| draft-ietf-scim-core-schema-07.txt | draft-ietf-scim-core-schema-08.txt | |||
|---|---|---|---|---|
| Network Working Group K. Grizzle | Network Working Group K. Grizzle | |||
| Internet-Draft SailPoint | Internet-Draft SailPoint | |||
| Intended status: Standards Track P. Hunt, Ed. | Intended status: Standards Track P. Hunt, Ed. | |||
| Expires: February 2, 2015 Oracle | Expires: February 12, 2015 Oracle | |||
| E. Wahlstroem | E. Wahlstroem | |||
| Technology Nexus | Technology Nexus | |||
| C. Mortimore | C. Mortimore | |||
| Salesforce | Salesforce | |||
| August 1, 2014 | August 11, 2014 | |||
| System for Cross-Domain Identity Management: Core Schema | System for Cross-Domain Identity Management: Core Schema | |||
| draft-ietf-scim-core-schema-07 | draft-ietf-scim-core-schema-08 | |||
| Abstract | Abstract | |||
| The System for Cross-Domain Identity Management (SCIM) specification | The System for Cross-Domain Identity Management (SCIM) specification | |||
| is designed to make managing user identity in cloud based | is designed to make managing user identity in cloud based | |||
| applications and services easier. The specification suite builds | applications and services easier. The specification suite builds | |||
| upon experience with existing schemas and deployments, placing | upon experience with existing schemas and deployments, placing | |||
| specific emphasis on simplicity of development and integration, while | specific emphasis on simplicity of development and integration, while | |||
| applying existing authentication, authorization, and privacy models. | applying existing authentication, authorization, and privacy models. | |||
| Its intent is to reduce the cost and complexity of user management | Its intent is to reduce the cost and complexity of user management | |||
| skipping to change at page 2, line 4 | skipping to change at page 2, line 4 | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on February 2, 2015. | This Internet-Draft will expire on February 12, 2015. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2014 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 12 | skipping to change at page 3, line 12 | |||
| 11. JSON Representation . . . . . . . . . . . . . . . . . . . . . 24 | 11. JSON Representation . . . . . . . . . . . . . . . . . . . . . 24 | |||
| 11.1. Minimal User Representation . . . . . . . . . . . . . . 24 | 11.1. Minimal User Representation . . . . . . . . . . . . . . 24 | |||
| 11.2. Full User Representation . . . . . . . . . . . . . . . . 24 | 11.2. Full User Representation . . . . . . . . . . . . . . . . 24 | |||
| 11.3. Enterprise User Extension Representation . . . . . . . . 27 | 11.3. Enterprise User Extension Representation . . . . . . . . 27 | |||
| 11.4. Group Representation . . . . . . . . . . . . . . . . . . 30 | 11.4. Group Representation . . . . . . . . . . . . . . . . . . 30 | |||
| 11.5. Service Provider Configuration Representation . . . . . 31 | 11.5. Service Provider Configuration Representation . . . . . 31 | |||
| 11.6. Resource Type Representation . . . . . . . . . . . . . . 32 | 11.6. Resource Type Representation . . . . . . . . . . . . . . 32 | |||
| 11.7. Schema Representation . . . . . . . . . . . . . . . . . 33 | 11.7. Schema Representation . . . . . . . . . . . . . . . . . 33 | |||
| 12. Security Considerations . . . . . . . . . . . . . . . . . . . 55 | 12. Security Considerations . . . . . . . . . . . . . . . . . . . 55 | |||
| 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 55 | 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 55 | |||
| 13.1. URN Sub-Namespace for SCIM . . . . . . . . . . . . . . . 55 | 13.1. New Registration of SCIM URN Sub-namespace . . . . . . . 55 | |||
| 13.1.1. Specification Template . . . . . . . . . . . . . . . 55 | 13.2. URN Sub-Namespace for SCIM . . . . . . . . . . . . . . . 55 | |||
| 13.1.2. Pre-Registered SCIM Schema Identifiers . . . . . . . 58 | 13.2.1. Specification Template . . . . . . . . . . . . . . . 56 | |||
| 13.2. Registering SCIM Schemas . . . . . . . . . . . . . . . . 58 | 13.2.2. Pre-Registered SCIM Schema Identifiers . . . . . . . 58 | |||
| 13.2.1. Registration Procedure . . . . . . . . . . . . . . . 58 | 13.3. Registering SCIM Schemas . . . . . . . . . . . . . . . . 58 | |||
| 13.2.2. Schema Registration Template . . . . . . . . . . . . 59 | 13.3.1. Registration Procedure . . . . . . . . . . . . . . . 59 | |||
| 13.3. Initial SCIM Schema Registry . . . . . . . . . . . . . . 59 | 13.3.2. Schema Registration Template . . . . . . . . . . . . 59 | |||
| 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 60 | 13.4. Initial SCIM Schema Registry . . . . . . . . . . . . . . 60 | |||
| 14.1. Normative References . . . . . . . . . . . . . . . . . . 60 | 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 61 | |||
| 14.2. Informative References . . . . . . . . . . . . . . . . . 61 | 14.1. Normative References . . . . . . . . . . . . . . . . . . 61 | |||
| 14.2. Informative References . . . . . . . . . . . . . . . . . 62 | ||||
| Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 62 | Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 62 | |||
| Appendix B. Change Log . . . . . . . . . . . . . . . . . . . . . 62 | Appendix B. Change Log . . . . . . . . . . . . . . . . . . . . . 63 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 64 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 65 | |||
| 1. Introduction and Overview | 1. Introduction and Overview | |||
| While there are existing standards for describing and exchanging user | While there are existing standards for describing and exchanging user | |||
| information, many of these standards can be difficult to implement | information, many of these standards can be difficult to implement | |||
| and/or use; e.g., their wire protocols do not easily traverse | and/or use; e.g., their wire protocols do not easily traverse | |||
| firewalls and/or are not easily layered onto existing web protocols. | firewalls and/or are not easily layered onto existing web protocols. | |||
| As a result, many cloud providers implement non-standardized | As a result, many cloud providers implement non-standardized | |||
| protocols for managing users within their services. This increases | protocols for managing users within their services. This increases | |||
| both the cost and complexity associated with organizations adopting | both the cost and complexity associated with organizations adopting | |||
| skipping to change at page 4, line 37 | skipping to change at page 4, line 40 | |||
| Resource: The service provider managed artifact containing one or | Resource: The service provider managed artifact containing one or | |||
| more attributes; e.g., "User" or "Group". | more attributes; e.g., "User" or "Group". | |||
| Resource Type: A type of a resource that is managed by a service | Resource Type: A type of a resource that is managed by a service | |||
| provider. The resource type defines the resource name, endpoint | provider. The resource type defines the resource name, endpoint | |||
| URL, Schemas, and other meta-data which indicate where a resource | URL, Schemas, and other meta-data which indicate where a resource | |||
| is managed and how it is composed; e.g., "User" or "Group". | is managed and how it is composed; e.g., "User" or "Group". | |||
