpbHMpLg0KDQp7DQogICJz Y2hlbWFzIjoNCiAgICBbInVybjppZXRmOnBhcmFtczpzY2ltOnNjaGVtYXM6Y29yZToyLjA6VXNl ciIsDQogICAgICDigJx1cm46aWV0ZjpwYXJhbXM6c2NpbTpzY2hlbWFzOmV4dGVuc2lvbjpzb21l b3JnOnZpZXdUeXBlIl0sDQogICJpZCI6ICIyODE5YzIyMy03Zjc2LTQ1M2EtOTE5ZC00MTM4NjE5 MDQ2NDYiLA0KICAiZXh0ZXJuYWxJZCI6ICI3MDE5ODQiLA0KICAidXNlck5hbWUiOiAiYmplbnNl bkBleGFtcGxlLmNvbTxtYWlsdG86YmplbnNlbkBleGFtcGxlLmNvbT4iLA0KICAiZW1haWxzIjog Ww0KICAgIHsNCiAgICAgICJ2YWx1ZSI6ICJiamVuc2VuQGV4YW1wbGUuY29tPG1haWx0bzpiamVu c2VuQGV4YW1wbGUuY29tPiIsDQogICAgICAidHlwZSI6ICJ3b3JrIiwNCiAgICAgICJwcmltYXJ5 IjogdHJ1ZQ0KICAgIH0sDQogICAgew0KICAgICAgInZhbHVlIjogImJhYnNAamVuc2VuLm9yZzxt YWlsdG86YmFic0BqZW5zZW4ub3JnPiIsDQogICAgICAidHlwZSI6ICJob21lIg0KICAgIH0NCiAg XSwNCiJ1cm46aWV0ZjpwYXJhbXM6c2NpbTpzY2hlbWFzOmV4dGVuc2lvbjpzb21lb3JnOnZpZXdU eXBl4oCdOnsNCiAg4oCcdmlld0VtYWlsc+KAnTogW3sNCiAgICAgImF1dGhlbnRpY2F0ZWTigJ06 dHJ1ZSwNCiAgICDigJx0eXBl4oCdOuKAnWhvbWXigJ0NCiAgIH0sDQogIHsNCiAgICDigJxwdWJs aWPigJ06dHJ1ZSwNCiAgICDigJx0eXBl4oCdOuKAnXdvcmvigJ0NCiAgfQ0KICBdLA0KICAibWV0 YSI6IHsNCiAgICAicmVzb3VyY2VUeXBlIjogIlVzZXIiLA0KICAgICJjcmVhdGVkIjogIjIwMTAt MDEtMjNUMDQ6NTY6MjJaIiwNCiAgICAibGFzdE1vZGlmaWVkIjogIjIwMTEtMDUtMTNUMDQ6NDI6 MzRaIiwNCiAgICAidmVyc2lvbiI6ICJXXC9cIjM2OTRlMDVlOWRmZjU5MVwiIiwNCiAgICAibG9j YXRpb24iOg0KImh0dHBzOi8vZXhhbXBsZS5jb20vdjIvVXNlcnMvMjgxOWMyMjMtN2Y3Ni00NTNh LTkxOWQtNDEzODYxOTA0NjQ2Ig0KICB9DQp9DQpQaGlsDQoNCkBpbmRlcGVuZGVudGlkDQp3d3cu aW5kZXBlbmRlbnRpZC5jb208aHR0cDovL3d3dy5pbmRlcGVuZGVudGlkLmNvbT4NCnBoaWwuaHVu dEBvcmFjbGUuY29tPG1haWx0bzpwaGlsLmh1bnRAb3JhY2xlLmNvbT4NCg0KDQoNCg0KDQoNCiAg IE9uIEFwciAxMywgMjAxNiwgYXQgMToyOCBQTSwgSHl6ZXIsIENocmlzIDxtY2h5emVyQGlzYy51 cGVubi5lZHU8bWFpbHRvOm1jaHl6ZXJAaXNjLnVwZW5uLmVkdT4+IHdyb3RlOg0KDQogICBDYW4g eW91IGV4dGVuZCBhdHRyaWJ1dGVzIGluc2lkZSB0aGUgcmVwcmVzZW50YXRpb24/ICBUaGlzIGlz IG5vdCBhIHJlYWwgZXhhbXBsZSwganVzdCBhIGh5cG90aGV0aWNhbC4NCg0KICAgaS5lLiBpZiB0 aGlzIGlzIHRoZSBTQ0lNIHJlcHJlc2VudGF0aW9uOg0KDQogICB7DQogICAgICJzY2hlbWFzIjoN CiAgICAgICBbInVybjppZXRmOnBhcmFtczpzY2ltOnNjaGVtYXM6Y29yZToyLjA6VXNlciIsDQog ICAgICAgICAidXJuOmlldGY6cGFyYW1zOnNjaW06c2NoZW1hczpleHRlbnNpb246ZW50ZXJwcmlz ZToyLjA6VXNlciJdLA0KICAgICAiaWQiOiAiMjgxOWMyMjMtN2Y3Ni00NTNhLTkxOWQtNDEzODYx OTA0NjQ2IiwNCiAgICAgImV4dGVybmFsSWQiOiAiNzAxOTg0IiwNCiAgICAgInVzZXJOYW1lIjog ImJqZW5zZW5AZXhhbXBsZS5jb208bWFpbHRvOmJqZW5zZW5AZXhhbXBsZS5jb20+IiwNCiAgICAg ImVtYWlscyI6IFsNCiAgICAgICB7DQogICAgICAgICAidmFsdWUiOiAiYmplbnNlbkBleGFtcGxl LmNvbTxtYWlsdG86YmplbnNlbkBleGFtcGxlLmNvbT4iLA0KICAgICAgICAgInR5cGUiOiAid29y ayIsDQogICAgICAgICAicHJpbWFyeSI6IHRydWUNCiAgICAgICB9LA0KICAgICAgIHsNCiAgICAg ICAgICJ2YWx1ZSI6ICJiYWJzQGplbnNlbi5vcmc8bWFpbHRvOmJhYnNAamVuc2VuLm9yZz4iLA0K ICAgICAgICAgInR5cGUiOiAiaG9tZSINCiAgICAgICB9DQogICAgIF0sDQogICAgICJtZXRhIjog ew0KICAgICAgICJyZXNvdXJjZVR5cGUiOiAiVXNlciIsDQogICAgICAgImNyZWF0ZWQiOiAiMjAx MC0wMS0yM1QwNDo1NjoyMloiLA0KICAgICAgICJsYXN0TW9kaWZpZWQiOiAiMjAxMS0wNS0xM1Qw NDo0MjozNFoiLA0KICAgICAgICJ2ZXJzaW9uIjogIldcL1wiMzY5NGUwNWU5ZGZmNTkxXCIiLA0K ICAgICAgICJsb2NhdGlvbiI6DQogICAiaHR0cHM6Ly9leGFtcGxlLmNvbS92Mi9Vc2Vycy8yODE5 YzIyMy03Zjc2LTQ1M2EtOTE5ZC00MTM4NjE5MDQ2NDYiDQogICAgIH0NCiAgIH0NCg0KICAgQW5k IHdlIHdhbnRlZCB0byBhZGQgYW4gYXR0cmlidXRlIHRvIGVtYWlscywgd2Ugd291bGQgd2FudCBp dCB0byBsb29rIGxpa2UgdGhpcy4gIEJ1dCB5b3UgY2FudCBhZGQgYXR0cmlidXRlcyB0aHJvdWdo b3V0IHRoZSBvYmplY3QgbW9kZWwgcmlnaHQ/ICBTbyBpZiB3ZSBhZGQgYXR0cmlidXRlcyB0byBN ZXRhLCB3ZSBuZWVkIG91ciBvd24gTWV0YSBvYmplY3QuICBJZiB3ZSBhZGQgYXR0cmlidXRlcyB0 byBHcm91cCwgd2Ugd291bGRu4oCZdCBzZWUgdGhvc2UgaW4gdGhlIGdyb3VwcyBhdHRyaWJ1dGUg b2YgdGhlIFVzZXI/ICBUaGUgZXh0ZW5zaW9ucyBzZWVtIHVzYWJsZSBpZiB5b3UgYXJlIGFkZGlu ZyB0b3AgbGV2ZWwgYXR0cmlidXRlcyB0byB0aGUgcmV0dXJuZWQgcmVzb3VyY2UsIG5vdCBpZiB5 b3UgYXJlIGFkZGluZyBhdHRyaWJ1dGVzIHRvIG5lc3RlZCBvYmplY3RzLi4uDQoNCiAgIHsNCiAg ICAgInNjaGVtYXMiOg0KICAgICAgIFsidXJuOmlldGY6cGFyYW1zOnNjaW06c2NoZW1hczpjb3Jl OjIuMDpVc2VyIiwNCiAgICAgICAgICJ1cm46aWV0ZjpwYXJhbXM6c2NpbTpzY2hlbWFzOmV4dGVu c2lvbjplbnRlcnByaXNlOjIuMDpVc2VyIl0sDQogICAgICJpZCI6ICIyODE5YzIyMy03Zjc2LTQ1 M2EtOTE5ZC00MTM4NjE5MDQ2NDYiLA0KICAgICAiZXh0ZXJuYWxJZCI6ICI3MDE5ODQiLA0KICAg ICAidXNlck5hbWUiOiAiYmplbnNlbkBleGFtcGxlLmNvbTxtYWlsdG86YmplbnNlbkBleGFtcGxl LmNvbT4iLA0KICAgICAiZW1haWxzIjogWw0KICAgICAgIHsNCiAgICAgICAgICJ2YWx1ZSI6ICJi amVuc2VuQGV4YW1wbGUuY29tPG1haWx0bzpiamVuc2VuQGV4YW1wbGUuY29tPiIsDQogICAgICAg ICAidHlwZSI6ICJ3b3JrIiwNCiAgICAgICAgICJwcmltYXJ5IjogdHJ1ZSwNCiAgICAgICAgICJ1 cm46aWV0ZjpwYXJhbXM6c2NpbTpzY2hlbWFzOmV4dGVuc2lvbjplbnRlcnByaXNlOjIuMDpVc2Vy OnZpZXdUeXBlIjogInB1YmxpYyINCiAgICAgICB9LA0KICAgICAgIHsNCiAgICAgICAgICJ2YWx1 ZSI6ICJiYWJzQGplbnNlbi5vcmc8bWFpbHRvOmJhYnNAamVuc2VuLm9yZz4iLA0KICAgICAgICAg InR5cGUiOiAiaG9tZSIsDQogICAgICAgICAidXJuOmlldGY6cGFyYW1zOnNjaW06c2NoZW1hczpl eHRlbnNpb246ZW50ZXJwcmlzZToyLjA6VXNlcjp2aWV3VHlwZSI6ICJhdXRoZW50aWNhdGVkIg0K ICAgICAgIH0NCiAgICAgXSwNCiAgICAgIm1ldGEiOiB7DQogICAgICAgInJlc291cmNlVHlwZSI6 ICJVc2VyIiwNCiAgICAgICAiY3JlYXRlZCI6ICIyMDEwLTAxLTIzVDA0OjU2OjIyWiIsDQogICAg ICAgImxhc3RNb2RpZmllZCI6ICIyMDExLTA1LTEzVDA0OjQyOjM0WiIsDQogICAgICAgInZlcnNp b24iOiAiV1wvXCIzNjk0ZTA1ZTlkZmY1OTFcIiIsDQogICAgICAgImxvY2F0aW9uIjoNCiAgICJo dHRwczovL2V4YW1wbGUuY29tL3YyL1VzZXJzLzI4MTljMjIzLTdmNzYtNDUzYS05MTlkLTQxMzg2 MTkwNDY0NiINCiAgICAgfQ0KICAgfQ0KDQoNCiAgIC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0t DQogICBGcm9tOiBzY2ltIFttYWlsdG86c2NpbS1ib3VuY2VzQGlldGYub3JnXSBPbiBCZWhhbGYg T2YgUGhpbCBIdW50IChJRE0pDQogICBTZW50OiBXZWRuZXNkYXksIEFwcmlsIDEzLCAyMDE2IDQ6 MDcgUE0NCiAgIFRvOiBTdGV2ZSBNb3llciA8c21veWVyQHBzdS5lZHU8bWFpbHRvOnNtb3llckBw c3UuZWR1Pj4NCiAgIENjOiBzY2ltQGlldGYub3JnPG1haWx0bzpzY2ltQGlldGYub3JnPg0KICAg U3ViamVjdDogUmU6IFtzY2ltXSBTQ0lNIGNvbXBsaWFuY2UNCg0KICAgSSB3b3VsZCB0aGluayB5 b3Ugd291bGQgd2FudCB0byB1c2UgdGhlIGNvcmUgdXNlciByZXNvdXJjZSBhbmQgdGhlbiBleHRl bmQgaXQgYXMgd2UgZGlkIHdpdGggZWR1cGVyc29uIGluIGxkYXAuDQoNCiAgIFBoaWwNCg0KICAg PiBPbiBBcHIgMTMsIDIwMTYsIGF0IDExOjU1LCBTdGV2ZSBNb3llciA8c21veWVyQHBzdS5lZHU8 bWFpbHRvOnNtb3llckBwc3UuZWR1Pj4gd3JvdGU6DQogICA+DQogICA+IEFsbCwNCiAgID4NCiAg ID4gV2UndmUgYmVlbiB3b3JraW5nIG9uIGEgZmlyc3QtcHJpbmNpcGxlcyByZXdyaXRlIG9mIG91 ciBTQ0lNIDIuMCBzeXN0ZW0gKGJhc2VkIG9uIGEgcHJlLXJhdGlmaWVkIHZlcnNpb24gb2YgdGhl IHNwZWNpZmljYXRpb24pIGJ1dCB3ZSd2ZSBhbHNvIGJlZW4gcHJvbW90aW5nIFNDSU0gZm9yIGl0 cyBpbnRlbmRlZCB1c2UgaW4gdGhlIGhpZ2hlci1lZCBjb21tdW5pdHkuDQogICA+DQogICA+IFJl Y2VudGx5IHRoZXJlJ3MgYmVlbiBhIGRpc2N1c3Npb24gYWJvdXQgd2hhdCBpdCByZWFsbHkgbWVh bnMgdG8gYmUgImNvbXBsaWFudCIuICBJJ20gdGFraW5nIHRoZSBoYXJkLWxpbmUgdmlldyB0aGF0 IHdpdGhvdXQgaW50ZXItb3BlcmFiaWxpdHksIHRoZXJlJ3Mgbm90IHJlYWxseSBhIHBvaW50IGlu IGJlaW5nIHRlY2huaWNhbGx5IGNvbXBhdGlibGUuICBUaGUgVElFUiBncm91cCB3aXRoaW4gdGhl IEludGVybmV0MiBpcyB0YWxraW5nIGFib3V0IGNyZWF0aW5nIFRpZXJVc2VyIGFuZCBUaWVyR3Jv dXAgUmVzb3VyY2VUeXBlcyBhbmQgdXNpbmcgdGhvc2UgaW5zdGVhZCBvZiB0aGUgY29yZSBVc2Vy IGFuZCBHcm91cCBSZXNvdXJjZVR5cGUuDQogICA+DQogICA+IFRlY2huaWNhbGx5LCB0aGUgc3Bl Y2lmaWNhdGlvbiBhbGxvd3MgKmFueSogcmVzb3VyY2UgdHlwZSB0byBiZSBhZGRlZCAocGVyIHNl Y3Rpb24gMy4yIG9mIHRoZSBTY2hlbWEgc3BlY2lmaWNhdGlvbikgYW5kIHdoaWxlIGl0IGltcGxp ZXMgdGhlIGNvcmUgVXNlciBhbmQgY29yZSBHcm91cCBhcmUgcmVxdWlyZWQgKHVzaW5nIHRoZSB3 b3JkICJwcm92aWRlZCIpIHRoZSBzcGVjaWZpY2F0aW9uIGRvZXNuJ3QgdGVjaG5pY2FsbHkgc2F5 IGEgc2VydmljZSBNVVNUIHByb3ZpZGUgdGhvc2UgZW5kLXBvaW50cy4NCiAgID4NCiAgID4gSSd2 ZSBhdHRhY2hlZCBhIGRvY3VtZW50IHdpdGggdGhlIHR3byBmYXZvcml0ZSBUSUVSIHByb3Bvc2Fs cyBhbmQgbXkgdmlldyBpcyB0aGF0IG5laXRoZXIgb2YgdGhlbSBhcmUgY29tcGxpYW50LiAgUHJv cG9zYWwgdHdvICpjb3VsZCogYmUgaW50ZXItb3BlcmFibGUgaWYgdGhlIHBlcnNpc3RlZCBUSUVS IHVzZXIgb2JqZWN0IHdhcyBleHBvc2VkIHZpYSBib3RoIHRoZSBUaWVyVXNlcnMgYW5kIFVzZXJz IGVuZHBvaW50cy4gIFRoaXMgdmlvbGF0ZXMgYSBwcmluY2lwbGUgb2YgUkVTVCAoYSByZXNvdXJj ZSBoYXMgYSB1bmlxdWUgVVJMKSB0aG91Z2guICBJIHNob3VsZCBhbHNvIG5vdGUgdGhhdCB0aGUg dXNlIG9mIHF1ZXJ5IHBhcmFtZXRlcnMsIGhlYWRlcnMgYW5kIEhUVFAgc3RhdHVzIGNvZGVzIHBy b3Bvc2VkIGJ5IFRJRVIgYXJlIGFsc28gImludGVyZXN0aW5nIi4NCiAgID4NCiAgID4gV2hhdCBh cmUgdGhpcyBncm91cCdzIG9waW5pb25zPw0KICAgPg0KICAgPiBUaGFua3MsDQogICA+DQogICA+ IFN0ZXZlDQogICA+DQogICA+IOKAnEFsbCB0aGUgZWFzeSBzdHVmZuKAmXMgYmVlbiBkb25l4oCm LiBXZeKAmXZlIGdvdCB0aGUgd2hlZWwsIGZpcmUsIHRoZSBUViBjbGlja2Vy4oCUd2hhdCBlbHNl IGRvIHlvdSBuZWVkP+KAnSAtIERlYW4gS2FtZW4NCiAgID4gPERTQVdHLUFsdGVybmF0aXZlUHJv cG9zYWxzb250aGVSZWxhdGlvbnNoaXBCZXR3ZWVuVElFUmFuZFNDSU1BUElzYW5kU2NoZW1hLTEz MDQxNi0xODQ1LTIxNDQucGRmPg0KICAgPiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fXw0KICAgPiBzY2ltIG1haWxpbmcgbGlzdA0KICAgPiBzY2ltQGlldGYu b3JnPG1haWx0bzpzY2ltQGlldGYub3JnPg0KICAgPiBodHRwczovL3d3dy5pZXRmLm9yZy9tYWls bWFuL2xpc3RpbmZvL3NjaW0NCg0KICAgX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX18NCiAgIHNjaW0gbWFpbGluZyBsaXN0DQogICBzY2ltQGlldGYub3JnPG1h aWx0bzpzY2ltQGlldGYub3JnPg0KICAgaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0 aW5mby9zY2ltDQoNCg0K --Boundary_(ID_hMLpKdHdjBu5TU49TDNVfA) Content-id: <2E1AD1E5770A694294555D1CA808233F@namprd10.prod.outlook.com> Content-type: text/html; charset=utf-8 Content-transfer-encoding: base64 PGh0bWw+PGhlYWQ+DQo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRl eHQvaHRtbDsgY2hhcnNldD11dGYtOCI+DQo8L2hlYWQ+DQo8Ym9keSBzdHlsZT0id29yZC13cmFw OiBicmVhay13b3JkOyAtd2Via2l0LW5ic3AtbW9kZTogc3BhY2U7IC13ZWJraXQtbGluZS1icmVh azogYWZ0ZXItd2hpdGUtc3BhY2U7IiBjbGFzcz0iIj4NCkFkZGluZyBleHRlbnNpb25zIHRvIGF0 dHJpYnV0ZXMgaXMgbm90IGEgc3VwcG9ydGVkIChvciBhdCBsZWFzdCBleHBlY3RlZCkgd2F5IHRv IGV4dGVuZCB0aGUgc2NoZW1hLjxiciBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNz PSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPlRoZSBleHBlY3RhdGlvbiBmb3IgZWFjaCBleHRl bnNpb24gaXMgdGhlcmUgaXMgYSBzaW5nbGUgSlNPTiBzdHJ1Y3R1cmUgd2hvc2UgYXR0cmlidXRl IG5hbWUgY29ycmVzcG9uZHMgdG8gdGhlIHNjaGVtYSBleHRlbnNpb24gaW4gdGhlIHNjaGVtYXMg YXR0cmlidXRlLjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxk aXYgY2xhc3M9IiI+RXhpc3RpbmcgaW1wbGVtZW50YXRpb25zIHdvdWxkIG5vdCBsb29rIGZvciBl bWJlZGRlZCBleHRlbnNpb25zIGFueXdoZXJlIG90aGVyIHRoYW4gdGhlIHJvb3QgbGV2ZWwgb2Yg dGhlIHRvcCBKU09OIHN0cnVjdHVyZS48L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIi Pg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPk5vdGUgYWxzbyB0aGF0IHlvdSBoYXZlIOKAnHB1Ymxp Y+KAnSBhbmQg4oCcYXV0aGVudGljYXRlZOKAnSBhcyBub3QgdmFsaWQgaW4gdGhlaXIgb3duIHJp Z2h0LiAmbmJzcDtUaGV5IG5lZWQgYSBuYW1lIHZhbHVlIHBhaXIuICZuYnNwOzwvZGl2Pg0KPGRp diBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+U28gYXNzdW1p bmcgdGhlc2UgYXJlIGF0dHJpYnV0ZXMgd2l0aCBhIHRydWUgLyBmYWxzZSB2YWx1ZSwgaGVyZSBp cyBhIHN0cnVjdHVyZSB0aGF0IG1pZ2h0IHdvcmsuICZuYnNwO05vdGUgYWxzbyB0aGF0IHlvdSBj YW7igJl0IGp1c3Qgb3ZlcnJpZ2h0IGEgcHVibGlzaGVkIHNjaGVtYSAoZS5nLiBlbnRlcnByaXNl IHVzZXIpLiBJ4oCZdmUgY2hhbmdlZCB0aGUgc2NoZW1hIFVSTiB0byBzb21ldGhpbmcgdW5pcXVl IChpdCBjb3VsZCBiZSBhbnl0aGluZw0KIHJlYWxseSkuICZuYnNwO05vdGUgdGhhdCBpbiB2aWV3 RW1haWxzIEkgdXNlIHRoZSBzYW1lIOKAnHR5cGXigJ0gdG8gYXNzb2NpYXRlIHRoZSBuZXcgYXR0 cmlidXRlIHdpdGggdGhlIHN0YW5kYXJkIGVtYWlscyBhdHRyaWJ1dGUuJm5ic3A7PC9kaXY+DQo8 ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5BbHNvLCB5 b3UgY291bGQgdXNlIGp1c3Qg4oCcZW1haWxz4oCdIGluIHlvdXIgZXh0ZW5zaW9uIGFuZCB0aGF0 IHdvdWxkIGdlbmVyYXRlIG5vIGNvbmZsaWN0cy4gJm5ic3A7SE9XRVZFUiwgaXQgbWVhbnMgdGhh dCBldmVyeSB0aW1lIHlvdSB3YW50IHRvIHJlZmVyZW5jZSBlbWFpbHMgaW4gdGhlIGV4dGVuZGVk IHNjaGVtYSB5b3XigJlkIGhhdmUgdG8gcmVmZXJlbmNlIHRoZSBhdHRyaWJ1dGUgd2l0aCB0aGUg ZnVsbCB1cm4gbmFtZXNwYWNlDQogYXMgd2VsbCAoZS5nLiZuYnNwOzxiIHN0eWxlPSJmb250LWZh bWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxNXB4OyIgY2xhc3M9IiI+dXJu OmlldGY6cGFyYW1zOnNjaW06c2NoZW1hczpleHRlbnNpb246c29tZW9yZzp2aWV3VHlwZTplbWFp bHM8L2I+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250 LXNpemU6IDE1cHg7IiBjbGFzcz0iIj4pIGluIG9yZGVyIHRvIGRpc3Rpbmd1aXNoIGl0IGZyb20N CiBlbWFpbHMgaW4gdGhlIHBhcmVudCBibG9jayAod2hvc2Ugc2NoZW1hIGlzJm5ic3A7PC9zcGFu PjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXpl OiAxNXB4OyIgY2xhc3M9IiI+dXJuOmlldGY6cGFyYW1zOnNjaW06c2NoZW1hczpjb3JlOjIuMDpV c2VyOmVtYWlscykuJm5ic3A7PC9zcGFuPjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9 IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4g MC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2Vy aWY7IiBjbGFzcz0iIj4NCns8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0i bWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBD YWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQombmJzcDsgJnF1b3Q7c2NoZW1hcyZxdW90 Ozo8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGlu IDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNl cmlmOyIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsgWyZxdW90O3VybjppZXRmOnBhcmFt czpzY2ltOnNjaGVtYXM6Y29yZToyLjA6VXNlciZxdW90Oyw8bzpwIGNsYXNzPSIiPjwvbzpwPjwv ZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDEx cHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQombmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsg4oCcPGIgY2xhc3M9IiI+dXJuOmlldGY6cGFyYW1zOnNj aW06c2NoZW1hczpleHRlbnNpb246c29tZW9yZzp2aWV3VHlwZTwvYj4mcXVvdDtdLDxvOnAgY2xh c3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7 IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFz cz0iIj4NCiZuYnNwOyAmcXVvdDtpZCZxdW90OzogJnF1b3Q7MjgxOWMyMjMtN2Y3Ni00NTNhLTkx OWQtNDEzODYxOTA0NjQ2JnF1b3Q7LDxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0 eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1p bHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCiZuYnNwOyAmcXVvdDtleHRlcm5h bElkJnF1b3Q7OiAmcXVvdDs3MDE5ODQmcXVvdDssPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4N CjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBm b250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KJm5ic3A7ICZxdW90 O3VzZXJOYW1lJnF1b3Q7OiAmcXVvdDs8YSBocmVmPSJtYWlsdG86YmplbnNlbkBleGFtcGxlLmNv bSIgc3R5bGU9ImNvbG9yOiByZ2IoMTQ5LCA3OSwgMTE0KTsiIGNsYXNzPSIiPmJqZW5zZW5AZXhh bXBsZS5jb208L2E+JnF1b3Q7LDxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxl PSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6 IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCiZuYnNwOyAmcXVvdDtlbWFpbHMmcXVv dDs6IFs8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4g MGluIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5z LXNlcmlmOyIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsgezxvOnAgY2xhc3M9IiI+PC9v OnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6 ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCiZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAmcXVvdDt2YWx1ZSZxdW90OzogJnF1b3Q7PGEg aHJlZj0ibWFpbHRvOmJqZW5zZW5AZXhhbXBsZS5jb20iIHN0eWxlPSJjb2xvcjogcmdiKDE0OSwg NzksIDExNCk7IiBjbGFzcz0iIj5iamVuc2VuQGV4YW1wbGUuY29tPC9hPiZxdW90Oyw8bzpwIGNs YXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0 OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xh c3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgJnF1b3Q7dHlwZSZxdW90Ozog JnF1b3Q7d29yayZxdW90Oyw8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0i bWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBD YWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsgJnF1b3Q7cHJpbWFyeSZxdW90OzogdHJ1ZTwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2lu OiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJp LCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsgfSw8bzpwIGNsYXNz PSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBm b250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9 IiI+DQombmJzcDsmbmJzcDsmbmJzcDsgezxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2 IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1m YW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyAmcXVvdDt2YWx1ZSZxdW90OzogJnF1b3Q7PGEgaHJlZj0ibWFpbHRvOmJh YnNAamVuc2VuLm9yZyIgc3R5bGU9ImNvbG9yOiByZ2IoMTQ5LCA3OSwgMTE0KTsiIGNsYXNzPSIi PmJhYnNAamVuc2VuLm9yZzwvYT4mcXVvdDssPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxk aXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250 LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7ICZxdW90O3R5cGUmcXVvdDs6ICZxdW90O2hvbWUmcXVvdDs8L2Rpdj4N CjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBm b250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7 Jm5ic3A7IH08bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAw aW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBz YW5zLXNlcmlmOyIgY2xhc3M9IiI+DQombmJzcDsgXSw8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2 Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyIgY2xhc3M9IiI+PHNwYW4g c3R5bGU9ImJhY2tncm91bmQtY29sb3I6IHJnYigyNTUsIDI1NSwgMCk7IiBjbGFzcz0iIj48Zm9u dCBmYWNlPSJDYWxpYnJpLCBzYW5zLXNlcmlmIiBjbGFzcz0iIj48c3BhbiBzdHlsZT0iZm9udC1z aXplOiAxMXB0OyIgY2xhc3M9IiI+JnF1b3Q7PC9zcGFuPjwvZm9udD48L3NwYW4+PHNwYW4gc3R5 bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE1cHg7IiBj bGFzcz0iIj48YiBjbGFzcz0iIj51cm46aWV0ZjpwYXJhbXM6c2NpbTpzY2hlbWFzOmV4dGVuc2lv bjpzb21lb3JnOnZpZXdUeXBlPC9iPjwvc3Bhbj48c3BhbiBzdHlsZT0iYmFja2dyb3VuZC1jb2xv cjogcmdiKDI1NSwgMjU1LCAwKTsiIGNsYXNzPSIiPjxmb250IGZhY2U9IkNhbGlicmksIHNhbnMt c2VyaWYiIGNsYXNzPSIiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6IDE1cHg7IiBjbGFzcz0iIj7i gJ08L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTFwdDsiIGNsYXNzPSIiPjp7PC9zcGFu PjwvZm9udD48L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAx cHQ7IiBjbGFzcz0iIj48c3BhbiBzdHlsZT0iYmFja2dyb3VuZC1jb2xvcjogcmdiKDI1NSwgMjU1 LCAwKTsiIGNsYXNzPSIiPjxmb250IGZhY2U9IkNhbGlicmksIHNhbnMtc2VyaWYiIGNsYXNzPSIi PjxzcGFuIHN0eWxlPSJmb250LXNpemU6IDExcHQ7IiBjbGFzcz0iIj4mbmJzcDsmbmJzcDs8L3Nw YW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTVweDsiIGNsYXNzPSIiPuKAnHZpZXdFbWFpbHPi gJ06IFt7PC9zcGFuPjwvZm9udD48L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBp biAwaW4gMC4wMDAxcHQ7IiBjbGFzcz0iIj48c3BhbiBzdHlsZT0iYmFja2dyb3VuZC1jb2xvcjog cmdiKDI1NSwgMjU1LCAwKTsiIGNsYXNzPSIiPjxmb250IGZhY2U9IkNhbGlicmksIHNhbnMtc2Vy aWYiIGNsYXNzPSIiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6IDExcHQ7IiBjbGFzcz0iIj4mbmJz cDsgJm5ic3A7ICZuYnNwOyZxdW90O2F1dGhlbnRpY2F0ZWQ8L3NwYW4+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZTogMTVweDsiIGNsYXNzPSIiPuKAnTwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OiAxMXB0OyIgY2xhc3M9IiI+OnRydWUsPC9zcGFuPjwvZm9udD48L3NwYW4+PC9kaXY+DQo8ZGl2 IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IiBjbGFzcz0iIj48c3BhbiBzdHlsZT0i YmFja2dyb3VuZC1jb2xvcjogcmdiKDI1NSwgMjU1LCAwKTsiIGNsYXNzPSIiPjxmb250IGZhY2U9 IkNhbGlicmksIHNhbnMtc2VyaWYiIGNsYXNzPSIiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6IDEx cHQ7IiBjbGFzcz0iIj4mbmJzcDsgJm5ic3A7Jm5ic3A7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6IDE1cHg7IiBjbGFzcz0iIj7igJw8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTog MTFwdDsiIGNsYXNzPSIiPnR5cGU8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTVweDsi IGNsYXNzPSIiPuKAnTwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxMXB0OyIgY2xhc3M9 IiI+Ojwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxNXB4OyIgY2xhc3M9IiI+4oCdPC9z cGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6IDExcHQ7IiBjbGFzcz0iIj5ob21lPC9zcGFuPjxz cGFuIHN0eWxlPSJmb250LXNpemU6IDE1cHg7IiBjbGFzcz0iIj7igJ08L3NwYW4+PC9mb250Pjwv c3Bhbj48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsiIGNsYXNz PSIiPjxzcGFuIHN0eWxlPSJiYWNrZ3JvdW5kLWNvbG9yOiByZ2IoMjU1LCAyNTUsIDApOyIgY2xh c3M9IiI+PGZvbnQgZmFjZT0iQ2FsaWJyaSwgc2Fucy1zZXJpZiIgY2xhc3M9IiI+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZTogMTFwdDsiIGNsYXNzPSIiPiZuYnNwOyAmbmJzcDt9LDwvc3Bhbj48L2Zv bnQ+PC9zcGFuPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyIg Y2xhc3M9IiI+PHNwYW4gc3R5bGU9ImJhY2tncm91bmQtY29sb3I6IHJnYigyNTUsIDI1NSwgMCk7 IiBjbGFzcz0iIj48Zm9udCBmYWNlPSJDYWxpYnJpLCBzYW5zLXNlcmlmIiBjbGFzcz0iIj48c3Bh biBzdHlsZT0iZm9udC1zaXplOiAxMXB0OyIgY2xhc3M9IiI+Jm5ic3A7IHs8L3NwYW4+PC9mb250 Pjwvc3Bhbj48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsiIGNs YXNzPSIiPjxzcGFuIHN0eWxlPSJiYWNrZ3JvdW5kLWNvbG9yOiByZ2IoMjU1LCAyNTUsIDApOyIg Y2xhc3M9IiI+PGZvbnQgZmFjZT0iQ2FsaWJyaSwgc2Fucy1zZXJpZiIgY2xhc3M9IiI+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZTogMTFwdDsiIGNsYXNzPSIiPiZuYnNwOyAmbmJzcDsmbmJzcDs8L3Nw YW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTVweDsiIGNsYXNzPSIiPuKAnHB1YmxpY+KAnTp0 cnVlLDwvc3Bhbj48L2ZvbnQ+PC9zcGFuPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4g MGluIDAuMDAwMXB0OyIgY2xhc3M9IiI+PHNwYW4gc3R5bGU9ImJhY2tncm91bmQtY29sb3I6IHJn YigyNTUsIDI1NSwgMCk7IiBjbGFzcz0iIj48Zm9udCBmYWNlPSJDYWxpYnJpLCBzYW5zLXNlcmlm IiBjbGFzcz0iIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxMXB0OyIgY2xhc3M9IiI+Jm5ic3A7 ICZuYnNwOyZuYnNwOzwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxNXB4OyIgY2xhc3M9 IiI+4oCcPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6IDExcHQ7IiBjbGFzcz0iIj50eXBl PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6IDE1cHg7IiBjbGFzcz0iIj7igJ08L3NwYW4+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTFwdDsiIGNsYXNzPSIiPjo8L3NwYW4+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZTogMTVweDsiIGNsYXNzPSIiPuKAnTwvc3Bhbj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOiAxMXB0OyIgY2xhc3M9IiI+d29yazwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OiAxNXB4OyIgY2xhc3M9IiI+4oCdPC9zcGFuPjwvZm9udD48L3NwYW4+PC9kaXY+DQo8ZGl2IHN0 eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IiBjbGFzcz0iIj48c3BhbiBzdHlsZT0iYmFj a2dyb3VuZC1jb2xvcjogcmdiKDI1NSwgMjU1LCAwKTsiIGNsYXNzPSIiPjxmb250IGZhY2U9IkNh bGlicmksIHNhbnMtc2VyaWYiIGNsYXNzPSIiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6IDExcHQ7 IiBjbGFzcz0iIj4mbmJzcDsgfTwvc3Bhbj48L2ZvbnQ+PC9zcGFuPjwvZGl2Pg0KPGRpdiBzdHls ZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyIgY2xhc3M9IiI+PHNwYW4gc3R5bGU9ImJhY2tn cm91bmQtY29sb3I6IHJnYigyNTUsIDI1NSwgMCk7IiBjbGFzcz0iIj48Zm9udCBmYWNlPSJDYWxp YnJpLCBzYW5zLXNlcmlmIiBjbGFzcz0iIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxMXB0OyIg Y2xhc3M9IiI+Jm5ic3A7IF0sPC9zcGFuPjwvZm9udD48L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxl PSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IiBjbGFzcz0iIj48c3BhbiBzdHlsZT0iZm9udC1m YW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsiIGNsYXNzPSIiPiZu YnNwOyAmcXVvdDttZXRhJnF1b3Q7OiB7PC9zcGFuPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2lu OiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJp LCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRp diBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQt ZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJz cDsgJnF1b3Q7cmVzb3VyY2VUeXBlJnF1b3Q7OiAmcXVvdDtVc2VyJnF1b3Q7LDxvOnAgY2xhc3M9 IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZv bnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0i Ij4NCiZuYnNwOyZuYnNwOyZuYnNwOyAmcXVvdDtjcmVhdGVkJnF1b3Q7OiAmcXVvdDsyMDEwLTAx LTIzVDA0OjU2OjIyWiZxdW90Oyw8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHls ZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5 OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsgJnF1 b3Q7bGFzdE1vZGlmaWVkJnF1b3Q7OiAmcXVvdDsyMDExLTA1LTEzVDA0OjQyOjM0WiZxdW90Oyw8 bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAu MDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlm OyIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsgJnF1b3Q7dmVyc2lvbiZxdW90OzogJnF1 b3Q7V1wvXCZxdW90OzM2OTRlMDVlOWRmZjU5MVwmcXVvdDsmcXVvdDssPG86cCBjbGFzcz0iIj48 L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1z aXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0K Jm5ic3A7Jm5ic3A7Jm5ic3A7ICZxdW90O2xvY2F0aW9uJnF1b3Q7OjxvOnAgY2xhc3M9IiI+PC9v OnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6 ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCiZx dW90OzxhIGhyZWY9Imh0dHBzOi8vZXhhbXBsZS5jb20vdjIvVXNlcnMvMjgxOWMyMjMtN2Y3Ni00 NTNhLTkxOWQtNDEzODYxOTA0NjQ2IiBzdHlsZT0iY29sb3I6IHJnYigxNDksIDc5LCAxMTQpOyIg Y2xhc3M9IiI+aHR0cHM6Ly9leGFtcGxlLmNvbS92Mi9Vc2Vycy8yODE5YzIyMy03Zjc2LTQ1M2Et OTE5ZC00MTM4NjE5MDQ2NDY8L2E+JnF1b3Q7PG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxk aXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250 LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KJm5ic3A7IH08bzpwIGNs YXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0 OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xh c3M9IiI+DQp9PC9kaXY+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPg0K PGRpdiBjbGFzcz0iIj4NCjxkaXYgc3R5bGU9ImNvbG9yOiByZ2IoMCwgMCwgMCk7IGxldHRlci1z cGFjaW5nOiBub3JtYWw7IG9ycGhhbnM6IGF1dG87IHRleHQtYWxpZ246IHN0YXJ0OyB0ZXh0LWlu ZGVudDogMHB4OyB0ZXh0LXRyYW5zZm9ybTogbm9uZTsgd2hpdGUtc3BhY2U6IG5vcm1hbDsgd2lk b3dzOiBhdXRvOyB3b3JkLXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXN0cm9rZS13aWR0aDog MHB4OyB3b3JkLXdyYXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdl YmtpdC1saW5lLWJyZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KPGRpdiBzdHls ZT0iY29sb3I6IHJnYigwLCAwLCAwKTsgbGV0dGVyLXNwYWNpbmc6IG5vcm1hbDsgb3JwaGFuczog YXV0bzsgdGV4dC1hbGlnbjogc3RhcnQ7IHRleHQtaW5kZW50OiAwcHg7IHRleHQtdHJhbnNmb3Jt OiBub25lOyB3aGl0ZS1zcGFjZTogbm9ybWFsOyB3aWRvd3M6IGF1dG87IHdvcmQtc3BhY2luZzog MHB4OyAtd2Via2l0LXRleHQtc3Ryb2tlLXdpZHRoOiAwcHg7IHdvcmQtd3JhcDogYnJlYWstd29y ZDsgLXdlYmtpdC1uYnNwLW1vZGU6IHNwYWNlOyAtd2Via2l0LWxpbmUtYnJlYWs6IGFmdGVyLXdo aXRlLXNwYWNlOyIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPjxzcGFuIGNsYXNzPSJBcHBsZS1z dHlsZS1zcGFuIiBzdHlsZT0iYm9yZGVyLWNvbGxhcHNlOiBzZXBhcmF0ZTsgbGluZS1oZWlnaHQ6 IG5vcm1hbDsgYm9yZGVyLXNwYWNpbmc6IDBweDsiPg0KPGRpdiBjbGFzcz0iIiBzdHlsZT0id29y ZC13cmFwOiBicmVhay13b3JkOyAtd2Via2l0LW5ic3AtbW9kZTogc3BhY2U7IC13ZWJraXQtbGlu ZS1icmVhazogYWZ0ZXItd2hpdGUtc3BhY2U7Ij4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IGNsYXNz PSIiPg0KPGRpdiBjbGFzcz0iIj5QaGlsPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0i Ij4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5AaW5kZXBlbmRlbnRpZDwvZGl2Pg0KPGRpdiBjbGFz cz0iIj48YSBocmVmPSJodHRwOi8vd3d3LmluZGVwZW5kZW50aWQuY29tIiBjbGFzcz0iIj53d3cu aW5kZXBlbmRlbnRpZC5jb208L2E+PC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L3Nw YW4+PGEgaHJlZj0ibWFpbHRvOnBoaWwuaHVudEBvcmFjbGUuY29tIiBjbGFzcz0iIiBzdHlsZT0i b3JwaGFuczogMjsgd2lkb3dzOiAyOyI+cGhpbC5odW50QG9yYWNsZS5jb208L2E+PC9kaXY+DQo8 ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPC9kaXY+DQo8YnIgY2xhc3M9IkFw cGxlLWludGVyY2hhbmdlLW5ld2xpbmUiPg0KPC9kaXY+DQo8YnIgY2xhc3M9IkFwcGxlLWludGVy Y2hhbmdlLW5ld2xpbmUiPg0KPGJyIGNsYXNzPSJBcHBsZS1pbnRlcmNoYW5nZS1uZXdsaW5lIj4N CjwvZGl2Pg0KPGJyIGNsYXNzPSIiPg0KPGRpdj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNs YXNzPSIiPg0KPGRpdiBjbGFzcz0iIj5PbiBBcHIgMTMsIDIwMTYsIGF0IDE6MjggUE0sIEh5emVy LCBDaHJpcyAmbHQ7PGEgaHJlZj0ibWFpbHRvOm1jaHl6ZXJAaXNjLnVwZW5uLmVkdSIgY2xhc3M9 IiI+bWNoeXplckBpc2MudXBlbm4uZWR1PC9hPiZndDsgd3JvdGU6PC9kaXY+DQo8YnIgY2xhc3M9 IkFwcGxlLWludGVyY2hhbmdlLW5ld2xpbmUiPg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9 IldvcmRTZWN0aW9uMSIgc3R5bGU9InBhZ2U6IFdvcmRTZWN0aW9uMTsgZm9udC1mYW1pbHk6IEhl bHZldGljYTsgZm9udC1zaXplOiAxMnB4OyBmb250LXN0eWxlOiBub3JtYWw7IGZvbnQtdmFyaWFu dC1jYXBzOiBub3JtYWw7IGZvbnQtd2VpZ2h0OiBub3JtYWw7IGxldHRlci1zcGFjaW5nOiBub3Jt YWw7IG9ycGhhbnM6IGF1dG87IHRleHQtYWxpZ246IHN0YXJ0OyB0ZXh0LWluZGVudDogMHB4OyB0 ZXh0LXRyYW5zZm9ybTogbm9uZTsgd2hpdGUtc3BhY2U6IG5vcm1hbDsgd2lkb3dzOiBhdXRvOyB3 b3JkLXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXN0cm9rZS13aWR0aDogMHB4OyI+DQo8ZGl2 IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1m YW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCkNhbiB5b3UgZXh0ZW5kIGF0 dHJpYnV0ZXMgaW5zaWRlIHRoZSByZXByZXNlbnRhdGlvbj8mbmJzcDsgVGhpcyBpcyBub3QgYSBy ZWFsIGV4YW1wbGUsIGp1c3QgYSBoeXBvdGhldGljYWwuPG86cCBjbGFzcz0iIj48L286cD48L2Rp dj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0 OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPG86cCBjbGFz cz0iIj4mbmJzcDs8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAw MDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsi IGNsYXNzPSIiPg0KaS5lLiBpZiB0aGlzIGlzIHRoZSBTQ0lNIHJlcHJlc2VudGF0aW9uOjxvOnAg Y2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAx cHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBj bGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJt YXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENh bGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCns8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2 Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7 IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQombmJzcDsgJnF1 b3Q7c2NoZW1hcyZxdW90Ozo8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0i bWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBD YWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsgWyZxdW90 O3VybjppZXRmOnBhcmFtczpzY2ltOnNjaGVtYXM6Y29yZToyLjA6VXNlciZxdW90Oyw8bzpwIGNs YXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0 OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xh c3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgJnF1b3Q7dXJuOmlldGY6cGFy YW1zOnNjaW06c2NoZW1hczpleHRlbnNpb246ZW50ZXJwcmlzZToyLjA6VXNlciZxdW90O10sPG86 cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAw MDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsi IGNsYXNzPSIiPg0KJm5ic3A7ICZxdW90O2lkJnF1b3Q7OiAmcXVvdDsyODE5YzIyMy03Zjc2LTQ1 M2EtOTE5ZC00MTM4NjE5MDQ2NDYmcXVvdDssPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxk aXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250 LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KJm5ic3A7ICZxdW90O2V4 dGVybmFsSWQmcXVvdDs6ICZxdW90OzcwMTk4NCZxdW90Oyw8bzpwIGNsYXNzPSIiPjwvbzpwPjwv ZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDEx cHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQombmJzcDsg JnF1b3Q7dXNlck5hbWUmcXVvdDs6ICZxdW90OzxhIGhyZWY9Im1haWx0bzpiamVuc2VuQGV4YW1w bGUuY29tIiBzdHlsZT0iY29sb3I6IHJnYigxNDksIDc5LCAxMTQpOyB0ZXh0LWRlY29yYXRpb246 IHVuZGVybGluZTsiIGNsYXNzPSIiPmJqZW5zZW5AZXhhbXBsZS5jb208L2E+JnF1b3Q7LDxvOnAg Y2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAx cHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBj bGFzcz0iIj4NCiZuYnNwOyAmcXVvdDtlbWFpbHMmcXVvdDs6IFs8bzpwIGNsYXNzPSIiPjwvbzpw PjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6 IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQombmJz cDsmbmJzcDsmbmJzcDsgezxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJt YXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENh bGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyAmcXVvdDt2YWx1ZSZxdW90OzogJnF1b3Q7PGEgaHJlZj0ibWFpbHRvOmJqZW5zZW5AZXhh bXBsZS5jb20iIHN0eWxlPSJjb2xvcjogcmdiKDE0OSwgNzksIDExNCk7IHRleHQtZGVjb3JhdGlv bjogdW5kZXJsaW5lOyIgY2xhc3M9IiI+YmplbnNlbkBleGFtcGxlLmNvbTwvYT4mcXVvdDssPG86 cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAw MDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsi IGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICZxdW90O3R5cGUmcXVv