draft-ietf-scim-core-schema-10.txt   draft-ietf-scim-core-schema-11.txt 
Network Working Group P. Hunt, Ed. Network Working Group P. Hunt, Ed.
Internet-Draft Oracle Internet-Draft Oracle
Intended status: Standards Track K. Grizzle Intended status: Standards Track K. Grizzle
Expires: March 19, 2015 SailPoint Expires: April 9, 2015 SailPoint
E. Wahlstroem E. Wahlstroem
Nexus Technology Nexus Technology
C. Mortimore C. Mortimore
Salesforce Salesforce
September 15, 2014 October 6, 2014
System for Cross-Domain Identity Management: Core Schema System for Cross-Domain Identity Management: Core Schema
draft-ietf-scim-core-schema-10 draft-ietf-scim-core-schema-11
Abstract Abstract
The System for Cross-Domain Identity Management (SCIM) specifications The System for Cross-Domain Identity Management (SCIM) specifications
are designed to make identity management in cloud based applications are designed to make identity management in cloud based applications
and services easier. The specification suite builds upon experience and services easier. The specification suite builds upon experience
with existing schemas and deployments, placing specific emphasis on with existing schemas and deployments, placing specific emphasis on
simplicity of development and integration, while applying existing simplicity of development and integration, while applying existing
authentication, authorization, and privacy models. Its intent is to authentication, authorization, and privacy models. Its intent is to
reduce the cost and complexity of user management operations by reduce the cost and complexity of user management operations by
skipping to change at page 1, line 49 skipping to change at page 1, line 49
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 19, 2015. This Internet-Draft will expire on April 9, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 11, line 34 skipping to change at page 11, line 34
non-reassignable identifier that does not change when the same non-reassignable identifier that does not change when the same
resource is returned in subsequent requests. The value of the resource is returned in subsequent requests. The value of the
"id" attribute is always issued by the service provider and MUST "id" attribute is always issued by the service provider and MUST
NOT be specified by the client. The string "bulkId" is a reserved NOT be specified by the client. The string "bulkId" is a reserved
keyword and MUST NOT be used within any unique identifier value. keyword and MUST NOT be used within any unique identifier value.
REQUIRED and has a mutability of "readOnly". See Section 9 for REQUIRED and has a mutability of "readOnly". See Section 9 for
additional considerations regarding privacy. additional considerations regarding privacy.
externalId externalId
A String that is an identifier for the resource as defined by the A String that is an identifier for the resource as defined by the
client. The "externalId" may simplify identification of the provisioning client. The "externalId" may simplify identification
resource between client and service provider by allowing the of a resource between the provisioning client and the service
client to use a filter to locate the resource with its own provider by allowing the client to use a filter to locate the
identifier, obviating the need to store a local mapping between resource with an identifier from the provisioning domain,
the local identifier of the resource and the identifier used by obviating the need to store a local mapping between the
the service provider. Each resource MAY include a non-empty provisioning domain's identifier of the resource and the
"externalId" value. The value of the "externalId" attribute is identifier used by the service provider. Each resource MAY
always issued by the client and MUST NOT be specified by the include a non-empty "externalId" value. The value of the
service provider. The service provider MUST always interpret the "externalId" attribute is always issued by the provisioning client
externalId as scoped to the client's tenant. While the server and MUST NOT be specified by the service provider. The service
does not enforce uniqueness, it is assumed that the value's provider MUST always interpret the externalId as scoped to the
uniqueness is controlled by the client setting the value. See client's tenant. While the server does not enforce uniqueness, it
Section 9 for additional considerations regarding privacy. is assumed that the value's uniqueness is controlled by the client
setting the value. See Section 9 for additional considerations
regarding privacy.
meta meta
A complex attribute containing resource metadata. All sub- A complex attribute containing resource metadata. All sub-
attributes are OPTIONAL and are asserted by the Service Provider: attributes are OPTIONAL and are asserted by the Service Provider:
resourceType The name of the resource type of the resource. This resourceType The name of the resource type of the resource. This
attribute has mutability of "readOnly". attribute has mutability of "readOnly".
created The DateTime the resource was added to the service created The DateTime the resource was added to the service
provider. The attribute MUST be a DateTime. This attribute provider. The attribute MUST be a DateTime. This attribute
skipping to change at page 66, line 7 skipping to change at page 66, line 7
Clarified "schemas" attribute as representing the JSON body schema Clarified "schemas" attribute as representing the JSON body schema
in an HTTP Req/Resp in an HTTP Req/Resp
Reduced use of confusing term "core" in "Core User" and "Core Reduced use of confusing term "core" in "Core User" and "Core
Group" Group"
Added clarifications and security considerations for externalId Added clarifications and security considerations for externalId
Re-worded descriptions SCIM schema extension model (sec 3) and Re-worded descriptions SCIM schema extension model (sec 3) and
core schema (sec 4) for improved clarity core schema (sec 4) for improved clarity
Draft 11 - PH - Clarification to definition of externalId
Authors' Addresses Authors' Addresses
Phil Hunt (editor) Phil Hunt (editor)
Oracle Corporation Oracle Corporation
Email: phil.hunt@yahoo.com Email: phil.hunt@yahoo.com
Kelly Grizzle Kelly Grizzle
SailPoint SailPoint
 End of changes. 6 change blocks. 
17 lines changed or deleted 21 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/