| Schema: A collection of Attribute Definitions that describe the | Schema: A collection of Attribute Definitions that describe the | |||
| contents of an entire or partial resource; e.g., | contents of an entire or partial resource; e.g., | |||
| "urn:scim:schemas:core:2.0:User". | "urn:ietf:params:scim:schemas:core:2.0:User". | |||
| Singular Attribute: A resource attribute that contains 0..1 values; | Singular Attribute: A resource attribute that contains 0..1 values; | |||
| e.g., "displayName". | e.g., "displayName". | |||
| Multi-valued Attribute: A resource attribute that contains 0..n | Multi-valued Attribute: A resource attribute that contains 0..n | |||
| values; e.g., "emails". | values; e.g., "emails". | |||
| Simple Attribute: A singular or multi-valued attribute whose value | Simple Attribute: A singular or multi-valued attribute whose value | |||
| is a primitive; e.g., "String". | is a primitive; e.g., "String". | |||
| skipping to change at page 10, line 45 | skipping to change at page 10, line 45 | |||
| MUST include a non-zero value array with value(s) of the URIs | MUST include a non-zero value array with value(s) of the URIs | |||
| supported by that representation. The schemas attribute for a | supported by that representation. The schemas attribute for a | |||
| resource MUST only contain values defined as "schema" and | resource MUST only contain values defined as "schema" and | |||
| "schemaExtensions" for the resource's resource type. Duplicate | "schemaExtensions" for the resource's resource type. Duplicate | |||
| values MUST NOT be included. Value order is not specified and | values MUST NOT be included. Value order is not specified and | |||
| MUST not impact behavior. REQUIRED. | MUST not impact behavior. REQUIRED. | |||
| 5. SCIM User Schema | 5. SCIM User Schema | |||
| SCIM provides a schema for representing Users, identified using the | SCIM provides a schema for representing Users, identified using the | |||
| following URI: "urn:scim:schemas:core:2.0:User". The following | following URI: "urn:ietf:params:scim:schemas:core:2.0:User". The | |||
| attributes are defined in addition to those attributes defined in | following attributes are defined in addition to those attributes | |||
| SCIM Core Schema: | defined in SCIM Core Schema: | |||
| 5.1. Singular Attributes | 5.1. Singular Attributes | |||
| userName Unique identifier for the user, typically used by the user | userName Unique identifier for the user, typically used by the user | |||
| to directly authenticate to the service provider. Often displayed | to directly authenticate to the service provider. Often displayed | |||
| to the user as their unique identifier within the system (as | to the user as their unique identifier within the system (as | |||
| opposed to id or externalId, which are generally opaque and not | opposed to id or externalId, which are generally opaque and not | |||
| user-friendly identifiers). Each User MUST include a non-empty | user-friendly identifiers). Each User MUST include a non-empty | |||
| userName value. This identifier MUST be unique across the | userName value. This identifier MUST be unique across the | |||
| client's entire set of Users. RECOMMENDED. | client's entire set of Users. RECOMMENDED. | |||
| skipping to change at page 15, line 36 | skipping to change at page 15, line 36 | |||
| x509Certificates A list of certificates issued to the User. Values | x509Certificates A list of certificates issued to the User. Values | |||
| are Binary (Section 2.1.6) and DER encoded x509. This value has | are Binary (Section 2.1.6) and DER encoded x509. This value has | |||
| NO canonical types. | NO canonical types. | |||
| 6. SCIM Enterprise User Schema Extension | 6. SCIM Enterprise User Schema Extension | |||
| The following SCIM extension defines attributes commonly used in | The following SCIM extension defines attributes commonly used in | |||
| representing users that belong to, or act on behalf of a business or | representing users that belong to, or act on behalf of a business or | |||
| enterprise. The enterprise user extension is identified using the | enterprise. The enterprise user extension is identified using the | |||
| following schema URI: | following schema URI: | |||
| "urn:scim:schemas:extension:enterprise:2.0:User". | "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User". | |||
| The following Singular Attributes are defined: | The following Singular Attributes are defined: | |||
| employeeNumber Numeric or alphanumeric identifier assigned to a | employeeNumber Numeric or alphanumeric identifier assigned to a | |||
| person, typically based on order of hire or association with an | person, typically based on order of hire or association with an | |||
| organization. | organization. | |||
| costCenter Identifies the name of a cost center. | costCenter Identifies the name of a cost center. | |||
| organization Identifies the name of an organization. | organization Identifies the name of an organization. | |||
| skipping to change at page 16, line 21 | skipping to change at page 16, line 21 | |||
| $ref The URI of the SCIM resource representing the User's | $ref The URI of the SCIM resource representing the User's | |||
| manager. RECOMMENDED. | manager. RECOMMENDED. | |||
| displayName The displayName of the user's manager. This | displayName The displayName of the user's manager. This | |||
| attribute is OPTIONAL and mutability is "readOnly". | attribute is OPTIONAL and mutability is "readOnly". | |||
| 7. SCIM Group Schema | 7. SCIM Group Schema | |||
| SCIM provides a schema for representing groups, identified using the | SCIM provides a schema for representing groups, identified using the | |||
| following schema URI: "urn:scim:schemas:core:2.0:Group". | following schema URI: "urn:ietf:params:scim:schemas:core:2.0:Group". | |||
| Group resources are meant to enable expression of common group or | Group resources are meant to enable expression of common group or | |||
| role based access control models, although no explicit authorization | role based access control models, although no explicit authorization | |||
| model is defined. It is intended that the semantics of group | model is defined. It is intended that the semantics of group | |||
| membership and any behavior or authorization granted as a result of | membership and any behavior or authorization granted as a result of | |||
| membership are defined by the service provider are considered out of | membership are defined by the service provider are considered out of | |||
| scope for this specification. | scope for this specification. | |||
| The following singular attribute is defined in addition to the common | The following singular attribute is defined in addition to the common | |||
| attributes defined in SCIM core schema: | attributes defined in SCIM core schema: | |||
| skipping to change at page 16, line 52 | skipping to change at page 16, line 52 | |||
| a "Group". The intention of the "Group" type is to allow the | a "Group". The intention of the "Group" type is to allow the | |||
| service provider to support nested groups. Service providers MAY | service provider to support nested groups. Service providers MAY | |||
| require clients to provide a non-empty members value based on the | require clients to provide a non-empty members value based on the | |||
