SCIM IETF 124

Chairs: A. Parecki, N Cam-Winget
Scribes: P. Dingle, D. Zollner

Meeting Start / Chair Comments

Reminder of new notewell
Update on current wG document statuses
Cursor-based pagination is now an RFC - RFC 9865 (yay!)
SCIM Device Model and SCIM Profile for Security Event Tokens are in
RFC Editor Queue

Roles and Entitlements (Unmesh) - 10min

https://datatracker.ietf.org/doc/draft-ietf-scim-roles-entitlements/

Originally published by Danny and adopted by WG, Okta is now
proposing changes
minimal changes - changed some attributes to optional from required
included resource schema
Asking for feedback on two new URNS (see deck)
Core SCIM Standard only allows SCIM clients to set "roles" and
"entitlements" but does not provide discovery mechanism
Slides covering new proposed schema for role and entitlement
resources
New RolesAndEntitlements attribute proposed in draft, links role +
principal(user, non-human identity, etc) + application (Check if
this is accurate - may be wrong / tied to later slides from Prithvi)
Request for feedback on new draft, open for questions
Eliot Lear asked about applicability for other resources besides
Users, such as devices
Pam Dingle asked about existing format of "roles" and "entitlements"
attributes on the core User schema in SCIM (RFC 7643) and the
complexity(?) of the complex attribute value
Danny: Agree with Pam's comment. Some of the complex objects are set
up with value, display, type, and primary -- across the various SCIM
service provider implementations that have implemented SCIM "roles"
on Users, the value sub-attribute is the only thing consistently
used. type and primary are rarely used, major clients do not
consistently interpret and many have wildly different
interpretations.
- Also - have seen a couple of drafts published for AI agents etc
  that include roles/entitlements, mentioning that they correspond
  to user roles/entitlements. Suggest concern that perhaps other
  use cases
Nancy suggest taking concerns either to a PR or the mailing list

SCIM Agents and Agentic Applications (Macy) - 15min

https://datatracker.ietf.org/doc/draft-abbey-scim-agent-extension/

Why SCIM? History is repeating itself. SCIM for users was invented
to lower the burden of implementers. Similar situation has arisen
for agents. All seem to have component of cross-domain identity
management
Goal: keep it simple, why not have a new identity for SCIM. eg:
discover agents implementing an A2A agent through scim interface
Proposing new resource + associated core schema. Agents are
workloads with unique identifiers and privileges. Should have its
own type of identity.
Feedback from the mailing list - why not propose another schema
implemented in addition to user.
- User stuff really doesn't apply to agents, eg password,
  timezone, etc
What is an agent? (Fill out notes after reviewing AI
notes/recording..)
Slides detailing schema for new resource type + reasoning
Goal: exposing discrete clients for purposes of discovery.
Open to feedback and

Elliot: like this approach, but document is loose, some of the semantic
values are a bit loose such as agent type
X.509 attributes: should be clear as to how those certificates are meant
to be used. Is the full cert needed?
Subject - could be clarified. Looks like pretty good beginning
Pieter K: great to see things like this appearing. You define an agent
as a workload with unpredictable behavior. Surprised to see much of the
nature you describe attributed to a user. Could you start with a
workload rather than starting with a user?
Danny: Worth considering whether this draft needs to only be focused on
agentic identities or zoom out to workload identities, and agents could
be a subset.
Max Gerber: echoing last 2, can see use cases for examples without an
LLM in the mix, like the proposal.

Agentic Identity Schema (Mark) - 15min

https://datatracker.ietf.org/doc/draft-wahl-scim-agent-schema/

Pam presenting on behalf of Mark Wahl. Mark / Pam interested in
collaborating with Macy
How will large enterprises manage agents
- Pre-existing relationships between identities already exist and
  are STRONG
- Portability of identity data (agents) between systems (identity
  providers, etc.)
- Ability to update/delete is important
- Need to be able to attach identity governance workflows to
  agent/non-human identities
SCIM has been used to populate(push) data (dashboards, application
identity stores), but now due to AI will be more push + pull to
constantly review and adjust data between systems
Slide detailing proposed schema for AgenticIdentity resource
- Focus on proposed oAuthClientIdentifiers attribute, showing the
  binding of the agentic identity to a domain
Slide comparing/contrasting registration standards (OAuth Dynamic
Client Registration, RFC 7591 + 7592), Client ID metadata Document
(CIMD), and SCIM
- SCIM fits well for what is needed because of support for create,
  update, delete, and read
- Support needed for migrating versions
Question from George Fletcher
- Multiple problems that need to be addressed, discovery, etc.
- Enterprises are more structured (? check recording)
- Authorization side - what is the agent authorized to do. SCIM is
  powerful here, some other standards have problems
- May be a need for instance identifiers for LLM agents
- What are we trying to accomplish with SCIM and what are we not
  trying to accomplish
- Pam response:
  - Latency issue between registration & requesting access
  - One major concern is unauthenticated smashing of
    registration endpoints
Question from Roberta Robert
- With MCP group
- Two questions
  - Issue with tooling / tooling registry
  - Extensions of ASIM(?) or SCIM(?)
  - When links are altered..
  - Multi-hop federation (agent calls tool A, which calls tool
    B, etc..) - is this covered in this
Justin Richer comment
- Draft seems to conflate agents and OAuth clients
- Pam response: This draft doesn't attempt to set schema, assumes
  it will exist elsewhere and have to be adopted/used
Peter Liu question
- How often would the record/identity be updated?
- Pam response: This defines protocol/schema, that is
  implementation specific (Pam confirm?)

Role Assignment (Prithvi) - 10min

https://datatracker.ietf.org/doc/draft-poreddy-scim-role-assignment/

Draft proposes RoleAssignment resource to represent role assignments
to resources
User roles and entitlements are global, no link between role and
resource context
Workarounds break at scale - e.g.: embedding resource info in role
name
We need a standardized way to handle this
Draft introduces new RoleAssignment resource, captures who + what
role + where
- What principal has access
- What access
- To what resource
Enables discoverable, scoped role bindings
Prior work
- Cmomplements roles/entitlements draft
- that draft defines catalog resources (/roles, /entitlements)
- RoleAssignment defines bindings (who has which role in which
  context)
- Together: Discovery -> Definition -> Assignment
This draft is complementary and is applicable and implementable in
existing enterprise systems
design choices: standalone resource rather than - extending user
roles. This means you can query/manage without touching user records
at scale.
If you need to change scope you create new objects
Status is always computed, means the same thing across all
assignments.
Next: feedback on 3 areas: subject scope role relationship, larger
deployments
Max Gerber: How can a client discover what scopes are applicable to
what roles?
Prithvi: you can query them to see what is available, that is built
into the spec, we are using what is already there.

Nancy: I think it is within the charter
Deb Cooley (AD): I think it is time for a new charter discussion. Things
we said we would do first have not happened.
Nancy: Use cases did start talking about the SaaS aspect from a user
perspective
Deb: I think you have interest, I got questions about the device draft
and there was a path to agreeing, but it is time to update the base
specs:
Nancy: the roles spec is intended to be one of those updates. We can
take to the mailing list but I'm not seeing... if you want to progress
these specs you need to update the base specs too. Let's continue on the
mailing list