Markdown Version | Session Recording

Session Date/Time: 28 Mar 2023 08:00

scim

Summary

The SCIM working group meeting covered several topics, including an update on the Pam and Paulo's work on SCIM architecture and use cases, an update on SCIM events with security and privacy considerations, cursor-based pagination, and SCIM devices. A call for adoption for the SCIM devices draft was discussed.

Key Discussion Points

• SCIM Architecture and Use Cases (Pam and Paulo):
  • Presentation focused on expanding SCIM beyond user/group management to accommodate devices and other resources.
  • Introduced concepts of resource creators, managers, and subscribers.
  • Discussed various use cases and interactions, including complex scenarios with multiple resource managers.
  • Need to map these new use cases back to existing SCIM (RFC 7643/7644) architecture.
• SCIM Events (Phil):
  • Update on the SCIM events draft, including security and privacy considerations.
  • Security and privacy considerations build upon existing RFCs (8935, 8936, 8417) and SCIM itself.
  • Discussion of different event classes: feed control, provisioning, signal, and async.
  • Highlighted the difference between short-term and long-term event recovery.
  • Issue raised regarding the lack of an event registry for security events. Three options were considered: work with a broader security community, create a SCIM-specific registry, or forgo a registry altogether.
• Cursor-Based Pagination (Dean, Danny, Angel):
  • Discussed feedback on the cursor-based pagination draft and planned changes.
  • Addressed concerns about denial-of-service vulnerabilities and resource locking.
  • Explicit guidance to be added stating that cursors are not expected to be stable.
  • Clarified that cursor-based pagination is an alternative to index-based pagination, particularly when the underlying database does not natively support index-based pagination.
  • Need for clarification on the type of state (or statelessness) that is intended for the set of results vs. the attribute values themselves.
• SCIM Devices (Elliot):
  • Update on the SCIM devices draft, which aims to automate device provisioning using SCIM.
  • Covered the basic model, including device, provisioning SCIM, enterprise network access, and the SCIM setup.
  • Defined several SCIM extensions for core device attributes, B authentication, Wi-Fi connectivity, and endpoint applications.
  • Major change of using the sci description in the draft and moving open API to an appendix.
  • Working on open source client code for device provisioning.

Decisions and Action Items

• SCIM Architecture and Use Cases (Pam and Paulo):
  • ACTION: Post the link to the github to the mailing list to solicit more feedback and discussion on the document.
• SCIM Events (Phil):
  • ACTION: Phil to discuss the event registry issue with Amanda and determine the best course of action.
• Cursor-Based Pagination (Dean, Danny, Angel):
  • ACTION: Add text to clarify that cursor-based pagination is not expected to be stateful, and that its main goal is to provide an alternative to index-based imagination, not synchronization of large datasets. Also, clarify the intended type of state and statelessness.
  • ACTION: Publish a new version of the draft with revisions.
  • ACTION: Dean, Danny, and Angel to post the revised text on a Github issue, and drop a note on the mailing list.
• SCIM Devices (Elliot):
  • DECISION: Begin the Call for Adoption for the SCIM Devices draft next week.
  • ACTION: Solicit volunteers to review the SCIM Devices draft for the Call for Adoption.

Next Steps

• The Call for Adoption will begin next week for the SCIM Devices draft.
• Updated drafts will be released for Cursor-Based Pagination.
• Pam and Paulo will update github with new architecture document and notify the mailing list.