| "required" sub attribute of the "members" attribute in the "Group" | "required" sub attribute of the "members" attribute in the "Group" | |||
| resource schema. | resource schema. | |||
| 8. Service Provider Configuration Schema | 8. Service Provider Configuration Schema | |||
| SCIM provides a schema for representing the service provider's | SCIM provides a schema for representing the service provider's | |||
| configuration identified using the following schema URI: | configuration identified using the following schema URI: | |||
| "urn:scim:schemas:core:2.0:ServiceProviderConfig" | "urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig" | |||
| The service provider configuration resource enables a service | The service provider configuration resource enables a service | |||
| provider to discovery of SCIM specification features in a | provider to discovery of SCIM specification features in a | |||
| standardized form as well as provide additional implementation | standardized form as well as provide additional implementation | |||
| details to clients. All attributes are READ-ONLY (a mutability of | details to clients. All attributes are READ-ONLY (a mutability of | |||
| "readOnly" ). Unlike other core resources, the "id" attribute is not | "readOnly" ). Unlike other core resources, the "id" attribute is not | |||
| required for the service provider configuration resource. | required for the service provider configuration resource. | |||
| The following Singular Attributes are defined in addition to the | The following Singular Attributes are defined in addition to the | |||
| common attributes defined in Core Schema: | common attributes defined in Core Schema: | |||
| skipping to change at page 18, line 42 | skipping to change at page 18, line 42 | |||
| specUrl A HTTP addressable URL pointing to the Authentication | specUrl A HTTP addressable URL pointing to the Authentication | |||
| Scheme's specification. OPTIONAL. | Scheme's specification. OPTIONAL. | |||
| documentationUrl A HTTP addressable URL pointing to the | documentationUrl A HTTP addressable URL pointing to the | |||
| Authentication Scheme's usage documentation. OPTIONAL. | Authentication Scheme's usage documentation. OPTIONAL. | |||
| 9. ResourceType Schema | 9. ResourceType Schema | |||
| The "ResourceType" schema specifies the meta-data about a resource | The "ResourceType" schema specifies the meta-data about a resource | |||
| type. Resource type resources are READ-ONLY and identified using the | type. Resource type resources are READ-ONLY and identified using the | |||
| following schema URI: "urn:scim:schemas:core:2.0:ResourceType". | following schema URI: | |||
| Unlike other core resources, all attributes are REQUIRED unless | "urn:ietf:params:scim:schemas:core:2.0:ResourceType". Unlike other | |||
| otherwise specified. The "id" attribute is not required for the | core resources, all attributes are REQUIRED unless otherwise | |||
| resource type resource. | specified. The "id" attribute is not required for the resource type | |||
| resource. | ||||
| The following Singular Attributes are defined: | The following Singular Attributes are defined: | |||
| id The resource type's server unique id. Often this is the same | id The resource type's server unique id. Often this is the same | |||
| value as the "name" attribute. OPTIONAL | value as the "name" attribute. OPTIONAL | |||
| name The resource type name. When applicable service providers MUST | name The resource type name. When applicable service providers MUST | |||
| specify the name specified in the core schema specification; e.g., | specify the name specified in the core schema specification; e.g., | |||
| "User" or "Group". This name is referenced by the | "User" or "Group". This name is referenced by the | |||
| "meta.resourceType" attribute in all resources. | "meta.resourceType" attribute in all resources. | |||
| description The resource type's human readable description. When | description The resource type's human readable description. When | |||
| applicable service providers MUST specify the description | applicable service providers MUST specify the description | |||
| specified in the core schema specification. | specified in the core schema specification. | |||
| endpoint The resource type's HTTP addressable endpoint relative to | endpoint The resource type's HTTP addressable endpoint relative to | |||
| the Base URL; e.g., "/Users". | the Base URL; e.g., "/Users". | |||
| schema The resource type's primary schema URI; e.g., | schema The resource type's primary schema URI; e.g., | |||
| "urn:scim:schemas:core:2.0:User". This MUST be equal to the "id" | "urn:ietf:params:scim:schemas:core:2.0:User". This MUST be equal | |||
| attribute of the associated "Schema" resource. | to the "id" attribute of the associated "Schema" resource. | |||
| schemaExtensions A list of URIs of the resource type's schema | schemaExtensions A list of URIs of the resource type's schema | |||
| extensions. OPTIONAL. | extensions. OPTIONAL. | |||
| schema The URI of an extended schema; e.g., "urn:edu:2.0:Staff". | schema The URI of an extended schema; e.g., "urn:edu:2.0:Staff". | |||
| This MUST be equal to the "id" attribute of a "Schema" | This MUST be equal to the "id" attribute of a "Schema" | |||
| resource. REQUIRED. | resource. REQUIRED. | |||
| required A Boolean value that specifies whether the schema | required A Boolean value that specifies whether the schema | |||
| extension is required for the resource type. If true, a | extension is required for the resource type. If true, a | |||
| resource of this type MUST include this schema extension and | resource of this type MUST include this schema extension and | |||
| include any attributes declared as required in this schema | include any attributes declared as required in this schema | |||
| extension. If false, a resource of this type MAY omit this | extension. If false, a resource of this type MAY omit this | |||
| schema extension. REQUIRED. | schema extension. REQUIRED. | |||
| 10. Schema Schema | 10. Schema Schema | |||
| The "Schema" schema specifies the attribute(s) and meta-data that | The "Schema" schema specifies the attribute(s) and meta-data that | |||
| constitute a "Schema" resource. Schema resources have mutability of | constitute a "Schema" resource. Schema resources have mutability of | |||
| "readOnly" and identified using the following URI: | "readOnly" and identified using the following URI: | |||
| "urn:scim:schemas:core:2.0:Schema". Unlike other core resources the | "urn:ietf:params:scim:schemas:core:2.0:Schema". Unlike other core | |||
| "Schema" resource MAY contain a complex object within a sub-attribute | resources the "Schema" resource MAY contain a complex object within a | |||
| and all attributes are REQUIRED unless otherwise specified. | sub-attribute and all attributes are REQUIRED unless otherwise | |||
| specified. | ||||
| The following Singular Attributes are defined: | The following Singular Attributes are defined: | |||
| id The unique URI of the schema. When applicable service providers | id The unique URI of the schema. When applicable service providers | |||
| MUST specify the URI specified in the core schema specification; | MUST specify the URI specified in the core schema specification; | |||
| e.g., "urn:scim:schemas:core:2.0:User". Unlike most other | e.g., "urn:ietf:params:scim:schemas:core:2.0:User". Unlike most | |||