dDs6ICZxdW90O3dvcmsmcXVvdDssPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5 bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWls eTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7ICZxdW90O3ByaW1hcnkmcXVvdDs6IHRydWU8bzpwIGNsYXNzPSIiPjwvbzpwPjwv ZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDEx cHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQombmJzcDsm bmJzcDsmbmJzcDsgfSw8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFy Z2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxp YnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsgezxvOnAgY2xh c3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7 IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFz cz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAmcXVvdDt2YWx1ZSZxdW90Ozog JnF1b3Q7PGEgaHJlZj0ibWFpbHRvOmJhYnNAamVuc2VuLm9yZyIgc3R5bGU9ImNvbG9yOiByZ2Io MTQ5LCA3OSwgMTE0KTsgdGV4dC1kZWNvcmF0aW9uOiB1bmRlcmxpbmU7IiBjbGFzcz0iIj5iYWJz QGplbnNlbi5vcmc8L2E+JnF1b3Q7LDxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0 eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1p bHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyAmcXVvdDt0eXBlJnF1b3Q7OiAmcXVvdDtob21lJnF1b3Q7PG86cCBjbGFzcz0i Ij48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9u dC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIi Pg0KJm5ic3A7Jm5ic3A7Jm5ic3A7IH08bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBz dHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFt aWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQombmJzcDsgXSw8bzpwIGNsYXNz PSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBm b250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9 IiI+DQombmJzcDsgJnF1b3Q7bWV0YSZxdW90OzogezxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+ DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsg Zm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCiZuYnNwOyZuYnNw OyZuYnNwOyAmcXVvdDtyZXNvdXJjZVR5cGUmcXVvdDs6ICZxdW90O1VzZXImcXVvdDssPG86cCBj bGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFw dDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNs YXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7ICZxdW90O2NyZWF0ZWQmcXVvdDs6ICZxdW90OzIw MTAtMDEtMjNUMDQ6NTY6MjJaJnF1b3Q7LDxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2 IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1m YW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNw OyAmcXVvdDtsYXN0TW9kaWZpZWQmcXVvdDs6ICZxdW90OzIwMTEtMDUtMTNUMDQ6NDI6MzRaJnF1 b3Q7LDxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAw aW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMt c2VyaWY7IiBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyAmcXVvdDt2ZXJzaW9uJnF1b3Q7 OiAmcXVvdDtXXC9cJnF1b3Q7MzY5NGUwNWU5ZGZmNTkxXCZxdW90OyZxdW90Oyw8bzpwIGNsYXNz PSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBm b250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9 IiI+DQombmJzcDsmbmJzcDsmbmJzcDsgJnF1b3Q7bG9jYXRpb24mcXVvdDs6PG86cCBjbGFzcz0i Ij48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9u dC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIi Pg0KJnF1b3Q7PGEgaHJlZj0iaHR0cHM6Ly9leGFtcGxlLmNvbS92Mi9Vc2Vycy8yODE5YzIyMy03 Zjc2LTQ1M2EtOTE5ZC00MTM4NjE5MDQ2NDYiIHN0eWxlPSJjb2xvcjogcmdiKDE0OSwgNzksIDEx NCk7IHRleHQtZGVjb3JhdGlvbjogdW5kZXJsaW5lOyIgY2xhc3M9IiI+aHR0cHM6Ly9leGFtcGxl LmNvbS92Mi9Vc2Vycy8yODE5YzIyMy03Zjc2LTQ1M2EtOTE5ZC00MTM4NjE5MDQ2NDY8L2E+JnF1 b3Q7PG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBp biAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1z ZXJpZjsiIGNsYXNzPSIiPg0KJm5ic3A7IH08bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRp diBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQt ZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQp9PG86cCBjbGFzcz0iIj48 L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1z aXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0K PG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGlu IDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fu cy1zZXJpZjsiIGNsYXNzPSIiPg0KQW5kIHdlIHdhbnRlZCB0byBhZGQgYW4gYXR0cmlidXRlIHRv IGVtYWlscywgd2Ugd291bGQgd2FudCBpdCB0byBsb29rIGxpa2UgdGhpcy4mbmJzcDsgQnV0IHlv dSBjYW50IGFkZCBhdHRyaWJ1dGVzIHRocm91Z2hvdXQgdGhlIG9iamVjdCBtb2RlbCByaWdodD8m bmJzcDsgU28gaWYgd2UgYWRkIGF0dHJpYnV0ZXMgdG8gTWV0YSwgd2UgbmVlZCBvdXIgb3duIE1l dGEgb2JqZWN0LiZuYnNwOyBJZiB3ZSBhZGQgYXR0cmlidXRlcyB0byBHcm91cCwgd2Ugd291bGRu 4oCZdCBzZWUgdGhvc2UNCiBpbiB0aGUgZ3JvdXBzIGF0dHJpYnV0ZSBvZiB0aGUgVXNlcj8mbmJz cDsgVGhlIGV4dGVuc2lvbnMgc2VlbSB1c2FibGUgaWYgeW91IGFyZSBhZGRpbmcgdG9wIGxldmVs IGF0dHJpYnV0ZXMgdG8gdGhlIHJldHVybmVkIHJlc291cmNlLCBub3QgaWYgeW91IGFyZSBhZGRp bmcgYXR0cmlidXRlcyB0byBuZXN0ZWQgb2JqZWN0cy4uLjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9k aXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFw dDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxvOnAgY2xh c3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4w MDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7 IiBjbGFzcz0iIj4NCns8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFy Z2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxp YnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQombmJzcDsgJnF1b3Q7c2NoZW1hcyZxdW90Ozo8 bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAu MDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlm OyIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsgWyZxdW90O3VybjppZXRmOnBhcmFtczpz Y2ltOnNjaGVtYXM6Y29yZToyLjA6VXNlciZxdW90Oyw8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2 Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7 IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQombmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsgJnF1b3Q7dXJuOmlldGY6cGFyYW1zOnNjaW06c2NoZW1hczpl eHRlbnNpb246ZW50ZXJwcmlzZToyLjA6VXNlciZxdW90O10sPG86cCBjbGFzcz0iIj48L286cD48 L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAx MXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KJm5ic3A7 ICZxdW90O2lkJnF1b3Q7OiAmcXVvdDsyODE5YzIyMy03Zjc2LTQ1M2EtOTE5ZC00MTM4NjE5MDQ2 NDYmcXVvdDssPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjog MGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwg c2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KJm5ic3A7ICZxdW90O2V4dGVybmFsSWQmcXVvdDs6ICZx dW90OzcwMTk4NCZxdW90Oyw8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0i bWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBD YWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQombmJzcDsgJnF1b3Q7dXNlck5hbWUmcXVv dDs6ICZxdW90OzxhIGhyZWY9Im1haWx0bzpiamVuc2VuQGV4YW1wbGUuY29tIiBzdHlsZT0iY29s b3I6IHJnYigxNDksIDc5LCAxMTQpOyB0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsiIGNsYXNz PSIiPmJqZW5zZW5AZXhhbXBsZS5jb208L2E+JnF1b3Q7LDxvOnAgY2xhc3M9IiI+PC9vOnA+PC9k aXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFw dDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCiZuYnNwOyAm cXVvdDtlbWFpbHMmcXVvdDs6IFs8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHls ZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5 OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsgezxv OnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4w MDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7 IiBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAmcXVvdDt2YWx1ZSZx dW90OzogJnF1b3Q7PGEgaHJlZj0ibWFpbHRvOmJqZW5zZW5AZXhhbXBsZS5jb20iIHN0eWxlPSJj b2xvcjogcmdiKDE0OSwgNzksIDExNCk7IHRleHQtZGVjb3JhdGlvbjogdW5kZXJsaW5lOyIgY2xh c3M9IiI+YmplbnNlbkBleGFtcGxlLmNvbTwvYT4mcXVvdDssPG86cCBjbGFzcz0iIj48L286cD48 L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAx MXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KJm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICZxdW90O3R5cGUmcXVvdDs6ICZxdW90O3dvcmsmcXVv dDssPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBp biAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1z ZXJpZjsiIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICZxdW90O3By aW1hcnkmcXVvdDs6IHRydWUsPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9 Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTog Q2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7PHNwYW4gY2xhc3M9IkFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPjxz cGFuIHN0eWxlPSJiYWNrZ3JvdW5kLWNvbG9yOiB5ZWxsb3c7IGJhY2tncm91bmQtcG9zaXRpb246 IGluaXRpYWwgaW5pdGlhbDsgYmFja2dyb3VuZC1yZXBlYXQ6IGluaXRpYWwgaW5pdGlhbDsiIGNs YXNzPSIiPiZxdW90O3VybjppZXRmOnBhcmFtczpzY2ltOnNjaGVtYXM6ZXh0ZW5zaW9uOmVudGVy cHJpc2U6Mi4wOlVzZXI6dmlld1R5cGUmcXVvdDs6ICZxdW90O3B1YmxpYyZxdW90Ozwvc3Bhbj48 bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAu MDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlm OyIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsgfSw8bzpwIGNsYXNzPSIiPjwvbzpwPjwv ZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDEx cHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQombmJzcDsm bmJzcDsmbmJzcDsgezxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJn aW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGli cmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyAmcXVvdDt2YWx1ZSZxdW90OzogJnF1b3Q7PGEgaHJlZj0ibWFpbHRvOmJhYnNAamVuc2VuLm9y ZyIgc3R5bGU9ImNvbG9yOiByZ2IoMTQ5LCA3OSwgMTE0KTsgdGV4dC1kZWNvcmF0aW9uOiB1bmRl cmxpbmU7IiBjbGFzcz0iIj5iYWJzQGplbnNlbi5vcmc8L2E+JnF1b3Q7LDxvOnAgY2xhc3M9IiI+ PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQt c2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4N CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAmcXVvdDt0eXBlJnF1b3Q7OiAmcXVvdDto b21lJnF1b3Q7LDxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46 IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmks IHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxz cGFuIGNsYXNzPSJBcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj48c3BhbiBzdHls ZT0iYmFja2dyb3VuZC1jb2xvcjogeWVsbG93OyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiBpbml0aWFs IGluaXRpYWw7IGJhY2tncm91bmQtcmVwZWF0OiBpbml0aWFsIGluaXRpYWw7IiBjbGFzcz0iIj4m cXVvdDt1cm46aWV0ZjpwYXJhbXM6c2NpbTpzY2hlbWFzOmV4dGVuc2lvbjplbnRlcnByaXNlOjIu MDpVc2VyOnZpZXdUeXBlJnF1b3Q7OiAmcXVvdDthdXRoZW50aWNhdGVkJnF1b3Q7PC9zcGFuPjxv OnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4w MDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7 IiBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyB9PG86cCBjbGFzcz0iIj48L286cD48L2Rp dj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0 OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KJm5ic3A7IF0s PG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAw LjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJp ZjsiIGNsYXNzPSIiPg0KJm5ic3A7ICZxdW90O21ldGEmcXVvdDs6IHs8bzpwIGNsYXNzPSIiPjwv bzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNp emU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQom bmJzcDsmbmJzcDsmbmJzcDsgJnF1b3Q7cmVzb3VyY2VUeXBlJnF1b3Q7OiAmcXVvdDtVc2VyJnF1 b3Q7LDxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAw aW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMt c2VyaWY7IiBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyAmcXVvdDtjcmVhdGVkJnF1b3Q7 OiAmcXVvdDsyMDEwLTAxLTIzVDA0OjU2OjIyWiZxdW90Oyw8bzpwIGNsYXNzPSIiPjwvbzpwPjwv ZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDEx cHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQombmJzcDsm bmJzcDsmbmJzcDsgJnF1b3Q7bGFzdE1vZGlmaWVkJnF1b3Q7OiAmcXVvdDsyMDExLTA1LTEzVDA0 OjQyOjM0WiZxdW90Oyw8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFy Z2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxp YnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsgJnF1b3Q7dmVy c2lvbiZxdW90OzogJnF1b3Q7V1wvXCZxdW90OzM2OTRlMDVlOWRmZjU5MVwmcXVvdDsmcXVvdDss PG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAw LjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJp ZjsiIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7ICZxdW90O2xvY2F0aW9uJnF1b3Q7Ojxv OnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4w MDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7 IiBjbGFzcz0iIj4NCiZxdW90OzxhIGhyZWY9Imh0dHBzOi8vZXhhbXBsZS5jb20vdjIvVXNlcnMv MjgxOWMyMjMtN2Y3Ni00NTNhLTkxOWQtNDEzODYxOTA0NjQ2IiBzdHlsZT0iY29sb3I6IHJnYigx NDksIDc5LCAxMTQpOyB0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsiIGNsYXNzPSIiPmh0dHBz Oi8vZXhhbXBsZS5jb20vdjIvVXNlcnMvMjgxOWMyMjMtN2Y3Ni00NTNhLTkxOWQtNDEzODYxOTA0 NjQ2PC9hPiZxdW90OzxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJn aW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGli cmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCiZuYnNwOyB9PG86cCBjbGFzcz0iIj48L286cD48 L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAx MXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KfTxvOnAg Y2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAx cHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBj bGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJt YXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENh bGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+ PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTog MTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCi0tLS0t T3JpZ2luYWwgTWVzc2FnZS0tLS0tPGJyIGNsYXNzPSIiPg0KRnJvbTogc2NpbSBbPGEgaHJlZj0i bWFpbHRvOnNjaW0tYm91bmNlc0BpZXRmLm9yZyIgY2xhc3M9IiI+bWFpbHRvOnNjaW0tYm91bmNl c0BpZXRmLm9yZzwvYT5dIE9uIEJlaGFsZiBPZiBQaGlsIEh1bnQgKElETSk8YnIgY2xhc3M9IiI+ DQpTZW50OiBXZWRuZXNkYXksIEFwcmlsIDEzLCAyMDE2IDQ6MDcgUE08YnIgY2xhc3M9IiI+DQpU bzogU3RldmUgTW95ZXIgJmx0OzxhIGhyZWY9Im1haWx0bzpzbW95ZXJAcHN1LmVkdSIgY2xhc3M9 IiI+c21veWVyQHBzdS5lZHU8L2E+Jmd0OzxiciBjbGFzcz0iIj4NCkNjOiA8YSBocmVmPSJtYWls dG86c2NpbUBpZXRmLm9yZyIgY2xhc3M9IiI+c2NpbUBpZXRmLm9yZzwvYT48YnIgY2xhc3M9IiI+ DQpTdWJqZWN0OiBSZTogW3NjaW1dIFNDSU0gY29tcGxpYW5jZTwvZGl2Pg0KPGRpdiBzdHlsZT0i bWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBD YWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpw PjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6 IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQpJIHdv dWxkIHRoaW5rIHlvdSB3b3VsZCB3YW50IHRvIHVzZSB0aGUgY29yZSB1c2VyIHJlc291cmNlIGFu ZCB0aGVuIGV4dGVuZCBpdCBhcyB3ZSBkaWQgd2l0aCBlZHVwZXJzb24gaW4gbGRhcC48bzpwIGNs YXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0 OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xh c3M9IiI+DQo8bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFy Z2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxp YnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQpQaGlsPG86cCBjbGFzcz0iIj48L286cD48L2Rp dj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0 OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPG86cCBjbGFz cz0iIj4mbmJzcDs8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAw MDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsi IGNsYXNzPSIiPg0KJmd0OyBPbiBBcHIgMTMsIDIwMTYsIGF0IDExOjU1LCBTdGV2ZSBNb3llciAm bHQ7PGEgaHJlZj0ibWFpbHRvOnNtb3llckBwc3UuZWR1IiBzdHlsZT0iY29sb3I6IHJnYigxNDks IDc5LCAxMTQpOyB0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsiIGNsYXNzPSIiPjxzcGFuIHN0 eWxlPSJjb2xvcjogd2luZG93dGV4dDsgdGV4dC1kZWNvcmF0aW9uOiBub25lOyIgY2xhc3M9IiI+ c21veWVyQHBzdS5lZHU8L3NwYW4+PC9hPiZndDsgd3JvdGU6PG86cCBjbGFzcz0iIj48L286cD48 L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAx MXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KJmd0Ozxz cGFuIGNsYXNzPSJBcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj48bzpwIGNsYXNz PSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBm b250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9 IiI+DQomZ3Q7IEFsbCw8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFy Z2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxp YnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQomZ3Q7PHNwYW4gY2xhc3M9IkFwcGxlLWNvbnZl cnRlZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2 IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1m YW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCiZndDsgV2UndmUgYmVlbiB3 b3JraW5nIG9uIGEgZmlyc3QtcHJpbmNpcGxlcyByZXdyaXRlIG9mIG91ciBTQ0lNIDIuMCBzeXN0 ZW0gKGJhc2VkIG9uIGEgcHJlLXJhdGlmaWVkIHZlcnNpb24gb2YgdGhlIHNwZWNpZmljYXRpb24p IGJ1dCB3ZSd2ZSBhbHNvIGJlZW4gcHJvbW90aW5nIFNDSU0gZm9yIGl0cyBpbnRlbmRlZCB1c2Ug aW4gdGhlIGhpZ2hlci1lZCBjb21tdW5pdHkuPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxk aXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250 LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KJmd0OzxzcGFuIGNsYXNz PSJBcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj48bzpwIGNsYXNzPSIiPjwvbzpw PjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6 IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQomZ3Q7 IFJlY2VudGx5IHRoZXJlJ3MgYmVlbiBhIGRpc2N1c3Npb24gYWJvdXQgd2hhdCBpdCByZWFsbHkg bWVhbnMgdG8gYmUgJnF1b3Q7Y29tcGxpYW50JnF1b3Q7LiZuYnNwOyBJJ20gdGFraW5nIHRoZSBo YXJkLWxpbmUgdmlldyB0aGF0IHdpdGhvdXQgaW50ZXItb3BlcmFiaWxpdHksIHRoZXJlJ3Mgbm90 IHJlYWxseSBhIHBvaW50IGluIGJlaW5nIHRlY2huaWNhbGx5IGNvbXBhdGlibGUuJm5ic3A7IFRo ZSBUSUVSIGdyb3VwIHdpdGhpbiB0aGUgSW50ZXJuZXQyIGlzIHRhbGtpbmcgYWJvdXQNCiBjcmVh dGluZyBUaWVyVXNlciBhbmQgVGllckdyb3VwIFJlc291cmNlVHlwZXMgYW5kIHVzaW5nIHRob3Nl IGluc3RlYWQgb2YgdGhlIGNvcmUgVXNlciBhbmQgR3JvdXAgUmVzb3VyY2VUeXBlLjxvOnAgY2xh c3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7 IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFz cz0iIj4NCiZndDs8c3BhbiBjbGFzcz0iQXBwbGUtY29udmVydGVkLXNwYWNlIj4mbmJzcDs8L3Nw YW4+PG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBp biAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1z ZXJpZjsiIGNsYXNzPSIiPg0KJmd0OyBUZWNobmljYWxseSwgdGhlIHNwZWNpZmljYXRpb24gYWxs b3dzICphbnkqIHJlc291cmNlIHR5cGUgdG8gYmUgYWRkZWQgKHBlciBzZWN0aW9uIDMuMiBvZiB0 aGUgU2NoZW1hIHNwZWNpZmljYXRpb24pIGFuZCB3aGlsZSBpdCBpbXBsaWVzIHRoZSBjb3JlIFVz ZXIgYW5kIGNvcmUgR3JvdXAgYXJlIHJlcXVpcmVkICh1c2luZyB0aGUgd29yZCAmcXVvdDtwcm92 aWRlZCZxdW90OykgdGhlIHNwZWNpZmljYXRpb24gZG9lc24ndCB0ZWNobmljYWxseSBzYXkgYSBz ZXJ2aWNlDQogTVVTVCBwcm92aWRlIHRob3NlIGVuZC1wb2ludHMuPG86cCBjbGFzcz0iIj48L286 cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXpl OiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KJmd0 OzxzcGFuIGNsYXNzPSJBcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj48bzpwIGNs YXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0 OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xh c3M9IiI+DQomZ3Q7IEkndmUgYXR0YWNoZWQgYSBkb2N1bWVudCB3aXRoIHRoZSB0d28gZmF2b3Jp dGUgVElFUiBwcm9wb3NhbHMgYW5kIG15IHZpZXcgaXMgdGhhdCBuZWl0aGVyIG9mIHRoZW0gYXJl IGNvbXBsaWFudC4mbmJzcDsgUHJvcG9zYWwgdHdvICpjb3VsZCogYmUgaW50ZXItb3BlcmFibGUg aWYgdGhlIHBlcnNpc3RlZCBUSUVSIHVzZXIgb2JqZWN0IHdhcyBleHBvc2VkIHZpYSBib3RoIHRo ZSBUaWVyVXNlcnMgYW5kIFVzZXJzIGVuZHBvaW50cy4mbmJzcDsgVGhpcyB2aW9sYXRlcw0KIGEg cHJpbmNpcGxlIG9mIFJFU1QgKGEgcmVzb3VyY2UgaGFzIGEgdW5pcXVlIFVSTCkgdGhvdWdoLiZu YnNwOyBJIHNob3VsZCBhbHNvIG5vdGUgdGhhdCB0aGUgdXNlIG9mIHF1ZXJ5IHBhcmFtZXRlcnMs IGhlYWRlcnMgYW5kIEhUVFAgc3RhdHVzIGNvZGVzIHByb3Bvc2VkIGJ5IFRJRVIgYXJlIGFsc28g JnF1b3Q7aW50ZXJlc3RpbmcmcXVvdDsuPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYg c3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZh bWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KJmd0OzxzcGFuIGNsYXNzPSJB cHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj48bzpwIGNsYXNzPSIiPjwvbzpwPjwv ZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDEx cHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQomZ3Q7IFdo YXQgYXJlIHRoaXMgZ3JvdXAncyBvcGluaW9ucz88bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0K PGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZv bnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQomZ3Q7PHNwYW4gY2xh c3M9IkFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPjxvOnAgY2xhc3M9IiI+PC9v OnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6 ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCiZn dDsgVGhhbmtzLDxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46 IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmks IHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCiZndDs8c3BhbiBjbGFzcz0iQXBwbGUtY29udmVydGVk LXNwYWNlIj4mbmJzcDs8L3NwYW4+PG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5 bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWls eTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KJmd0OyBTdGV2ZTxvOnAgY2xhc3M9 IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZv bnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0i Ij4NCiZndDs8c3BhbiBjbGFzcz0iQXBwbGUtY29udmVydGVkLXNwYWNlIj4mbmJzcDs8L3NwYW4+ PG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAw LjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJp ZjsiIGNsYXNzPSIiPg0KJmd0OyDigJxBbGwgdGhlIGVhc3kgc3R1ZmbigJlzIGJlZW4gZG9uZeKA pi4gV2XigJl2ZSBnb3QgdGhlIHdoZWVsLCBmaXJlLCB0aGUgVFYgY2xpY2tlcuKAlHdoYXQgZWxz ZSBkbyB5b3UgbmVlZD/igJ0gLSBEZWFuIEthbWVuPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4N CjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBm b250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KJmd0OyAmbHQ7RFNB V0ctQWx0ZXJuYXRpdmVQcm9wb3NhbHNvbnRoZVJlbGF0aW9uc2hpcEJldHdlZW5USUVSYW5kU0NJ TUFQSXNhbmRTY2hlbWEtMTMwNDE2LTE4NDUtMjE0NC5wZGYmZ3Q7PG86cCBjbGFzcz0iIj48L286 cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXpl OiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KJmd0 OyBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXzxvOnAgY2xh c3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7 IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFz cz0iIj4NCiZndDsgc2NpbSBtYWlsaW5nIGxpc3Q8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0K PGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZv bnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQomZ3Q7PHNwYW4gY2xh c3M9IkFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPjxhIGhyZWY9Im1haWx0bzpz Y2ltQGlldGYub3JnIiBzdHlsZT0iY29sb3I6IHJnYigxNDksIDc5LCAxMTQpOyB0ZXh0LWRlY29y YXRpb246IHVuZGVybGluZTsiIGNsYXNzPSIiPjxzcGFuIHN0eWxlPSJjb2xvcjogd2luZG93dGV4 dDsgdGV4dC1kZWNvcmF0aW9uOiBub25lOyIgY2xhc3M9IiI+c2NpbUBpZXRmLm9yZzwvc3Bhbj48 L2E+PG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBp biAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1z ZXJpZjsiIGNsYXNzPSIiPg0KJmd0OzxzcGFuIGNsYXNzPSJBcHBsZS1jb252ZXJ0ZWQtc3BhY2Ui PiZuYnNwOzwvc3Bhbj48YSBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3Rp bmZvL3NjaW0iIHN0eWxlPSJjb2xvcjogcmdiKDE0OSwgNzksIDExNCk7IHRleHQtZGVjb3JhdGlv bjogdW5kZXJsaW5lOyIgY2xhc3M9IiI+PHNwYW4gc3R5bGU9ImNvbG9yOiB3aW5kb3d0ZXh0OyB0 ZXh0LWRlY29yYXRpb246IG5vbmU7IiBjbGFzcz0iIj5odHRwczovL3d3dy5pZXRmLm9yZy9tYWls bWFuL2xpc3RpbmZvL3NjaW08L3NwYW4+PC9hPjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8 ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9u dC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+ Jm5ic3A7PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7 IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFz cz0iIj4NCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPG86 cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAw MDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsi IGNsYXNzPSIiPg0Kc2NpbSBtYWlsaW5nIGxpc3Q8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0K PGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZv bnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQo8YSBocmVmPSJtYWls dG86c2NpbUBpZXRmLm9yZyIgc3R5bGU9ImNvbG9yOiByZ2IoMTQ5LCA3OSwgMTE0KTsgdGV4dC1k ZWNvcmF0aW9uOiB1bmRlcmxpbmU7IiBjbGFzcz0iIj48c3BhbiBzdHlsZT0iY29sb3I6IHdpbmRv d3RleHQ7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsiIGNsYXNzPSIiPnNjaW1AaWV0Zi5vcmc8L3Nw YW4+PC9hPjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBp biAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNh bnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxhIGhyZWY9Imh0dHBzOi8vd3d3LmlldGYub3JnL21haWxt YW4vbGlzdGluZm8vc2NpbSIgc3R5bGU9ImNvbG9yOiByZ2IoMTQ5LCA3OSwgMTE0KTsgdGV4dC1k ZWNvcmF0aW9uOiB1bmRlcmxpbmU7IiBjbGFzcz0iIj48c3BhbiBzdHlsZT0iY29sb3I6IHdpbmRv d3RleHQ7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsiIGNsYXNzPSIiPmh0dHBzOi8vd3d3LmlldGYu b3JnL21haWxtYW4vbGlzdGluZm8vc2NpbTwvc3Bhbj48L2E+PC9kaXY+DQo8L2Rpdj4NCjwvZGl2 Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjwvZGl2Pg0K PC9ib2R5Pg0KPC9odG1sPg0K --Boundary_(ID_hMLpKdHdjBu5TU49TDNVfA)-- --Boundary_(ID_ff4hIzRy/eFWhd3I+vqy0w)-- From nobody Thu Apr 14 08:36:55 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9428D12DD25 for ; Thu, 14 Apr 2016 08:36:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.195 X-Spam-Level: X-Spam-Status: No, score=-5.195 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xt2xGkv7QoMe for ; Thu, 14 Apr 2016 08:36:42 -0700 (PDT) Received: from tr21g10.aset.psu.edu (tr21g10.aset.psu.edu [146.186.149.132]) by ietfa.amsl.com (Postfix) with ESMTP id 1108412DAE1 for ; Thu, 14 Apr 2016 08:36:40 -0700 (PDT) Received: from ucs20.ait.psu.edu (ucs20.ait.psu.edu [128.118.73.22]) by tr21g10.aset.psu.edu (8.14.3/8.14.3) with ESMTP id u3EFae5F3768504; Thu, 14 Apr 2016 11:36:40 -0400 Date: Thu, 14 Apr 2016 11:36:39 -0400 (EDT) From: Steve Moyer To: Keith Hazelton Message-ID: <1452258769.8464652.1460648199905.JavaMail.zimbra@psu.edu> In-Reply-To: References: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_8464651_936777969.1460648199904" X-Originating-IP: [70.199.9.45] X-Mailer: Zimbra 8.6.0_GA_1194 (ZimbraWebClient - FF47 (Linux)/8.6.0_GA_1194) Thread-Topic: Choosing a path regarding TIER-SCIM relationship Thread-Index: AQHRlXnja25hoZJdw0Gwlk3Az0bJqp+JiVMQ//+5BAB/kFJeOA== X-Virus-Scanned: by amavisd-new Archived-At: Cc: SCIM WG , TIER-API Subject: Re: [scim] [tier-api] Re: Choosing a path regarding TIER-SCIM relationship X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: Steve Moyer List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Apr 2016 15:36:53 -0000 ------=_Part_8464651_936777969.1460648199904 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable I'd have to agree ... the chosen option (proposal two) looks like the right= choice in light of Phil Hunt's comments.=20 I'm not part of IdS at PSU (they may have other opinions) but as an integra= tor who has to write a lot of interface code to tie systems together, I'd b= e very happy if I could call a TIER system and get a SCIM User or Group bac= k. Seems like you've found the best of both worlds?=20 Steve=20 =E2=80=9CAll the easy stuff=E2=80=99s been done=E2=80=A6. We=E2=80=99ve got= the wheel, fire, the TV clicker=E2=80=94what else do you need?=E2=80=9D - = Dean Kamen=20 From: "Keith Hazelton" =20 To: "TIER-API" =20 Cc: "SCIM WG" =20 Sent: Thursday, April 14, 2016 11:16:04 AM=20 Subject: [tier-api] Re: Choosing a path regarding TIER-SCIM relationship=20 Chris,=20 Well, below you'll see one of the principal SCIM authors showing a fairly r= elaxed attitude about how schema get handled. To me, this reads as "do what= you want 'in your own domain' but if you expect interoperability across do= mains, stick to 100% pure SCIM." Seems reasonable. That's what I think we'd= want to do: Where we want/need to interoperate with SCIM-speaking domains,= map/filter our Internet2 TIER stuff down to pure SCIM and expose it on end= points that are explicitly SCIM endpoints.=20 I also hear him being disinclined to re-open discussion of the SCIM extensi= on model, so that makes it less likely that we will see significant changes= there.=20 Does all that mean we revisit our choice to define TIER-specific User and G= roup resource types using SCIM-provided mechanisms? I don't think there's m= uch to gain by that.=20 Think of a small utility: You send it a TierUser representation and you get= back a pure SCIM representation; You send it a SCIM User and you get back = a TierUser representation where only the directly corresponding attributes = are carried over. You've got bi-directional translation, so TIER domain <= =3D=3D> SCIM domain interoperability is never more than one utility call aw= ay.=20 -------=20 "I don't think there is much interest in further extension features. The ob= jective is to have a standard user object that represents a neutral format = inspired by vcard that can be used to provision users between domains.=20 You can extend scim in many ways. The catch is what do you expect other imp= lementations to accept and to parse? Scim's processing rules do ensure that= at least most servers won't throw errors (scim2 has a "robust" model), the= y will just accept the data they understand--which means your extensions wo= uld likely be ignored.=20 IMO, Scim compliance then is about cross platform expectations and conventi= ons. Like any rest service you are still free to do what you want in your d= omain."=20 Phil Hunt=20 ------=20 From: Chris Hyzer < mchyzer@isc.upenn.edu >=20 Date: Thursday, April 14, 2016 at 9:36 AM=20 To: Keith Hazelton < keith.hazelton@wisc.edu >, TIER-API < tier-api@interne= t2.edu >=20 Subject: RE: Choosing a path regarding TIER-SCIM relationship=20 I understand the reasons for wanting to follow the standard and use SCIM, b= ut I feel like if we want to do that we should take our current plan and co= mpare it to pure scim one more time. i.e. not have TierUser and TierGroup a= nd just have User and Group and see what they would look like when we add i= n our Tier extension schemas. I know its not ideal not to have a pristine r= epresentation, but Im bothered by having two separate resources, seems like= it will cause issues down the road=E2=80=A6=20 I know there are pros and cons here, but I think we should at least give it= another look. Maybe its not that bad=E2=80=A6=20 Attached is some discussion on the scim list and they do not recommend our = current approach=E2=80=A6=20 Thanks=20 Chris=20 From: tier-api-request@internet2.edu [ mailto:tier-api-request@internet2.ed= u ] On Behalf Of Keith Hazelton=20 Sent: Wednesday, April 13, 2016 7:45 AM=20 To: TIER-API < tier-api@internet2.edu >=20 Subject: [tier-api] Choosing a path regarding TIER-SCIM relationship=20 I have done my best to capture the two primary proposals I have heard in th= is ongoing discussion. Each of you should feel empowered to edit the propos= al definitions as well as the pros and cons. See=20 https://spaces.internet2.edu/display/DSAWG/Alternative+Proposals+on+the+Rel= ationship+Between+TIER+and+SCIM+APIs+and+Schema=20 Again, the TIER-API Working Group WILL make a definitive choice between alt= ernatives no later than 5:00 pm, Friday April 15.=20 Regards, --Keith=20 ------=_Part_8464651_936777969.1460648199904 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
I'd have to agree ... the chosen option (pr= oposal two) looks like the right choice in light of Phil Hunt's comments.

