Markdown Version | Session Recording

Session Date/Time: 07 Nov 2022 13:00

scim

Summary

The SCIM working group met to discuss several drafts and proposals. Key topics included device onboarding using SCIM, roles and entitlements, referential values in schemas, cursor-based pagination, and upcoming work on HR schemas and a security BCP. Discussions focused on use cases, overlapping functionalities between different drafts, and potential solutions for efficiently synchronizing data.

Key Discussion Points

• SCIM for Devices (Elliot):
  • Discussion about provisioning and bootstrapping devices (e.g., IoT devices) using SCIM.
  • Considered the suitability of SCIM versus other technologies like Netconf/RESTCONF/Yang for device description.
  • Leif raised concerns from the Adrian community regarding Wi-Fi schemas and deployability challenges.
  • Potential use cases for FIDO Device Onboarding and Matter were discussed.
• Use Cases Draft (Pam):
  • Question raised about the implementation and interpretation of external IDs and provisioning domains.
  • Pam inquired whether different external IDs are mapped to different provisioning domains in existing implementations.
• SCIM Roles and Entitlements (Danny):
  • Draft proposes new roles and entitlements endpoints for clients to discover available values.
  • Discussion on expanding roles/entitlements resources to include a members attribute.
  • Clarification needed on the usage of sub-attributes (especially "type") within roles and entitlements.
  • Consideration of prerequisites or conflicting relationships between roles/entitlements.
• Referential Value and Location (Danny):
  • Draft aims to define properties for attributes that accept values from a limited set, enabling discovery and automation.
  • Dean suggested a need for filtering capabilities on referential values (e.g., only managers with a specific role).
  • Pam raised security concerns related to callouts to foreign servers for referential values.
  • Broader discussion on the need for new schema properties, such as cardinality for multi-valued attributes.
• Cursor-Based Pagination (Danny, on behalf of Matt Peterson):
  • Status update on the cursor-based pagination draft.
  • Discussed the coexistence and overlap with the skim events draft and potential future Delta query mechanisms.
  • Highlighted the benefits of cursor-based pagination for efficient retrieval of data, especially for initial data synchronization.
  • Daryl suggested combining events with Delta query for improved reliability.
  • Discussion about the need for synchronization use cases and potential solutions using a Watermark based system.
• Upcoming Work (Danny):
  • Human Resources Schema (standardizing worker/employee representation).
  • Delta Query (efficient synchronization of changes).
  • Security Best Current Practices (guidance on secure SCIM implementations).
  • Reference Attribute URL Authorization (addressing authorization issues for reference URLs, like profile pictures).

Decisions and Action Items

• Action Item: Elliot to contact Leif to discuss experiences with Wi-Fi schema.
• Action Item: Pam to post her question regarding external IDs and provisioning domains on the mailing list.
• Action Item: Danny to work with others on the discussion of referential values offline to determine if those values are able to be filtered.
• Action Item: Danny and Matt to clarify the use cases for cursor-based pagination in the draft's introduction.
• Action Item: Authors of the cursor-based pagination draft to prepare for a call for adoption.
• Action Item: Danny to reach out for assistance on Delta query (Daryl volunteered).

Next Steps

• Continue providing feedback and comments on the drafts under discussion.
• Progress work on the upcoming drafts: Human Resources schema, Delta query, Security BCP, and Reference Attribute URL Authorization.
• A side meeting is scheduled for Wednesday at 4 PM local time (with Zoom option).