SCIM API Extensions: Who wants to add what? Interests?

From IIW

Session Topic: SCIM extensions

Wednesday 2A

Convener: Bjorn

Notes-taker: Erik Wahlström

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

  • Small intro of SCIM (see http://www.simplecloud.info)
  • Sessions goal is to figure out what people are and have been working when it comes to SCIM extensions.
  • Note: This is extensions to SCIM, and it will not load down the general specs.
  • Use cases:
  • Credentials Mgt
  • A client can send a password. But there is no mechanism for a server to say that it does not meet any quotarea. Life time, lengths.
  • VMWare, Intel, neXus, UnboundID, Cisco, Ping.
  • Streaming bulk data
  • How to send a bunch of data objects in realtime. Do we need a new endpoint.
  • Interests from: Microsoft, Leif, Patric
  • Change Notification, PubSub
  • Publish and subscribe.
  • Interests from: Oracle, Cisco, Salesforce.
  • ForgetMe
  • Client don't want to do a normal delete, but a more formal forgetMe call.
  • Interestes from: Ping, UnboundID.
  • Verification / attestation / LoA / Source
  • How to mark attributes with metadata for where data comes from. How to tag an attribute with LoA.
  • Interests from: HP
  • Device Provisioning
  • Add new Resource types in SCIM.
  • For example a Device. iPhone, Android, VoIP and other devices that talks to the world needs an entry.
  • Needs a Device resources that's a base for all types of devices.
  • How do you assign devices to device resources.
  • Interests from: Intel, HP, Oracle, neXus, Cisco.
  • Entitlements and roles
  • Does the current element need semantics?
  • Interests from: HP
  • Obfuscation / redaction
  • Sometimes you don't send all of the information, for example tokenized credit card information. Does SCIM need to define how to limit the access to attributes in resources.
  • Clients seldom have full knowledge of the full resource.
  • Interests from: TBD
  • Service Provisioning
  • Interests from: TBD
  • SCIM as "Directory"
  • Security model and access model.
  • Interests from: TBD
  • Ownership and delegation
  • SCIM is missing information about what type of relationship a reference have.
  • Interests from: TBD


  • Schema extensions
  • Consumer with age, preferences...
  • Interests from: UnboundID
  • Access Cards
  • Interests from: neXus
  • OAuth2 Clients
  • Interests from: Oracle
  • GeoLocation, a datatype for geolocation.
  • Interests from: Ping
  • Tenancy
  • Interests from: VMWare
  • Devices (IoT)
  • Interests from: TBD
  • Ownershop/Delegation
  • Interests from: TBD
  • Finance
  • Interests from: TBD
  • Multiple personas (roles/relations)
  • Interests from: TBD
  • Privilaged
  • Interests from: TBD