I'm not part of IdS at PSU= (they may have other opinions) but as an integrator who has to write a lot= of interface code to tie systems together, I'd be very happy if I could ca= ll a TIER system and get a SCIM User or Group back.  Seems like you've= found the best of both worlds?

Steve

=E2=80=9CAll the easy stuff=E2=80=99s been done=E2=80=A6. We=E2= =80=99ve got the wheel, fire, the TV clicker=E2=80=94what else do you need?= =E2=80=9D - Dean Kamen

From: "Keith Hazelton" <keith.= hazelton@wisc.edu>
To: "TIER-API" <tier-api@internet2.edu&g= t;
Cc: "SCIM WG" <scim@ietf.org>
Sent: Thursday, = April 14, 2016 11:16:04 AM
Subject: [tier-api] Re: Choosing a pat= h regarding TIER-SCIM relationship

Chris,

Well, below you'll see one of the principal SCIM authors showing a fai= rly relaxed attitude about how schema get handled. To me, this reads as "do= what you want 'in your own domain' but if you expect interoperability acro= ss domains, stick to 100% pure SCIM." Seems reasonable. That's what I think we'd want to do: Where we want/need = to interoperate with SCIM-speaking domains,  map/filter our Internet2 = TIER stuff down to pure SCIM and expose it on endpoints that are explicitly= SCIM endpoints.

I also hear him being disinclined to re-open discussion of the SCIM ex= tension model, so that makes it less likely that we will see significant ch= anges there.

Does all that mean we revisit our choice to define TIER-specific User = and Group resource types using SCIM-provided mechanisms? I don't think ther= e's much to gain by that.

Think of a small utility: You send it a TierUser representation and yo= u get back a pure SCIM representation; You send it a SCIM User and you get = back a TierUser representation where only the directly corresponding attrib= utes are carried over. You've got bi-directional translation, so TIER domain <=3D=3D> SCIM domain inte= roperability is never more than one utility call away.

-------
"I don't think there is much = interest in further extension features. The objective is to have a standard= user object that represents a neutral format inspired by vcard that can be= used to provision users between domains. 

You can extend scim in many w= ays. The catch is what do you expect other implementations to accept and to= parse? Scim's processing rules do ensure that at least most servers won't = throw errors (scim2 has a "robust" model), they will just accept the data they understand--which means your e= xtensions would likely be ignored. 

IMO, Scim compliance then is = about cross platform expectations and conventions. Like any rest service yo= u are still free to do what you want in your domain." 

Phil Hunt
------
From: Chris Hyzer <mchyzer@isc.upenn.edu>=
Date: Thursday, April 14, 2016 at 9= :36 AM
To: Keith Hazelton <keith.hazelton@wisc.edu>, TIER-API <tier-api@internet2.edu>
Subject: RE: Choosing a path regard= ing TIER-SCIM relationship

I understand the reasons for wanting = to follow the standard and use SCIM, but I feel like if we want to do that = we should take our current plan and compare it to pure scim one more time.  i.e. not have TierUser and TierGroup and= just have User and Group and see what they would look like when we add in = our Tier extension schemas.  I know its not ideal not to have a pristi= ne representation, but Im bothered by having two separate resources, seems like it will cause issues down the road=E2= =80=A6

 

I know there are pros and cons here, = but I think we should at least give it another look.  Maybe its not th= at bad=E2=80=A6 

 

Attached is some discussion on the sc= im list and they do not recommend our current approach=E2=80=A6

 

Thanks

Chris

 

From: tier-ap= i-request@internet2.edu [mailto:tier-api-request@internet2.edu] On Behalf Of Keith Hazelton
Sent: Wednesday, April 13, 2016 7:45 AM
To: TIER-API <tier-api@internet2.edu>
Subject: [tier-api] Choosing a path regarding TIER-SCIM relationship=

 

I have done my best to capture the two = primary proposals I have heard in this ongoing discussion.  Each of yo= u should feel empowered to edit the proposal definitions as well as the pros and cons.  See

 

Again, the TIER-API Working Group WILL = make a definitive choice between alternatives no later than 5:00 pm, Friday= April 15.

 

          &nbs= p; Regards,   --Keith


------=_Part_8464651_936777969.1460648199904-- From nobody Thu Apr 14 10:52:51 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4C9A12E1D9 for ; Thu, 14 Apr 2016 10:52:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.696 X-Spam-Level: X-Spam-Status: No, score=-3.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vPriXGNF1GAI for ; Thu, 14 Apr 2016 10:52:44 -0700 (PDT) Received: from mail-vk0-x22d.google.com (mail-vk0-x22d.google.com [IPv6:2607:f8b0:400c:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FE1112E1B6 for ; Thu, 14 Apr 2016 10:52:44 -0700 (PDT) Received: by mail-vk0-x22d.google.com with SMTP id e185so118728394vkb.1 for ; Thu, 14 Apr 2016 10:52:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=iuSh4wa/oQoSqnplPW904nHDtJIC6cn4muVMpv5EdSU=; b=Hb+swlFWPfjYC5b2MqQVjhnrrA6z4IHCsbWlc3kfqb4eOBfI3OrZqJSgDt2CnDavp6 0/FeMKiwGDrATB5otOC+M/5lULzcE4eQO0jGeMPnx2Vx8MMCUhYZF8sJ0IR1POEwiwyw hxLrhxHRENMEEOncSx8ROiHi/RXXDh5jvsywZO05ouJ7GTNvqU395K+O1Pf7RfjHMTU5 IKuu15S/HlrfGwA+ROjKFGK1UucEZBgoPjLSwI7MJfz1nu84tvJ4d6ukHn06zZBCzYfy NcLDgl02FbZepzLMiimwaumm046E+OtMMmN05HIAAL4iNK9P+DoFMpfr0XGWYAx0ntyJ wp2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=iuSh4wa/oQoSqnplPW904nHDtJIC6cn4muVMpv5EdSU=; b=GsZL456RUDP73cbXO/WjlwPQh7TwyR/TgH4oPRhPx9K32pJSaOetvYOt1j35WxW6mJ 0/IYCV/pC8RFLd5+fCLEtVlycgMdAwsw7J8yA3jh5Vcjvry5ObfI9IF7t3Hgsqbu+IaS kKg977Xhw6imz/OKt/vM+SApZySLgkpy83cQgcmo63R0JKdrCfjBpOGCqJ40GXbopiw/ fr/M6EorHqYF5nZulxDGttDHK3pJXHzSaqW1hb2w6E5NQROOCHWfYbJ5WJ2aBKWfSLwH cuoPM7VY9lDdmE8kXI1NgL3xZUwN4dmoHeNuCQC6JX2uhLjERGcah4e8PToSGYSn94mO CKaw== X-Gm-Message-State: AOPr4FWYUx+YcrdcbffkoOabapcxi9ysTeFiSCbPEuakJPTu7nAbxajaKYEritxUB47Ijj4/CY5D3a9QluNjCooG X-Received: by 10.31.149.73 with SMTP id x70mr7073685vkd.83.1460656363132; Thu, 14 Apr 2016 10:52:43 -0700 (PDT) MIME-Version: 1.0 Received: by 10.31.162.10 with HTTP; Thu, 14 Apr 2016 10:52:23 -0700 (PDT) From: Praveen Tammana Date: Thu, 14 Apr 2016 23:22:23 +0530 Message-ID: To: scim@ietf.org Content-Type: multipart/alternative; boundary=001a113d2d66aa3eea0530758f71 Archived-At: Subject: Re: [scim] Simple Federation Deployment X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Apr 2016 17:52:48 -0000 --001a113d2d66aa3eea0530758f71 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable I'm very interested in this as well. -Praveen On Wed, Apr 6, 2016 at 10:38 AM, wrote: > Send scim mailing list submissions to > scim@ietf.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.ietf.org/mailman/listinfo/scim > or, via email, send a message with subject or body 'help' to > scim-request@ietf.org > > You can reach the person managing the list at > scim-owner@ietf.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of scim digest..." > > Today's Topics: > > 1. Simple Federation Deployment (Hardt, Dick) > 2. Re: Simple Federation Deployment (Phil Hunt (IDM)) > 3. Re: Simple Federation Deployment (Hardt, Dick) > 4. Re: Simple Federation Deployment (Phil Hunt (IDM)) > > > ---------- Forwarded message ---------- > From: "Hardt, Dick" > To: "scim@ietf.org" , "oauth@ietf.org" > Cc: > Date: Tue, 5 Apr 2016 21:59:22 +0000 > Subject: [scim] Simple Federation Deployment > Use case: An admin for an organization would like to enable her users to > access a SaaS application at her IdP. > > User experience: > > 1. Admin authenticates to IdP in browser > 2. Admin selects SaaS app to federate with from list at IdP > 3. IdP optionally presents config options > 4. IdP redirects Admin to SaaS app > 5. Admin authenticates to SaaS app > 6. SaaS app optionally gathers config options > 7. SaaS app redirects admin to IdP > 8. IdP confirms successful federation =3D> OIDC / SAML and SCIM are no= w > configured and working between IdP and SaaS App > > Who else is interested in solving this? > > Is there interest in working on this in either SCIM or OAUTH Wgs? > > Any one in BA interested in meeting on this topic this week? > > =E2=80=94 Dick > > > ---------- Forwarded message ---------- > From: "Phil Hunt (IDM)" > To: "Hardt, Dick" > Cc: "scim@ietf.org" , "oauth@ietf.org" > Date: Tue, 5 Apr 2016 19:11:16 -0300 > Subject: Re: [scim] Simple Federation Deployment > Is the idp the center of all things for these users? > > Usually you have a provisioning system that coordinates state and uses > things like scim connectors to do this. > > Another approach from today would be to pass a scim event to the remote > provider which then decides what needs to be done to facilitate the thing= d > you describe. > > Iow. Either the idp (sender) or the sp (receiver) have a provisioning > system to do this. > > The solution and the simplicity depends on where the control needs to be. > > Phil > > On Apr 5, 2016, at 18:59, Hardt, Dick wrote: > > Use case: An admin for an organization would like to enable her users to > access a SaaS application at her IdP. > > User experience: > > 1. Admin authenticates to IdP in browser > 2. Admin selects SaaS app to federate with from list at IdP > 3. IdP optionally presents config options > 4. IdP redirects Admin to SaaS app > 5. Admin authenticates to SaaS app > 6. SaaS app optionally gathers config options > 7. SaaS app redirects admin to IdP > 8. IdP confirms successful federation =3D> OIDC / SAML and SCIM are no= w > configured and working between IdP and SaaS App > > Who else is interested in solving this? > > Is there interest in working on this in either SCIM or OAUTH Wgs? > > Any one in BA interested in meeting on this topic this week? > > =E2=80=94 Dick > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > > > > ---------- Forwarded message ---------- > From: "Hardt, Dick" > To: "Phil Hunt (IDM)" > Cc: "scim@ietf.org" , "oauth@ietf.org" > Date: Tue, 5 Apr 2016 22:25:54 +0000 > Subject: Re: [scim] Simple Federation Deployment > I=E2=80=99m talking about removing manual steps in what happens today whe= re > configuring a SaaS app at an IdP (such as Google, Azure, Ping, Octa) > requires is a bunch of cutting and pasting of access tokens / keys / cert= s > and doing a bunch of config that is error prone and unique for each > relationship. > > Don=E2=80=99t want to solve on the thread =E2=80=A6 looking to see if the= re is interest! > > On 4/5/16, 7:11 PM, someone claiming to be "scim on behalf of Phil Hunt > (IDM)" wrote: > > Is the idp the center of all things for these users? > > Usually you have a provisioning system that coordinates state and uses > things like scim connectors to do this. > > Another approach from today would be to pass a scim event to the remote > provider which then decides what needs to be done to facilitate the thing= d > you describe. > > Iow. Either the idp (sender) or the sp (receiver) have a provisioning > system to do this. > > The solution and the simplicity depends on where the control needs to be. > > Phil > > On Apr 5, 2016, at 18:59, Hardt, Dick wrote: > > Use case: An admin for an organization would like to enable her users to > access a SaaS application at her IdP. > > User experience: > > 1. Admin authenticates to IdP in browser > 2. Admin selects SaaS app to federate with from list at IdP > 3. IdP optionally presents config options > 4. IdP redirects Admin to SaaS app > 5. Admin authenticates to SaaS app > 6. SaaS app optionally gathers config options > 7. SaaS app redirects admin to IdP > 8. IdP confirms successful federation =3D> OIDC / SAML and SCIM are no= w > configured and working between IdP and SaaS App > > Who else is interested in solving this? > > Is there interest in working on this in either SCIM or OAUTH Wgs? > > Any one in BA interested in meeting on this topic this week? > > =E2=80=94 Dick > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > > > > ---------- Forwarded message ---------- > From: "Phil Hunt (IDM)" > To: "Hardt, Dick" > Cc: "scim@ietf.org" , "oauth@ietf.org" > Date: Wed, 6 Apr 2016 02:07:58 -0300 > Subject: Re: [scim] Simple Federation Deployment > There may be some similar concerns on our side. Lets talk more this week. > > Phil > > On Apr 5, 2016, at 19:25, Hardt, Dick wrote: > > I=E2=80=99m talking about removing manual steps in what happens today whe= re > configuring a SaaS app at an IdP (such as Google, Azure, Ping, Octa) > requires is a bunch of cutting and pasting of access tokens / keys / cert= s > and doing a bunch of config that is error prone and unique for each > relationship. > > Don=E2=80=99t want to solve on the thread =E2=80=A6 looking to see if the= re is interest! > > On 4/5/16, 7:11 PM, someone claiming to be "scim on behalf of Phil Hunt > (IDM)" wrote: > > Is the idp the center of all things for these users? > > Usually you have a provisioning system that coordinates state and uses > things like scim connectors to do this. > > Another approach from today would be to pass a scim event to the remote > provider which then decides what needs to be done to facilitate the thing= d > you describe. > > Iow. Either the idp (sender) or the sp (receiver) have a provisioning > system to do this. > > The solution and the simplicity depends on where the control needs to be. > > Phil > > On Apr 5, 2016, at 18:59, Hardt, Dick wrote: > > Use case: An admin for an organization would like to enable her users to > access a SaaS application at her IdP. > > User experience: > > 1. Admin authenticates to IdP in browser > 2. Admin selects SaaS app to federate with from list at IdP > 3. IdP optionally presents config options > 4. IdP redirects Admin to SaaS app > 5. Admin authenticates to SaaS app > 6. SaaS app optionally gathers config options > 7. SaaS app redirects admin to IdP > 8. IdP confirms successful federation =3D> OIDC / SAML and SCIM are no= w > configured and working between IdP and SaaS App > > Who else is interested in solving this? > > Is there interest in working on this in either SCIM or OAUTH Wgs? > > Any one in BA interested in meeting on this topic this week? > > =E2=80=94 Dick > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > > --001a113d2d66aa3eea0530758f71 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
I'm very interested in this as well.

-Praveen


On Wed, Apr 6, 2016 at 10:38 AM, <sci= m-request@ietf.org> wrote:
= Send scim mailing list submissions to
=C2=A0 =C2=A0 =C2=A0 =C2=A0 scim@ietf.org<= /a>

To subscribe or unsubscribe via the World Wide Web, visit
=C2=A0 =C2=A0 =C2=A0 =C2=A0 https://www.ietf.org/mailman/l= istinfo/scim
or, via email, send a message with subject or body 'help' to
=C2=A0 =C2=A0 =C2=A0 =C2=A0 scim-r= equest@ietf.org

You can reach the person managing the list at
=C2=A0 =C2=A0 =C2=A0 =C2=A0 scim-own= er@ietf.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of scim digest..."

Today's Topics:

=C2=A0 =C2=A01. Simple Federation Deployment (Hardt, Dick)
=C2=A0 =C2=A02. Re: Simple Federation Deployment (Phil Hunt (IDM))
=C2=A0 =C2=A03. Re: Simple Federation Deployment (Hardt, Dick)
=C2=A0 =C2=A04. Re: Simple Federation Deployment (Phil Hunt (IDM))


---------- Forwarded message ----------
From:=C2=A0"Hardt, = Dick" <dick@amazon.com>To:=C2=A0"scim@ietf.org" &= lt;scim@ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
Cc:=C2=A0
Date:=C2=A0Tue, 5 Apr 20= 16 21:59:22 +0000
Subject:=C2=A0[scim] Simple Federation Deployment
Use case: An admin for an organization would like to enable her users = to access a SaaS application at her IdP.=C2=A0

User experience:=C2=A0
  1. Admin authenticates to IdP in browser
  2. Admin selects SaaS app to= federate with from list at IdP
  3. IdP optionally presents config opti= ons
  4. IdP redirects Admin to SaaS app
  5. Admin authenticates to = SaaS app
  6. SaaS app optionally gathers config options
  7. SaaS ap= p redirects admin to IdP
  8. IdP confirms successful federation =3D>= OIDC / SAML and SCIM are now configured and working between IdP and SaaS A= pp
Who else is interested in solving this?

Is there interest in working on this in either SCIM or OAUTH Wgs?

Any one in BA interested in meeting on this topic this week?

