| draft-ietf-scim-core-schema-10.txt | draft-ietf-scim-core-schema-11.txt | |||
|---|---|---|---|---|
| Network Working Group P. Hunt, Ed. | Network Working Group P. Hunt, Ed. | |||
| Internet-Draft Oracle | Internet-Draft Oracle | |||
| Intended status: Standards Track K. Grizzle | Intended status: Standards Track K. Grizzle | |||
| Expires: March 19, 2015 SailPoint | Expires: April 9, 2015 SailPoint | |||
| E. Wahlstroem | E. Wahlstroem | |||
| Nexus Technology | Nexus Technology | |||
| C. Mortimore | C. Mortimore | |||
| Salesforce | Salesforce | |||
| September 15, 2014 | October 6, 2014 | |||
| System for Cross-Domain Identity Management: Core Schema | System for Cross-Domain Identity Management: Core Schema | |||
| draft-ietf-scim-core-schema-10 | draft-ietf-scim-core-schema-11 | |||
| Abstract | Abstract | |||
| The System for Cross-Domain Identity Management (SCIM) specifications | The System for Cross-Domain Identity Management (SCIM) specifications | |||
| are designed to make identity management in cloud based applications | are designed to make identity management in cloud based applications | |||
| and services easier. The specification suite builds upon experience | and services easier. The specification suite builds upon experience | |||
| with existing schemas and deployments, placing specific emphasis on | with existing schemas and deployments, placing specific emphasis on | |||
| simplicity of development and integration, while applying existing | simplicity of development and integration, while applying existing | |||
| authentication, authorization, and privacy models. Its intent is to | authentication, authorization, and privacy models. Its intent is to | |||
| reduce the cost and complexity of user management operations by | reduce the cost and complexity of user management operations by | |||
| skipping to change at page 1, line 49 | skipping to change at page 1, line 49 | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on March 19, 2015. | This Internet-Draft will expire on April 9, 2015. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2014 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 11, line 34 | skipping to change at page 11, line 34 | |||
| non-reassignable identifier that does not change when the same | non-reassignable identifier that does not change when the same | |||
| resource is returned in subsequent requests. The value of the | resource is returned in subsequent requests. The value of the | |||
| "id" attribute is always issued by the service provider and MUST | "id" attribute is always issued by the service provider and MUST | |||
| NOT be specified by the client. The string "bulkId" is a reserved | NOT be specified by the client. The string "bulkId" is a reserved | |||
| keyword and MUST NOT be used within any unique identifier value. | keyword and MUST NOT be used within any unique identifier value. | |||
| REQUIRED and has a mutability of "readOnly". See Section 9 for | REQUIRED and has a mutability of "readOnly". See Section 9 for | |||
| additional considerations regarding privacy. | additional considerations regarding privacy. | |||
| externalId | externalId | |||
| A String that is an identifier for the resource as defined by the | A String that is an identifier for the resource as defined by the | |||
| client. The "externalId" may simplify identification of the | provisioning client. The "externalId" may simplify identification | |||
| resource between client and service provider by allowing the | of a resource between the provisioning client and the service | |||
| client to use a filter to locate the resource with its own | provider by allowing the client to use a filter to locate the | |||
| identifier, obviating the need to store a local mapping between | resource with an identifier from the provisioning domain, | |||
| the local identifier of the resource and the identifier used by | obviating the need to store a local mapping between the | |||
| the service provider. Each resource MAY include a non-empty | provisioning domain's identifier of the resource and the | |||
| "externalId" value. The value of the "externalId" attribute is | identifier used by the service provider. Each resource MAY | |||
| always issued by the client and MUST NOT be specified by the | include a non-empty "externalId" value. The value of the | |||
| service provider. The service provider MUST always interpret the | "externalId" attribute is always issued by the provisioning client | |||
| externalId as scoped to the client's tenant. While the server | and MUST NOT be specified by the service provider. The service | |||
| does not enforce uniqueness, it is assumed that the value's | provider MUST always interpret the externalId as scoped to the | |||
| uniqueness is controlled by the client setting the value. See | client's tenant. While the server does not enforce uniqueness, it | |||
| Section 9 for additional considerations regarding privacy. | is assumed that the value's uniqueness is controlled by the client | |||
| setting the value. See Section 9 for additional considerations | ||||
| regarding privacy. | ||||
| meta | meta | |||
| A complex attribute containing resource metadata. All sub- | A complex attribute containing resource metadata. All sub- | |||
| attributes are OPTIONAL and are asserted by the Service Provider: | attributes are OPTIONAL and are asserted by the Service Provider: | |||
| resourceType The name of the resource type of the resource. This | resourceType The name of the resource type of the resource. This | |||
| attribute has mutability of "readOnly". | attribute has mutability of "readOnly". | |||
| created The DateTime the resource was added to the service | created The DateTime the resource was added to the service | |||
| provider. The attribute MUST be a DateTime. This attribute | provider. The attribute MUST be a DateTime. This attribute | |||
| skipping to change at page 66, line 7 | skipping to change at page 66, line 7 | |||
| Clarified "schemas" attribute as representing the JSON body schema | Clarified "schemas" attribute as representing the JSON body schema | |||
| in an HTTP Req/Resp | in an HTTP Req/Resp | |||
| Reduced use of confusing term "core" in "Core User" and "Core | Reduced use of confusing term "core" in "Core User" and "Core | |||
| Group" | Group" | |||
| Added clarifications and security considerations for externalId | Added clarifications and security considerations for externalId | |||
| Re-worded descriptions SCIM schema extension model (sec 3) and | Re-worded descriptions SCIM schema extension model (sec 3) and | |||
| core schema (sec 4) for improved clarity | core schema (sec 4) for improved clarity | |||
| Draft 11 - PH - Clarification to definition of externalId | ||||
| Authors' Addresses | Authors' Addresses | |||
| Phil Hunt (editor) | Phil Hunt (editor) | |||
| Oracle Corporation | Oracle Corporation | |||
| Email: phil.hunt@yahoo.com | Email: phil.hunt@yahoo.com | |||
| Kelly Grizzle | Kelly Grizzle | |||
| SailPoint | SailPoint | |||
| End of changes. 6 change blocks. | ||||
| 17 lines changed or deleted | 21 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||