--- 1/draft-ietf-scim-core-schema-10.txt 2014-10-06 11:15:07.683883466 -0700 +++ 2/draft-ietf-scim-core-schema-11.txt 2014-10-06 11:15:07.811886581 -0700 @@ -1,23 +1,23 @@ Network Working Group P. Hunt, Ed. Internet-Draft Oracle Intended status: Standards Track K. Grizzle -Expires: March 19, 2015 SailPoint +Expires: April 9, 2015 SailPoint E. Wahlstroem Nexus Technology C. Mortimore Salesforce - September 15, 2014 + October 6, 2014 System for Cross-Domain Identity Management: Core Schema - draft-ietf-scim-core-schema-10 + draft-ietf-scim-core-schema-11 Abstract The System for Cross-Domain Identity Management (SCIM) specifications are designed to make identity management in cloud based applications and services easier. The specification suite builds upon experience with existing schemas and deployments, placing specific emphasis on simplicity of development and integration, while applying existing authentication, authorization, and privacy models. Its intent is to reduce the cost and complexity of user management operations by @@ -38,21 +38,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on March 19, 2015. + This Internet-Draft will expire on April 9, 2015. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -484,33 +484,35 @@ non-reassignable identifier that does not change when the same resource is returned in subsequent requests. The value of the "id" attribute is always issued by the service provider and MUST NOT be specified by the client. The string "bulkId" is a reserved keyword and MUST NOT be used within any unique identifier value. REQUIRED and has a mutability of "readOnly". See Section 9 for additional considerations regarding privacy. externalId A String that is an identifier for the resource as defined by the - client. The "externalId" may simplify identification of the - resource between client and service provider by allowing the - client to use a filter to locate the resource with its own - identifier, obviating the need to store a local mapping between - the local identifier of the resource and the identifier used by - the service provider. Each resource MAY include a non-empty - "externalId" value. The value of the "externalId" attribute is - always issued by the client and MUST NOT be specified by the - service provider. The service provider MUST always interpret the - externalId as scoped to the client's tenant. While the server - does not enforce uniqueness, it is assumed that the value's - uniqueness is controlled by the client setting the value. See - Section 9 for additional considerations regarding privacy. + provisioning client. The "externalId" may simplify identification + of a resource between the provisioning client and the service + provider by allowing the client to use a filter to locate the + resource with an identifier from the provisioning domain, + obviating the need to store a local mapping between the + provisioning domain's identifier of the resource and the + identifier used by the service provider. Each resource MAY + include a non-empty "externalId" value. The value of the + "externalId" attribute is always issued by the provisioning client + and MUST NOT be specified by the service provider. The service + provider MUST always interpret the externalId as scoped to the + client's tenant. While the server does not enforce uniqueness, it + is assumed that the value's uniqueness is controlled by the client + setting the value. See Section 9 for additional considerations + regarding privacy. meta A complex attribute containing resource metadata. All sub- attributes are OPTIONAL and are asserted by the Service Provider: resourceType The name of the resource type of the resource. This attribute has mutability of "readOnly". created The DateTime the resource was added to the service provider. The attribute MUST be a DateTime. This attribute @@ -3079,20 +3081,22 @@ Clarified "schemas" attribute as representing the JSON body schema in an HTTP Req/Resp Reduced use of confusing term "core" in "Core User" and "Core Group" Added clarifications and security considerations for externalId Re-worded descriptions SCIM schema extension model (sec 3) and core schema (sec 4) for improved clarity + Draft 11 - PH - Clarification to definition of externalId + Authors' Addresses Phil Hunt (editor) Oracle Corporation Email: phil.hunt@yahoo.com Kelly Grizzle SailPoint