| schemas, which use some sort of a GUID for the "id", the schema | other schemas, which use some sort of a GUID for the "id", the | |||
| "id" is a URI so that it can be registered and is portable between | schema "id" is a URI so that it can be registered and is portable | |||
| different service providers and clients. | between different service providers and clients. | |||
| name The schema's human readable name. When applicable service | name The schema's human readable name. When applicable service | |||
| providers MUST specify the name specified in the core schema | providers MUST specify the name specified in the core schema | |||
| specification; e.g., "User" or "Group". OPTIONAL. | specification; e.g., "User" or "Group". OPTIONAL. | |||
| description The schema's human readable description. When | description The schema's human readable description. When | |||
| applicable service providers MUST specify the description | applicable service providers MUST specify the description | |||
| specified in the core schema specification. OPTIONAL. | specified in the core schema specification. OPTIONAL. | |||
| The following multi-valued attribute is defined: | The following multi-valued attribute is defined: | |||
| skipping to change at page 24, line 19 | skipping to change at page 24, line 19 | |||
| any server SHOULD possess the same value. | any server SHOULD possess the same value. | |||
| 11. JSON Representation | 11. JSON Representation | |||
| 11.1. Minimal User Representation | 11.1. Minimal User Representation | |||
| The following is a non-normative example of the minimal required SCIM | The following is a non-normative example of the minimal required SCIM | |||
| representation in JSON format. | representation in JSON format. | |||
| { | { | |||
| "schemas": ["urn:scim:schemas:core:2.0:User"], | "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"], | |||
| "id": "2819c223-7f76-453a-919d-413861904646", | "id": "2819c223-7f76-453a-919d-413861904646", | |||
| "userName": "bjensen@example.com", | "userName": "bjensen@example.com", | |||
| "meta": { | "meta": { | |||
| "resourceType": "User", | "resourceType": "User", | |||
| "created": "2010-01-23T04:56:22Z", | "created": "2010-01-23T04:56:22Z", | |||
| "lastModified": "2011-05-13T04:42:34Z", | "lastModified": "2011-05-13T04:42:34Z", | |||
| "version": "W\/\"3694e05e9dff590\"", | "version": "W\/\"3694e05e9dff590\"", | |||
| "location": "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646" | "location": "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646" | |||
| } | } | |||
| } | } | |||
| Figure 2: Example Minimal User JSON Representation | Figure 2: Example Minimal User JSON Representation | |||
| 11.2. Full User Representation | 11.2. Full User Representation | |||
| The following is a non-normative example of the fully populated SCIM | The following is a non-normative example of the fully populated SCIM | |||
| representation in JSON format. | representation in JSON format. | |||
| { | { | |||
| "schemas": ["urn:scim:schemas:core:2.0:User"], | "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"], | |||
| "id": "2819c223-7f76-453a-919d-413861904646", | "id": "2819c223-7f76-453a-919d-413861904646", | |||
| "externalId": "701984", | "externalId": "701984", | |||
| "userName": "bjensen@example.com", | "userName": "bjensen@example.com", | |||
| "name": { | "name": { | |||
| "formatted": "Ms. Barbara J Jensen III", | "formatted": "Ms. Barbara J Jensen III", | |||
| "familyName": "Jensen", | "familyName": "Jensen", | |||
| "givenName": "Barbara", | "givenName": "Barbara", | |||
| "middleName": "Jane", | "middleName": "Jane", | |||
| "honorificPrefix": "Ms.", | "honorificPrefix": "Ms.", | |||
| "honorificSuffix": "III" | "honorificSuffix": "III" | |||
| skipping to change at page 27, line 32 | skipping to change at page 27, line 32 | |||
| Figure 3: Example Full User JSON Representation | Figure 3: Example Full User JSON Representation | |||
| 11.3. Enterprise User Extension Representation | 11.3. Enterprise User Extension Representation | |||
| The following is a non-normative example of the fully populated User | The following is a non-normative example of the fully populated User | |||
| using the enterprise User extension in JSON format. | using the enterprise User extension in JSON format. | |||
| { | { | |||
| "schemas": | "schemas": | |||
| [ "urn:scim:schemas:core:2.0:User", | [ "urn:ietf:params:scim:schemas:core:2.0:User", | |||
| "urn:scim:schemas:extension:enterprise:2.0:User"], | "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"], | |||
| "id": "2819c223-7f76-453a-919d-413861904646", | "id": "2819c223-7f76-453a-919d-413861904646", | |||
| "externalId": "701984", | "externalId": "701984", | |||
| "userName": "bjensen@example.com", | "userName": "bjensen@example.com", | |||
| "name": { | "name": { | |||
| "formatted": "Ms. Barbara J Jensen III", | "formatted": "Ms. Barbara J Jensen III", | |||
| "familyName": "Jensen", | "familyName": "Jensen", | |||
| "givenName": "Barbara", | "givenName": "Barbara", | |||
| "middleName": "Jane", | "middleName": "Jane", | |||
| "honorificPrefix": "Ms.", | "honorificPrefix": "Ms.", | |||
| "honorificSuffix": "III" | "honorificSuffix": "III" | |||
| skipping to change at page 30, line 8 | skipping to change at page 30, line 8 | |||
| DYrl+ft781UQRIqxgwqCfXEuDiinPh0kkvIi5jivVu1Z9QiwlYEdRbLJ4zJQBmDr | DYrl+ft781UQRIqxgwqCfXEuDiinPh0kkvIi5jivVu1Z9QiwlYEdRbLJ4zJQBmDr | |||
| SGTMYn4lRc2HgHO4DqB/bnMVorHB0CC6AV1QoFK4GPe1LwIDAQABo3sweTAJBgNV | SGTMYn4lRc2HgHO4DqB/bnMVorHB0CC6AV1QoFK4GPe1LwIDAQABo3sweTAJBgNV | |||
| HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp | HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp | |||
| Y2F0ZTAdBgNVHQ4EFgQU8pD0U0vsZIsaA16lL8En8bx0F/gwHwYDVR0jBBgwFoAU | Y2F0ZTAdBgNVHQ4EFgQU8pD0U0vsZIsaA16lL8En8bx0F/gwHwYDVR0jBBgwFoAU | |||
| dGeKitcaF7gnzsNwDx708kqaVt0wDQYJKoZIhvcNAQEFBQADgYEAA81SsFnOdYJt | dGeKitcaF7gnzsNwDx708kqaVt0wDQYJKoZIhvcNAQEFBQADgYEAA81SsFnOdYJt | |||
| Ng5Tcq+/ByEDrBgnusx0jloUhByPMEVkoMZ3J7j1ZgI8rAbOkNngX8+pKfTiDz1R | Ng5Tcq+/ByEDrBgnusx0jloUhByPMEVkoMZ3J7j1ZgI8rAbOkNngX8+pKfTiDz1R | |||
| C4+dx8oU6Za+4NJXUjlL5CvV6BEYb1+QAEJwitTVvxB/A67g42/vzgAtoRUeDov1 | C4+dx8oU6Za+4NJXUjlL5CvV6BEYb1+QAEJwitTVvxB/A67g42/vzgAtoRUeDov1 | |||
| +GFiBZ+GNF/cAYKcMtGcrs2i97ZkJMo=" | +GFiBZ+GNF/cAYKcMtGcrs2i97ZkJMo=" | |||
| } | } | |||
| ], | ], | |||
| "urn:scim:schemas:extension:enterprise:2.0:User": { | "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { | |||
| "employeeNumber": "701984", | "employeeNumber": "701984", | |||
| "costCenter": "4130", | "costCenter": "4130", | |||
| "organization": "Universal Studios", | "organization": "Universal Studios", | |||
| "division": "Theme Park", | "division": "Theme Park", | |||
| "department": "Tour Operations", | "department": "Tour Operations", | |||
| "manager": { | "manager": { | |||
| "managerId": "26118915-6090-4610-87e4-49d8ca9f808d", | "managerId": "26118915-6090-4610-87e4-49d8ca9f808d", | |||
| "$ref": "/Users/26118915-6090-4610-87e4-49d8ca9f808d", | "$ref": "/Users/26118915-6090-4610-87e4-49d8ca9f808d", | |||
| "displayName": "John Smith" | "displayName": "John Smith" | |||
| } | } | |||
| skipping to change at page 31, line 6 | skipping to change at page 31, line 6 | |||
| } | } | |||
