draft-ietf-scim-core-schema-11.txt   draft-ietf-scim-core-schema-12.txt 
Network Working Group P. Hunt, Ed. Network Working Group P. Hunt, Ed.
Internet-Draft Oracle Internet-Draft Oracle
Intended status: Standards Track K. Grizzle Intended status: Standards Track K. Grizzle
Expires: April 9, 2015 SailPoint Expires: April 20, 2015 SailPoint
E. Wahlstroem E. Wahlstroem
Nexus Technology Nexus Technology
C. Mortimore C. Mortimore
Salesforce Salesforce
October 6, 2014 October 17, 2014
System for Cross-Domain Identity Management: Core Schema System for Cross-Domain Identity Management: Core Schema
draft-ietf-scim-core-schema-11 draft-ietf-scim-core-schema-12
Abstract Abstract
The System for Cross-Domain Identity Management (SCIM) specifications The System for Cross-Domain Identity Management (SCIM) specifications
are designed to make identity management in cloud based applications are designed to make identity management in cloud based applications
and services easier. The specification suite builds upon experience and services easier. The specification suite builds upon experience
with existing schemas and deployments, placing specific emphasis on with existing schemas and deployments, placing specific emphasis on
simplicity of development and integration, while applying existing simplicity of development and integration, while applying existing
authentication, authorization, and privacy models. Its intent is to authentication, authorization, and privacy models. Its intent is to
reduce the cost and complexity of user management operations by reduce the cost and complexity of user management operations by
skipping to change at page 1, line 49 skipping to change at page 1, line 49
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 9, 2015. This Internet-Draft will expire on April 20, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 26 skipping to change at page 2, line 26
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction and Overview . . . . . . . . . . . . . . . . . . 3 1. Introduction and Overview . . . . . . . . . . . . . . . . . . 3
1.1. Requirements Notation and Conventions . . . . . . . . . . 4 1.1. Requirements Notation and Conventions . . . . . . . . . . 4
1.2. Definitions . . . . . . . . . . . . . . . . . . . . . . . 4 1.2. Definitions . . . . . . . . . . . . . . . . . . . . . . . 4
2. SCIM Schema Data Types . . . . . . . . . . . . . . . . . . . 5 2. SCIM Schema Data Types . . . . . . . . . . . . . . . . . . . 5
2.1. Attribute Data Types . . . . . . . . . . . . . . . . . . 5 2.1. Attribute Data Types . . . . . . . . . . . . . . . . . . 6
2.1.1. String . . . . . . . . . . . . . . . . . . . . . . . 6 2.1.1. String . . . . . . . . . . . . . . . . . . . . . . . 6
2.1.2. Boolean . . . . . . . . . . . . . . . . . . . . . . . 6 2.1.2. Boolean . . . . . . . . . . . . . . . . . . . . . . . 6
2.1.3. Decimal . . . . . . . . . . . . . . . . . . . . . . . 6 2.1.3. Decimal . . . . . . . . . . . . . . . . . . . . . . . 6
2.1.4. Integer . . . . . . . . . . . . . . . . . . . . . . . 6 2.1.4. Integer . . . . . . . . . . . . . . . . . . . . . . . 6
2.1.5. DateTime . . . . . . . . . . . . . . . . . . . . . . 6 2.1.5. DateTime . . . . . . . . . . . . . . . . . . . . . . 7
2.1.6. Binary . . . . . . . . . . . . . . . . . . . . . . . 7 2.1.6. Binary . . . . . . . . . . . . . . . . . . . . . . . 7
2.1.7. Reference . . . . . . . . . . . . . . . . . . . . . . 7 2.1.7. Reference . . . . . . . . . . . . . . . . . . . . . . 7