=E2=80=94 Dick


---------- Forwarded message ----------
From:=C2=A0"Phil Hu= nt (IDM)" <phil.hunt@oracle= .com>
To:=C2=A0"Hardt, Dick" <dick@amazon.com>
Cc:=C2=A0"scim@ietf.org" <s= cim@ietf.org>, "oauth@ietf.or= g" <oauth@ietf.org>Date:=C2=A0Tue, 5 Apr 2016 19:11:16 -0300
Subject:=C2=A0Re: [scim] Simp= le Federation Deployment
Is the idp the center of= all things for these users?

Usually you have a pr= ovisioning system that coordinates state and uses things like scim connecto= rs to do this.=C2=A0

Another approach from today w= ould be to pass a scim event to the remote provider which then decides what= needs to be done to facilitate the thingd you describe.=C2=A0
Iow. Either the idp (sender) or the sp (receiver) have a provi= sioning system to do this.=C2=A0

The solution and = the simplicity depends on where the control needs to be.=C2=A0

Phil<= /div>

On Apr 5, 2016, at 18:59, Hardt, Dick <dick@amazon.com> wrote:

Use case: An admin for an organization would like to enable her users = to access a SaaS application at her IdP.=C2=A0

User experience:=C2=A0
  1. Admin authenticates to IdP in browser
  2. Admin selects SaaS app to= federate with from list at IdP
  3. IdP optionally presents config opti= ons
  4. IdP redirects Admin to SaaS app
  5. Admin authenticates to = SaaS app
  6. SaaS app optionally gathers config options
  7. SaaS ap= p redirects admin to IdP
  8. IdP confirms successful federation =3D>= OIDC / SAML and SCIM are now configured and working between IdP and SaaS A= pp
Who else is interested in solving this?

Is there interest in working on this in either SCIM or OAUTH Wgs?

Any one in BA interested in meeting on this topic this week?

=E2=80=94 Dick
___________________= ____________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim
=


---------- Forwarded message ----------
From:= =C2=A0"Hardt, Dick" <dick@a= mazon.com>
To:=C2=A0"Phil Hunt (IDM)" <phil.hunt@oracle.com>
Cc:=C2=A0"<= a href=3D"mailto:scim@ietf.org">scim@ietf.org" <scim@ietf.org>, "oauth@ietf.org" <oauth@= ietf.org>
Date:=C2=A0Tue, 5 Apr 2016 22:25:54 +0000
Subject:= =C2=A0Re: [scim] Simple Federation Deployment
I=E2=80=99m talking about removing manual steps in what happens today = where configuring a SaaS app at an IdP (such as Google, Azure, Ping, Octa) = requires is a bunch of cutting and pasting of access tokens / keys / certs = and doing a bunch of =C2=A0config that is error prone and unique for each relationship.

Don=E2=80=99t want to solve on the thread =E2=80=A6 looking to see if = there is interest!

On 4/5/16, 7:11 PM, someone claiming to be "scim on behalf of Phi= l Hunt (IDM)" <scim-bounces@ietf.org on behalf of phil.hunt@oracle.= com> wrote:

Is the idp the center of all things for these users?

Usually you have a provisioning system that coordinates state and uses= things like scim connectors to do this.=C2=A0

Another approach from today would be to pass a scim event to the remot= e provider which then decides what needs to be done to facilitate the thing= d you describe.=C2=A0

Iow. Either the idp (sender) or the sp (receiver) have a provisioning = system to do this.=C2=A0

The solution and the simplicity depends on where the control needs to = be.=C2=A0

Phil

On Apr 5, 2016, at 18:59, Hardt, Dick <dick@amazon.com> wrote:

Use case: An admin for an organization would like to enable her users = to access a SaaS application at her IdP.=C2=A0

User experience:=C2=A0
  1. Admin authenticates to IdP in browser
  2. Admin selects SaaS app to= federate with from list at IdP
  3. IdP optionally presents config opti= ons
  4. IdP redirects Admin to SaaS app
  5. Admin authenticates to = SaaS app
  6. SaaS app optionally gathers config options
  7. SaaS ap= p redirects admin to IdP
  8. IdP confirms successful federation =3D>= OIDC / SAML and SCIM are now configured and working between IdP and SaaS A= pp
Who else is interested in solving this?

Is there interest in working on this in either SCIM or OAUTH Wgs?

Any one in BA interested in meeting on this topic this week?

=E2=80=94 Dick
_______________________________________________
scim mailing list
scim@ietf.org<= /span>
https://www.ietf.org/mailman/listinfo/scim


---------- Forwarded message ----------
From:=C2=A0"Phil Hu= nt (IDM)" <phil.hunt@oracle= .com>
To:=C2=A0"Hardt, Dick" <dick@amazon.com>
Cc:=C2=A0"scim@ietf.org" <s= cim@ietf.org>, "oauth@ietf.or= g" <oauth@ietf.org>Date:=C2=A0Wed, 6 Apr 2016 02:07:58 -0300
Subject:=C2=A0Re: [scim] Simp= le Federation Deployment
There may be some simila= r concerns on our side. Lets talk more this week.=C2=A0

Phil<= /div>

On Apr 5, 2016, at 19:25, Hardt, Dick <dick@amazon.com> wrote:

I=E2=80=99m talking about removing manual steps in what happens today = where configuring a SaaS app at an IdP (such as Google, Azure, Ping, Octa) = requires is a bunch of cutting and pasting of access tokens / keys / certs = and doing a bunch of =C2=A0config that is error prone and unique for each relationship.

Don=E2=80=99t want to solve on the thread =E2=80=A6 looking to see if = there is interest!

On 4/5/16, 7:11 PM, someone claiming to be "scim on behalf of Phi= l Hunt (IDM)" <scim-bounces@ietf.org on behalf of phil.hunt@oracle.= com> wrote:

Is the idp the center of all things for these users?

Usually you have a provisioning system that coordinates state and uses= things like scim connectors to do this.=C2=A0

Another approach from today would be to pass a scim event to the remot= e provider which then decides what needs to be done to facilitate the thing= d you describe.=C2=A0

Iow. Either the idp (sender) or the sp (receiver) have a provisioning = system to do this.=C2=A0

The solution and the simplicity depends on where the control needs to = be.=C2=A0

Phil

On Apr 5, 2016, at 18:59, Hardt, Dick <dick@amazon.com> wrote:

Use case: An admin for an organization would like to enable her users = to access a SaaS application at her IdP.=C2=A0

User experience:=C2=A0
  1. Admin authenticates to IdP in browser
  2. Admin selects SaaS app to= federate with from list at IdP
  3. IdP optionally presents config opti= ons
  4. IdP redirects Admin to SaaS app
  5. Admin authenticates to = SaaS app
  6. SaaS app optionally gathers config options
  7. SaaS ap= p redirects admin to IdP
  8. IdP confirms successful federation =3D>= OIDC / SAML and SCIM are now configured and working between IdP and SaaS A= pp
Who else is interested in solving this?

Is there interest in working on this in either SCIM or OAUTH Wgs?

Any one in BA interested in meeting on this topic this week?

=E2=80=94 Dick
_______________________________________________
scim mailing list
scim@ietf.org<= /span>
https://www.ietf.org/mailman/listinfo/scim
___________________= ____________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim
=

_______________________________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim


--001a113d2d66aa3eea0530758f71-- From nobody Fri Apr 15 09:11:52 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B1A812D870 for ; Fri, 15 Apr 2016 09:11:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.087 X-Spam-Level: X-Spam-Status: No, score=-5.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=uwprod.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 38emwppxk_ub for ; Fri, 15 Apr 2016 09:11:49 -0700 (PDT) Received: from smtpauth3.wiscmail.wisc.edu (wmauth3.doit.wisc.edu [144.92.197.226]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E17D12D849 for ; Fri, 15 Apr 2016 09:11:48 -0700 (PDT) MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Received: from avs-daemon.smtpauth3.wiscmail.wisc.edu by smtpauth3.wiscmail.wisc.edu (Oracle Communications Messaging Server 7.0.5.33.0 64bit (built Aug 27 2014)) id <0O5O00600MN58800@smtpauth3.wiscmail.wisc.edu> for scim@ietf.org; Fri, 15 Apr 2016 11:11:47 -0500 (CDT) X-Spam-PmxInfo: Server=avs-3, Version=6.2.1.2493963, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2016.4.15.160316, SenderIP=0.0.0.0 Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0212.outbound.protection.outlook.com [207.46.163.212]) by smtpauth3.wiscmail.wisc.edu (Oracle Communications Messaging Server 7.0.5.33.0 64bit (built Aug 27 2014)) with ESMTPS id <0O5O0063QNNLC830@smtpauth3.wiscmail.wisc.edu>; Fri, 15 Apr 2016 11:11:46 -0500 (CDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uwprod.onmicrosoft.com; s=selector1-wisc-edu; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=kkUAc3/9kuXykuztH7Cg1xHxavbsE02LAJ7L1Pt2Koo=; b=hyHObamvodw/aqgt86B0f4obFnaRGM7Ocq1ur4AVWyoMZlPf8wH47t+5QxEUSM73eDBDAcwKujJfpQ6ABZYuQdO8a5l7cjIkPoFNPuhFyV6d6Lb3Cyjtqvpe0SOGzlGWqFrYxh6cfu0CLrJ/6sP/ZLSjp31ZIxxloqPuXcXXP0I= Received: from CY1PR0601MB1927.namprd06.prod.outlook.com (10.164.221.9) by CY1PR0601MB1928.namprd06.prod.outlook.com (10.164.221.10) with Microsoft SMTP Server (TLS) id 15.1.466.19; Fri, 15 Apr 2016 16:11:44 +0000 Received: from CY1PR0601MB1927.namprd06.prod.outlook.com ([10.164.221.9]) by CY1PR0601MB1927.namprd06.prod.outlook.com ([10.164.221.9]) with mapi id 15.01.0466.020; Fri, 15 Apr 2016 16:11:44 +0000 From: Keith Hazelton To: "scim@ietf.org" Thread-topic: [scim] SCIM compliance Thread-index: AQHRlzGAQFKeXs9/e0CM+ZLfG1jJQw== Date: Fri, 15 Apr 2016 16:11:44 +0000 Message-id: <67720B46-9E33-4E73-A77A-DB8DE5BF2935@wisc.edu> Accept-Language: en-US Content-language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=wisc.edu; x-ms-exchange-messagesentrepresentingtype: 1 X-Originating-IP: [128.104.18.177] x-ms-office365-filtering-correlation-id: 0fdf179b-d462-4e74-ffea-08d36548a380 x-microsoft-exchange-diagnostics: 1; CY1PR0601MB1928; 5:v6X6CFCqkHI0HkQ3NsODc830mI9UbXxl9tWhdy8GbhD5a7MJ3WF/jXXkhc8ZKjUN+rkFe1lsBIL7mRjLxROWnAUQ2uJty7DfgGCeeeDXLhyry1G9oxOZqy5u8zcCiwV04yL8K8nUFvMIuIaURndLU0w4pXJspcWhT/uH/tgucdlJGWMOJYQEDktIa9FsTmh7; 24:HfK3Qza1+0KPuB0d4+HSuPQAUC4hOvnzuWCaFvb9nG8Cnz6WdJJDYVqoqn+gameabF5BDZgTb3Inm5dijPJMAnOAIKExn51fn4LgfBmLuUg=; 7:aPRv4BHAqN7yBQ7iEZ0dPPEM0j9geb7Ty7K8lRPV3AUGbOtHhsa4uvGLDK+iopGHlAyxeZbM7ep+oTbSKkeFZqrGLhjz1XVaL1xSJFyJmuRBglBKS2dWhOKba0gNJ2Ra7vikEaOOzRB2F/0W/0HIXiuQgV9tkKyFQs4W5AH8nazsxUNev92vd8zx/G3fy2Y8Y6HxGzkqpl+6Iaxx8BdQuQU7ZglibF106cEJZMHYemU= x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR0601MB1928; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(9101521026)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026); SRVR:CY1PR0601MB1928; BCL:0; PCL:0; RULEID:; SRVR:CY1PR0601MB1928; x-forefront-prvs: 0913EA1D60 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(377424004)(24454002)(87936001)(82746002)(1220700001)(6116002)(586003)(1730700002)(3846002)(102836003)(1096002)(83716003)(106116001)(189998001)(66066001)(5004730100002)(89122001)(11100500001)(2351001)(15975445007)(2900100001)(110136002)(99286002)(77096005)(10400500002)(5008740100001)(2906002)(5002640100001)(3660700001)(5640700001)(81166005)(164054004)(36756003)(50986999)(54356999)(88552002)(75432002)(19580395003)(1720100001)(4326007)(3280700002)(19580405001)(561944003)(122556002)(33656002)(86362001)(90282001)(92566002)(5890100001)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR0601MB1928; H:CY1PR0601MB1927.namprd06.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; spamdiagnosticoutput: 1:23 spamdiagnosticmetadata: NSPM Content-id: <94CC998719BCD04CA949867143B63483@namprd06.prod.outlook.com> Content-transfer-encoding: base64 X-OriginatorOrg: wisc.edu X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Apr 2016 16:11:44.3291 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ca68321-0eda-4908-88b2-424a8cb4b0f9 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0601MB1928 Archived-At: Cc: TIER-API , Steve Moyer Subject: Re: [scim] SCIM compliance X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Apr 2016 16:11:51 -0000 Q29tbWVudHMgaW5saW5lLg0KLS0gDQplbWFpbCAmIGphYmJlcjoga2VpdGguaGF6ZWx0b25Ad2lz Yy5lZHUNCmNhbGVuZGFyOiBodHRwOi8vZ28ud2lzYy5lZHUvaTZ6eHgwDQpfX19fX19fX18NCk9u IDIwMTYtMDQtMTMsIDEzOjU1ICwgInNjaW0gb24gYmVoYWxmIG9mIFN0ZXZlIE1veWVyIiA8c2Np bS1ib3VuY2VzQGlldGYub3JnIG9uIGJlaGFsZiBvZiBzbW95ZXJAcHN1LmVkdT4gd3JvdGU6DQoN Cg0KDQoNCj5BbGwsDQo+DQo+V2UndmUgYmVlbiB3b3JraW5nIG9uIGEgZmlyc3QtcHJpbmNpcGxl cyByZXdyaXRlIG9mIG91ciBTQ0lNIDIuMCBzeXN0ZW0gKGJhc2VkIG9uIGEgcHJlLXJhdGlmaWVk IHZlcnNpb24gb2YgdGhlIHNwZWNpZmljYXRpb24pIGJ1dCB3ZSd2ZSBhbHNvIGJlZW4gcHJvbW90 aW5nIFNDSU0gZm9yIGl0cyBpbnRlbmRlZCB1c2UgaW4gdGhlIGhpZ2hlci1lZCBjb21tdW5pdHku DQo+DQo+UmVjZW50bHkgdGhlcmUncyBiZWVuIGEgZGlzY3Vzc2lvbiBhYm91dCB3aGF0IGl0IHJl YWxseSBtZWFucyB0byBiZSAiY29tcGxpYW50Ii4gIEknbSB0YWtpbmcgdGhlIGhhcmQtbGluZSB2 aWV3IHRoYXQgd2l0aG91dCBpbnRlci1vcGVyYWJpbGl0eSwgdGhlcmUncyBub3QgcmVhbGx5IGEg cG9pbnQgaW4gYmVpbmcgdGVjaG5pY2FsbHkgY29tcGF0aWJsZS4gIFRoZSBUSUVSIGdyb3VwIHdp dGhpbiB0aGUgSW50ZXJuZXQyIGlzIHRhbGtpbmcgYWJvdXQgY3JlYXRpbmcgVGllclVzZXIgYW5k IFRpZXJHcm91cCBSZXNvdXJjZVR5cGVzIGFuZCB1c2luZyB0aG9zZSBpbnN0ZWFkIG9mIHRoZSBj b3JlIFVzZXIgYW5kIEdyb3VwIFJlc291cmNlVHlwZS4NCg0KVGhlIFRJRVIgQVBJIFdHIGhhcyBu b3cgZHJvcHBlZCB0aGF0IGlkZWEgaW4gZmF2b3Igb2YgdXNpbmcgdGhlIFNDSU0tZGVmaW5lZCBV U0VSIGFuZCBHUk9VUCByZXNvdXJjZSB0eXBlcy4gSWYgdGhlcmUgYXJlIFRJRVItU3BlY2lmaWMg YXR0cmlidXRlcywgd2Ugd2lsbCB1c2UgdGhlIFNDSU0tZGVmaW5lZCBzY2hlbWEgZXh0ZW5zaW9u IG1vZGVsIHRvIGluY2x1ZGUgdGhlbS4NCg0KPg0KPlRlY2huaWNhbGx5LCB0aGUgc3BlY2lmaWNh dGlvbiBhbGxvd3MgKmFueSogcmVzb3VyY2UgdHlwZSB0byBiZSBhZGRlZCAocGVyIHNlY3Rpb24g My4yIG9mIHRoZSBTY2hlbWEgc3BlY2lmaWNhdGlvbikgYW5kIHdoaWxlIGl0IGltcGxpZXMgdGhl IGNvcmUgVXNlciBhbmQgY29yZSBHcm91cCBhcmUgcmVxdWlyZWQgKHVzaW5nIHRoZSB3b3JkICJw cm92aWRlZCIpIHRoZSBzcGVjaWZpY2F0aW9uIGRvZXNuJ3QgdGVjaG5pY2FsbHkgc2F5IGEgc2Vy dmljZSBNVVNUIHByb3ZpZGUgdGhvc2UgZW5kLXBvaW50cy4NCj4NCj5JJ3ZlIGF0dGFjaGVkIGEg ZG9jdW1lbnQgd2l0aCB0aGUgdHdvIGZhdm9yaXRlIFRJRVIgcHJvcG9zYWxzIGFuZCBteSB2aWV3 IGlzIHRoYXQgbmVpdGhlciBvZiB0aGVtIGFyZSBjb21wbGlhbnQuICBQcm9wb3NhbCB0d28gKmNv dWxkKiBiZSBpbnRlci1vcGVyYWJsZSBpZiB0aGUgcGVyc2lzdGVkIFRJRVIgdXNlciBvYmplY3Qg d2FzIGV4cG9zZWQgdmlhIGJvdGggdGhlIFRpZXJVc2VycyBhbmQgVXNlcnMgZW5kcG9pbnRzLiAg VGhpcyB2aW9sYXRlcyBhIHByaW5jaXBsZSBvZiBSRVNUIChhIHJlc291cmNlIGhhcyBhIHVuaXF1 ZSBVUkwpIHRob3VnaC4gIEkgc2hvdWxkIGFsc28gbm90ZSB0aGF0IHRoZSB1c2Ugb2YgcXVlcnkg cGFyYW1ldGVycywgaGVhZGVycyBhbmQgSFRUUCBzdGF0dXMgY29kZXMgcHJvcG9zZWQgYnkgVElF UiBhcmUgYWxzbyAiaW50ZXJlc3RpbmciLg0KDQpUaGUgcHJvcG9zYWwgY3VycmVudGx5IG9uIHRo ZSB0YWJsZSBmb3IgdGhlIFRJRVIgV0cgaXMgcXVpdGUgZGlmZmVyZW50IHRoYW4gdGhvc2UgZGVz Y3JpYmVkIGluIFN0ZXZlJ3MgYXR0YWNobWVudDoNCg0KV2Ugd2lsbCBvbmx5IGNyZWF0ZSBUSUVS LXNwZWNpZmljIFJlc291cmNlIFR5cGVzIHdoZW4gdGhlIFNDSU0tcHJvdmlkZWQgUmVzb3VyY2Ug VHlwZXMgZG9uJ3QgYWxyZWFkeSBpbmNsdWRlIGFuIDgwLzIwIHNvbHV0aW9uIHRvIG91ciByZXF1 aXJlbWVudHMuDQoNCg0KU0NJTSBVc2VyIGFuZCBHcm91cCByZXNvdXJjZXMgdHlwZXMgc3VmZmlj ZSBmb3IgVElFUiBuZWVkcywgcG9zc2libHkgd2l0aCBzbWFsbCBzY2hlbWEgZXh0ZW5zaW9ucyBm b3IgVElFUi1zcGVjaWZpYyBhdHRyaWJ1dGVzLg0KDQoNClRJRVIgd2lsbCBpbml0aWFsbHkgZGVm aW5lIHR3byBuZXcgUmVzb3VyY2UgVHlwZXMsIEVkdVBlcnNvbiBhbmQgRWR1TWVtYmVyOiANCg0K LSAgRWR1UGVyc29uIHdpbGwgY2FycnkgcmVwcmVzZW50YXRpb25zIG9mIHBlb3BsZSBpbiB0aGVp ciByaWNoIGFuZCB2YXJpb3VzIGd1aXNlcyB3aXRoaW4gYW4gRWR1Y2F0aW9uIGFuZCBSZXNlYXJj aCBjb250ZXh0LiBFYWNoIEVkdVBlcnNvbiByZXNvdXJjZSB3aWxsIGhhdmUgYSBtYXBwaW5nIHRv IGEgY29ycmVzcG9uZGluZyBTQ0lNIFVzZXIgcmVzb3VyY2UuDQoNCi0gIEVkdU1lbWJlciB3aWxs IGNhcnJ5IGRldGFpbGVkIGluZm9ybWF0aW9uIGFib3V0IHBlb3BsZSBpbiB0aGVpciBndWlzZSBh cyBtZW1iZXJzIG9mIFNDSU0gR3JvdXBzLiBNZW1iZXJzaGlwcyBtaWdodCBpbmNsdWRlLCBmb3Ig aW5zdGFuY2U6IEJlZ2luIGFuZCBlbmQgZGF0ZXMgYW5kIG90aGVyIGZlYXR1cmVzIHRoYXQgYXBw bHkgdG8gbWVtYmVyc2hpcHMuDQoNCi0gSW4gZ2VuZXJhbCwgd2UgYXJlIGRldGVybWluZWQgdG8g bWFrZSBpbnRlcm9wZXJhdGlvbiB3aXRoIFNDSU0gZW5kcG9pbnRzIGFzIGVhc3kgYW5kIHRyYW5z cGFyZW50IGFzIHBvc3NpYmxlIHdoaWxlIGFsc28gbWVldGluZyByZXF1aXJlbWVudHMgcGFydGlj dWxhciB0byBoaWdoZXIgZWR1Y2F0aW9uIGFuZCByZXNlYXJjaCBkb21haW5zLiBXZSBpbnRlbmQg dG8gaGF2ZSBhIHJlcHJlc2VudGF0aXZlIGpvaW4gdGhlIFNDSU0gSUVURiBXb3JraW5nIEdyb3Vw IGZvciBvbmdvaW5nIGRpc2N1c3Npb25zLg0KDQogICAgICAgLS1LZWl0aCBIYXplbHRvbiwgQ2hh aXIgb2YgdGhlIFRJRVIgRGF0YSBTdHJ1Y3R1cmVzIGFuZCBBUElzIFdvcmtpbmcgR3JvdXANCg0K Pg0KPldoYXQgYXJlIHRoaXMgZ3JvdXAncyBvcGluaW9ucz8NCj4NCj5UaGFua3MsDQo+DQo+U3Rl dmUNCj4NCj7igJxBbGwgdGhlIGVhc3kgc3R1ZmbigJlzIGJlZW4gZG9uZeKApi4gV2XigJl2ZSBn b3QgdGhlIHdoZWVsLCBmaXJlLCB0aGUgVFYgY2xpY2tlcuKAlHdoYXQgZWxzZSBkbyB5b3UgbmVl ZD/igJ0gLSBEZWFuIEthbWVuDQo= From nobody Fri Apr 15 10:51:50 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26EC612E216 for ; Fri, 15 Apr 2016 10:51:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.086 X-Spam-Level: X-Spam-Status: No, score=-5.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=uwprod.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s2ZlKzQJvouG for ; Fri, 15 Apr 2016 10:51:47 -0700 (PDT) Received: from smtpauth4.wiscmail.wisc.edu (wmauth4.doit.wisc.edu [144.92.197.145]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8313312E581 for ; Fri, 15 Apr 2016 10:51:46 -0700 (PDT) MIME-version: 1.0 Content-type: multipart/alternative; boundary="Boundary_(ID_UQF55zx0w2Ye9UwJXfZA5g)" Received: from avs-daemon.smtpauth4.wiscmail.wisc.edu by smtpauth4.wiscmail.wisc.edu (Oracle Communications Messaging Server 7.0.5.33.0 64bit (built Aug 27 2014)) id <0O5O00100RKRKZ00@smtpauth4.wiscmail.wisc.edu> for scim@ietf.org; Fri, 15 Apr 2016 12:51:45 -0500 (CDT) X-Spam-PmxInfo: Server=avs-4, Version=6.2.1.2493963, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2016.4.15.174216, SenderIP=0.0.0.0 Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1lp0139.outbound.protection.outlook.com [207.46.163.139]) by smtpauth4.wiscmail.wisc.edu (Oracle Communications Messaging Server 7.0.5.33.0 64bit (built Aug 27 2014)) with ESMTPS id <0O5O00F0KSA35Y80@smtpauth4.wiscmail.wisc.edu>; Fri, 15 Apr 2016 12:51:44 -0500 (CDT) Received: from CY1PR0601MB1927.namprd06.prod.outlook.com (10.164.221.9) by CY1PR0601MB1925.namprd06.prod.outlook.com (10.164.221.7) with Microsoft SMTP Server (TLS) id 15.1.466.19; Fri, 15 Apr 2016 17:51:38 +0000 Received: from CY1PR0601MB1927.namprd06.prod.outlook.com ([10.164.221.9]) by CY1PR0601MB1927.namprd06.prod.outlook.com ([10.164.221.9]) with mapi id 15.01.0466.020; Fri, 15 Apr 2016 17:51:38 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uwprod.onmicrosoft.com; s=selector1-wisc-edu; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=8sG0X7laDs9suR4MxIm4xZqChXE2WrUc1YT/tdJltpI=; b=jGgRQjySwxwS7P6lOZ/+Or1xzNHw2Pj9BpEAcrNG7UfFOJWPakvXM6aAOrPie+HK7FgQMXcsPDx1MJLaugDq0RPuvs9sp+GlRVC0aiChj+9ooqO06YI5o0EyDsOiUgOKiiWf4Eme/eGydUyzsQweohUHBv3E6t2bcRhJxMpFU+0= Date: Fri, 15 Apr 2016 17:51:38 +0000 From: Keith Hazelton X-Originating-IP: [128.104.18.177] To: TIER-API Message-id: Content-language: en-US Accept-Language: en-US Thread-topic: ATTN: Your opinions please by CoB today Thread-index: AQHRlz91hE5p7jS9k0COUsEZqpJdQQ== spamdiagnosticoutput: 1:23 spamdiagnosticmetadata: NSPM X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-office365-filtering-correlation-id: 4d7b7f3a-8205-4d8d-4ca9-08d36556983b x-microsoft-exchange-diagnostics: 1; CY1PR0601MB1925; 5:34UQIPfH9xiB60HS2baWaz4Rilh/s6aGHHT8mi8KIiV5QvZMp4MfGpEzwtcPl0y8hak3iKcIeg4D9M4Id4FPquykPwU3RAtyM1pZ0VKSBmME/5NFRWmpjs0YRbEOuH2OL78DveZ0abJIpEbPmrBn9q+YBlu1cP9mIa6ZYPGApTNuHb9QxON5MOyaYy5q+ec/; 24:k4K0rWzWlpuugMk/M8v6Pd073PXYTWIho5/KeLjOz5iCoPoi9DyqloNaRVAYuguFWWALG5AzJk607UZFyNSevPz1ALH6Q7bpYy36zosuD/o=; 7:2niGyej6sl1aXFj+d3p3+Xg+6R/uH/eRO47nG1HJiSq1kw3lUsaryA4wfOdlRcTMEfSjBopb/4mprVreVdWRFJu3ubxjM9DoW2Nkd12kgklf9bpoKU+j6EvRino3zjUy7LvadtCTnJTzP+bVI0U3VqfHt5T1OiL+nzdCB6cXmE7vu3klUFNViupr1QeAXsIx2NzQV10EeOVIKQOCqoZSF196gjBS1FwnMr1PdAWVhWM= x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR0601MB1925; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(9101521026)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026); SRVR:CY1PR0601MB1925; BCL:0; PCL:0; RULEID:; SRVR:CY1PR0601MB1925; x-forefront-prvs: 0913EA1D60 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(51874003)(33656002)(36756003)(54356999)(50986999)(86362001)(586003)(15975445007)(3846002)(87936001)(2171001)(77096005)(10400500002)(122556002)(5002640100001)(99286002)(88552002)(106116001)(5004730100002)(92566002)(82746002)(102836003)(11100500001)(66066001)(16236675004)(5008740100001)(19617315012)(89122001)(229853001)(110136002)(19580395003)(19580405001)(75432002)(90282001)(83716003)(189998001)(1096002)(6116002)(4326007)(1220700001)(3280700002)(3660700001)(2900100001)(2906002)(81166005)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR0601MB1925; H:CY1PR0601MB1927.namprd06.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; X-OriginatorOrg: wisc.edu X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Apr 2016 17:51:38.3176 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ca68321-0eda-4908-88b2-424a8cb4b0f9 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0601MB1925 Authentication-results: internet2.edu; dkim=none (message not signed) header.d=none;internet2.edu; dmarc=none action=none header.from=wisc.edu; Archived-At: Cc: SCIM WG Subject: [scim] ATTN: Your opinions please by CoB today X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Apr 2016 17:51:49 -0000 --Boundary_(ID_UQF55zx0w2Ye9UwJXfZA5g) Content-type: text/plain; charset=utf-8 Content-transfer-encoding: base64 VElFUi1BUElhcmlhbnMgYW5kIE90aGVyIEludGVyZXN0ZWQgUGFydGllcywNCg0KDQpQbGVhc2Ug cmVhZCB0aGUgZm9sbG93aW5nIGVkaXRlZCBleGNlcnB0IGZyb20gdGhlIFRJRVItQVBJIGNhbGwg ZWFybGllciB0b2RheSBhbmQgc2VuZCBiYWNrIGFueSBjcml0aWNpc21zIG9yIHN1Z2dlc3Rpb25z IGJ5IENvQiBGcmlkYXkgKHRvZGF5KS4gVGhlIGxvbmcgYXJjIG9mIHRoZSAnQWx0ZXJuYXRpdmUg UHJvcG9zYWxzJyB0aHJlYWQgb24gVElFUi1BUEkgc2VlbXMgdG8gYmUgYmVuZGluZyB0b3dhcmQg Y29udmVyZ2VuY2UuICBIZXJl4oCZcyB0aGUgcG9pbnQgcmVhY2hlZCBieSB0aGUgcGFydGljaXBh bnRzIG9uIHRvZGF54oCZcyBjYWxsLiBJZiBhbnlvbmUgaGFzIGNvbmNlcm5zIG9yIHN1Z2dlc3Rp b25zLCBwbGVhc2Ugc2VuZCB0aGVtIHRvIHRoZSBsaXN0IEFTQVAuIFdl4oCZZCBsaWtlIHRvIGdl dCBhIGRlZmluaXRpdmUgcG9zaXRpb24gbmFpbGVkIGRvd24gaW4gd3JpdGluZyBiZWZvcmUgdGhl IFRJRVIgUmVsZWFzZSAxIGJ1dHRvbiBpcyBwcmVzc2VkIChTYXR1cmRheSkuIFRoYW5rcyBpbiBh ZHZhbmNlLCAtLUtlaXRoDQoNCg0KLS0tLS0tLS0tLQ0KDQogICogICBUSUVSIHdpbGwgaW5pdGlh bGx5IGRlZmluZSB0d28gbmV3IHJlc291cmNlIHR5cGVzIGFuZCB0aGVpciBzY2hlbWFzOiAoRWR1 KVBlcnNvbiBhbmQgKEVkdSlNZW1iZXIuIE90aGVyIFRJRVIgcmVzb3VyY2UgdHlwZXMgbWF5IGZv bGxvdyBsYXRlcjogTWVtYmVyc2hpcCwgQXR0cmlidXRlLCBldGMpLiBUaGUgbmV3IHJlc291cmNl IHR5cGVzIHdpbGwgZm9sbG93IHRoZSB3ZWxsIGRvY3VtZW50ZWQgU0NJTSBwcm9jZWR1cmVzIGFu ZCBydWxlcyBmb3IgZGVmaW5pbmcgbmV3IHJlc291cmNlIHR5cGVzLg0KDQoNCiAgKiAgIFRJRVIg d2lsbCBhZG9wdCB0aGUgU0NJTS1kZWZpbmVkIFVzZXJzIGFuZCBHcm91cHMgcmVzb3VyY2VzIGFu ZCwgaWYgYSBmZXcgYWRkaXRpb25hbCBUSUVSLVNwZWNpZmljIGF0dHJpYnV0ZXMgYXJlIG5lZWRl ZCwgVElFUiB3aWxsIGRlZmluZSBhIHNjaGVtYSBleHRlbnNpb24gZm9sbG93aW5nIFNDSU0gcHJv Y2VkdXJlcyBhbmQgcnVsZXMsIGFuZCB0aGUgVElFUi1zcGVjaWZpYyBhdHRyaWJ1dGVzIHdvdWxk IHRoZW4gc2hvdyB1cCBpbiBhIFRJRVIgc2NoZW1hIGV4dGVuc2lvbiBlbGVtZW50IGFmdGVyIGFs bCB0aGUgbm9ybWFsIFNDSU0gYXR0cmlidXRlcyB0aGF0IG1ha2UgdXAgYSBVc2VyIHJlcHJlc2Vu dGF0aW9uLg0KDQoNCiAgKiAgIFNpdGVzIHRoYXQgYWRvcHQgVElFUiBtYXkgbmVlZCB0byBhZGQg c29tZSBsb2NhbCBhdHRyaWJ1dGVzIHRvIChFZHUpUGVyc29uLCB0aGUgbGlrZWxpZXN0IHBvaW50 IG9mIGV4dGVuc2lvbi4gSW4gdGhhdCBjYXNlLCB0aGV5IHNob3VsZCB1c2UgdGhlIHNhbWUgU0NJ TS1kZWZpbmVkIHNjaGVtYSBleHRlbnNpb24gbW9kZWwsIGFuZCBhZGQgdGhlaXIgbG9jYWwgYXR0 cmlidXRlcyBpbiBhIGxvY2FsbHktZGVmaW5lZCBzY2hlbWEgZXh0ZW5zaW9uIGF0IHRoZSBib3R0 b20gb2YgYW4gKEVkdSlQZXJzb24gcmVwcmVzZW50YXRpb24uDQoNCg0KICAqICAgT3BlbiBxdWVz dGlvbjogVXNlIHRoZSAnRWR1JyBwcmVmaXggb24gYWxsIFRJRVItZGVmaW5lZCBSZXNvdXJjZSBU eXBlcz8gIEl0IHNlZW1zIGxpa2UgYSBnb29kIGlkZWEsIGJ1dCBpdCBpcyBub3Qgc3RyaWN0bHkg bmVjZXNzYXJ5IGJlY2F1c2UgdGhlIHNjaGVtYSBVUkwgd2lsbCB1bmlxdWVseSBzcGVjaWZ5IGl0 cyBvd24gbmFtaW5nIGF1dGhvcml0eS4NCg0KLS0NCmVtYWlsICYgamFiYmVyOiBrZWl0aC5oYXpl bHRvbkB3aXNjLmVkdTxtYWlsdG86a2VpdGguaGF6ZWx0b25Ad2lzYy5lZHU+DQpjYWxlbmRhcjog aHR0cDovL2dvLndpc2MuZWR1L2k2enh4MA0K --Boundary_(ID_UQF55zx0w2Ye9UwJXfZA5g) Content-id: Content-type: text/html; charset=utf-8 Content-transfer-encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsgY29sb3I6IHJnYigwLCAwLCAwKTsgZm9udC1zaXplOiAx NHB4OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiPg0KPGRpdj48c3BhbiBpZD0i ZG9jcy1pbnRlcm5hbC1ndWlkLWI1YTY4N2Q4LTFhZjktYjUwNi1jMmUzLWIyZmM2ZDZhMWZmNSI+ DQo8ZGl2Pg0KPHAgZGlyPSJsdHIiIHN0eWxlPSJsaW5lLWhlaWdodDoxLjM4O21hcmdpbi10b3A6 MHB0O21hcmdpbi1ib3R0b206MHB0OyI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTQuNjY2NjY2 NjY2NjY2NjY2cHg7IHZlcnRpY2FsLWFsaWduOiBiYXNlbGluZTsgd2hpdGUtc3BhY2U6IHByZS13 cmFwOyI+VElFUi1BUElhcmlhbnMgYW5kIE90aGVyIEludGVyZXN0ZWQgUGFydGllcyw8L3NwYW4+ PC9wPg0KPHAgZGlyPSJsdHIiIHN0eWxlPSJsaW5lLWhlaWdodDoxLjM4O21hcmdpbi10b3A6MHB0 O21hcmdpbi1ib3R0b206MHB0OyI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTQuNjY2NjY2NjY2 NjY2NjY2cHg7IHZlcnRpY2FsLWFsaWduOiBiYXNlbGluZTsgd2hpdGUtc3BhY2U6IHByZS13cmFw OyI+PGJyPg0KPC9zcGFuPjwvcD4NCjxwIGRpcj0ibHRyIiBzdHlsZT0ibGluZS1oZWlnaHQ6MS4z ODttYXJnaW4tdG9wOjBwdDttYXJnaW4tYm90dG9tOjBwdDsiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6IDE0LjY2NjY2NjY2NjY2NjY2NnB4OyB2ZXJ0aWNhbC1hbGlnbjogYmFzZWxpbmU7IHdoaXRl LXNwYWNlOiBwcmUtd3JhcDsiPlBsZWFzZSByZWFkIHRoZSBmb2xsb3dpbmcgZWRpdGVkIGV4Y2Vy cHQgZnJvbSB0aGUgVElFUi1BUEkgY2FsbCBlYXJsaWVyIHRvZGF5IGFuZCBzZW5kIGJhY2sNCiBh bnkgY3JpdGljaXNtcyBvciBzdWdnZXN0aW9ucyBieSBDb0IgRnJpZGF5ICh0b2RheSkuIDwvc3Bh bj48c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxNXB4OyBsaW5lLWhlaWdodDogMjBweDsgd2hpdGUt c3BhY2U6IHByZS13cmFwOyI+VGhlIGxvbmcgYXJjIG9mIHRoZSAnQWx0ZXJuYXRpdmUgUHJvcG9z YWxzJyB0aHJlYWQgb24gVElFUi1BUEkgc2VlbXMgdG8gYmUgYmVuZGluZyB0b3dhcmQgY29udmVy Z2VuY2UuICZuYnNwO0hlcmXigJlzIHRoZSBwb2ludCByZWFjaGVkDQogYnkgdGhlIHBhcnRpY2lw YW50cyBvbiB0b2RheeKAmXMgY2FsbC4gSWYgYW55b25lIGhhcyBjb25jZXJucyBvciBzdWdnZXN0 aW9ucywgcGxlYXNlIHNlbmQgdGhlbSB0byB0aGUgbGlzdCBBU0FQLiBXZeKAmWQgbGlrZSB0byBn ZXQgYSBkZWZpbml0aXZlIHBvc2l0aW9uIG5haWxlZCBkb3duIGluIHdyaXRpbmcgYmVmb3JlIHRo ZSBUSUVSIFJlbGVhc2UgMSBidXR0b24gaXMgcHJlc3NlZCAoU2F0dXJkYXkpLiBUaGFua3MgaW4g YWR2YW5jZSwgLS1LZWl0aDwvc3Bhbj48L3A+DQo8cCBkaXI9Imx0ciIgc3R5bGU9ImxpbmUtaGVp Z2h0OjEuMzg7bWFyZ2luLXRvcDowcHQ7bWFyZ2luLWJvdHRvbTowcHQ7Ij48c3BhbiBzdHlsZT0i Zm9udC1zaXplOiAxNC42NjY2NjY2NjY2NjY2NjZweDsgdmVydGljYWwtYWxpZ246IGJhc2VsaW5l OyB3aGl0ZS1zcGFjZTogcHJlLXdyYXA7Ij48YnI+DQo8L3NwYW4+PC9wPg0KPHAgZGlyPSJsdHIi IHN0eWxlPSJsaW5lLWhlaWdodDoxLjM4O21hcmdpbi10b3A6MHB0O21hcmdpbi1ib3R0b206MHB0 OyI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTQuNjY2NjY2NjY2NjY2NjY2cHg7IHZlcnRpY2Fs LWFsaWduOiBiYXNlbGluZTsgd2hpdGUtc3BhY2U6IHByZS13cmFwOyI+LS0tLS0tLS0tLQ0KPC9z cGFuPjwvcD4NCjwvZGl2Pg0KPHVsIHN0eWxlPSJtYXJnaW4tdG9wOjBwdDttYXJnaW4tYm90dG9t OjBwdDsiPg0KPGxpIGRpcj0ibHRyIiBzdHlsZT0ibGlzdC1zdHlsZS10eXBlOiBkaXNjOyBmb250 LXNpemU6IDE0LjY2NjY2NjY2NjY2NjY2NnB4OyBmb250LWZhbWlseTogQXJpYWw7IHZlcnRpY2Fs LWFsaWduOiBiYXNlbGluZTsiPg0KPHAgZGlyPSJsdHIiIHN0eWxlPSJsaW5lLWhlaWdodDoxLjM4 O21hcmdpbi10b3A6MHB0O21hcmdpbi1ib3R0b206MHB0OyI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZTogMTQuNjY2NjY2NjY2NjY2NjY2cHg7IHZlcnRpY2FsLWFsaWduOiBiYXNlbGluZTsgd2hpdGUt c3BhY2U6IHByZS13cmFwOyI+VElFUiB3aWxsIGluaXRpYWxseSBkZWZpbmUgdHdvIG5ldyByZXNv dXJjZSB0eXBlcyBhbmQgdGhlaXIgc2NoZW1hczogKEVkdSlQZXJzb24gYW5kIChFZHUpTWVtYmVy Lg0KIE90aGVyIFRJRVIgcmVzb3VyY2UgdHlwZXMgbWF5IGZvbGxvdyBsYXRlcjogTWVtYmVyc2hp cCwgQXR0cmlidXRlLCBldGMpLiBUaGUgbmV3IHJlc291cmNlIHR5cGVzIHdpbGwgZm9sbG93IHRo ZSB3ZWxsIGRvY3VtZW50ZWQgU0NJTSBwcm9jZWR1cmVzIGFuZCBydWxlcyBmb3IgZGVmaW5pbmcg bmV3IHJlc291cmNlIHR5cGVzLjwvc3Bhbj48L3A+DQo8L2xpPjwvdWw+DQo8ZGl2PjxzcGFuIHN0 eWxlPSJjb2xvcjogcmdiKDAsIDAsIDApOyBmb250LWZhbWlseTogQXJpYWw7IGZvbnQtc2l6ZTog MTVweDsgZm9udC1zdHlsZTogbm9ybWFsOyBmb250LXdlaWdodDogbm9ybWFsOyB0ZXh0LWRlY29y YXRpb246IG5vbmU7Ij48YnI+DQo8L3NwYW4+PC9kaXY+DQo8dWwgc3R5bGU9Im1hcmdpbi10b3A6 MHB0O21hcmdpbi1ib3R0b206MHB0OyI+DQo8bGkgZGlyPSJsdHIiIHN0eWxlPSJsaXN0LXN0eWxl LXR5cGU6IGRpc2M7IGZvbnQtc2l6ZTogMTQuNjY2NjY2NjY2NjY2NjY2cHg7IGZvbnQtZmFtaWx5 OiBBcmlhbDsgdmVydGljYWwtYWxpZ246IGJhc2VsaW5lOyI+DQo8cCBkaXI9Imx0ciIgc3R5bGU9 ImxpbmUtaGVpZ2h0OjEuMzg7bWFyZ2luLXRvcDowcHQ7bWFyZ2luLWJvdHRvbTowcHQ7Ij48c3Bh biBzdHlsZT0iZm9udC1zaXplOiAxNC42NjY2NjY2NjY2NjY2NjZweDsgdmVydGljYWwtYWxpZ246 IGJhc2VsaW5lOyB3aGl0ZS1zcGFjZTogcHJlLXdyYXA7Ij5USUVSIHdpbGwgYWRvcHQgdGhlIFND SU0tZGVmaW5lZCBVc2VycyBhbmQgR3JvdXBzIHJlc291cmNlcyBhbmQsIGlmIGEgZmV3IGFkZGl0 aW9uYWwgVElFUi1TcGVjaWZpYw0KIGF0dHJpYnV0ZXMgYXJlIG5lZWRlZCwgVElFUiB3aWxsIGRl ZmluZSBhIHNjaGVtYSBleHRlbnNpb24gZm9sbG93aW5nIFNDSU0gcHJvY2VkdXJlcyBhbmQgcnVs ZXMsIGFuZCB0aGUgVElFUi1zcGVjaWZpYyBhdHRyaWJ1dGVzIHdvdWxkIHRoZW4gc2hvdyB1cCBp biBhIFRJRVIgc2NoZW1hIGV4dGVuc2lvbiBlbGVtZW50IGFmdGVyIGFsbCB0aGUgbm9ybWFsIFND SU0gYXR0cmlidXRlcyB0aGF0IG1ha2UgdXAgYSBVc2VyIHJlcHJlc2VudGF0aW9uLjwvc3Bhbj48 L3A+DQo8L2xpPjwvdWw+DQo8ZGl2PjxzcGFuIHN0eWxlPSJjb2xvcjogcmdiKDAsIDAsIDApOyBm b250LWZhbWlseTogQXJpYWw7IGZvbnQtc2l6ZTogMTVweDsgZm9udC1zdHlsZTogbm9ybWFsOyBm b250LXdlaWdodDogbm9ybWFsOyB0ZXh0LWRlY29yYXRpb246IG5vbmU7Ij48YnI+DQo8L3NwYW4+ PC9kaXY+DQo8dWwgc3R5bGU9Im1hcmdpbi10b3A6MHB0O21hcmdpbi1ib3R0b206MHB0OyI+DQo8 bGkgZGlyPSJsdHIiIHN0eWxlPSJsaXN0LXN0eWxlLXR5cGU6IGRpc2M7IGZvbnQtc2l6ZTogMTQu NjY2NjY2NjY2NjY2NjY2cHg7IGZvbnQtZmFtaWx5OiBBcmlhbDsgdmVydGljYWwtYWxpZ246IGJh c2VsaW5lOyI+DQo8c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxNC42NjY2NjY2NjY2NjY2NjZweDsg dmVydGljYWwtYWxpZ246IGJhc2VsaW5lOyB3aGl0ZS1zcGFjZTogcHJlLXdyYXA7Ij5TaXRlcyB0 aGF0IGFkb3B0IFRJRVIgbWF5IG5lZWQgdG8gYWRkIHNvbWUgbG9jYWwgYXR0cmlidXRlcyB0byAo RWR1KVBlcnNvbiwgdGhlIGxpa2VsaWVzdCBwb2ludCBvZiBleHRlbnNpb24uIEluIHRoYXQgY2Fz ZSwgdGhleSBzaG91bGQgdXNlIHRoZSBzYW1lIFNDSU0tZGVmaW5lZA0KIHNjaGVtYSBleHRlbnNp b24gbW9kZWwsIGFuZCBhZGQgdGhlaXIgbG9jYWwgYXR0cmlidXRlcyBpbiBhIGxvY2FsbHktZGVm aW5lZCBzY2hlbWEgZXh0ZW5zaW9uIGF0IHRoZSBib3R0b20gb2YgYW4gKEVkdSlQZXJzb24gcmVw cmVzZW50YXRpb24uPC9zcGFuPjwvbGk+PC91bD4NCjxkaXY+PHNwYW4gc3R5bGU9ImNvbG9yOiBy Z2IoMCwgMCwgMCk7IGZvbnQtZmFtaWx5OiBBcmlhbDsgZm9udC1zaXplOiAxNXB4OyBmb250LXN0 eWxlOiBub3JtYWw7IGZvbnQtd2VpZ2h0OiBub3JtYWw7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsi Pjxicj4NCjwvc3Bhbj48L2Rpdj4NCjx1bD4NCjxsaT48c3BhbiBzdHlsZT0iY29sb3I6IHJnYigw LCAwLCAwKTsgZm9udC1mYW1pbHk6IEFyaWFsOyBmb250LXNpemU6IDE1cHg7IGZvbnQtc3R5bGU6 IG5vcm1hbDsgZm9udC13ZWlnaHQ6IG5vcm1hbDsgdGV4dC1kZWNvcmF0aW9uOiBub25lOyI+T3Bl biBxdWVzdGlvbjogVXNlIHRoZSAnRWR1JyBwcmVmaXggb24gYWxsIFRJRVItZGVmaW5lZCBSZXNv dXJjZSBUeXBlcz8gJm5ic3A7SXQgc2VlbXMgbGlrZSBhIGdvb2QgaWRlYSwgYnV0IGl0IGlzIG5v dCBzdHJpY3RseQ0KIG5lY2Vzc2FyeSBiZWNhdXNlIHRoZSBzY2hlbWEgVVJMIHdpbGwgdW5pcXVl bHkgc3BlY2lmeSBpdHMgb3duIG5hbWluZyBhdXRob3JpdHkuPC9zcGFuPjwvbGk+PC91bD4NCjwv c3Bhbj48L2Rpdj4NCjxkaXY+DQo8ZGl2IGlkPSJNQUNfT1VUTE9PS19TSUdOQVRVUkUiPjxzcGFu IGNsYXNzPSJIT0VuWmIgYWRMIj48Zm9udCBjb2xvcj0iIzg4ODg4OCI+DQo8ZGl2Pg0KPGRpdj4N CjxkaXY+LS0mbmJzcDs8L2Rpdj4NCjxkaXY+ZW1haWwgJmFtcDsgamFiYmVyOiA8YSBocmVmPSJt YWlsdG86a2VpdGguaGF6ZWx0b25Ad2lzYy5lZHUiIHRhcmdldD0iX2JsYW5rIj48c3BhbiBjbGFz cz0iaWwiPmtlaXRoLmhhemVsdG9uQHdpc2MuZWR1PC9zcGFuPjwvYT48L2Rpdj4NCjxkaXY+Y2Fs ZW5kYXI6IDxhIGhyZWY9Imh0dHA6Ly9nby53aXNjLmVkdS9pNnp4eDAiIHRhcmdldD0iX2JsYW5r Ij5odHRwOi8vZ28ud2lzYy5lZHUvaTZ6eHgwPC9hPjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwv Zm9udD48L3NwYW4+PC9kaXY+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --Boundary_(ID_UQF55zx0w2Ye9UwJXfZA5g)-- From nobody Fri Apr 15 11:00:35 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9E1112D58E for ; Fri, 15 Apr 2016 11:00:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.197 X-Spam-Level: X-Spam-Status: No, score=-5.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2thO1lqh--Oj for ; Fri, 15 Apr 2016 11:00:31 -0700 (PDT) Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2103F12D1B4 for ; Fri, 15 Apr 2016 11:00:30 -0700 (PDT) Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u3FI0SNG009457 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 15 Apr 2016 18:00:29 GMT Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserv0022.oracle.com (8.13.8/8.13.8) with ESMTP id u3FI0SmC002339 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 15 Apr 2016 18:00:28 GMT Received: from abhmp0014.oracle.com (abhmp0014.oracle.com [141.146.116.20]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id u3FI0ROT008389; Fri, 15 Apr 2016 18:00:27 GMT Received: from [10.0.1.20] (/24.86.216.17) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 15 Apr 2016 11:00:27 -0700 Content-Type: multipart/alternative; boundary="Apple-Mail=_6D74C90E-C1D0-4FDC-A8F4-76CD26CF7D6C" Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) From: Phil Hunt In-Reply-To: Date: Fri, 15 Apr 2016 11:00:25 -0700 Message-Id: <2967809E-18BD-4DFE-AB31-89E633A7E1EC@oracle.com> References: To: Keith Hazelton X-Mailer: Apple Mail (2.3124) X-Source-IP: aserv0022.oracle.com [141.146.126.234] Archived-At: Cc: SCIM WG , TIER-API Subject: Re: [scim] ATTN: Your opinions please by CoB today X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Apr 2016 18:00:34 -0000 --Apple-Mail=_6D74C90E-C1D0-4FDC-A8F4-76CD26CF7D6C Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Keith, Thanks for sharing.=20 See my comment in line=E2=80=A6 Phil @independentid www.independentid.com = phil.hunt@oracle.com = > On Apr 15, 2016, at 10:51 AM, Keith Hazelton = wrote: >=20 > TIER-APIarians and Other Interested Parties, >=20 >=20 > Please read the following edited excerpt from the TIER-API call = earlier today and send back > any criticisms or suggestions by CoB Friday (today). The long arc of = the 'Alternative Proposals' thread on TIER-API seems to be bending = toward convergence. Here=E2=80=99s the point reached > by the participants on today=E2=80=99s call. If anyone has concerns = or suggestions, please send them to the list ASAP. We=E2=80=99d like to = get a definitive position nailed down in writing before the TIER Release = 1 button is pressed (Saturday). Thanks in advance, --Keith >=20 >=20 > ---------- > TIER will initially define two new resource types and their schemas: = (Edu)Person and (Edu)Member. > Other TIER resource types may follow later: Membership, Attribute, = etc). The new resource types will follow the well documented SCIM = procedures and rules for defining new resource types. Why new resource types? Why not extend the SCIM User resource (same way = as enterprise user does)? FWIW, not all that different from LDAP. One = downside to having multiple resources for a User is referential = integrity issues. Extending the base user object lets you keep = attributes together. One difference that we have form LDAP is we = maintain a separate JSON sub-object for the extension schema - that = avoids naming collisions between extensions (e.g. say one university = creates an attribute with the same name as a TIER attribute). >=20 >=20 > TIER will adopt the SCIM-defined Users and Groups resources and, if a = few additional TIER-Specific > attributes are needed, TIER will define a schema extension following = SCIM procedures and rules, and the TIER-specific attributes would then = show up in a TIER schema extension element after all the normal SCIM = attributes that make up a User representation. >=20 > Sites that adopt TIER may need to add some local attributes to = (Edu)Person, the likeliest point of extension. In that case, they should = use the same SCIM-defined > schema extension model, and add their local attributes in a = locally-defined schema extension at the bottom of an (Edu)Person = representation. >=20 > Open question: Use the 'Edu' prefix on all TIER-defined Resource = Types? It seems like a good idea, but it is not strictly necessary = because the schema URL will uniquely specify its own naming authority. Agreed. However, =E2=80=9CEdu=E2=80=9D prefix makes it more obvious in = all the interactions you=E2=80=99ll have (ie. you can see it in the = URL). > --=20 > email & jabber: keith.hazelton@wisc.edu = > calendar: http://go.wisc.edu/i6zxx0 = _______________________________________________= > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim --Apple-Mail=_6D74C90E-C1D0-4FDC-A8F4-76CD26CF7D6C Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8
Keith,

Thanks for sharing. 

See my comment in = line=E2=80=A6




On Apr 15, 2016, at 10:51 AM, Keith Hazelton <keith.hazelton@wisc.edu> wrote:

=
TIER-APIarians and Other Interested Parties,

Please read the following edited excerpt from the TIER-API = call earlier today and send back any criticisms or suggestions by CoB Friday (today). The long arc of the 'Alternative Proposals' thread on = TIER-API seems to be bending toward convergence.  Here=E2=80=99s = the point reached by the participants on today=E2=80=99s call. If anyone has concerns or = suggestions, please send them to the list ASAP. We=E2=80=99d like to get = a definitive position nailed down in writing before the TIER Release 1 = button is pressed (Saturday). Thanks in advance, = --Keith

----------
  • TIER will initially define two new resource types and their = schemas: (Edu)Person and (Edu)Member. Other TIER resource types may follow later: Membership, Attribute, = etc). The new resource types will follow the well documented SCIM = procedures and rules for defining new resource = types.
Why new resource types?  Why not extend the SCIM = User resource (same way as enterprise user does)?  FWIW, not all = that different from LDAP.  One downside to having multiple = resources for a User is referential integrity issues. Extending the base = user object lets you keep attributes together.  One difference that = we have form LDAP is we maintain a separate JSON sub-object for the = extension schema - that avoids naming collisions between extensions = (e.g. say one university creates an attribute with the same name as a = TIER attribute).


  • TIER will adopt the SCIM-defined Users and Groups resources = and, if a few additional TIER-Specific attributes are needed, TIER will define a schema extension following = SCIM procedures and rules, and the TIER-specific attributes would then = show up in a TIER schema extension element after all the normal SCIM = attributes that make up a User representation.

  • Sites that adopt TIER may = need to add some local attributes to (Edu)Person, the likeliest point of = extension. In that case, they should use the same SCIM-defined schema extension model, and add their local attributes in a = locally-defined schema extension at the bottom of an (Edu)Person = representation.

  • Open question: Use the 'Edu' prefix on all TIER-defined = Resource Types?  It seems like a good idea, but it is not strictly necessary because the schema URL will uniquely specify its own naming = authority.
Agreed. =  However, =E2=80=9CEdu=E2=80=9D prefix makes it more obvious in all = the interactions you=E2=80=99ll have (ie. you can see it in the URL).
=
-- 
email & jabber: keith.hazelton@wisc.edu
calendar: http://go.wisc.edu/i6zxx0
_______________________________________________
scim = mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim

= --Apple-Mail=_6D74C90E-C1D0-4FDC-A8F4-76CD26CF7D6C-- From nobody Fri Apr 15 11:49:27 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD6AF12D68D for ; Fri, 15 Apr 2016 11:49:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.086 X-Spam-Level: X-Spam-Status: No, score=-5.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=uwprod.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xhK-aShTmUs1 for ; Fri, 15 Apr 2016 11:49:22 -0700 (PDT) Received: from smtpauth3.wiscmail.wisc.edu (wmauth3.doit.wisc.edu [144.92.197.226]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0235412D180 for ; Fri, 15 Apr 2016 11:49:21 -0700 (PDT) MIME-version: 1.0 Content-type: multipart/alternative; boundary="Boundary_(ID_jmMF/eP1KbqYomPF3z1t5g)" Received: from avs-daemon.smtpauth3.wiscmail.wisc.edu by smtpauth3.wiscmail.wisc.edu (Oracle Communications Messaging Server 7.0.5.33.0 64bit (built Aug 27 2014)) id <0O5O00500ULQAC00@smtpauth3.wiscmail.wisc.edu> for scim@ietf.org; Fri, 15 Apr 2016 13:49:20 -0500 (CDT) X-Spam-PmxInfo: Server=avs-3, Version=6.2.1.2493963, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2016.4.15.183916, SenderIP=0.0.0.0 Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0209.outbound.protection.outlook.com [207.46.163.209]) by smtpauth3.wiscmail.wisc.edu (Oracle Communications Messaging Server 7.0.5.33.0 64bit (built Aug 27 2014)) with ESMTPS id <0O5O00K79UY5WY70@smtpauth3.wiscmail.wisc.edu>; Fri, 15 Apr 2016 13:49:18 -0500 (CDT) Received: from CY1PR0601MB1927.namprd06.prod.outlook.com (10.164.221.9) by CY1PR0601MB1925.namprd06.prod.outlook.com (10.164.221.7) with Microsoft SMTP Server (TLS) id 15.1.466.19; Fri, 15 Apr 2016 18:49:16 +0000 Received: from CY1PR0601MB1927.namprd06.prod.outlook.com ([10.164.221.9]) by CY1PR0601MB1927.namprd06.prod.outlook.com ([10.164.221.9]) with mapi id 15.01.0466.020; Fri, 15 Apr 2016 18:49:16 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uwprod.onmicrosoft.com; s=selector1-wisc-edu; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=oRlsckDodHUIgD35EYNl5P0Lx5rFcWqiAt3OZ+NH6Do=; b=LDewrYL1V6Lpu05mZV2IFrW7vAc+8l2J2+26fBHXUVysYHu3/z6aeovEDCa1giLW1POah2qQnh2rev1oFGdStG3stAHNhE0zc1bwoXXaRjszjzpEmZAYw+BhxE+pFyx2QEj5EfR7zTJWJXiQNU1iPR2XHsmV5oj1q1Lu9qOwnM0= Date: Fri, 15 Apr 2016 18:49:16 +0000 From: Keith Hazelton In-reply-to: <2967809E-18BD-4DFE-AB31-89E633A7E1EC@oracle.com> X-Originating-IP: [128.104.18.177] To: SCIM WG Message-id: Content-language: en-US Accept-Language: en-US Thread-topic: [scim] ATTN: Your opinions please by CoB today Thread-index: AQHRlz91hE5p7jS9k0COUsEZqpJdQZ+LUuCA//+504A= spamdiagnosticoutput: 1:23 spamdiagnosticmetadata: NSPM X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-office365-filtering-correlation-id: 31b254c1-82a1-4357-7b98-08d3655ea59e x-microsoft-exchange-diagnostics: 1; CY1PR0601MB1925; 5:pa9TZacg72QxOQ1ogY687gYTEanWMxKnmcsGO0xYELZBfp8rlAOqAgFdTOaugLKigSi6Z6+tRjSf8goMKWUBxI2PpNKIKICOcRc9/wQGwvfrw8JfJ3t0Q4n3QcHFCTYG5MjYKFHTNyCFvRv4SLh5+VblCYOcz1sVbd/BUGjqFjsuKgaDBDhBHoWlEqJtAMrv; 24:8oXShVVDDsJw3SLf7+HxSxxAVG/HbGEsZ4DYPmV1Cjj1zHC0OVZIHYGxmDZ0NZQePZBh0M/hMJ48TxDcCkSnywlAZ1lpoFxWp/Do4aHZX4w=; 7:EG9SkUCcySaM8Mw22FDm9i+4SzEGtMaS25F4vmKP8uKkHH2nQgXFY9fjZ9ZpY7MYbtA9o77MwszFCJpJ8SQ50kGOftx8/zkRIH12gY20BWfvao7pkAVVgH1ycIKeKC0b/kN12bTFCt314oHSxBKUftRh2N0wGVAY4HQKsMaPMPT+N42c+oJg+HKlZtfE77wiytp6VCgCXp0R6X2W8/6wWWOp0brK86yyGOemYe5UzIo= x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR0601MB1925; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(9101521026)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026); SRVR:CY1PR0601MB1925; BCL:0; PCL:0; RULEID:; SRVR:CY1PR0601MB1925; x-forefront-prvs: 0913EA1D60 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(24454002)(377454003)(51874003)(5008740100001)(19580395003)(19580405001)(83716003)(75432002)(90282001)(19617315012)(89122001)(110136002)(2900100001)(3280700002)(16601075003)(3660700001)(2950100001)(345774005)(81166005)(2906002)(16297215004)(1096002)(189998001)(4326007)(1220700001)(6116002)(10400500002)(77096005)(15975445007)(3846002)(586003)(87936001)(106116001)(88552002)(99286002)(122556002)(5002640100001)(36756003)(33656002)(76176999)(54356999)(50986999)(86362001)(11100500001)(16236675004)(66066001)(82746002)(5004730100002)(92566002)(102836003)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR0601MB1925; H:CY1PR0601MB1927.namprd06.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; X-OriginatorOrg: wisc.edu X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Apr 2016 18:49:16.6673 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ca68321-0eda-4908-88b2-424a8cb4b0f9 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0601MB1925 References: <2967809E-18BD-4DFE-AB31-89E633A7E1EC@oracle.com> Authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=wisc.edu; Archived-At: Cc: TIER-API Subject: Re: [scim] ATTN: Your opinions please by CoB today X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Apr 2016 18:49:25 -0000 --Boundary_(ID_jmMF/eP1KbqYomPF3z1t5g) Content-type: text/plain; charset=utf-8 Content-transfer-encoding: base64 UmVzcG9uc2VzIGlubGluZQ0KLS0NCmVtYWlsICYgamFiYmVyOiBrZWl0aC5oYXplbHRvbkB3aXNj LmVkdTxtYWlsdG86a2VpdGguaGF6ZWx0b25Ad2lzYy5lZHU+DQpjYWxlbmRhcjogaHR0cDovL2dv Lndpc2MuZWR1L2k2enh4MA0KDQpGcm9tOiBQaGlsIEh1bnQgPHBoaWwuaHVudEBvcmFjbGUuY29t PG1haWx0bzpwaGlsLmh1bnRAb3JhY2xlLmNvbT4+DQpEYXRlOiBGcmlkYXksIEFwcmlsIDE1LCAy MDE2IGF0IDEzOjAwDQpUbzogS2VpdGggSGF6ZWx0b24gPGtlaXRoLmhhemVsdG9uQHdpc2MuZWR1 PG1haWx0bzprZWl0aC5oYXplbHRvbkB3aXNjLmVkdT4+DQpDYzogVElFUi1BUEkgPHRpZXItYXBp QGludGVybmV0Mi5lZHU8bWFpbHRvOnRpZXItYXBpQGludGVybmV0Mi5lZHU+PiwgU0NJTSBXRyA8 c2NpbUBpZXRmLm9yZzxtYWlsdG86c2NpbUBpZXRmLm9yZz4+DQpTdWJqZWN0OiBSZTogW3NjaW1d IEFUVE46IFlvdXIgb3BpbmlvbnMgcGxlYXNlIGJ5IENvQiB0b2RheQ0KDQpLZWl0aCwNCg0KVGhh bmtzIGZvciBzaGFyaW5nLg0KDQpTZWUgbXkgY29tbWVudCBpbiBsaW5l4oCmDQoNClBoaWwNCg0K QGluZGVwZW5kZW50aWQNCnd3dy5pbmRlcGVuZGVudGlkLmNvbTxodHRwOi8vd3d3LmluZGVwZW5k ZW50aWQuY29tPg0KcGhpbC5odW50QG9yYWNsZS5jb208bWFpbHRvOnBoaWwuaHVudEBvcmFjbGUu Y29tPg0KDQpPbiBBcHIgMTUsIDIwMTYsIGF0IDEwOjUxIEFNLCBLZWl0aCBIYXplbHRvbiA8a2Vp dGguaGF6ZWx0b25Ad2lzYy5lZHU8bWFpbHRvOmtlaXRoLmhhemVsdG9uQHdpc2MuZWR1Pj4gd3Jv dGU6DQpUSUVSLUFQSWFyaWFucyBhbmQgT3RoZXIgSW50ZXJlc3RlZCBQYXJ0aWVzLA0KDQpQbGVh c2UgcmVhZCB0aGUgZm9sbG93aW5nIGVkaXRlZCBleGNlcnB0IGZyb20gdGhlIFRJRVItQVBJIGNh bGwgZWFybGllciB0b2RheSBhbmQgc2VuZCBiYWNrIGFueSBjcml0aWNpc21zIG9yIHN1Z2dlc3Rp b25zIGJ5IENvQiBGcmlkYXkgKHRvZGF5KS4gVGhlIGxvbmcgYXJjIG9mIHRoZSAnQWx0ZXJuYXRp dmUgUHJvcG9zYWxzJyB0aHJlYWQgb24gVElFUi1BUEkgc2VlbXMgdG8gYmUgYmVuZGluZyB0b3dh cmQgY29udmVyZ2VuY2UuICBIZXJl4oCZcyB0aGUgcG9pbnQgcmVhY2hlZCBieSB0aGUgcGFydGlj aXBhbnRzIG9uIHRvZGF54oCZcyBjYWxsLiBJZiBhbnlvbmUgaGFzIGNvbmNlcm5zIG9yIHN1Z2dl c3Rpb25zLCBwbGVhc2Ugc2VuZCB0aGVtIHRvIHRoZSBsaXN0IEFTQVAuIFdl4oCZZCBsaWtlIHRv IGdldCBhIGRlZmluaXRpdmUgcG9zaXRpb24gbmFpbGVkIGRvd24gaW4gd3JpdGluZyBiZWZvcmUg dGhlIFRJRVIgUmVsZWFzZSAxIGJ1dHRvbiBpcyBwcmVzc2VkIChTYXR1cmRheSkuIFRoYW5rcyBp biBhZHZhbmNlLCAtLUtlaXRoDQoNCi0tLS0tLS0tLS0NCg0KICAqDQpUSUVSIHdpbGwgaW5pdGlh bGx5IGRlZmluZSB0d28gbmV3IHJlc291cmNlIHR5cGVzIGFuZCB0aGVpciBzY2hlbWFzOiAoRWR1 KVBlcnNvbiBhbmQgKEVkdSlNZW1iZXIuIE90aGVyIFRJRVIgcmVzb3VyY2UgdHlwZXMgbWF5IGZv bGxvdyBsYXRlcjogTWVtYmVyc2hpcCwgQXR0cmlidXRlLCBldGMpLiBUaGUgbmV3IHJlc291cmNl IHR5cGVzIHdpbGwgZm9sbG93IHRoZSB3ZWxsIGRvY3VtZW50ZWQgU0NJTSBwcm9jZWR1cmVzIGFu ZCBydWxlcyBmb3IgZGVmaW5pbmcgbmV3IHJlc291cmNlIHR5cGVzLg0KDQpXaHkgbmV3IHJlc291 cmNlIHR5cGVzPyAgV2h5IG5vdCBleHRlbmQgdGhlIFNDSU0gVXNlciByZXNvdXJjZSAoc2FtZSB3 YXkgYXMgZW50ZXJwcmlzZSB1c2VyIGRvZXMpPyAgRldJVywgbm90IGFsbCB0aGF0IGRpZmZlcmVu dCBmcm9tIExEQVAuICBPbmUgZG93bnNpZGUgdG8gaGF2aW5nIG11bHRpcGxlIHJlc291cmNlcyBm b3IgYSBVc2VyIGlzIHJlZmVyZW50aWFsIGludGVncml0eSBpc3N1ZXMuIEV4dGVuZGluZyB0aGUg YmFzZSB1c2VyIG9iamVjdCBsZXRzIHlvdSBrZWVwIGF0dHJpYnV0ZXMgdG9nZXRoZXIuICBPbmUg ZGlmZmVyZW5jZSB0aGF0IHdlIGhhdmUgZm9ybSBMREFQIGlzIHdlIG1haW50YWluIGEgc2VwYXJh dGUgSlNPTiBzdWItb2JqZWN0IGZvciB0aGUgZXh0ZW5zaW9uIHNjaGVtYSAtIHRoYXQgYXZvaWRz IG5hbWluZyBjb2xsaXNpb25zIGJldHdlZW4gZXh0ZW5zaW9ucyAoZS5nLiBzYXkgb25lIHVuaXZl cnNpdHkgY3JlYXRlcyBhbiBhdHRyaWJ1dGUgd2l0aCB0aGUgc2FtZSBuYW1lIGFzIGEgVElFUiBh dHRyaWJ1dGUpLg0KDQpQaGlsLCAgVGhhbmsgeW91IGZvciByZXNwb25kaW5nIHNvIHF1aWNrbHku DQoNCiAgKiAgIFRoZSBwcmltYXJ5IHJlYXNvbiB3ZSBjdXJyZW50bHkgcHJlZmVyIHRoZSBzZXBh cmF0ZSBSZXNvdXJjZSBUeXBlIHJvdXRlIGlzIHRoYXQgdGhlIHZlbm4gZGlhZ3JhbSBvZiB0aGUg c2NoZW1hIGZvciBFZHVQZXJzb24gYW5kIFNDSU0gVXNlcnMgd291bGQgc2hvdyBhIHJlbGF0aXZl bHkgc21hbGwgaW50ZXJzZWN0aW9uLiBUaGF0IG1ha2VzIHVzIHRoaW5rIHRoZXkgc2hvdWxkIGJl IHJlcHJlc2VudGVkIGFzIHR3byBkaWZmZXJlbnQgcmVzb3VyY2VzIHN1YmplY3QgdG8gdHdvIGxh cmdlbHkgZGlzdGluY3Qgc2V0cyBvZiBvcGVyYXRpb25zLiAgWWVzLCB0aGVyZSBpcyBhIHJlZmVy ZW50aWFsIGludGVncml0eSBhc3BlY3QgdG8gdGhlIFBlcnNvbi1Vc2VyIHJlbGF0aW9uc2hpcCwg YnV0IHRoYXQgcmVsYXRpb25zaGlwIHNlZW1zIGNvbmNlcHR1YWxseSBjbGVhbiBhbmQgbWFuYWdl YWJsZTogRWR1UGVyc29uIHJlcHJlc2VudGF0aW9ucyB3b3VsZCBjb250YWluIHBvaW50ZXJzIHRv IHRoZWlyIGNvcnJlc3BvbmRpbmcgVXNlciBvYmplY3QsIGFuZCBVc2VyIHJlcHJlc2VudGF0aW9u cyBjb3VsZCBoYXZlIGEgc2ltcGxlIEVkdSBleHRlbnNpb24gdGhhdCBjYXJyaWVkIHBvaW50ZXJz IGJhY2sgdG8gdGhlIGNvcnJlc3BvbmRpbmcgRWR1UGVyc29uIG9iamVjdC4gVGhlIGNyZWF0aW9u IGFuZCBtYWludGVuYW5jZSBvZiB0aG9zZSByZWxhdGlvbnNoaXBzIG9jY3VyIGF0IGEgcmVsYXRp dmVseSBmZXcgbG9naWNhbCBwb2ludHMgaW4gdGhlIGFyY2hpdGVjdHVyZS4NCiAgKiAgIEFzIENo cmlzIEh5emVyIHBvaW50ZWQgb3V0IGluIGEgcmVjZW50IGVtYWlsIHRvIFNDSU0sIGFub3RoZXIg cGFpbiBwb2ludCB3aXRoIHRoZSBKU09OIGNvbnRhaW5lciBhcHByb2FjaCB0byBleHRlbnNpb25z IGlzIHRoYXQgaWYgd2Ugd2FudGVkIHRvIHRpbmtlciB3aXRoIGEgY29tcGxleCBlbGVtZW50IHdp dGhpbiBhIFVzZXIgcmVzb3VyY2UsIGUuZy4gYWRkIGEgVElFUi1zcGVjaWZpYyB0eXBlIHRvIGEg cGFydGljdWxhciBVc2VyIGVtYWlsIGFkZHJlc3MsIHRoZSBleHRlbnNpb24gSlNPTiBvYmplY3Qg d291bGQgaGF2ZSB0byBoYXZlIHNvbWUga2luZCBvZiBsaW5rIHRvIGNhcnJ5IHRoZSBhc3NvY2lh dGlvbiBiZXR3ZWVuIHRoZSBleHRlbnNpb24gVHlwZSBhdHRyaWJ1dGUgYW5kIGEgcGFydGljdWxh ciBVc2VyIGVtYWlsIGF0dHJpYnV0ZSwgc28gdGhhdCByYWlzZXMgYSByZWZlcmVudGlhbCBpbnRl Z3JpdHkgaXNzdWUgYXQgdGhlIGF0dHJpYnV0ZSBsZXZlbC4NCiAgKiAgIFNDSU0gZXh0ZW5zaW9u IGJ5IEpTT04gb2JqZWN0IERPRVMgcHJldmVudCBuYW1pbmcgY29sbGlzaW9ucywgYnV0IHNvIHdv dWxkIG5hbWVzcGFjZSBhbGlhcyBwcmVmaXhlcyBvbiBleHRlbnNpb24gYXR0cmlidXRlcy4gSG93 ZXZlciwgSSBjZXJ0YWlubHkgdW5kZXJzdGFuZCB0aGUgZGlzaW5jbGluYXRpb24gdG8gcmVvcGVu IHRoZSBkaXNjdXNzaW9uIGFyb3VuZCBTQ0lNIGV4dGVuc2lvbiBtZWNoYW5pc21zLg0KDQogICAg ICAgICAgICAgICAgICAgICAgIFJlZ2FyZHMsICAgLS1LZWl0aA0KDQogICoNClRJRVIgd2lsbCBh ZG9wdCB0aGUgU0NJTS1kZWZpbmVkIFVzZXJzIGFuZCBHcm91cHMgcmVzb3VyY2VzIGFuZCwgaWYg YSBmZXcgYWRkaXRpb25hbCBUSUVSLVNwZWNpZmljIGF0dHJpYnV0ZXMgYXJlIG5lZWRlZCwgVElF UiB3aWxsIGRlZmluZSBhIHNjaGVtYSBleHRlbnNpb24gZm9sbG93aW5nIFNDSU0gcHJvY2VkdXJl cyBhbmQgcnVsZXMsIGFuZCB0aGUgVElFUi1zcGVjaWZpYyBhdHRyaWJ1dGVzIHdvdWxkIHRoZW4g c2hvdyB1cCBpbiBhIFRJRVIgc2NoZW1hIGV4dGVuc2lvbiBlbGVtZW50IGFmdGVyIGFsbCB0aGUg bm9ybWFsIFNDSU0gYXR0cmlidXRlcyB0aGF0IG1ha2UgdXAgYSBVc2VyIHJlcHJlc2VudGF0aW9u Lg0KDQoNCiAgKiAgIFNpdGVzIHRoYXQgYWRvcHQgVElFUiBtYXkgbmVlZCB0byBhZGQgc29tZSBs b2NhbCBhdHRyaWJ1dGVzIHRvIChFZHUpUGVyc29uLCB0aGUgbGlrZWxpZXN0IHBvaW50IG9mIGV4 dGVuc2lvbi4gSW4gdGhhdCBjYXNlLCB0aGV5IHNob3VsZCB1c2UgdGhlIHNhbWUgU0NJTS1kZWZp bmVkIHNjaGVtYSBleHRlbnNpb24gbW9kZWwsIGFuZCBhZGQgdGhlaXIgbG9jYWwgYXR0cmlidXRl cyBpbiBhIGxvY2FsbHktZGVmaW5lZCBzY2hlbWEgZXh0ZW5zaW9uIGF0IHRoZSBib3R0b20gb2Yg YW4gKEVkdSlQZXJzb24gcmVwcmVzZW50YXRpb24uDQoNCg0KICAqICAgT3BlbiBxdWVzdGlvbjog VXNlIHRoZSAnRWR1JyBwcmVmaXggb24gYWxsIFRJRVItZGVmaW5lZCBSZXNvdXJjZSBUeXBlcz8g IEl0IHNlZW1zIGxpa2UgYSBnb29kIGlkZWEsIGJ1dCBpdCBpcyBub3Qgc3RyaWN0bHkgbmVjZXNz YXJ5IGJlY2F1c2UgdGhlIHNjaGVtYSBVUkwgd2lsbCB1bmlxdWVseSBzcGVjaWZ5IGl0cyBvd24g bmFtaW5nIGF1dGhvcml0eS4NCg0KQWdyZWVkLiAgSG93ZXZlciwg4oCcRWR14oCdIHByZWZpeCBt YWtlcyBpdCBtb3JlIG9idmlvdXMgaW4gYWxsIHRoZSBpbnRlcmFjdGlvbnMgeW914oCZbGwgaGF2 ZSAoaWUuIHlvdSBjYW4gc2VlIGl0IGluIHRoZSBVUkwpLg0KLS0NCmVtYWlsICYgamFiYmVyOiBr ZWl0aC5oYXplbHRvbkB3aXNjLmVkdTxtYWlsdG86a2VpdGguaGF6ZWx0b25Ad2lzYy5lZHU+DQpj YWxlbmRhcjogaHR0cDovL2dvLndpc2MuZWR1L2k2enh4MA0KX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX18NCnNjaW0gbWFpbGluZyBsaXN0DQpzY2ltQGlldGYu b3JnPG1haWx0bzpzY2ltQGlldGYub3JnPg0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9s aXN0aW5mby9zY2ltDQoNCg== --Boundary_(ID_jmMF/eP1KbqYomPF3z1t5g) Content-id: <022D78C34957E24B8B2AE1305DF843CA@namprd06.prod.outlook.com> Content-type: text/html; charset=utf-8 Content-transfer-encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsgY29sb3I6IHJnYigwLCAwLCAwKTsgZm9udC1zaXplOiAx NHB4OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiPg0KPGRpdj4NCjxkaXY+UmVz cG9uc2VzIGlubGluZTwvZGl2Pg0KPGRpdj4NCjxkaXYgaWQ9Ik1BQ19PVVRMT09LX1NJR05BVFVS RSI+PHNwYW4gY2xhc3M9IkhPRW5aYiBhZEwiPjxmb250IGNvbG9yPSIjODg4ODg4Ij4NCjxkaXY+ DQo8ZGl2Pg0KPGRpdj4tLSZuYnNwOzwvZGl2Pg0KPGRpdj5lbWFpbCAmYW1wOyBqYWJiZXI6IDxh IGhyZWY9Im1haWx0bzprZWl0aC5oYXplbHRvbkB3aXNjLmVkdSIgdGFyZ2V0PSJfYmxhbmsiPjxz cGFuIGNsYXNzPSJpbCI+a2VpdGguaGF6ZWx0b25Ad2lzYy5lZHU8L3NwYW4+PC9hPjwvZGl2Pg0K PGRpdj5jYWxlbmRhcjogPGEgaHJlZj0iaHR0cDovL2dvLndpc2MuZWR1L2k2enh4MCIgdGFyZ2V0 PSJfYmxhbmsiPmh0dHA6Ly9nby53aXNjLmVkdS9pNnp4eDA8L2E+PC9kaXY+DQo8L2Rpdj4NCjwv ZGl2Pg0KPC9mb250Pjwvc3Bhbj48L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pjxicj4NCjwv ZGl2Pg0KPHNwYW4gaWQ9Ik9MS19TUkNfQk9EWV9TRUNUSU9OIj4NCjxkaXYgc3R5bGU9ImZvbnQt ZmFtaWx5OkNhbGlicmk7IGZvbnQtc2l6ZToxMnB0OyB0ZXh0LWFsaWduOmxlZnQ7IGNvbG9yOmJs YWNrOyBCT1JERVItQk9UVE9NOiBtZWRpdW0gbm9uZTsgQk9SREVSLUxFRlQ6IG1lZGl1bSBub25l OyBQQURESU5HLUJPVFRPTTogMGluOyBQQURESU5HLUxFRlQ6IDBpbjsgUEFERElORy1SSUdIVDog MGluOyBCT1JERVItVE9QOiAjYjVjNGRmIDFwdCBzb2xpZDsgQk9SREVSLVJJR0hUOiBtZWRpdW0g bm9uZTsgUEFERElORy1UT1A6IDNwdCI+DQo8c3BhbiBzdHlsZT0iZm9udC13ZWlnaHQ6Ym9sZCI+ RnJvbTogPC9zcGFuPlBoaWwgSHVudCAmbHQ7PGEgaHJlZj0ibWFpbHRvOnBoaWwuaHVudEBvcmFj bGUuY29tIj5waGlsLmh1bnRAb3JhY2xlLmNvbTwvYT4mZ3Q7PGJyPg0KPHNwYW4gc3R5bGU9ImZv bnQtd2VpZ2h0OmJvbGQiPkRhdGU6IDwvc3Bhbj5GcmlkYXksIEFwcmlsIDE1LCAyMDE2IGF0IDEz OjAwIDxicj4NCjxzcGFuIHN0eWxlPSJmb250LXdlaWdodDpib2xkIj5UbzogPC9zcGFuPktlaXRo IEhhemVsdG9uICZsdDs8YSBocmVmPSJtYWlsdG86a2VpdGguaGF6ZWx0b25Ad2lzYy5lZHUiPmtl aXRoLmhhemVsdG9uQHdpc2MuZWR1PC9hPiZndDs8YnI+DQo8c3BhbiBzdHlsZT0iZm9udC13ZWln aHQ6Ym9sZCI+Q2M6IDwvc3Bhbj5USUVSLUFQSSAmbHQ7PGEgaHJlZj0ibWFpbHRvOnRpZXItYXBp QGludGVybmV0Mi5lZHUiPnRpZXItYXBpQGludGVybmV0Mi5lZHU8L2E+Jmd0OywgU0NJTSBXRyAm bHQ7PGEgaHJlZj0ibWFpbHRvOnNjaW1AaWV0Zi5vcmciPnNjaW1AaWV0Zi5vcmc8L2E+Jmd0Ozxi cj4NCjxzcGFuIHN0eWxlPSJmb250LXdlaWdodDpib2xkIj5TdWJqZWN0OiA8L3NwYW4+UmU6IFtz Y2ltXSBBVFROOiBZb3VyIG9waW5pb25zIHBsZWFzZSBieSBDb0IgdG9kYXk8YnI+DQo8L2Rpdj4N CjxkaXY+PGJyPg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0id29yZC13cmFwOiBicmVhay13 b3JkOyAtd2Via2l0LW5ic3AtbW9kZTogc3BhY2U7IC13ZWJraXQtbGluZS1icmVhazogYWZ0ZXIt d2hpdGUtc3BhY2U7IiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+S2VpdGgsPC9kaXY+DQo8ZGl2 IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5UaGFua3MgZm9y IHNoYXJpbmcuJm5ic3A7PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2 Pg0KPGRpdiBjbGFzcz0iIj5TZWUgbXkgY29tbWVudCBpbiBsaW5l4oCmPC9kaXY+DQo8ZGl2IGNs YXNzPSIiPjxiciBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IHN0eWxlPSJjb2xvcjog cmdiKDAsIDAsIDApOyBsZXR0ZXItc3BhY2luZzogbm9ybWFsOyBvcnBoYW5zOiBhdXRvOyB0ZXh0 LWFsaWduOiBzdGFydDsgdGV4dC1pbmRlbnQ6IDBweDsgdGV4dC10cmFuc2Zvcm06IG5vbmU7IHdo aXRlLXNwYWNlOiBub3JtYWw7IHdpZG93czogYXV0bzsgd29yZC1zcGFjaW5nOiAwcHg7IC13ZWJr aXQtdGV4dC1zdHJva2Utd2lkdGg6IDBweDsgd29yZC13cmFwOiBicmVhay13b3JkOyAtd2Via2l0 LW5ic3AtbW9kZTogc3BhY2U7IC13ZWJraXQtbGluZS1icmVhazogYWZ0ZXItd2hpdGUtc3BhY2U7 IiBjbGFzcz0iIj4NCjxkaXYgc3R5bGU9ImNvbG9yOiByZ2IoMCwgMCwgMCk7IGxldHRlci1zcGFj aW5nOiBub3JtYWw7IG9ycGhhbnM6IGF1dG87IHRleHQtYWxpZ246IHN0YXJ0OyB0ZXh0LWluZGVu dDogMHB4OyB0ZXh0LXRyYW5zZm9ybTogbm9uZTsgd2hpdGUtc3BhY2U6IG5vcm1hbDsgd2lkb3dz OiBhdXRvOyB3b3JkLXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXN0cm9rZS13aWR0aDogMHB4 OyB3b3JkLXdyYXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtp dC1saW5lLWJyZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0i Ij48c3BhbiBjbGFzcz0iQXBwbGUtc3R5bGUtc3BhbiIgc3R5bGU9ImJvcmRlci1jb2xsYXBzZTog c2VwYXJhdGU7IGJvcmRlci1zcGFjaW5nOiAwcHg7Ij4NCjxkaXYgY2xhc3M9IiIgc3R5bGU9Indv cmQtd3JhcDogYnJlYWstd29yZDsgLXdlYmtpdC1uYnNwLW1vZGU6IHNwYWNlOyAtd2Via2l0LWxp bmUtYnJlYWs6IGFmdGVyLXdoaXRlLXNwYWNlOyI+DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBjbGFz cz0iIj4NCjxkaXYgY2xhc3M9IiI+UGhpbDwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9 IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+QGluZGVwZW5kZW50aWQ8L2Rpdj4NCjxkaXYgY2xh c3M9IiI+PGEgaHJlZj0iaHR0cDovL3d3dy5pbmRlcGVuZGVudGlkLmNvbSIgY2xhc3M9IiI+d3d3 LmluZGVwZW5kZW50aWQuY29tPC9hPjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9z cGFuPjxhIGhyZWY9Im1haWx0bzpwaGlsLmh1bnRAb3JhY2xlLmNvbSIgY2xhc3M9IiIgc3R5bGU9 Im9ycGhhbnM6IDI7IHdpZG93czogMjsiPnBoaWwuaHVudEBvcmFjbGUuY29tPC9hPjwvZGl2Pg0K PGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rp dj4NCjxkaXY+DQo8ZGl2IGNsYXNzPSIiPk9uIEFwciAxNSwgMjAxNiwgYXQgMTA6NTEgQU0sIEtl aXRoIEhhemVsdG9uICZsdDs8YSBocmVmPSJtYWlsdG86a2VpdGguaGF6ZWx0b25Ad2lzYy5lZHUi IGNsYXNzPSIiPmtlaXRoLmhhemVsdG9uQHdpc2MuZWR1PC9hPiZndDsgd3JvdGU6PC9kaXY+DQo8 YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IHN0 eWxlPSJ3b3JkLXdyYXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdl YmtpdC1saW5lLWJyZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsgZm9udC1zaXplOiAxNHB4OyBmb250 LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj48 c3BhbiBpZD0iZG9jcy1pbnRlcm5hbC1ndWlkLWI1YTY4N2Q4LTFhZjktYjUwNi1jMmUzLWIyZmM2 ZDZhMWZmNSIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0ibGluZS1oZWln aHQ6IDEuMzg7IG1hcmdpbi10b3A6IDBwdDsgbWFyZ2luLWJvdHRvbTogMHB0OyIgY2xhc3M9IiI+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTQuNjY2NjY2NjY2NjY2NjY2cHg7IHZlcnRpY2FsLWFs aWduOiBiYXNlbGluZTsgd2hpdGUtc3BhY2U6IHByZS13cmFwOyIgY2xhc3M9IiI+VElFUi1BUElh cmlhbnMgYW5kIE90aGVyIEludGVyZXN0ZWQgUGFydGllcyw8L3NwYW4+PC9kaXY+DQo8ZGl2IHN0 eWxlPSJsaW5lLWhlaWdodDogMS4zODsgbWFyZ2luLXRvcDogMHB0OyBtYXJnaW4tYm90dG9tOiAw cHQ7IiBjbGFzcz0iIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxNC42NjY2NjY2NjY2NjY2NjZw eDsgdmVydGljYWwtYWxpZ246IGJhc2VsaW5lOyB3aGl0ZS1zcGFjZTogcHJlLXdyYXA7IiBjbGFz cz0iIj48YnIgY2xhc3M9IiI+DQo8L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxlPSJsaW5lLWhlaWdo dDogMS4zODsgbWFyZ2luLXRvcDogMHB0OyBtYXJnaW4tYm90dG9tOiAwcHQ7IiBjbGFzcz0iIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxNC42NjY2NjY2NjY2NjY2NjZweDsgdmVydGljYWwtYWxp Z246IGJhc2VsaW5lOyB3aGl0ZS1zcGFjZTogcHJlLXdyYXA7IiBjbGFzcz0iIj5QbGVhc2UgcmVh ZCB0aGUgZm9sbG93aW5nIGVkaXRlZCBleGNlcnB0IGZyb20gdGhlIFRJRVItQVBJIGNhbGwgZWFy bGllciB0b2RheQ0KIGFuZCBzZW5kIGJhY2sgYW55IGNyaXRpY2lzbXMgb3Igc3VnZ2VzdGlvbnMg YnkgQ29CIEZyaWRheSAodG9kYXkpLiA8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTVw eDsgbGluZS1oZWlnaHQ6IDIwcHg7IHdoaXRlLXNwYWNlOiBwcmUtd3JhcDsiIGNsYXNzPSIiPlRo ZSBsb25nIGFyYyBvZiB0aGUgJ0FsdGVybmF0aXZlIFByb3Bvc2FscycgdGhyZWFkIG9uIFRJRVIt QVBJIHNlZW1zIHRvIGJlIGJlbmRpbmcgdG93YXJkIGNvbnZlcmdlbmNlLg0KICZuYnNwO0hlcmXi gJlzIHRoZSBwb2ludCByZWFjaGVkIGJ5IHRoZSBwYXJ0aWNpcGFudHMgb24gdG9kYXnigJlzIGNh bGwuIElmIGFueW9uZSBoYXMgY29uY2VybnMgb3Igc3VnZ2VzdGlvbnMsIHBsZWFzZSBzZW5kIHRo ZW0gdG8gdGhlIGxpc3QgQVNBUC4gV2XigJlkIGxpa2UgdG8gZ2V0IGEgZGVmaW5pdGl2ZSBwb3Np dGlvbiBuYWlsZWQgZG93biBpbiB3cml0aW5nIGJlZm9yZSB0aGUgVElFUiBSZWxlYXNlIDEgYnV0 dG9uIGlzIHByZXNzZWQgKFNhdHVyZGF5KS4gVGhhbmtzDQogaW4gYWR2YW5jZSwgLS1LZWl0aDwv c3Bhbj48L2Rpdj4NCjxkaXYgc3R5bGU9ImxpbmUtaGVpZ2h0OiAxLjM4OyBtYXJnaW4tdG9wOiAw cHQ7IG1hcmdpbi1ib3R0b206IDBwdDsiIGNsYXNzPSIiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 IDE0LjY2NjY2NjY2NjY2NjY2NnB4OyB2ZXJ0aWNhbC1hbGlnbjogYmFzZWxpbmU7IHdoaXRlLXNw YWNlOiBwcmUtd3JhcDsiIGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvc3Bhbj48L2Rpdj4NCjxk aXYgc3R5bGU9ImxpbmUtaGVpZ2h0OiAxLjM4OyBtYXJnaW4tdG9wOiAwcHQ7IG1hcmdpbi1ib3R0 b206IDBwdDsiIGNsYXNzPSIiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6IDE0LjY2NjY2NjY2NjY2 NjY2NnB4OyB2ZXJ0aWNhbC1hbGlnbjogYmFzZWxpbmU7IHdoaXRlLXNwYWNlOiBwcmUtd3JhcDsi IGNsYXNzPSIiPi0tLS0tLS0tLS0NCjwvc3Bhbj48L2Rpdj4NCjwvZGl2Pg0KPHVsIHN0eWxlPSJt YXJnaW4tdG9wOjBwdDttYXJnaW4tYm90dG9tOjBwdDsiIGNsYXNzPSIiPg0KPGxpIGRpcj0ibHRy IiBzdHlsZT0ibGlzdC1zdHlsZS10eXBlOiBkaXNjOyBmb250LXNpemU6IDE0LjY2NjY2NjY2NjY2 NjY2NnB4OyBmb250LWZhbWlseTogQXJpYWw7IHZlcnRpY2FsLWFsaWduOiBiYXNlbGluZTsiIGNs YXNzPSIiPg0KPGRpdiBzdHlsZT0ibGluZS1oZWlnaHQ6IDEuMzg7IG1hcmdpbi10b3A6IDBwdDsg bWFyZ2luLWJvdHRvbTogMHB0OyIgY2xhc3M9IiI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTQu NjY2NjY2NjY2NjY2NjY2cHg7IHZlcnRpY2FsLWFsaWduOiBiYXNlbGluZTsgd2hpdGUtc3BhY2U6 IHByZS13cmFwOyIgY2xhc3M9IiI+VElFUiB3aWxsIGluaXRpYWxseSBkZWZpbmUgdHdvIG5ldyBy ZXNvdXJjZSB0eXBlcyBhbmQgdGhlaXIgc2NoZW1hczogKEVkdSlQZXJzb24NCiBhbmQgKEVkdSlN ZW1iZXIuIE90aGVyIFRJRVIgcmVzb3VyY2UgdHlwZXMgbWF5IGZvbGxvdyBsYXRlcjogTWVtYmVy c2hpcCwgQXR0cmlidXRlLCBldGMpLiBUaGUgbmV3IHJlc291cmNlIHR5cGVzIHdpbGwgZm9sbG93 IHRoZSB3ZWxsIGRvY3VtZW50ZWQgU0NJTSBwcm9jZWR1cmVzIGFuZCBydWxlcyBmb3IgZGVmaW5p bmcgbmV3IHJlc291cmNlIHR5cGVzLjwvc3Bhbj48L2Rpdj4NCjwvbGk+PC91bD4NCjwvc3Bhbj48 L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8ZGl2PjxiciBjbGFzcz0iIj4N CjwvZGl2Pg0KV2h5IG5ldyByZXNvdXJjZSB0eXBlcz8gJm5ic3A7V2h5IG5vdCBleHRlbmQgdGhl IFNDSU0gVXNlciByZXNvdXJjZSAoc2FtZSB3YXkgYXMgZW50ZXJwcmlzZSB1c2VyIGRvZXMpPyAm bmJzcDtGV0lXLCBub3QgYWxsIHRoYXQgZGlmZmVyZW50IGZyb20gTERBUC4gJm5ic3A7T25lIGRv d25zaWRlIHRvIGhhdmluZyBtdWx0aXBsZSByZXNvdXJjZXMgZm9yIGEgVXNlciBpcyByZWZlcmVu dGlhbCBpbnRlZ3JpdHkgaXNzdWVzLiBFeHRlbmRpbmcgdGhlIGJhc2UgdXNlciBvYmplY3QNCiBs ZXRzIHlvdSBrZWVwIGF0dHJpYnV0ZXMgdG9nZXRoZXIuICZuYnNwO09uZSBkaWZmZXJlbmNlIHRo YXQgd2UgaGF2ZSBmb3JtIExEQVAgaXMgd2UgbWFpbnRhaW4gYSBzZXBhcmF0ZSBKU09OIHN1Yi1v YmplY3QgZm9yIHRoZSBleHRlbnNpb24gc2NoZW1hIC0gdGhhdCBhdm9pZHMgbmFtaW5nIGNvbGxp c2lvbnMgYmV0d2VlbiBleHRlbnNpb25zIChlLmcuIHNheSBvbmUgdW5pdmVyc2l0eSBjcmVhdGVz IGFuIGF0dHJpYnV0ZSB3aXRoIHRoZSBzYW1lIG5hbWUNCiBhcyBhIFRJRVIgYXR0cmlidXRlKS48 L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvc3Bhbj4NCjxkaXY+PGJyPg0KPC9kaXY+ DQo8ZGl2PjxpPlBoaWwsICZuYnNwO1RoYW5rIHlvdSBmb3IgcmVzcG9uZGluZyBzbyBxdWlja2x5 LiZuYnNwOzwvaT48L2Rpdj4NCjx1bD4NCjxsaT48aT5UaGUgcHJpbWFyeSByZWFzb24gd2UgY3Vy cmVudGx5IHByZWZlciB0aGUgc2VwYXJhdGUgUmVzb3VyY2UgVHlwZSByb3V0ZSBpcyB0aGF0IHRo ZSB2ZW5uIGRpYWdyYW0gb2YgdGhlIHNjaGVtYSBmb3IgRWR1UGVyc29uIGFuZCBTQ0lNIFVzZXJz IHdvdWxkIHNob3cgYSByZWxhdGl2ZWx5IHNtYWxsIGludGVyc2VjdGlvbi4gVGhhdCBtYWtlcyB1 cyB0aGluayB0aGV5IHNob3VsZCBiZSByZXByZXNlbnRlZCBhcyB0d28gZGlmZmVyZW50IHJlc291 cmNlcw0KIHN1YmplY3QgdG8gdHdvIGxhcmdlbHkgZGlzdGluY3Qgc2V0cyBvZiBvcGVyYXRpb25z LiAmbmJzcDtZZXMsIHRoZXJlIGlzIGEgcmVmZXJlbnRpYWwgaW50ZWdyaXR5IGFzcGVjdCB0byB0 aGUgUGVyc29uLVVzZXIgcmVsYXRpb25zaGlwLCBidXQgdGhhdCByZWxhdGlvbnNoaXAgc2VlbXMg Y29uY2VwdHVhbGx5IGNsZWFuIGFuZCBtYW5hZ2VhYmxlOiBFZHVQZXJzb24gcmVwcmVzZW50YXRp b25zIHdvdWxkIGNvbnRhaW4gcG9pbnRlcnMgdG8gdGhlaXIgY29ycmVzcG9uZGluZw0KIFVzZXIg b2JqZWN0LCBhbmQgVXNlciByZXByZXNlbnRhdGlvbnMgY291bGQgaGF2ZSBhIHNpbXBsZSBFZHUg ZXh0ZW5zaW9uIHRoYXQgY2FycmllZCBwb2ludGVycyBiYWNrIHRvIHRoZSBjb3JyZXNwb25kaW5n IEVkdVBlcnNvbiBvYmplY3QuIFRoZSBjcmVhdGlvbiBhbmQgbWFpbnRlbmFuY2Ugb2YgdGhvc2Ug cmVsYXRpb25zaGlwcyBvY2N1ciBhdCBhIHJlbGF0aXZlbHkgZmV3IGxvZ2ljYWwgcG9pbnRzIGlu IHRoZSBhcmNoaXRlY3R1cmUuPC9pPjwvbGk+PGxpPjxpPkFzIENocmlzIEh5emVyIHBvaW50ZWQg b3V0IGluIGEgcmVjZW50IGVtYWlsIHRvIFNDSU0sIGFub3RoZXIgcGFpbiBwb2ludCB3aXRoIHRo ZSBKU09OIGNvbnRhaW5lciBhcHByb2FjaCB0byBleHRlbnNpb25zIGlzIHRoYXQgaWYgd2Ugd2Fu dGVkIHRvIHRpbmtlciB3aXRoIGEgY29tcGxleCBlbGVtZW50IHdpdGhpbiBhIFVzZXIgcmVzb3Vy Y2UsIGUuZy4gYWRkIGEgVElFUi1zcGVjaWZpYyB0eXBlIHRvIGEgcGFydGljdWxhciBVc2VyIGVt YWlsDQogYWRkcmVzcywgdGhlIGV4dGVuc2lvbiBKU09OIG9iamVjdCB3b3VsZCBoYXZlIHRvIGhh dmUgc29tZSBraW5kIG9mIGxpbmsgdG8gY2FycnkgdGhlIGFzc29jaWF0aW9uIGJldHdlZW4gdGhl IGV4dGVuc2lvbiBUeXBlIGF0dHJpYnV0ZSBhbmQgYSBwYXJ0aWN1bGFyIFVzZXIgZW1haWwgYXR0 cmlidXRlLCBzbyB0aGF0IHJhaXNlcyBhIHJlZmVyZW50aWFsIGludGVncml0eSBpc3N1ZSBhdCB0 aGUgYXR0cmlidXRlIGxldmVsLjwvaT48L2xpPjxsaT48aT5TQ0lNIGV4dGVuc2lvbiBieSBKU09O IG9iamVjdCBET0VTIHByZXZlbnQgbmFtaW5nIGNvbGxpc2lvbnMsIGJ1dCBzbyB3b3VsZCBuYW1l c3BhY2UgYWxpYXMgcHJlZml4ZXMgb24gZXh0ZW5zaW9uIGF0dHJpYnV0ZXMuIEhvd2V2ZXIsIEkg Y2VydGFpbmx5IHVuZGVyc3RhbmQgdGhlIGRpc2luY2xpbmF0aW9uIHRvIHJlb3BlbiB0aGUgZGlz Y3Vzc2lvbiBhcm91bmQgU0NJTSBleHRlbnNpb24gbWVjaGFuaXNtcy48L2k+PC9saT48L3VsPg0K PGRpdj48aT4mbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwO1JlZ2FyZHMsICZuYnNwOyAtLUtlaXRo PC9pPjwvZGl2Pg0KPHNwYW4gaWQ9Ik9MS19TUkNfQk9EWV9TRUNUSU9OIj4NCjxkaXY+DQo8ZGl2 IHN0eWxlPSJ3b3JkLXdyYXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsg LXdlYmtpdC1saW5lLWJyZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KPGRpdiBj bGFzcz0iIj4NCjxkaXY+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj4NCjxkaXYg Y2xhc3M9IiI+DQo8ZGl2IHN0eWxlPSJ3b3JkLXdyYXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJz cC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJyZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsgZm9u dC1zaXplOiAxNHB4OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIi Pg0KPGRpdiBjbGFzcz0iIj48c3BhbiBpZD0iZG9jcy1pbnRlcm5hbC1ndWlkLWI1YTY4N2Q4LTFh ZjktYjUwNi1jMmUzLWIyZmM2ZDZhMWZmNSIgY2xhc3M9IiI+DQo8ZGl2PjwvZGl2Pg0KPHVsIHN0 eWxlPSJtYXJnaW4tdG9wOjBwdDttYXJnaW4tYm90dG9tOjBwdDsiIGNsYXNzPSIiPg0KPGxpIGRp cj0ibHRyIiBzdHlsZT0ibGlzdC1zdHlsZS10eXBlOiBkaXNjOyBmb250LXNpemU6IDE0LjY2NjY2 NjY2NjY2NjY2NnB4OyBmb250LWZhbWlseTogQXJpYWw7IHZlcnRpY2FsLWFsaWduOiBiYXNlbGlu ZTsiIGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0ibGluZS1oZWlnaHQ6IDEuMzg7IG1hcmdpbi10b3A6 IDBwdDsgbWFyZ2luLWJvdHRvbTogMHB0OyIgY2xhc3M9IiI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZTogMTQuNjY2NjY2NjY2NjY2NjY2cHg7IHZlcnRpY2FsLWFsaWduOiBiYXNlbGluZTsgd2hpdGUt c3BhY2U6IHByZS13cmFwOyIgY2xhc3M9IiI+VElFUiB3aWxsIGFkb3B0IHRoZSBTQ0lNLWRlZmlu ZWQgVXNlcnMgYW5kIEdyb3VwcyByZXNvdXJjZXMgYW5kLCBpZiBhIGZldw0KIGFkZGl0aW9uYWwg VElFUi1TcGVjaWZpYyBhdHRyaWJ1dGVzIGFyZSBuZWVkZWQsIFRJRVIgd2lsbCBkZWZpbmUgYSBz Y2hlbWEgZXh0ZW5zaW9uIGZvbGxvd2luZyBTQ0lNIHByb2NlZHVyZXMgYW5kIHJ1bGVzLCBhbmQg dGhlIFRJRVItc3BlY2lmaWMgYXR0cmlidXRlcyB3b3VsZCB0aGVuIHNob3cgdXAgaW4gYSBUSUVS IHNjaGVtYSBleHRlbnNpb24gZWxlbWVudCBhZnRlciBhbGwgdGhlIG5vcm1hbCBTQ0lNIGF0dHJp YnV0ZXMgdGhhdCBtYWtlIHVwDQogYSBVc2VyIHJlcHJlc2VudGF0aW9uLjwvc3Bhbj48L2Rpdj4N CjwvbGk+PC91bD4NCjxkaXYgY2xhc3M9IiI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiBBcmlh bDsgZm9udC1zaXplOiAxNXB4OyBmb250LXN0eWxlOiBub3JtYWw7IGZvbnQtd2VpZ2h0OiBub3Jt YWw7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsiIGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvc3Bh bj48L2Rpdj4NCjx1bCBzdHlsZT0ibWFyZ2luLXRvcDowcHQ7bWFyZ2luLWJvdHRvbTowcHQ7IiBj bGFzcz0iIj4NCjxsaSBkaXI9Imx0ciIgc3R5bGU9Imxpc3Qtc3R5bGUtdHlwZTogZGlzYzsgZm9u dC1zaXplOiAxNC42NjY2NjY2NjY2NjY2NjZweDsgZm9udC1mYW1pbHk6IEFyaWFsOyB2ZXJ0aWNh bC1hbGlnbjogYmFzZWxpbmU7IiBjbGFzcz0iIj4NCjxzcGFuIHN0eWxlPSJmb250LXNpemU6IDE0 LjY2NjY2NjY2NjY2NjY2NnB4OyB2ZXJ0aWNhbC1hbGlnbjogYmFzZWxpbmU7IHdoaXRlLXNwYWNl OiBwcmUtd3JhcDsiIGNsYXNzPSIiPlNpdGVzIHRoYXQgYWRvcHQgVElFUiBtYXkgbmVlZCB0byBh ZGQgc29tZSBsb2NhbCBhdHRyaWJ1dGVzIHRvIChFZHUpUGVyc29uLCB0aGUgbGlrZWxpZXN0IHBv aW50IG9mIGV4dGVuc2lvbi4gSW4gdGhhdCBjYXNlLCB0aGV5IHNob3VsZCB1c2UgdGhlIHNhbWUg U0NJTS1kZWZpbmVkDQogc2NoZW1hIGV4dGVuc2lvbiBtb2RlbCwgYW5kIGFkZCB0aGVpciBsb2Nh bCBhdHRyaWJ1dGVzIGluIGEgbG9jYWxseS1kZWZpbmVkIHNjaGVtYSBleHRlbnNpb24gYXQgdGhl IGJvdHRvbSBvZiBhbiAoRWR1KVBlcnNvbiByZXByZXNlbnRhdGlvbi48L3NwYW4+PC9saT48L3Vs Pg0KPGRpdiBjbGFzcz0iIj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6IEFyaWFsOyBmb250LXNp emU6IDE1cHg7IGZvbnQtc3R5bGU6IG5vcm1hbDsgZm9udC13ZWlnaHQ6IG5vcm1hbDsgdGV4dC1k ZWNvcmF0aW9uOiBub25lOyIgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9zcGFuPjwvZGl2Pg0K PHVsIGNsYXNzPSIiPg0KPGxpIGNsYXNzPSIiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTogQXJp YWw7IGZvbnQtc2l6ZTogMTVweDsgZm9udC1zdHlsZTogbm9ybWFsOyBmb250LXdlaWdodDogbm9y bWFsOyB0ZXh0LWRlY29yYXRpb246IG5vbmU7IiBjbGFzcz0iIj5PcGVuIHF1ZXN0aW9uOiBVc2Ug dGhlICdFZHUnIHByZWZpeCBvbiBhbGwgVElFUi1kZWZpbmVkIFJlc291cmNlIFR5cGVzPyAmbmJz cDtJdCBzZWVtcyBsaWtlIGEgZ29vZCBpZGVhLCBidXQgaXQgaXMgbm90IHN0cmljdGx5DQogbmVj ZXNzYXJ5IGJlY2F1c2UgdGhlIHNjaGVtYSBVUkwgd2lsbCB1bmlxdWVseSBzcGVjaWZ5IGl0cyBv d24gbmFtaW5nIGF1dGhvcml0eS48L3NwYW4+PC9saT48L3VsPg0KPC9zcGFuPjwvZGl2Pg0KPC9k aXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCkFncmVlZC4gJm5ic3A7SG93ZXZlciwg4oCcRWR1 4oCdIHByZWZpeCBtYWtlcyBpdCBtb3JlIG9idmlvdXMgaW4gYWxsIHRoZSBpbnRlcmFjdGlvbnMg eW914oCZbGwgaGF2ZSAoaWUuIHlvdSBjYW4gc2VlIGl0IGluIHRoZSBVUkwpLjxiciBjbGFzcz0i Ij4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj4NCjxk aXYgc3R5bGU9IndvcmQtd3JhcDogYnJlYWstd29yZDsgLXdlYmtpdC1uYnNwLW1vZGU6IHNwYWNl OyAtd2Via2l0LWxpbmUtYnJlYWs6IGFmdGVyLXdoaXRlLXNwYWNlOyBmb250LXNpemU6IDE0cHg7 IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNz PSIiPjxzcGFuIGlkPSJkb2NzLWludGVybmFsLWd1aWQtYjVhNjg3ZDgtMWFmOS1iNTA2LWMyZTMt YjJmYzZkNmExZmY1IiBjbGFzcz0iIj48L3NwYW4+PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPg0KPGRp diBpZD0iIiBjbGFzcz0iIj48c3BhbiBjbGFzcz0iYWRMIEhPRW5aYiI+PGZvbnQgY29sb3I9IiM4 ODg4ODgiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IGNs YXNzPSIiPi0tJm5ic3A7PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPmVtYWlsICZhbXA7IGphYmJlcjog PGEgaHJlZj0ibWFpbHRvOmtlaXRoLmhhemVsdG9uQHdpc2MuZWR1IiB0YXJnZXQ9Il9ibGFuayIg Y2xhc3M9IiI+DQo8c3BhbiBjbGFzcz0iaWwiPmtlaXRoLmhhemVsdG9uQHdpc2MuZWR1PC9zcGFu PjwvYT48L2Rpdj4NCjxkaXYgY2xhc3M9IiI+Y2FsZW5kYXI6IDxhIGhyZWY9Imh0dHA6Ly9nby53 aXNjLmVkdS9pNnp4eDAiIHRhcmdldD0iX2JsYW5rIiBjbGFzcz0iIj4NCmh0dHA6Ly9nby53aXNj LmVkdS9pNnp4eDA8L2E+PC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9mb250Pjwvc3Bhbj48L2Rp dj4NCjwvZGl2Pg0KPC9kaXY+DQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fXzxiciBjbGFzcz0iIj4NCnNjaW0gbWFpbGluZyBsaXN0PGJyIGNsYXNzPSIiPg0K PGEgaHJlZj0ibWFpbHRvOnNjaW1AaWV0Zi5vcmciIGNsYXNzPSIiPnNjaW1AaWV0Zi5vcmc8L2E+ PGJyIGNsYXNzPSIiPg0KPGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0 aW5mby9zY2ltIj5odHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NjaW08L2E+ PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjxiciBjbGFzcz0i Ij4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvc3Bhbj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --Boundary_(ID_jmMF/eP1KbqYomPF3z1t5g)-- From nobody Fri Apr 15 11:55:15 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7457C12D150 for ; Fri, 15 Apr 2016 11:55:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.196 X-Spam-Level: X-Spam-Status: No, score=-5.196 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vq7LOew-zoRq for ; Fri, 15 Apr 2016 11:55:11 -0700 (PDT) Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C9B812D13B for ; Fri, 15 Apr 2016 11:55:11 -0700 (PDT) Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u3FItAN5007524 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 15 Apr 2016 18:55:10 GMT Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by userv0022.oracle.com (8.14.4/8.13.8) with ESMTP id u3FItAQY022998 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 15 Apr 2016 18:55:10 GMT Received: from abhmp0015.oracle.com (abhmp0015.oracle.com [141.146.116.21]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id u3FIt9M7003247; Fri, 15 Apr 2016 18:55:09 GMT Received: from [10.0.1.3] (/24.86.216.17) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 15 Apr 2016 11:55:09 -0700 Content-Type: multipart/alternative; boundary=Apple-Mail-64BB57DA-8B9C-437D-B155-B2BA15E46E02 Mime-Version: 1.0 (1.0) From: "Phil Hunt (IDM)" X-Mailer: iPhone Mail (13E238) In-Reply-To: Date: Fri, 15 Apr 2016 11:55:06 -0700 Content-Transfer-Encoding: 7bit Message-Id: References: <2967809E-18BD-4DFE-AB31-89E633A7E1EC@oracle.com> To: Keith Hazelton X-Source-IP: userv0022.oracle.com [156.151.31.74] Archived-At: Cc: SCIM WG , TIER-API Subject: Re: [scim] ATTN: Your opinions please by CoB today X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Apr 2016 18:55:13 -0000 --Apple-Mail-64BB57DA-8B9C-437D-B155-B2BA15E46E02 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Yes. I agree, extending existing complex attributes has been an issue that h= as come up for us as well.=20 We'll have to see if this becomes a more widespread desire to address at the= standards level.=20 Phil > On Apr 15, 2016, at 11:49, Keith Hazelton wrote:= >=20 > Responses inline > --=20 > email & jabber: keith.hazelton@wisc.edu > calendar: http://go.wisc.edu/i6zxx0 >=20 > From: Phil Hunt > Date: Friday, April 15, 2016 at 13:00=20 > To: Keith Hazelton > Cc: TIER-API , SCIM WG > Subject: Re: [scim] ATTN: Your opinions please by CoB today >=20 > Keith, >=20 > Thanks for sharing.=20 >=20 > See my comment in line=E2=80=A6 >=20 > Phil >=20 > @independentid > www.independentid.com > phil.hunt@oracle.com >=20 >> On Apr 15, 2016, at 10:51 AM, Keith Hazelton wr= ote: >> TIER-APIarians and Other Interested Parties, >>=20 >>=20 >> Please read the following edited excerpt from the TIER-API call earlier t= oday >> and send back any criticisms or suggestions by CoB Friday (today). The l= ong arc of the 'Alternative Proposals' thread on TIER-API seems to be bendin= g toward convergence. >> Here=E2=80=99s the point reached by the participants on today=E2=80=99s= call. If anyone has concerns or suggestions, please send them to the list A= SAP. We=E2=80=99d like to get a definitive position nailed down in writing b= efore the TIER Release 1 button is pressed (Saturday). Thanks >> in advance, --Keith >>=20 >>=20 >> ---------- >> TIER will initially define two new resource types and their schemas: (Edu= )Person >> and (Edu)Member. Other TIER resource types may follow later: Membership,= Attribute, etc). The new resource types will follow the well documented SCI= M procedures and rules for defining new resource types. >=20 > Why new resource types? Why not extend the SCIM User resource (same way a= s enterprise user does)? FWIW, not all that different from LDAP. One downs= ide to having multiple resources for a User is referential integrity issues.= Extending the base user object lets you keep attributes together. One diff= erence that we have form LDAP is we maintain a separate JSON sub-object for t= he extension schema - that avoids naming collisions between extensions (e.g.= say one university creates an attribute with the same name as a TIER attrib= ute). >=20 > Phil, Thank you for responding so quickly.=20 > The primary reason we currently prefer the separate Resource Type route is= that the venn diagram of the schema for EduPerson and SCIM Users would show= a relatively small intersection. That makes us think they should be represe= nted as two different resources subject to two largely distinct sets of oper= ations. Yes, there is a referential integrity aspect to the Person-User rel= ationship, but that relationship seems conceptually clean and manageable: Ed= uPerson representations would contain pointers to their corresponding User o= bject, and User representations could have a simple Edu extension that carri= ed pointers back to the corresponding EduPerson object. The creation and mai= ntenance of those relationships occur at a relatively few logical points in t= he architecture. > As Chris Hyzer pointed out in a recent email to SCIM, another pain point w= ith the JSON container approach to extensions is that if we wanted to tinker= with a complex element within a User resource, e.g. add a TIER-specific typ= e to a particular User email address, the extension JSON object would have t= o have some kind of link to carry the association between the extension Type= attribute and a particular User email attribute, so that raises a referenti= al integrity issue at the attribute level. > SCIM extension by JSON object DOES prevent naming collisions, but so would= namespace alias prefixes on extension attributes. However, I certainly unde= rstand the disinclination to reopen the discussion around SCIM extension mec= hanisms. > Regards, --Keith >> TIER will adopt the SCIM-defined Users and Groups resources and, if a fe= w >> additional TIER-Specific attributes are needed, TIER will define a schem= a extension following SCIM procedures and rules, and the TIER-specific attri= butes would then show up in a TIER schema extension element after all the no= rmal SCIM attributes that make up >> a User representation. >>=20 >> Sites that adopt TIER may need to add some local attributes to (Edu)Perso= n, the likeliest point of extension. In that case, they should use the same S= CIM-defined >> schema extension model, and add their local attributes in a locally-defi= ned schema extension at the bottom of an (Edu)Person representation. >>=20 >> Open question: Use the 'Edu' prefix on all TIER-defined Resource Types? I= t seems like a good idea, but it is not strictly necessary because the schem= a URL will uniquely specify its own naming authority. > Agreed. However, =E2=80=9CEdu=E2=80=9D prefix makes it more obvious in al= l the interactions you=E2=80=99ll have (ie. you can see it in the URL). >> --=20 >> email & jabber: keith.hazelton@wisc.edu >> calendar: http://go.wisc.edu/i6zxx0 >> _______________________________________________ >> scim mailing list >> scim@ietf.org >> https://www.ietf.org/mailman/listinfo/scim >=20 > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim --Apple-Mail-64BB57DA-8B9C-437D-B155-B2BA15E46E02 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
Yes. I agree, extending existing compl= ex attributes has been an issue that has come up for us as well. 
=

We'l= l have to see if this becomes a more widespread desire to address at the sta= ndards level. 

Phil
<= br>On Apr 15, 2016, at 11:49, Keith Hazelton <keith.hazelton@wisc.edu> wrote:

Responses inline
-- 
email & jabber: keith.hazelton@wisc.edu

From: Phil Hunt <phil.hunt@oracle.com>
Date: Friday, April 15, 2016 at 13:0= 0
To: Keith Hazelton <keith.hazelton@wisc.edu>
Cc: TIER-API <tier-api@internet2.edu>, SCIM WG <scim@ietf.org>
Subject: Re: [scim] ATTN: Your opini= ons please by CoB today

Keith,

Thanks for sharing. 

See my comment in line=E2=80=A6

Phil

@independentid
www.inde= pendentid.com
phil.hunt@oracle.com

On Apr 15, 2016, at 10:51 AM, Keith Hazelton <keith.hazelton@wisc.edu> w= rote:
TIER-APIarians and Other Interested P= arties,

Please read the following edited exce= rpt from the TIER-API call earlier today and send back any criticisms or suggestions by CoB Friday (today). <= span style=3D"font-size: 15px; line-height: 20px; white-space: pre-wrap;" cl= ass=3D"">The long arc of the 'Alternative Proposals' thread on TIER-API seem= s to be bending toward convergence.  Here=E2=80=99s the point reached by the participants on today=E2=80=99= s call. If anyone has concerns or suggestions, please send them to the list A= SAP. We=E2=80=99d like to get a definitive position nailed down in writing b= efore the TIER Release 1 button is pressed (Saturday). Thanks in advance, --Keith

----------
  • TIER will initially define two new re= source types and their schemas: (Edu)Person and (Edu)Member. Other TIER resource types may follow later: Membership, At= tribute, etc). The new resource types will follow the well documented SCIM p= rocedures and rules for defining new resource types.

Why new resource types?  Why not extend the SCIM User resource (same wa= y as enterprise user does)?  FWIW, not all that different from LDAP. &n= bsp;One downside to having multiple resources for a User is referential inte= grity issues. Extending the base user object lets you keep attributes together.  One difference that we have form L= DAP is we maintain a separate JSON sub-object for the extension schema - tha= t avoids naming collisions between extensions (e.g. say one university creat= es an attribute with the same name as a TIER attribute).

Phil,  Thank you for responding so quickly. 
  • The primary reason we currently prefer the separate Resource Type rou= te is that the venn diagram of the schema for EduPerson and SCIM Users would= show a relatively small intersection. That makes us think they should be re= presented as two different resources subject to two largely distinct sets of operations.  Yes, there is a r= eferential integrity aspect to the Person-User relationship, but that relati= onship seems conceptually clean and manageable: EduPerson representations wo= uld contain pointers to their corresponding User object, and User representations could have a simple Edu extension tha= t carried pointers back to the corresponding EduPerson object. The creation a= nd maintenance of those relationships occur at a relatively few logical poin= ts in the architecture.
  • As Chris Hyzer pointed out in a recen= t email to SCIM, another pain point with the JSON container approach to exte= nsions is that if we wanted to tinker with a complex element within a User r= esource, e.g. add a TIER-specific type to a particular User email address, the extension JSON object would have to have some kind of link to c= arry the association between the extension Type attribute and a particular U= ser email attribute, so that raises a referential integrity issue at the att= ribute level.
  • SCIM extension by JSON object DOES prevent nami= ng collisions, but so would namespace alias prefixes on extension attributes= . However, I certainly understand the disinclination to reopen the discussio= n around SCIM extension mechanisms.
                   = ;    Regards,   --Keith
  • TIER will adopt the SCIM-defined User= s and Groups resources and, if a few additional TIER-Specific attributes are needed, TIER will define a schema e= xtension following SCIM procedures and rules, and the TIER-specific attribut= es would then show up in a TIER schema extension element after all the norma= l SCIM attributes that make up a User representation.

  • Sites that adopt TIER may need to add some l= ocal attributes to (Edu)Person, the likeliest point of extension. In that ca= se, they should use the same SCIM-defined schema extension model, and add their local attributes in a locally-defined= schema extension at the bottom of an (Edu)Person representation.

