WG Review: System for Cross-domain Identity Management (SCIM)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A new IETF working group has been proposed in the Applications 
Area.  The IESG has not made any determination as yet. The following 
draft charter was submitted, and is provided for informational purposes 
only. Please send your comments to the IESG mailing list (iesg@ietf.org) 
by June 7, 2012.               
                     
System for Cross-domain Identity Management (SCIM)
----------------------------------------------
Status: Proposed Working Group

Last updated: 2012-05-29

Chair(s): TBD 

Applications Area Director(s):
  Pete Resnick <presnick@qualcomm.com> 
  Barry Leiba <barryleiba@computer.org> 

Mailing Lists:
  General Discussion: scim@ietf.org
  To Subscribe:       https://www.ietf.org/mailman/listinfo/scim
  Archive:            http://www.ietf.org/mail-archive/web/scim/
 
Description of Working Group:

The System for Cross-domain Identity Management (SCIM) working group
will standardize methods for creating, reading, searching, modifying,
and deleting user identities and identity-related objects across
administrative domains, with the goal of simplifying common tasks
related to user identity management in services and applications.

"Standardize" does not necessarily mean that the working group will
develop new technologies.  For example, the existing specifications
for "SCIM 1.0" provide RESTful interfaces on top of HTTP rather than
defining a new application protocol.

Today, distributed identity management across administrative domains
is complicated by a lack of protocol and schema standardization
between consumers and producers of identities.  This has led to a
number of approaches, including error-prone manual administration and
bulk file uploads, as well as proprietary protocols and mediation
devices that must be adapted to each service for each organization. 
While there is existing work in the field, it has not been widely
adopted for a variety of reasons, including a lack of common artifacts
such as schema, toolsets, and libraries.

The SCIM working group will develop the core schema and RESTful
interfaces to address these problems.  Initially, the group will focus
on
- a schema definition
- a set of operations for creation, modification, and deletion of users
- schema discovery
- read and search
- bulk operations
- mapping between the inetOrgPerson LDAP object class (RFC 2798) and
  the SCIM schema

It will follow that by considering extensions for client targeting of
specific SCIM endpoints and SAML binding.  The approach will be
extensible.

The group will use, as starting points, the following drafts in the
following ways:
     draft-scim-use-cases-00 as the initial use cases for SCIM
     draft-scim-core-schema-00 as the schema specification
     draft-scim-api-00 as the protocol specification

These drafts are based on existing specifications, which together are
commonly known as SCIM 1.0.  Because there is existing work with
existing implementations, some consideration should be given to
backward compatibility, though getting it right takes priority.  This
group will consider the operational experience gathered from the
existing work, as well as experiences with work done by other bodies,
including the OASIS Provisioning TC.

The use cases document will be a "living document", guiding the
working group during its development of the standards.  The group may
take snapshots of that document for Informational publication, to
serve as documentation of the motivation for the work in progress
and to similarly guide planning and implementation.

The group will produce Proposed Standards for a schema, a REST-based
protocol, and a SAML binding, as well as an Informational document
defining an LDAP mapping. In doing so, the group will make the
terminology consistent, identify any functional gaps that would be
useful for future work, address internationalization, and provide
guidelines and mechanisms for extensibility.

In addition, the working group will ensure that the SCIM protocol
embodies good security practices. Given both the sensitivity of the
information being conveyed in SCIM messages and the regulatory
requirements regarding the privacy of personally identifiable
information, the working group will pay particular attention to issues
around authorization, authenticity, and privacy.

The group considers the following out of scope for this group:
     Defining new authentication schemes
     Defining new policy/authorization schemes

Milestones

06/2012    Initial adoption of SCIM use cases, as a living document
06/2012    Initial adoption of SCIM core schema
08/2012    Initial adoption of SCIM restful interface draft
12/2012    Snapshot version of SCIM use cases to IESG as Informational (possibly)
12/2012    Proposal for client targeting of SCIM endpoints
01/2013    Initial adoption of SCIM LDAP inetOrgPerson mapping draft
02/2013    SCIM core schema to IESG as Proposed Standard
05/2013    SCIM restful interface to IESG as Proposed Standard
06/2013    SCIM LDAP inetOrgPerson mapping to IESG as Informational
07/2013    Initial adoption of SCIM SAML bindings draft
08/2013    Client targeting of SCIM endpoints to IESG as Proposed Standard
09/2013    Snapshot update of SCIM use cases as Informational (possibly)
11/2013    SCIM SAML bindings to IESG as Proposed Standard
01/2014    Work completed; discuss re-charter




[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux