A new IETF working group has been formed in the Applications Area. For additional information please contact the Area Directors or the WG Chairs. System for Cross-domain Identity Management (scim) ------------------------------------------------ Current Status: Active Working Group Chairs: Morteza Ansari <moransar@cisco.com> Leif Johansson <leifj@sunet.se> Assigned Area Director: Barry Leiba <barryleiba@computer.org> Mailing list Address: scim@ietf.org To Subscribe: https://www.ietf.org/mailman/listinfo/scim Archive: http://www.ietf.org/mail-archive/web/scim/ Charter of Working Group: The System for Cross-domain Identity Management (SCIM) working group will standardize methods for creating, reading, searching, modifying, and deleting user identities and identity-related objects across administrative domains, with the goal of simplifying common tasks related to user identity management in services and applications. "Standardize" does not necessarily mean that the working group will develop new technologies. The existing specifications for "SCIM 1.0" provide RESTful interfaces on top of HTTP rather than defining a new application protocol. That will be the basis for the new work. Today, distributed identity management across administrative domains is complicated by a lack of protocol and schema standardization between consumers and producers of identities. This has led to a number of approaches, including error-prone manual administration and bulk file uploads, as well as proprietary protocols and mediation devices that must be adapted to each service for each organization. While there is existing work in the field, it has not been widely adopted for a variety of reasons, including a lack of common artifacts such as schema, toolsets, and libraries. The SCIM working group will develop the core schema and interfaces based on HTTP and REST to address these problems. Initially, the group will focus on - a schema definition - a set of operations for creation, modification, and deletion of users - schema discovery - read and search - bulk operations - mapping between the inetOrgPerson LDAP object class (RFC 2798) and the SCIM schema It will follow that by considering extensions for client targeting of specific SCIM endpoints and SAML binding. The approach will be extensible. The group will use, as starting points, the following drafts in the following ways: draft-scim-use-cases-00 as the initial use cases for SCIM draft-scim-core-schema-00 as the schema specification draft-scim-api-00 as the protocol specification These drafts are based on existing specifications, which together are commonly known as SCIM 1.0. Because there is existing work with existing implementations, some consideration should be given to backward compatibility, though getting it right takes priority. This group will consider the operational experience gathered from the existing work, as well as experiences with work done by other bodies, including the OASIS Provisioning TC. The use cases document will be a "living document", guiding the working group during its development of the standards. The group may take snapshots of that document for Informational publication, to serve as documentation of the motivation for the work in progress and to similarly guide planning and implementation. The group will produce Proposed Standards for a schema, a REST-based protocol, and a SAML binding, as well as an Informational document defining an LDAP mapping. In doing so, the group will make the terminology consistent, identify any functional gaps that would be useful for future work, address internationalization, and provide guidelines and mechanisms for extensibility. In addition, the working group will ensure that the SCIM protocol embodies good security practices. Given both the sensitivity of the information being conveyed in SCIM messages and the regulatory requirements regarding the privacy of personally identifiable information, the working group will pay particular attention to issues around authorization, authenticity, and privacy. The group considers the following out of scope for this group: Defining new authentication schemes Defining new policy/authorization schemes Milestones: Jun 2012 - Initial adoption of SCIM use cases, as a living document Jun 2012 - Initial adoption of SCIM core schema Aug 2012 - Initial adoption of SCIM restful interface draft Nov 2012 - Initial adoption of SCIM LDAP inetOrgPerson mapping draft Dec 2012 - Snapshot version of SCIM use cases to IESG as Informational (possibly) Dec 2012 - Proposal for client targeting of SCIM endpoints Feb 2013 - SCIM core schema to IESG as Proposed Standard May 2013 - SCIM restful interface to IESG as Proposed Standard Jun 2013 - SCIM LDAP inetOrgPerson mapping to IESG as Informational Jul 2013 - Initial adoption of SCIM SAML bindings draft Aug 2013 - Client targeting of SCIM endpoints to IESG as Proposed Standard Sep 2013 - Snapshot update of SCIM use cases as Informational (possibly) Nov 2013 - SCIM SAML bindings to IESG as Proposed Standard Jan 2014 - Work completed; discuss re-charter