  • Open ques= tion: Use the 'Edu' prefix on all TIER-defined Resource Types?  It seem= s like a good idea, but it is not strictly necessary because the schema URL will uniquely specify its own naming autho= rity.
Agreed.  However, =E2=80=9CEdu=E2=80=9D prefix makes it more obvious in= all the interactions you=E2=80=99ll have (ie. you can see it in the URL).
_______________________________________________
scim mailing list
scim@ietf.org
= https://www.ietf.org/= mailman/listinfo/scim
____________________= ___________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman= /listinfo/scim
= --Apple-Mail-64BB57DA-8B9C-437D-B155-B2BA15E46E02-- From nobody Mon Apr 18 01:14:30 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4332012DAB1 for ; Fri, 15 Apr 2016 13:20:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -107.918 X-Spam-Level: X-Spam-Status: No, score=-107.918 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GSCT4ZQEVY33 for ; Fri, 15 Apr 2016 13:20:46 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDFA512D9BE for ; Fri, 15 Apr 2016 13:20:46 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id AC0E918000B; Fri, 15 Apr 2016 13:20:27 -0700 (PDT) To: phil.hunt@yahoo.com, kelly.grizzle@sailpoint.com, morteza.ansari@cisco.com, erik.wahlstrom@nexusgroup.com, cmortimore@salesforce.com, ben@nostrum.com, alissa@cooperw.in, aamelnikov@fastmail.fm, moransar@cisco.com, leifj@sunet.se X-PHP-Originating-Script: 30:errata_mail_lib.php From: RFC Errata System Message-Id: <20160415202027.AC0E918000B@rfc-editor.org> Date: Fri, 15 Apr 2016 13:20:27 -0700 (PDT) Archived-At: X-Mailman-Approved-At: Mon, 18 Apr 2016 01:14:28 -0700 Cc: scim@ietf.org, rfc-editor@rfc-editor.org, zmeeagain@gmail.com Subject: [scim] [Technical Errata Reported] RFC7644 (4670) X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Apr 2016 20:20:48 -0000 The following errata report has been submitted for RFC7644, "System for Cross-domain Identity Management: Protocol". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=7644&eid=4670 -------------------------------------- Type: Technical Reported by: Vassilis Michalitsis Section: 3.4.2.2 Original Text ------------- Filters MUST be evaluated using the following order of operations, in order of precedence: 1. Grouping operators 2. Logical operators - where "not" takes precedence over "and", which takes precedence over "or" 3. Attribute operators Corrected Text -------------- Filters MUST be evaluated using the following order of operations, in order of precedence: 1. Grouping operators 2. Attribute operators 3. Logical operators - where "not" takes precedence over "and", which takes precedence over "or" Notes ----- It seems that the precedence of logical and attribute precedence is reversed? The filter filter=title sw "M" and userType eq "Employee" is meant to be interpreted as filter=(title sw "M") and (userType eq "Employee"). This is also the "expected" behaviour consistent with most other languages - with the notable exception of unary "or" which in SCIM is disambiguated as it can only apply to a parenthesized filter expression. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. -------------------------------------- RFC7644 (draft-ietf-scim-api-19) -------------------------------------- Title : System for Cross-domain Identity Management: Protocol Publication Date : September 2015 Author(s) : P. Hunt, Ed., K. Grizzle, M. Ansari, E. Wahlstroem, C. Mortimore Category : PROPOSED STANDARD Source : System for Cross-domain Identity Management Area : Applications and Real-Time Stream : IETF Verifying Party : IESG From nobody Mon Apr 18 01:14:32 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2FD012DC8B for ; Sun, 17 Apr 2016 13:06:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.297 X-Spam-Level: X-Spam-Status: No, score=-5.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sunet.se Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DQOxqjaGx_80 for ; Sun, 17 Apr 2016 13:06:56 -0700 (PDT) Received: from e-mailfilter01.sunet.se (e-mailfilter01.sunet.se [IPv6:2001:6b0:8:2::201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4550B12DCB6 for ; Sun, 17 Apr 2016 13:06:55 -0700 (PDT) Received: from smtp1.sunet.se (smtp1.sunet.se [192.36.171.214]) by e-mailfilter01.sunet.se (8.14.4/8.14.4/Debian-4) with ESMTP id u3HK6dgg019522 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 17 Apr 2016 22:06:40 +0200 Received: from kerio.sunet.se (kerio.sunet.se [192.36.171.210]) by smtp1.sunet.se (8.14.9/8.14.7) with ESMTP id u3HK6TOh023385 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 17 Apr 2016 22:06:31 +0200 (CEST) VBR-Info: md=sunet.se; mc=all; mv=swamid.se DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sunet.se; s=default; t=1460923599; bh=PlIFZX4gYGbRYOCEvx48eB7POBds4/OcrNLoooVj3+w=; h=From:Subject:Date:References:To:In-Reply-To:Cc; b=kbMsexKJBPzglFL7ivuAQet2SyEUVyWnG2AdMye2Dy9n7rktjNrS13jYZHmgImdqQ Sn+KTh7xsjdfygoFqjsJBjRbW9VjJW3ErSufUr/3oKvkd4nT4EChGOqk7IkRg3DY8w eYKrFGjkB8fwQGoegblOlP3YyEI9U4tOoaqlQAvo= X-Footer: c3VuZXQuc2U= Received: from [62.102.145.131] ([62.102.145.131]) (authenticated user leifj@sunet.se) by kerio.sunet.se (Kerio Connect 9.0.1) with ESMTPSA; Sun, 17 Apr 2016 22:06:26 +0200 From: "Leif Johansson" Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 Mime-Version: 1.0 (1.0) Message-Id: Date: Sun, 17 Apr 2016 22:06:26 +0200 References: <20160415202027.AC0E918000B@rfc-editor.org> To: RFC Errata System In-Reply-To: <20160415202027.AC0E918000B@rfc-editor.org> X-CanIt-Geo: ip=192.36.171.210; country=SE; latitude=59.3294; longitude=18.0686; http://maps.google.com/maps?q=59.3294,18.0686&z=6 X-CanItPRO-Stream: outbound-sunet-se:outbound (inherits from outbound-sunet-se:default, sunet-se:default, base:default) X-Canit-Stats-ID: 09QHw6Eyr - 7805e216831a - 20160417 X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw Received-SPF: neutral (e-mailfilter01.sunet.se: 192.36.171.210 is neither permitted nor denied by domain leifj@sunet.se) receiver=e-mailfilter01.sunet.se; client-ip=192.36.171.210; envelope-from=; helo=smtp1.sunet.se; identity=mailfrom X-Scanned-By: CanIt (www . roaringpenguin . com) on 192.36.171.201 Archived-At: X-Mailman-Approved-At: Mon, 18 Apr 2016 01:14:28 -0700 Cc: "ben@nostrum.com" , "aamelnikov@fastmail.fm" , "morteza.ansari@cisco.com" , "phil.hunt@yahoo.com" , "alissa@cooperw.in" , "zmeeagain@gmail.com" , "scim@ietf.org" , "kelly.grizzle@sailpoint.com" , "erik.wahlstrom@nexusgroup.com" , "moransar@cisco.com" , "cmortimore@salesforce.com" Subject: Re: [scim] [Technical Errata Reported] RFC7644 (4670) X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Apr 2016 20:07:00 -0000 U29tZWJvZHkgd2FudCB0byB2ZW50dXJlIGFuIG9waW5pb24gb24gdGhpcz8NCg0KU2tpY2thdCBm csOlbiBtaW4gaVBob25lDQoNCj4gMTUgYXByLiAyMDE2IGtsLiAyMjoyMSBza3JldiBSRkMgRXJy YXRhIFN5c3RlbSA8cmZjLWVkaXRvckByZmMtZWRpdG9yLm9yZz46DQo+IA0KPiBUaGUgZm9sbG93 aW5nIGVycmF0YSByZXBvcnQgaGFzIGJlZW4gc3VibWl0dGVkIGZvciBSRkM3NjQ0LA0KPiAiU3lz dGVtIGZvciBDcm9zcy1kb21haW4gSWRlbnRpdHkgTWFuYWdlbWVudDogUHJvdG9jb2wiLg0KPiAN Cj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4gWW91IG1heSByZXZp ZXcgdGhlIHJlcG9ydCBiZWxvdyBhbmQgYXQ6DQo+IGh0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcv ZXJyYXRhX3NlYXJjaC5waHA/cmZjPTc2NDQmZWlkPTQ2NzANCj4gDQo+IC0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+IFR5cGU6IFRlY2huaWNhbA0KPiBSZXBvcnRlZCBi eTogVmFzc2lsaXMgTWljaGFsaXRzaXMgPHptZWVhZ2FpbkBnbWFpbC5jb20+DQo+IA0KPiBTZWN0 aW9uOiAzLjQuMi4yDQo+IA0KPiBPcmlnaW5hbCBUZXh0DQo+IC0tLS0tLS0tLS0tLS0NCj4gRmls dGVycyBNVVNUIGJlIGV2YWx1YXRlZCB1c2luZyB0aGUgZm9sbG93aW5nIG9yZGVyIG9mIG9wZXJh dGlvbnMsIGluDQo+ICAgb3JkZXIgb2YgcHJlY2VkZW5jZToNCj4gDQo+ICAgMS4gIEdyb3VwaW5n IG9wZXJhdG9ycw0KPiANCj4gICAyLiAgTG9naWNhbCBvcGVyYXRvcnMgLSB3aGVyZSAibm90IiB0 YWtlcyBwcmVjZWRlbmNlIG92ZXIgImFuZCIsDQo+ICAgICAgIHdoaWNoIHRha2VzIHByZWNlZGVu Y2Ugb3ZlciAib3IiDQo+IA0KPiAgIDMuICBBdHRyaWJ1dGUgb3BlcmF0b3JzDQo+IA0KPiBDb3Jy ZWN0ZWQgVGV4dA0KPiAtLS0tLS0tLS0tLS0tLQ0KPiBGaWx0ZXJzIE1VU1QgYmUgZXZhbHVhdGVk IHVzaW5nIHRoZSBmb2xsb3dpbmcgb3JkZXIgb2Ygb3BlcmF0aW9ucywgaW4NCj4gICBvcmRlciBv ZiBwcmVjZWRlbmNlOg0KPiANCj4gICAxLiAgR3JvdXBpbmcgb3BlcmF0b3JzDQo+IA0KPiAgIDIu ICBBdHRyaWJ1dGUgb3BlcmF0b3JzDQo+IA0KPiAgIDMuICBMb2dpY2FsIG9wZXJhdG9ycyAtIHdo ZXJlICJub3QiIHRha2VzIHByZWNlZGVuY2Ugb3ZlciAiYW5kIiwNCj4gICAgICAgd2hpY2ggdGFr ZXMgcHJlY2VkZW5jZSBvdmVyICJvciINCj4gDQo+IE5vdGVzDQo+IC0tLS0tDQo+IEl0IHNlZW1z IHRoYXQgdGhlIHByZWNlZGVuY2Ugb2YgbG9naWNhbCBhbmQgYXR0cmlidXRlIHByZWNlZGVuY2Ug aXMgcmV2ZXJzZWQ/IFRoZSBmaWx0ZXIgZmlsdGVyPXRpdGxlIHN3ICJNIiBhbmQgdXNlclR5cGUg ZXEgIkVtcGxveWVlIiBpcyBtZWFudCB0byBiZSBpbnRlcnByZXRlZCBhcyBmaWx0ZXI9KHRpdGxl IHN3ICJNIikgYW5kICh1c2VyVHlwZSBlcSAiRW1wbG95ZWUiKS4gDQo+IFRoaXMgaXMgYWxzbyB0 aGUgImV4cGVjdGVkIiBiZWhhdmlvdXIgY29uc2lzdGVudCB3aXRoIG1vc3Qgb3RoZXIgbGFuZ3Vh Z2VzIC0gd2l0aCB0aGUgbm90YWJsZSBleGNlcHRpb24gb2YgdW5hcnkgIm9yIiB3aGljaCBpbiBT Q0lNIGlzIGRpc2FtYmlndWF0ZWQgYXMgaXQgY2FuIG9ubHkgYXBwbHkgdG8gYSBwYXJlbnRoZXNp emVkIGZpbHRlciBleHByZXNzaW9uLg0KPiANCj4gSW5zdHJ1Y3Rpb25zOg0KPiAtLS0tLS0tLS0t LS0tDQo+IFRoaXMgZXJyYXR1bSBpcyBjdXJyZW50bHkgcG9zdGVkIGFzICJSZXBvcnRlZCIuIElm IG5lY2Vzc2FyeSwgcGxlYXNlDQo+IHVzZSAiUmVwbHkgQWxsIiB0byBkaXNjdXNzIHdoZXRoZXIg aXQgc2hvdWxkIGJlIHZlcmlmaWVkIG9yDQo+IHJlamVjdGVkLiBXaGVuIGEgZGVjaXNpb24gaXMg cmVhY2hlZCwgdGhlIHZlcmlmeWluZyBwYXJ0eSAoSUVTRykNCj4gY2FuIGxvZyBpbiB0byBjaGFu Z2UgdGhlIHN0YXR1cyBhbmQgZWRpdCB0aGUgcmVwb3J0LCBpZiBuZWNlc3NhcnkuIA0KPiANCj4g LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4gUkZDNzY0NCAoZHJhZnQt aWV0Zi1zY2ltLWFwaS0xOSkNCj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0NCj4gVGl0bGUgICAgICAgICAgICAgICA6IFN5c3RlbSBmb3IgQ3Jvc3MtZG9tYWluIElkZW50 aXR5IE1hbmFnZW1lbnQ6IFByb3RvY29sDQo+IFB1YmxpY2F0aW9uIERhdGUgICAgOiBTZXB0ZW1i ZXIgMjAxNQ0KPiBBdXRob3IocykgICAgICAgICAgIDogUC4gSHVudCwgRWQuLCBLLiBHcml6emxl LCBNLiBBbnNhcmksIEUuIFdhaGxzdHJvZW0sIEMuIE1vcnRpbW9yZQ0KPiBDYXRlZ29yeSAgICAg ICAgICAgIDogUFJPUE9TRUQgU1RBTkRBUkQNCj4gU291cmNlICAgICAgICAgICAgICA6IFN5c3Rl bSBmb3IgQ3Jvc3MtZG9tYWluIElkZW50aXR5IE1hbmFnZW1lbnQNCj4gQXJlYSAgICAgICAgICAg ICAgICA6IEFwcGxpY2F0aW9ucyBhbmQgUmVhbC1UaW1lDQo+IFN0cmVhbSAgICAgICAgICAgICAg OiBJRVRGDQo+IFZlcmlmeWluZyBQYXJ0eSAgICAgOiBJRVNHDQo+IA0K From nobody Mon Apr 18 01:14:35 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67B2F12DE24 for ; Sun, 17 Apr 2016 14:22:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.716 X-Spam-Level: X-Spam-Status: No, score=-3.716 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vDGrkwAZ0IDH for ; Sun, 17 Apr 2016 14:22:01 -0700 (PDT) Received: from nm9-vm6.bullet.mail.ne1.yahoo.com (nm9-vm6.bullet.mail.ne1.yahoo.com [98.138.91.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE5A812DE0F for ; Sun, 17 Apr 2016 14:22:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1460928120; bh=xQ0HcYHkk026yWjFYuH9JEQ5UBcWg0Csxdv3D18JvHg=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From:Subject; b=Of6dJPz1G7v7IWy0R8oqbBCgihAccIqsC2+jHwSYg0cf4wQ4i1P8+FG+SkgiK2IDif2PHVSiDOBP5HRUx/w0PaW/DCYwqbGja/2SMelYgzw7HkVltjj9cFzxF3EKdeIacOni7OMlY1Fer33mIxagzmVd/vFtK8SUDjuZ4fzuixduvPoj23uF5q7NL7TX5gr2+4jgjAIzAPQLg0VpiWkd60bizsZKPmKlZkkXIqnoCP9/mFFt63loQiRGIBek0k7W0r4chsrPeVXfad4ULifKZQ7z4+ZvatuGM9QSgPhUtxdsrjr8ArMZu/10K1CwIL2PfPOU39q7u9qW1OjgYvQd6w== Received: from [98.138.226.178] by nm9.bullet.mail.ne1.yahoo.com with NNFMP; 17 Apr 2016 21:22:00 -0000 Received: from [98.138.226.124] by tm13.bullet.mail.ne1.yahoo.com with NNFMP; 17 Apr 2016 21:22:00 -0000 Received: from [127.0.0.1] by smtp203.mail.ne1.yahoo.com with NNFMP; 17 Apr 2016 21:22:00 -0000 X-Yahoo-Newman-Id: 187606.95244.bm@smtp203.mail.ne1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: lMkcbycVM1nXljwnel19VfvLkqBLkAvQycZKkKVKrQItSJs YOj8gqOFJSXy2ySk58YqOCpW_AaxWTCMYNJGXjZvdENNq4.4IQxYg05.qZts qqA0JvlumkszCeLGanZAk7Xx3ycJYKp43AhyTJIIkjy0ySvRHVVm.c9DQy4Q mMxxx9nA81QPIi8WxhHyF5n4n9qkDqTkdximdgLwg7VpOn0U2prCx2E7CvHg pCILxByNFlH3h7C.J50FDx6cjJ1ZamwdNmx4BuUdkh8lvz2ZrSIA2UmIliBt eBgvQs6o7Jy8JlfCVWN73JRYFJFx3xrQFdvvqA9h1UO_CCLcF.m1Lk7tdsil 2v7AN3_JS7cO7zuiXACowsyiZ6QsyJKrhy_5GE.X.miRIRQet8t0IKJlPnqc RivJ4ORZNaOdQT6gvopEMnKHJylJ48YocTgYuN6Oa7XVoVJk9f8B0uFotlOD xEA3wBBtDBBVSuHmi_JH_jPiowQ1kLkQfrheiIZbeCmd4wA0OPvidIMhXxK7 JRO6dhli5AA3ildeg23To4LCVyrVCuFP09T.ORbw- X-Yahoo-SMTP: 5ZG1WouswBA_I3TiUVQ.pojpE5jY8w-- Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) From: Phil Hunt X-Mailer: iPhone Mail (13E238) In-Reply-To: Date: Sun, 17 Apr 2016 14:21:54 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <062CF7D1-86D8-402E-AF84-AF7D4A94AE77@yahoo.com> References: <20160415202027.AC0E918000B@rfc-editor.org> To: Leif Johansson Archived-At: X-Mailman-Approved-At: Mon, 18 Apr 2016 01:14:28 -0700 Cc: "ben@nostrum.com" , "aamelnikov@fastmail.fm" , "morteza.ansari@cisco.com" , "alissa@cooperw.in" , "zmeeagain@gmail.com" , "scim@ietf.org" , "kelly.grizzle@sailpoint.com" , "erik.wahlstrom@nexusgroup.com" , "moransar@cisco.com" , "cmortimore@salesforce.com" , RFC Errata System Subject: Re: [scim] [Technical Errata Reported] RFC7644 (4670) X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Apr 2016 21:22:02 -0000 Need to check the history. I recall it was changed during IESG review.=20 Phil > On Apr 17, 2016, at 13:06, Leif Johansson wrote: >=20 > Somebody want to venture an opinion on this? >=20 > Skickat fr=C3=A5n min iPhone >=20 >> 15 apr. 2016 kl. 22:21 skrev RFC Errata System : >>=20 >> The following errata report has been submitted for RFC7644, >> "System for Cross-domain Identity Management: Protocol". >>=20 >> -------------------------------------- >> You may review the report below and at: >> http://www.rfc-editor.org/errata_search.php?rfc=3D7644&eid=3D4670 >>=20 >> -------------------------------------- >> Type: Technical >> Reported by: Vassilis Michalitsis >>=20 >> Section: 3.4.2.2 >>=20 >> Original Text >> ------------- >> Filters MUST be evaluated using the following order of operations, in >> order of precedence: >>=20 >> 1. Grouping operators >>=20 >> 2. Logical operators - where "not" takes precedence over "and", >> which takes precedence over "or" >>=20 >> 3. Attribute operators >>=20 >> Corrected Text >> -------------- >> Filters MUST be evaluated using the following order of operations, in >> order of precedence: >>=20 >> 1. Grouping operators >>=20 >> 2. Attribute operators >>=20 >> 3. Logical operators - where "not" takes precedence over "and", >> which takes precedence over "or" >>=20 >> Notes >> ----- >> It seems that the precedence of logical and attribute precedence is rever= sed? The filter filter=3Dtitle sw "M" and userType eq "Employee" is meant to= be interpreted as filter=3D(title sw "M") and (userType eq "Employee").=20 >> This is also the "expected" behaviour consistent with most other language= s - with the notable exception of unary "or" which in SCIM is disambiguated a= s it can only apply to a parenthesized filter expression. >>=20 >> Instructions: >> ------------- >> This erratum is currently posted as "Reported". If necessary, please >> use "Reply All" to discuss whether it should be verified or >> rejected. When a decision is reached, the verifying party (IESG) >> can log in to change the status and edit the report, if necessary.=20 >>=20 >> -------------------------------------- >> RFC7644 (draft-ietf-scim-api-19) >> -------------------------------------- >> Title : System for Cross-domain Identity Management: Protoc= ol >> Publication Date : September 2015 >> Author(s) : P. Hunt, Ed., K. Grizzle, M. Ansari, E. Wahlstroem,= C. Mortimore >> Category : PROPOSED STANDARD >> Source : System for Cross-domain Identity Management >> Area : Applications and Real-Time >> Stream : IETF >> Verifying Party : IESG >>=20 From nobody Mon Apr 18 10:54:13 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85D0512E3F1 for ; Mon, 18 Apr 2016 10:48:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.216 X-Spam-Level: X-Spam-Status: No, score=-5.216 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YvOdgX2wcKzP for ; Mon, 18 Apr 2016 10:48:44 -0700 (PDT) Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C77012D6D7 for ; Mon, 18 Apr 2016 10:48:43 -0700 (PDT) Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u3IHmcGU011203 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 18 Apr 2016 17:48:38 GMT Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by aserv0021.oracle.com (8.13.8/8.13.8) with ESMTP id u3IHmbNB024494 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 18 Apr 2016 17:48:37 GMT Received: from abhmp0001.oracle.com (abhmp0001.oracle.com [141.146.116.7]) by aserv0122.oracle.com (8.13.8/8.13.8) with ESMTP id u3IHmWj8016627; Mon, 18 Apr 2016 17:48:34 GMT Received: from [192.168.1.22] (/174.7.250.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 18 Apr 2016 10:48:32 -0700 Content-Type: multipart/alternative; boundary="Apple-Mail=_E1D0CF06-C692-4667-AD11-1EB2E8D82A18" Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) From: Phil Hunt In-Reply-To: Date: Mon, 18 Apr 2016 10:48:29 -0700 Message-Id: <64CA26CD-F896-43A1-ABA7-9D094B9CD4BE@oracle.com> References: <20160415202027.AC0E918000B@rfc-editor.org> To: Leif Johansson X-Mailer: Apple Mail (2.3124) X-Source-IP: aserv0021.oracle.com [141.146.126.233] Archived-At: X-Mailman-Approved-At: Mon, 18 Apr 2016 10:54:11 -0700 Cc: "ben@nostrum.com" , "aamelnikov@fastmail.fm" , "morteza.ansari@cisco.com" , "alissa@cooperw.in" , "zmeeagain@gmail.com" , "scim@ietf.org" , Kelly Grizzle , "erik.wahlstrom@nexusgroup.com" , Morteza Ansari , Chuck Mortimore , RFC Errata System Subject: Re: [scim] [Technical Errata Reported] RFC7644 (4670) X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Apr 2016 17:48:46 -0000 --Apple-Mail=_E1D0CF06-C692-4667-AD11-1EB2E8D82A18 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Just confirming that the text was changed between drafts 17-19 during = the IESG review process based on feedback that we had a normative = reference to wikipedia which wasn=E2=80=99t valid. The order of the list really depends on how you interpret the overall = sentence structure. At present I do find it somewhat awkward. For example, if you are taking a parser perspective, you are breaking = down the filter based on the order specified. However, if you are = saying which rule is more important than the other, than the proposed = text is correct. Would appreciate other comments. Phil @independentid www.independentid.com = phil.hunt@oracle.com = > On Apr 17, 2016, at 1:06 PM, Leif Johansson wrote: >=20 > Somebody want to venture an opinion on this? >=20 > Skickat fr=C3=A5n min iPhone >=20 >> 15 apr. 2016 kl. 22:21 skrev RFC Errata System = : >>=20 >> The following errata report has been submitted for RFC7644, >> "System for Cross-domain Identity Management: Protocol". >>=20 >> -------------------------------------- >> You may review the report below and at: >> http://www.rfc-editor.org/errata_search.php?rfc=3D7644&eid=3D4670 >>=20 >> -------------------------------------- >> Type: Technical >> Reported by: Vassilis Michalitsis >>=20 >> Section: 3.4.2.2 >>=20 >> Original Text >> ------------- >> Filters MUST be evaluated using the following order of operations, in >> order of precedence: >>=20 >> 1. Grouping operators >>=20 >> 2. Logical operators - where "not" takes precedence over "and", >> which takes precedence over "or" >>=20 >> 3. Attribute operators >>=20 >> Corrected Text >> -------------- >> Filters MUST be evaluated using the following order of operations, in >> order of precedence: >>=20 >> 1. Grouping operators >>=20 >> 2. Attribute operators >>=20 >> 3. Logical operators - where "not" takes precedence over "and", >> which takes precedence over "or" >>=20 >> Notes >> ----- >> It seems that the precedence of logical and attribute precedence is = reversed? The filter filter=3Dtitle sw "M" and userType eq "Employee" is = meant to be interpreted as filter=3D(title sw "M") and (userType eq = "Employee").=20 >> This is also the "expected" behaviour consistent with most other = languages - with the notable exception of unary "or" which in SCIM is = disambiguated as it can only apply to a parenthesized filter expression. >>=20 >> Instructions: >> ------------- >> This erratum is currently posted as "Reported". If necessary, please >> use "Reply All" to discuss whether it should be verified or >> rejected. When a decision is reached, the verifying party (IESG) >> can log in to change the status and edit the report, if necessary.=20 >>=20 >> -------------------------------------- >> RFC7644 (draft-ietf-scim-api-19) >> -------------------------------------- >> Title : System for Cross-domain Identity Management: = Protocol >> Publication Date : September 2015 >> Author(s) : P. Hunt, Ed., K. Grizzle, M. Ansari, E. = Wahlstroem, C. Mortimore >> Category : PROPOSED STANDARD >> Source : System for Cross-domain Identity Management >> Area : Applications and Real-Time >> Stream : IETF >> Verifying Party : IESG >>=20 --Apple-Mail=_E1D0CF06-C692-4667-AD11-1EB2E8D82A18 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Just confirming that the text was changed between drafts = 17-19 during the IESG review process based on feedback that we had a = normative reference to wikipedia which wasn=E2=80=99t valid.

The order of the list = really depends on how you interpret the overall sentence structure. At = present I do find it somewhat awkward.

For example, if you are taking a parser = perspective, you are breaking down the filter based on the order = specified.  However, if you are saying which rule is more important = than the other, than the proposed text is correct.

Would appreciate other = comments.




On Apr 17, 2016, at 1:06 PM, Leif Johansson <leifj@sunet.se> = wrote:

Somebody want to venture an opinion on this?

Skickat fr=C3=A5n min iPhone

15 apr. 2016 kl. 22:21 = skrev RFC Errata System <rfc-editor@rfc-editor.org>:

The following errata report has been submitted for = RFC7644,
"System for Cross-domain Identity Management: = Protocol".

--------------------------------------
You may = review the report below and at:
http://www.rfc-editor.org/errata_search.php?rfc=3D7644&eid=3D= 4670

--------------------------------------
Type: = Technical
Reported by: Vassilis Michalitsis = <zmeeagain@gmail.com>

Section: = 3.4.2.2

Original Text
-------------
Filters MUST be evaluated using = the following order of operations, in
 order of = precedence:

 1.  Grouping = operators

 2.  Logical operators = - where "not" takes precedence over "and",
=      which takes precedence over "or"

 3.  Attribute operators

Corrected Text
--------------
Filters MUST be evaluated using the following order of = operations, in
 order of precedence:
 1.  Grouping operators

 2.  Attribute operators

 3.  Logical operators - where "not" takes = precedence over "and",
=      which takes precedence over "or"

Notes
-----
It = seems that the precedence of logical and attribute precedence is = reversed? The filter filter=3Dtitle sw "M" and userType eq "Employee" is = meant to be interpreted as filter=3D(title sw "M") and (userType eq = "Employee").
This is also the "expected" behaviour = consistent with most other languages - with the notable exception of = unary "or" which in SCIM is disambiguated as it can only apply to a = parenthesized filter expression.

Instructions:
-------------
This = erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified = or
rejected. When a decision is reached, the verifying = party (IESG)
can log in to change the status and edit the = report, if necessary.

--------------------------------------
RFC7644 = (draft-ietf-scim-api-19)
--------------------------------------
Title =             &n= bsp; : System for Cross-domain Identity Management: Protocol
Publication Date    : September 2015
Author(s) =           : P. Hunt, = Ed., K. Grizzle, M. Ansari, E. Wahlstroem, C. Mortimore
Category =            : = PROPOSED STANDARD
Source =             &n= bsp;: System for Cross-domain Identity Management
Area =             &n= bsp;  : Applications and Real-Time
Stream =             &n= bsp;: IETF
Verifying Party     : = IESG


= --Apple-Mail=_E1D0CF06-C692-4667-AD11-1EB2E8D82A18-- From nobody Thu Apr 28 09:04:20 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B36CF12D8DB for ; Thu, 28 Apr 2016 09:04:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sailpoint.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ns0ULhDdZ98h for ; Thu, 28 Apr 2016 09:04:11 -0700 (PDT) Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0106.outbound.protection.outlook.com [207.46.100.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C289812D98F for ; Thu, 28 Apr 2016 08:56:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sailpoint.onmicrosoft.com; s=selector1-sailpoint-com; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=1uz2/QerTYo9xAEhycS1sNoidenmpkToKZhhQ9YV9EQ=; b=AoEbkh9Y5J5+GDWZ2Spo5bdLwNCPjSRvzHQb+cJigQsXaiwYob+puTk4ndstvKEXJU0+cyUV8GylN5am2QmDOEenbd9eYrYpG9RKVW2PYeRYMugo45/DxOQzgJ1Ln1bjw0eGmqRbbFTub/w5pH/om5HtWaUSnVqvC0kW/y6VLO0= Received: from CY1PR04MB2363.namprd04.prod.outlook.com (10.167.10.143) by CY1PR04MB2361.namprd04.prod.outlook.com (10.167.10.141) with Microsoft SMTP Server (TLS) id 15.1.477.8; Thu, 28 Apr 2016 15:56:47 +0000 Received: from CY1PR04MB2363.namprd04.prod.outlook.com ([10.167.10.143]) by CY1PR04MB2363.namprd04.prod.outlook.com ([10.167.10.143]) with mapi id 15.01.0477.014; Thu, 28 Apr 2016 15:56:47 +0000 From: Kelly Grizzle To: "scim@ietf.org" Thread-Topic: SCIM interop at CIS Thread-Index: AdGhY9/EQBwQ3OFpSIGQ6wmYBSxJjA== Date: Thu, 28 Apr 2016 15:56:47 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-vipre-scanned: 2683C3DA00BF5A2683C527 authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=sailpoint.com; x-originating-ip: [2605:6000:0:8::f:9] x-ms-office365-filtering-correlation-id: 6b2f378f-a93c-4083-f740-08d36f7db44a x-microsoft-exchange-diagnostics: 1; CY1PR04MB2361; 5:ezIwundocPOXFRSPepDQ7PSJOUUYIGsRtFS64TmFPbjkROmJ6gZhE6aWYQGo4PlHPL8ppFS9fTez7au/QaOYAng0IFY5klaRFHcfBMbyvKjwzdMZGv/cfR02LP+fSuNT8JWe8YVw8d1dQXCCiG6YkQ==; 24:BaYDif78Wm/cpVEbNTtkFwdVgl9upqXpIY1L7R64lhQyy/lxv5dIhr1jzsENsx+AvV4e8uckTV+ZgBHEtg5w7xeTos7bQFzW+x5mJ750/Fw=; 7:yMdZdJTy5wLIuW6RMTVpNd5Aeicp3Ar9NY4+XxAN1/GS4rMZM6JIt9MwtJDyKQ04wmXQ1gBZbwktdGGHgJpjv9PWj92hE0Yf+rwDT1R1TgS6ZgwmomU7DaUyBrSC5q3trS7DlvdyWiNEPqTkUAKz06Y4/8FWRcd/JEQEcXhmbXcfU0HGRtaaJzGBZooC1cKG x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR04MB2361; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(9101521072)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046); SRVR:CY1PR04MB2361; BCL:0; PCL:0; RULEID:; SRVR:CY1PR04MB2361; x-forefront-prvs: 0926B0E013 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(229853001)(5002640100001)(87936001)(2351001)(5004730100002)(19300405004)(5180700001)(19580395003)(5002510100001)(5003600100002)(16236675004)(2906002)(2900100001)(15975445007)(77096005)(50986999)(54356999)(122556002)(19625215002)(450100001)(86362001)(19617315012)(92566002)(5008740100001)(10400500002)(33656002)(3280700002)(3480700004)(3660700001)(586003)(1096002)(1220700001)(5630700001)(189998001)(102836003)(5640700001)(6116002)(790700001)(76576001)(81166005)(2501003)(99286002)(74316001)(11100500001)(9686002)(110136002)(1730700002)(107886002)(3826002)(15940465004); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR04MB2361; H:CY1PR04MB2363.namprd04.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en; spamdiagnosticoutput: 1:23 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_CY1PR04MB236377733995A3FDB01041A7E2650CY1PR04MB2363namp_" MIME-Version: 1.0 X-OriginatorOrg: sailpoint.com X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Apr 2016 15:56:47.5153 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 9c848b2a-49ba-4c39-9749-118d06717a84 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR04MB2361 Archived-At: Subject: [scim] SCIM interop at CIS X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2016 16:04:18 -0000 --_000_CY1PR04MB236377733995A3FDB01041A7E2650CY1PR04MB2363namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Many SCIM v2 service providers and clients are planning an interop that wil= l happen over the next month and be presented at the Cloud Identity Summit.= If you are interested, here is what you need to know. 1. There is a google drive folder that contains all of docum= ents for this interop. If you need access, please request it or send me you= r email address. 2. Everyone interested: Please add your project as a participant and y= our contact information to the first two sheets here. 3. Service Providers: Have a v2 server that is publicly available by M= ay 1. Copy the "Service Provider Details Template" to a new doc in this fo= lder and fill in the details. Include the JSON of your ServicePr= oviderConfig and any other relevant information about things your server do= es/does not support. 4. Clients: Between May 1 and May 31, choose as many service providers= as you want to interop with. Communicate with the service provider direct= ly (email should be in the Contact Info on the spreadsheet) to get URLs and= credentials. Execute the test cases that apply to your pairing from the s= preadsheet. For every interop pair, copy the "Results Template" spreadshee= t here to a new spreadsheet, and fill in the results. Both parti= cipants should indicate on this spreadsheet whether the results can be made= public or not. 5. Present the results on June 6 at CIS. The goals are: a) test out as many implementations as possible to ensure in= teroperability, and b) look for any problems with the spec that may need to= be ironed out. Any questions or suggestions, please let me know! --Kelly --_000_CY1PR04MB236377733995A3FDB01041A7E2650CY1PR04MB2363namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Many SCIM v2 service providers and clients are plann= ing an interop that will happen over the next month and be presented at the= Cloud Identity Summit.  If you are interested, here is what you need = to know.

 

1.      There is a google drive folder that contains all of documents for this interop. If you need acc= ess, please request it or send me your email address.

2.      Everyone interested: Please add your project= as a participant and your contact information to the first two sheets here.

3.      Service Providers: Have a v2 server that is = publicly available by May 1.  Copy the “Service Provider Details Templat= e” to a new doc in this folder and fill in the details.  Include the JSON of your ServiceP= roviderConfig and any other relevant information about things your server d= oes/does not support.

4.      Clients: Between May 1 and May 31, choose as= many service providers as you want to interop with.  Communicate with= the service provider directly (email should be in the Contact Info on the = spreadsheet) to get URLs and credentials.  Execute the test cases that apply to your pairing from the spreadsheet.&nb= sp; For every interop pair, copy the “Results Template” spreads= heet here to a new spreadsheet, and fill in the results.  Both particip= ants should indicate on this spreadsheet whether the results can be made pu= blic or not.

5.      Present the results on June 6 at CIS.=

 

The goals are: a) test out as many implementations a= s possible to ensure interoperability, and b) look for any problems with th= e spec that may need to be ironed out.

 

Any questions or suggestions, please let me know!

 

--Kelly

--_000_CY1PR04MB236377733995A3FDB01041A7E2650CY1PR04MB2363namp_-- From nobody Fri Apr 29 07:39:32 2016 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3266512D157 for ; Fri, 29 Apr 2016 07:39:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.786 X-Spam-Level: X-Spam-Status: No, score=-2.786 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RP_MATCHES_RCVD=-0.996, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=gluu.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H4xLVK5aYsLk for ; Fri, 29 Apr 2016 07:39:28 -0700 (PDT) Received: from webmail.gluu.org (webmail.gluu.org [104.130.217.77]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A83C212D14D for ; Fri, 29 Apr 2016 07:39:27 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by webmail.gluu.org (Postfix) with ESMTP id 5770FB40D5 for ; Fri, 29 Apr 2016 14:38:06 +0000 (UTC) Authentication-Results: webmail.gluu.org (amavisd-new); dkim=pass reason="pass (just generated, assumed good)" header.d=gluu.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gluu.org; h= user-agent:message-id:references:in-reply-to:organization :subject:subject:to:from:from:date:date :content-transfer-encoding:content-type:content-type :mime-version; s=dkim; t=1461940686; x=1462804687; bh=RMuKp/FokP b+di3AzLpC05oZxPe68723g5X5I4QVdGo=; b=kndx6KViuGhHnd6qbKMgBdiWg0 hMGpuDoWmMgXZxAEGFLZJhzb9OUJZCpOpGpC96jCA1ZsMILWci7k8GV3kphBl5TI cvzIFge7IYoO9BPTLjbchaNGG07cet1E+FWvtLKdp9jGWFaeKgY350bfuL/Gr/7l p8GD5P54MznwHXuWQ= Received: from webmail.gluu.org ([127.0.0.1]) by localhost (webmail.gluu.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hdcHLqwe21Uq for ; Fri, 29 Apr 2016 14:38:06 +0000 (UTC) Received: from webmail.gluu.org (localhost [127.0.0.1]) by webmail.gluu.org (Postfix) with ESMTPSA id 1B314B40D3 for ; Fri, 29 Apr 2016 14:38:06 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Fri, 29 Apr 2016 09:38:05 -0500 From: Mike Schwartz To: scim@ietf.org Organization: Gluu In-Reply-To: References: Message-ID: X-Sender: mike@gluu.org User-Agent: Roundcube Webmail Archived-At: Subject: [scim] Gluu Server SCIM test mode X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Apr 2016 14:39:30 -0000 SCIM-heads, We added a feature to the Gluu Server to put the SCIM interfaces in "test mode", where we set a static oauth2 token. So I think we're ready to go on that front for the interop... - Mike