Skip to main content

Minutes for SCIM at interim-2013-scim-1
minutes-interim-2013-scim-1-1

Meeting Minutes System for Cross-domain Identity Management (scim) WG
Date and time 2013-08-21 07:00
Title Minutes for SCIM at interim-2013-scim-1
State Active
Other versions plain text
Last updated 2013-08-28

minutes-interim-2013-scim-1-1
In attendance:

Alexandre Santos
Anthony Nadalin
Barry Leiba
Chris Phillips
Erik Wahlstr?m
Kelly Grizzle
Leif Johansson
Mark Diodati
Mortezza Ansari
Phil Hunt
Sal D'Agostino

Notes:


Issue #38

- Kelly sent proposal to list and has received little feedback.

- Leif suggests to publish new versions of the drafts with changes and
get a full review.  Kelly will publish new drafts.

- Erik volunteered to review.

 

Discussion of "big ticket" issues.

 

Issue #45 -- LDAP Mapping

- Question from Chris Phillips about whether a lossy mapping (wrt
complex attributes) is acceptable.  Conclusion that this would be alright.

- Leif will assign issue to Peter Gietz who volunteered at last WG
meeting.  Bjorn will collaborate.

 

Issue #4 -- SAML Binding

- Question from Chris Phillips about how the binding should work. 
Assumption is that SCIM will mainly be used as a schema for SAML
attribute assertions in JIT provisioning.

- Tony Nadalin and Mark Wahl interested but may lack cycles to work on this.

- Leif will assign issue to Tony.  Chris will collaborate.

 

Issue #8 -- Targeting and Proxying

- Phil Hunt says that interest in this is dying out and this can largely
be addressed through multi-tenancy and the enhancements around
extensibility.

- Leif will add a comment to issue with a suggestion to close issue.

- There may be interest in keeping the "accountRefs" schema, but this
could just be in custom extensions.

 

Issue #11 -- Simple language for entitlements

- Leif suggested that this could be a different attribute or perhaps a
custom attribute if more complex entitlements are needed.

- Given the number of attempts at standardizing policy this could be
hard to nail down.

- One possible option is to make this a complex attribute that uses the
"type" sub-attribute to denote the format of the entitlement.

- Mark Diodati wondered if the entitlements might be used across
multiple policy decision points.

- Morteza related entitlements to OAuth scopes, in that you have to read
documentation from the SP to understand the possible values.

- Chris Phillips will contribute information about various types of
entitlements.

- Leif will assign issue to Chris.

 

Next call will be used to quickly work through some of the "quick fix"
issues:

.       /#2/   Add pagination capability to plural Resource attributes

.       /#9/   Add ability to mark attributes as unique in the schemas

.       /#10/ Add ability to mark attributes as sensitive in the schemas

.       /#13/ ETag - required flag in ServiceProviderConfig

.       /#24/ Negation operator for filters

.       /#34/ Schema example should be marked non-normative

.       /#35/ Canonical types for Group members should not be READ-ONLY

.       /#37/ Define error response when a server is unwilling to
perform a list/query

.       /#39/ Clarification on response body for DELETE

.       /#42/ Consider making server root searches optional

.       /#46/ Clarify error responses and allow non-HTTP error codes

 

Barry suggested that these calls be used to get discussions on issues
kicked off on the mailing list, so more can participate.