| Figure 4: Example Enterprise User JSON Representation | Figure 4: Example Enterprise User JSON Representation | |||
| 11.4. Group Representation | 11.4. Group Representation | |||
| The following is a non-normative example of SCIM Group representation | The following is a non-normative example of SCIM Group representation | |||
| in JSON format. | in JSON format. | |||
| { | { | |||
| "schemas": ["urn:scim:schemas:core:2.0:Group"], | "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"], | |||
| "id": "e9e30dba-f08f-4109-8486-d5c6a331660a", | "id": "e9e30dba-f08f-4109-8486-d5c6a331660a", | |||
| "displayName": "Tour Guides", | "displayName": "Tour Guides", | |||
| "members": [ | "members": [ | |||
| { | { | |||
| "value": "2819c223-7f76-453a-919d-413861904646", | "value": "2819c223-7f76-453a-919d-413861904646", | |||
| "$ref": "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646", | "$ref": "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646", | |||
| "display": "Babs Jensen" | "display": "Babs Jensen" | |||
| }, | }, | |||
| { | { | |||
| "value": "902c246b-6245-4190-8e05-00816be7344a", | "value": "902c246b-6245-4190-8e05-00816be7344a", | |||
| skipping to change at page 31, line 38 | skipping to change at page 31, line 38 | |||
| } | } | |||
| Figure 5: Example Group JSON Representation | Figure 5: Example Group JSON Representation | |||
| 11.5. Service Provider Configuration Representation | 11.5. Service Provider Configuration Representation | |||
| The following is a non-normative example of the SCIM service provider | The following is a non-normative example of the SCIM service provider | |||
| configuration representation in JSON format. | configuration representation in JSON format. | |||
| { | { | |||
| "schemas": ["urn:scim:schemas:core:2.0:ServiceProviderConfig"], | "schemas": ["urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"], | |||
| "documentationUrl":"http://example.com/help/scim.html", | "documentationUrl":"http://example.com/help/scim.html", | |||
| "patch": { | "patch": { | |||
| "supported":true | "supported":true | |||
| }, | }, | |||
| "bulk": { | "bulk": { | |||
| "supported":true, | "supported":true, | |||
| "maxOperations":1000, | "maxOperations":1000, | |||
| "maxPayloadSize":1048576 | "maxPayloadSize":1048576 | |||
| }, | }, | |||
| "filter": { | "filter": { | |||
| skipping to change at page 33, line 5 | skipping to change at page 33, line 5 | |||
| } | } | |||
| } | } | |||
| Figure 6: Example Service Provider Config JSON Representation | Figure 6: Example Service Provider Config JSON Representation | |||
| 11.6. Resource Type Representation | 11.6. Resource Type Representation | |||
| The following is a non-normative example of the SCIM resource type | The following is a non-normative example of the SCIM resource type | |||
| representation in JSON format. | representation in JSON format. | |||
| { | { | |||
| "schemas": ["urn:scim:schemas:core:2.0:ResourceType"], | "schemas": ["urn:ietf:params:scim:schemas:core:2.0:ResourceType"], | |||
| "id":"User", | "id":"User", | |||
| "name":"User", | "name":"User", | |||
| "endpoint": "/Users", | "endpoint": "/Users", | |||
| "description": "Core User", | "description": "Core User", | |||
| "schema": "urn:scim:schemas:core:2.0:User", | "schema": "urn:ietf:params:scim:schemas:core:2.0:User", | |||
| "schemaExtensions": [ | "schemaExtensions": [ | |||
| { | { | |||
| "schema": "urn:scim:schemas:extension:enterprise:2.0:User", | "schema": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", | |||
| "required": true | "required": true | |||
| } | } | |||
| ], | ], | |||
| "meta": { | "meta": { | |||
| "location":"https://example.com/v2/ResourceTypes/User", | "location":"https://example.com/v2/ResourceTypes/User", | |||
| "resourceType": "ResourceType", | "resourceType": "ResourceType", | |||
| "created": "2010-01-23T04:56:22Z", | "created": "2010-01-23T04:56:22Z", | |||
| "lastModified": "2011-05-13T04:42:34Z", | "lastModified": "2011-05-13T04:42:34Z", | |||
| "version": "W\/\"3694e05e9dff595\"" | "version": "W\/\"3694e05e9dff595\"" | |||
| } | } | |||
| } | } | |||
| Figure 7: Example Resource Type JSON Representation | Figure 7: Example Resource Type JSON Representation | |||
| 11.7. Schema Representation | 11.7. Schema Representation | |||
| The following is intended as normative example of the SCIM Schema | The following is intended as normative example of the SCIM Schema | |||
| representation in JSON format. Where permitted individual values and | representation in JSON format. Where permitted individual values and | |||
| schema MAY change. Included but not limited to, are schemas for | schema MAY change. Included but not limited to, are schemas for | |||
| User, Group, and enterprise user. | User, Group, and enterprise user. | |||
| {[ | {[ | |||
| { | { | |||
| "id" : "urn:scim:schemas:core:2.0:User", | "id" : "urn:ietf:params:scim:schemas:core:2.0:User", | |||
| "name" : "User", | "name" : "User", | |||
| "description" : "Core User", | "description" : "Core User", | |||
| "attributes" : [ | "attributes" : [ | |||
| { | { | |||
| "name" : "id", | "name" : "id", | |||
| "type" : "string", | "type" : "string", | |||
| "multiValued" : false, | "multiValued" : false, | |||
| "description" : "Unique identifier for the SCIM resource as defined by the Service Provider. Each representation of the resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of resources. It MUST be a stable, non-reassignable identifier that does not change when the same resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. REQUIRED.", | "description" : "Unique identifier for the SCIM resource as defined by the Service Provider. Each representation of the resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of resources. It MUST be a stable, non-reassignable identifier that does not change when the same resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. REQUIRED.", | |||
| "required" : true, | "required" : true, | |||
| "caseExact" : false, | "caseExact" : false, | |||
| skipping to change at page 50, line 42 | skipping to change at page 50, line 42 | |||
| "mutability" : "readWrite", | "mutability" : "readWrite", | |||
| "returned" : "default", | "returned" : "default", | |||
| "uniqueness" : "none" | "uniqueness" : "none" | |||
| } | } | |||
| ], | ], | |||
| "meta" : { | "meta" : { | |||
| "resourceType" : "Schema", | "resourceType" : "Schema", | |||
| "created" : "2010-01-23T04:56:22Z", | "created" : "2010-01-23T04:56:22Z", | |||
| "lastModified" : "2014-02-04T00:00:00Z", | "lastModified" : "2014-02-04T00:00:00Z", | |||
| "version" : "W/\"3694e05e9dff596\"", | "version" : "W/\"3694e05e9dff596\"", | |||
| "location" : "https://example.com/v2/Schemas/urn:scim:schemas:core:2.0:User" | "location" : "https://example.com/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:User" | |||
| } | } | |||
| }, | }, | |||
| { | { | |||
| "id" : "urn:scim:schemas:core:2.0:Group", | "id" : "urn:ietf:params:scim:schemas:core:2.0:Group", | |||
| "name" : "Group", | "name" : "Group", | |||
| "description" : "Core Group", | "description" : "Core Group", | |||
| "attributes" : [ | "attributes" : [ | |||
| { | { | |||
| "name" : "id", | "name" : "id", | |||
| "type" : "string", | "type" : "string", | |||
| "multiValued" : false, | "multiValued" : false, | |||
