SCIM API Extensions: Who wants to add what? Interests?
From IIW
Session Topic: SCIM extensions
Wednesday 2A
Convener: Bjorn
Notes-taker: Erik Wahlström
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
- Small intro of SCIM (see http://www.simplecloud.info)
- Sessions goal is to figure out what people are and have been working when it comes to SCIM extensions.
- Note: This is extensions to SCIM, and it will not load down the general specs.
- Use cases:
- Credentials Mgt
- A client can send a password. But there is no mechanism for a server to say that it does not meet any quotarea. Life time, lengths.
- VMWare, Intel, neXus, UnboundID, Cisco, Ping.
- Streaming bulk data
- How to send a bunch of data objects in realtime. Do we need a new endpoint.
- Interests from: Microsoft, Leif, Patric
- Change Notification, PubSub
- Publish and subscribe.
- Interests from: Oracle, Cisco, Salesforce.
- ForgetMe
- Client don't want to do a normal delete, but a more formal forgetMe call.
- Interestes from: Ping, UnboundID.
- Verification / attestation / LoA / Source
- How to mark attributes with metadata for where data comes from. How to tag an attribute with LoA.
- Interests from: HP
- Device Provisioning
- Add new Resource types in SCIM.
- For example a Device. iPhone, Android, VoIP and other devices that talks to the world needs an entry.
- Needs a Device resources that's a base for all types of devices.
- How do you assign devices to device resources.
- Interests from: Intel, HP, Oracle, neXus, Cisco.
- Entitlements and roles
- Does the current element need semantics?
- Interests from: HP
- Obfuscation / redaction
- Sometimes you don't send all of the information, for example tokenized credit card information. Does SCIM need to define how to limit the access to attributes in resources.
- Clients seldom have full knowledge of the full resource.
- Interests from: TBD
- Service Provisioning
- Interests from: TBD
- SCIM as "Directory"
- Security model and access model.
- Interests from: TBD
- Ownership and delegation
- SCIM is missing information about what type of relationship a reference have.
- Interests from: TBD
- Schema extensions
- Consumer with age, preferences...
- Interests from: UnboundID
- Access Cards
- Interests from: neXus
- OAuth2 Clients
- Interests from: Oracle
- GeoLocation, a datatype for geolocation.
- Interests from: Ping
- Tenancy
- Interests from: VMWare
- Devices (IoT)
- Interests from: TBD
- Ownershop/Delegation
- Interests from: TBD
- Finance
- Interests from: TBD
- Multiple personas (roles/relations)
- Interests from: TBD
- Privilaged
- Interests from: TBD