| "description" : "Unique identifier for the SCIM resource as defined by the Service Provider. Each representation of the resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of resources. It MUST be a stable, non-reassignable identifier that does not change when the same resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. REQUIRED.", | "description" : "Unique identifier for the SCIM resource as defined by the Service Provider. Each representation of the resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of resources. It MUST be a stable, non-reassignable identifier that does not change when the same resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. REQUIRED.", | |||
| "required" : true, | "required" : true, | |||
| "caseExact" : false, | "caseExact" : false, | |||
| skipping to change at page 52, line 43 | skipping to change at page 52, line 43 | |||
| "mutability" : "readWrite", | "mutability" : "readWrite", | |||
| "returned" : "default", | "returned" : "default", | |||
| "uniqueness" : "none" | "uniqueness" : "none" | |||
| } | } | |||
| ], | ], | |||
| "meta" : { | "meta" : { | |||
| "resourceType" : "Schema", | "resourceType" : "Schema", | |||
| "created" : "2010-01-23T04:56:22Z", | "created" : "2010-01-23T04:56:22Z", | |||
| "lastModified" : "2014-02-04T00:00:00Z", | "lastModified" : "2014-02-04T00:00:00Z", | |||
| "version" : "W/\"3694e05e9dff596\"", | "version" : "W/\"3694e05e9dff596\"", | |||
| "location" : "https://example.com/v2/Schemas/urn:scim:schemas:core:2.0:Group" | "location" : "https://example.com/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:Group" | |||
| } | } | |||
| }, | }, | |||
| { | { | |||
| "id" : "urn:scim:schemas:extension:enterprise:2.0:User", | "id" : "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", | |||
| "name" : "EnterpriseUser", | "name" : "EnterpriseUser", | |||
| "description" : "Enterprise User", | "description" : "Enterprise User", | |||
| "attributes" : [ | "attributes" : [ | |||
| { | { | |||
| "name" : "employeeNumber", | "name" : "employeeNumber", | |||
| "type" : "string", | "type" : "string", | |||
| "multiValued" : false, | "multiValued" : false, | |||
| "description" : "Numeric or alphanumeric identifier assigned to a person, typically based on order of hire or association with an organization.", | "description" : "Numeric or alphanumeric identifier assigned to a person, typically based on order of hire or association with an organization.", | |||
| "required" : false, | "required" : false, | |||
| "caseExact" : false, | "caseExact" : false, | |||
| skipping to change at page 55, line 14 | skipping to change at page 55, line 14 | |||
| "mutability" : "readWrite", | "mutability" : "readWrite", | |||
| "returned" : "default", | "returned" : "default", | |||
| "uniqueness" : "none" | "uniqueness" : "none" | |||
| } | } | |||
| ], | ], | |||
| "meta" : { | "meta" : { | |||
| "resourceType" : "Schema", | "resourceType" : "Schema", | |||
| "created" : "2010-01-23T04:56:22Z", | "created" : "2010-01-23T04:56:22Z", | |||
| "lastModified" : "2014-02-04T00:00:00Z", | "lastModified" : "2014-02-04T00:00:00Z", | |||
| "version" : "W/\"3694e05e9dff596\"", | "version" : "W/\"3694e05e9dff596\"", | |||
| "location" : "https://example.com/v2/Schemas/urn:scim:schemas:extension:enterprise:2.0:User" | "location" : "https://example.com/v2/Schemas/urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" | |||
| } | } | |||
| } | } | |||
| ]} | ]} | |||
| Figure 8: Eample Schema JSON Representation | Figure 8: Eample Schema JSON Representation | |||
| 12. Security Considerations | 12. Security Considerations | |||
| The SCIM Core schema contains personally identifiable information as | The SCIM Core schema contains personally identifiable information as | |||
| well as other sensitive data. Aside from prohibiting password values | well as other sensitive data. Aside from prohibiting password values | |||
| in a SCIM response this specification does not provide any means or | in a SCIM response this specification does not provide any means or | |||
| guarantee of confidentiality. | guarantee of confidentiality. | |||
| 13. IANA Considerations | 13. IANA Considerations | |||
| 13.1. URN Sub-Namespace for SCIM | 13.1. New Registration of SCIM URN Sub-namespace | |||
| IANA has created a registry for new IETF URN sub-namespaces, | ||||
| "urn:ietf:params:scim:", per [RFC3553]. The registration request is | ||||
| as follows: | ||||
| Per [RFC3553], IANA has registered a new URN sub-namespace, | ||||
| "urn:ietf:params:scim". | ||||
| o Registry name: scim | ||||
| o Specification: [this document] | ||||
| o Repository: [see Section 13.2] | ||||
| o Index value: values [see Section 13.2] | ||||
| 13.2. URN Sub-Namespace for SCIM | ||||
| SCIM schemas and SCIM messages utilize URIs to identify the schema in | SCIM schemas and SCIM messages utilize URIs to identify the schema in | |||
| use or other relevant context. This section creates and registers an | use or other relevant context. This section creates and registers an | |||
| IETF URN Sub-namespace for use in the SCIM specifications and future | IETF URN Sub-namespace for use in the SCIM specifications and future | |||
| extensions. | extensions. | |||
| 13.1.1. Specification Template | 13.2.1. Specification Template | |||
| Namespace ID: | Namespace ID: | |||
| The Namespace ID "scim" is requested. | The Namespace ID "scim" is requested. | |||
| Registration Information: | Registration Information: | |||
| Version: 1 | Version: 1 | |||
| Date: [[insert final submission date]] | Date: [[insert final submission date]] | |||
| skipping to change at page 56, line 15 | skipping to change at page 56, line 33 | |||
| Designated contact | Designated contact | |||
| A designated expert will monitor the SCIM public mailing list, | A designated expert will monitor the SCIM public mailing list, | |||
| "scim@ietf.org". | "scim@ietf.org". | |||
| Declaration of Syntactic Structure: | Declaration of Syntactic Structure: | |||
| The Namespace Specific String (NSS) of all URNs that use the | The Namespace Specific String (NSS) of all URNs that use the | |||
| "scim" NID shall have the following structure: | "scim" NID shall have the following structure: | |||
| urn:scim:{type}:{name}{:subName}:{version}{:className}{:resourceType} | urn:ietf:params:scim:{type}:{name}{:sName}:{vers}{:class}{:resType} | |||
| The keywords have the following meaning: | The keywords have the following meaning: | |||
| type | type | |||
| An entity type (e.g. "schemas", "api", or "param" ). | The entity type which is either "schemas" or "api". | |||
| name | name | |||
| A required US-ASCII string that conforms to the URN syntax | A required US-ASCII string that conforms to the URN syntax | |||
| requirements (see [RFC2141] ) and defines a major namespace of | requirements (see [RFC2141] ) and defines a major namespace of | |||
| object used within SCIM (e.g. "core", "extension" ). The name | object used within SCIM (e.g. "core", "extension" ). The name | |||
| "extension" MUST be used when the registered schema it refers | "extension" MAY be used when the registered schema it refers to | |||
| to is intended to be used as an extension to another schema. | is intended to be used as an extension to another schema. | |||
| An optional US-ASCII string that conforms to the URN syntax | An optional US-ASCII string that conforms to the URN syntax | |||
| requirements (see [RFC2141] ) and defines a sub-class of object | requirements (see [RFC2141] ) and defines a sub-class of object | |||
| used within SCIM (e.g. "enterprise", "extension" ). | used within SCIM (e.g. "enterprise"). | |||
| version | vers | |||
| The first SCIM protocol version number where the URN is valid | The first SCIM protocol version number where the URN is valid | |||
| (e.g. "2.0" ). | (e.g. "2.0" ). | |||
| className | class | |||
| An optional US-ASCII string that conforms to the URN syntax | An optional US-ASCII string that conforms to the URN syntax | |||
| requirements (see [RFC2141] ) and defines a major class of | requirements (see [RFC2141] ) and defines a major class of | |||
| object used within SCIM. | object used within SCIM. | |||
| resourceType | resType | |||
| An optional US-ASCII string that conforms to the URN syntax | An optional US-ASCII string that conforms to the URN syntax | |||
| requirements (see [RFC2141] ) and typically is used when | requirements (see [RFC2141] ) and typically is used when | |||
| referring to a resource type within SCIM (e.g. User). | referring to a resource type within SCIM (e.g. User). | |||
| Relevant Ancillary Documentation: | Relevant Ancillary Documentation: | |||
| None | None | |||
| Identifier Uniqueness Considerations: | Identifier Uniqueness Considerations: | |||
| skipping to change at page 57, line 21 | skipping to change at page 57, line 39 | |||
| Once a name has been allocated it MUST NOT be re-allocated for a | Once a name has been allocated it MUST NOT be re-allocated for a | |||
| different purpose. The rules provided for assignments of values | different purpose. The rules provided for assignments of values | |||
| within a sub-namespace MUST be constructed so that the meaning of | within a sub-namespace MUST be constructed so that the meaning of | |||
| values cannot change. This registration mechanism is not | values cannot change. This registration mechanism is not | |||
| appropriate for naming values whose meaning may change over time. | appropriate for naming values whose meaning may change over time. | |||
| As the SCIM specifications are updated and the SCIM protocol | As the SCIM specifications are updated and the SCIM protocol | |||
| version is adjusted, a new registration will be made when | version is adjusted, a new registration will be made when | |||
| significant changes are made. Example, | significant changes are made. Example, | |||
| "urn:scim:schemas:core:1.0" and "urn:scim:schemas:core:2.0". | "urn:ietf:params:scim:schemas:core:1.0 (externally defined, not | |||
| previously registered)" and | ||||
| "urn:ietf:params:scim:schemas:core:2.0". | ||||
| Process of Identifier Assignment: | Process of Identifier Assignment: | |||
| Identifiers with namespace type "schema" (e.g. "urn:scim:schemas" | Identifiers with namespace type "schema" (e.g. | |||
| ) are assigned after the review of the assigned contact via the | "urn:ietf:params:scim:schemas" ) are assigned after the review of | |||
| SCIM public mailing list, "scim@ietf.org" as documented in | the assigned contact via the SCIM public mailing list, | |||
| Section 13.2. | "scim@ietf.org" as documented in Section 13.3. | |||
| Namespaces with type "api" (e.g. "urn:scim:api" ) are reserved for | Namespaces with type "api" (e.g. "urn:ietf:params:scim:api" ) are | |||
| IETF approved SCIM specifications. Namespaces with type "param" | reserved for IETF approved SCIM specifications. Namespaces with | |||
| are reserved for future use. | type "param" are reserved for future use. | |||
| Process of Identifier Resolution: | Process of Identifier Resolution: | |||
| The namespace is not currently listed with a Resolution Discovery | The namespace is not currently listed with a Resolution Discovery | |||
| System (RDS), but nothing about the namespace prohibits the future | System (RDS), but nothing about the namespace prohibits the future | |||
| definition of appropriate resolution methods or listing with an | definition of appropriate resolution methods or listing with an | |||
| RDS. | RDS. | |||
| Rules for Lexical Equivalence: | Rules for Lexical Equivalence: | |||
| skipping to change at page 58, line 9 | skipping to change at page 58, line 29 | |||
| No special considerations. | No special considerations. | |||
| Validation Mechanism: | Validation Mechanism: | |||
| None specified. | None specified. | |||
| Scope: | Scope: | |||
| Global. | Global. | |||
| 13.1.2. Pre-Registered SCIM Schema Identifiers | 13.2.2. Pre-Registered SCIM Schema Identifiers | |||
| The following SCIM Identifiers are defined: | The following SCIM Identifiers are defined: | |||
| urn:scim:schemas:core:2.0 | urn:ietf:params:scim:schemas:core:2.0 | |||
| SCIM Core Schema as specified in Section 4 and Section 13.3. | SCIM Core Schema as specified in Section 4 and Section 13.4. | |||
| urn:scim:schemas:extension:enterprise:2.0 | urn:ietf:params:scim:schemas:extension:enterprise:2.0 | |||
| Enterprise schema extensions as defined in Section 6 and | Enterprise schema extensions as defined in Section 6 and | |||
| Section 13.3. | Section 13.4. | |||
| 13.2. Registering SCIM Schemas | 13.3. Registering SCIM Schemas | |||
| This section defines the process for registering new SCIM schemas | This section defines the process for registering new SCIM schemas | |||
| with IANA. A schema URI is used as a value in the schemas attribute | with IANA. A schema URI is used as a value in the schemas attribute | |||
| ( Section 4.2 ) for the purpose of distinguishing extensions used in | ( Section 4.2 ) for the purpose of distinguishing extensions used in | |||
| a SCIM resource. | a SCIM resource. | |||
| 13.2.1. Registration Procedure | 13.3.1. Registration Procedure | |||
| The IETF has created a mailing list, scim@ietf.org, which can be used | The IETF has created a mailing list, scim@ietf.org, which can be used | |||
| for public discussion of SCIM schema proposals prior to registration. | for public discussion of SCIM schema proposals prior to registration. | |||
| Use of the mailing list is strongly encouraged. The IESG has | Use of the mailing list is strongly encouraged. The IESG has | |||
| appointed a designated expert who will monitor the scim@ietf.org | appointed a designated expert who will monitor the scim@ietf.org | |||
| mailing list and review registrations. | mailing list and review registrations. | |||
| Registration of new schemas MUST be reviewed by the designated expert | Registration of new schemas MUST be reviewed by the designated expert | |||
| and published in an RFC. A Standards Track RFC is REQUIRED for the | and published in an RFC. A Standards Track RFC is REQUIRED for the | |||
| registration of new value data types that modify existing properties. | registration of new value data types that modify existing properties. | |||
| skipping to change at page 59, line 17 | skipping to change at page 59, line 41 | |||
| Once the registration procedure concludes successfully, IANA creates | Once the registration procedure concludes successfully, IANA creates | |||
| or modifies the corresponding record in the SCIM schema registry. | or modifies the corresponding record in the SCIM schema registry. | |||
| The completed registration template is discarded. | The completed registration template is discarded. | |||
| An RFC specifying new schema URI MUST include the completed | An RFC specifying new schema URI MUST include the completed | |||
| registration templates, which MAY be expanded with additional | registration templates, which MAY be expanded with additional | |||
| information. These completed templates are intended to go in the | information. These completed templates are intended to go in the | |||
| body of the document, not in the IANA Considerations section. The | body of the document, not in the IANA Considerations section. The | |||
| RFC SHOULD include any attributes defined. | RFC SHOULD include any attributes defined. | |||
| 13.2.2. Schema Registration Template | 13.3.2. Schema Registration Template | |||
| A SCIM schema URI is defined by completing the following template: | A SCIM schema URI is defined by completing the following template: | |||
| Schema URI: Schema URI: A unique URI for the SCIM schema extension. | Schema URI: Schema URI: A unique URI for the SCIM schema extension. | |||
| Schema Name: A descriptive name of the schema extension (e.g. | Schema Name: A descriptive name of the schema extension (e.g. | |||
| Generic Device) | Generic Device) | |||
| Intended or Associated Resource Type: A value defining the resource | Intended or Associated Resource Type: A value defining the resource | |||
| type (e.g. "Device"). | type (e.g. "Device"). | |||
| Purpose: A description of the purpose of the extension and/or its | Purpose: A description of the purpose of the extension and/or its | |||
| intended use. | intended use. | |||
| Single-value Attributes: A list and description of single-valued | Single-value Attributes: A list and description of single-valued | |||
| attributes defined including complex attributes. | attributes defined including complex attributes. | |||
| Multi-valued Attributes: A list and description of multi-valued | Multi-valued Attributes: A list and description of multi-valued | |||
| attributes defined including complex attributes. | attributes defined including complex attributes. | |||
| 13.3. Initial SCIM Schema Registry | 13.4. Initial SCIM Schema Registry | |||
| The IANA has created and will maintain the following registries for | The IANA has created and will maintain the following registries for | |||
| SCIM schema URIs with pointers to appropriate reference documents. | SCIM schema URIs with pointers to appropriate reference documents. | |||
| +-------------------------------------------+-----------+-----------+ | +----------------------------------------------+---------+----------+ | |||
| | Schema URI | Name | Reference | | | Schema URI | Name | Referenc | | |||
| +-------------------------------------------+-----------+-----------+ | | | | e | | |||
| | urn:scim:schemas:core:2.0:User | User | See | | +----------------------------------------------+---------+----------+ | |||
| | | Resource | Section 5 | | | urn:ietf:params:scim:schemas:core:2.0:User | User Re | See | | |||
| | urn:scim:schemas:extension:enterprise:2.0 | Enterpris | See | | | | source | Section | | |||
| | :User | e User | Section 6 | | | | | 5 | | |||
| | | Extension | | | | urn:ietf:params:scim:schemas:extension:enter | Enterpr | See | | |||
| | urn:scim:schemas:core:2.0:Group | Group | See | | | prise:2.0:User | ise | Section | | |||
| | | Resource | Section 7 | | | | User Ex | 6 | | |||
| +-------------------------------------------+-----------+-----------+ | | | tension | | | |||
| | urn:ietf:params:scim:schemas:core:2.0:Group | Group R | See | | ||||
| | | esource | Section | | ||||
| | | | 7 | | ||||
| +----------------------------------------------+---------+----------+ | ||||
| SCIM Schema URIs for Data Resources | SCIM Schema URIs for Data Resources | |||
| +-----------------------------------------+-------------+-----------+ | +--------------------------------------------+-----------+----------+ | |||
| | Schema URI | Name | Reference | | | Schema URI | Name | Referenc | | |||
| +-----------------------------------------+-------------+-----------+ | | | | e | | |||
| | urn:scim:schemas:core:2.0:ServiceProvid | Service | See | | +--------------------------------------------+-----------+----------+ | |||
| | erConfig | Provider Co | Section 8 | | | urn:ietf:params:scim:schemas:core:2.0:Serv | Service | See | | |||
| | | nfiguration | | | | iceProviderConfig | Provider | Section | | |||
| | | Schema | | | | | Configura | 8 | | |||
| | urn:scim:schemas:core:2.0:ResourceType | Resource | See | | | | tion | | | |||
| | | Type Config | Section 9 | | | | Schema | | | |||
| | urn:scim:schemas:core:2.0:Schema | Schema | See | | | urn:ietf:params:scim:schemas:core:2.0:Reso | Resource | See | | |||
| | | Definitions | Section | | | urceType | Type | Section | | |||
| | | Schema | 10 | | | | Config | 9 | | |||
| +-----------------------------------------+-------------+-----------+ | | urn:ietf:params:scim:schemas:core:2.0:Sche | Schema De | See | | |||
| | ma | finitions | Section | | ||||
| | | Schema | 10 | | ||||
| +--------------------------------------------+-----------+----------+ | ||||
| SCIM Server Related Schema URIs | SCIM Server Related Schema URIs | |||
| 14. References | 14. References | |||
| 14.1. Normative References | 14.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC2141] Moats, R., "URN Syntax", RFC 2141, May 1997. | [RFC2141] Moats, R., "URN Syntax", RFC 2141, May 1997. | |||
| [RFC3553] Mealling, M., Masinter, L., Hardie, T., and G. Klyne, "An | ||||
| IETF URN Sub-namespace for Registered Protocol | ||||
| Parameters", BCP 73, RFC 3553, June 2003. | ||||
| [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO | [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO | |||
| 10646", STD 63, RFC 3629, November 2003. | 10646", STD 63, RFC 3629, November 2003. | |||
| [RFC3966] Schulzrinne, H., "The tel URI for Telephone Numbers", RFC | [RFC3966] Schulzrinne, H., "The tel URI for Telephone Numbers", RFC | |||
| 3966, December 2004. | 3966, December 2004. | |||
| [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform | [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform | |||
| Resource Identifier (URI): Generic Syntax", STD 66, RFC | Resource Identifier (URI): Generic Syntax", STD 66, RFC | |||
| 3986, January 2005. | 3986, January 2005. | |||
| skipping to change at page 64, line 20 | skipping to change at page 65, line 17 | |||
| - meta.attributes removed due to new PURGE command in draft 04 (no | - meta.attributes removed due to new PURGE command in draft 04 (no | |||
| longer used) | longer used) | |||
| Draft 07 - PH - Edits and revisions | Draft 07 - PH - Edits and revisions | |||
| - Dropped use of the term API in favour of HTTP protocol or just | - Dropped use of the term API in favour of HTTP protocol or just | |||
| protocol. | protocol. | |||
| - Clarified meaning of null and unassigned | - Clarified meaning of null and unassigned | |||
| Draft 08 - PH - Revised IANA namespace to urn:ietf:params:scim per | ||||
| RFC3553 | ||||
| Authors' Addresses | Authors' Addresses | |||
| Kelly Grizzle | Kelly Grizzle | |||
| SailPoint | SailPoint | |||
| Email: kelly.grizzle@sailpoint.com | Email: kelly.grizzle@sailpoint.com | |||
| Phil Hunt (editor) | Phil Hunt (editor) | |||
| Oracle Corporation | Oracle Corporation | |||
| End of changes. 54 change blocks. | ||||
| 122 lines changed or deleted | 158 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||