2.1.8. Complex . . . . . . . . . . . . . . . . . . . . . . . 7 2.1.8. Complex . . . . . . . . . . . . . . . . . . . . . . . 7
2.2. Multi-valued Attributes . . . . . . . . . . . . . . . . . 7 2.2. Multi-valued Attributes . . . . . . . . . . . . . . . . . 8
2.3. Unassigned and Null Values . . . . . . . . . . . . . . . 8 2.3. Unassigned and Null Values . . . . . . . . . . . . . . . 8
3. SCIM Resources . . . . . . . . . . . . . . . . . . . . . . . 8 3. SCIM Resources . . . . . . . . . . . . . . . . . . . . . . . 8
3.1. Common Attributes . . . . . . . . . . . . . . . . . . . . 11 3.1. Common Attributes . . . . . . . . . . . . . . . . . . . . 11
3.2. Defining New Resource Types . . . . . . . . . . . . . . . 12 3.2. Defining New Resource Types . . . . . . . . . . . . . . . 12
3.3. Attribute Extensions to Resources . . . . . . . . . . . . 12 3.3. Attribute Extensions to Resources . . . . . . . . . . . . 12
4. SCIM Core Resources and Extensions . . . . . . . . . . . . . 13 4. SCIM Core Resources and Extensions . . . . . . . . . . . . . 13
4.1. User Resource Schema . . . . . . . . . . . . . . . . . . 13 4.1. User Resource Schema . . . . . . . . . . . . . . . . . . 13
4.1.1. Singular Attributes . . . . . . . . . . . . . . . . . 13 4.1.1. Singular Attributes . . . . . . . . . . . . . . . . . 13
4.1.2. Multi-valued Attributes . . . . . . . . . . . . . . . 16 4.1.2. Multi-valued Attributes . . . . . . . . . . . . . . . 16
4.2. Group Resource Schema . . . . . . . . . . . . . . . . . . 18 4.2. Group Resource Schema . . . . . . . . . . . . . . . . . . 18
4.3. Enterprise User Schema Extension . . . . . . . . . . . . 19 4.3. Enterprise User Schema Extension . . . . . . . . . . . . 19
5. Service Provider Configuration Schema . . . . . . . . . . . . 19 5. Service Provider Configuration Schema . . . . . . . . . . . . 19
6. ResourceType Schema . . . . . . . . . . . . . . . . . . . . . 21 6. ResourceType Schema . . . . . . . . . . . . . . . . . . . . . 21
7. Schema Definition . . . . . . . . . . . . . . . . . . . . . . 22 7. Schema Definition . . . . . . . . . . . . . . . . . . . . . . 22
8. JSON Representation . . . . . . . . . . . . . . . . . . . . . 25 8. JSON Representation . . . . . . . . . . . . . . . . . . . . . 25
8.1. Minimal User Representation . . . . . . . . . . . . . . . 25 8.1. Minimal User Representation . . . . . . . . . . . . . . . 25
8.2. Full User Representation . . . . . . . . . . . . . . . . 26 8.2. Full User Representation . . . . . . . . . . . . . . . . 26
8.3. Enterprise User Extension Representation . . . . . . . . 29 8.3. Enterprise User Extension Representation . . . . . . . . 29
8.4. Group Representation . . . . . . . . . . . . . . . . . . 32 8.4. Group Representation . . . . . . . . . . . . . . . . . . 32
8.5. Service Provider Configuration Representation . . . . . . 33 8.5. Service Provider Configuration Representation . . . . . . 33
8.6. Resource Type Representation . . . . . . . . . . . . . . 34 8.6. Resource Type Representation . . . . . . . . . . . . . . 35
8.7. Schema Representation . . . . . . . . . . . . . . . . . . 34 8.7. Schema Representation . . . . . . . . . . . . . . . . . . 35
9. Security Considerations . . . . . . . . . . . . . . . . . . . 55 9. Security Considerations . . . . . . . . . . . . . . . . . . . 58
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 56 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 59
10.1. New Registration of SCIM URN Sub-namespace . . . . . . . 56 10.1. New Registration of SCIM URN Sub-namespace . . . . . . . 59
10.2. URN Sub-Namespace for SCIM . . . . . . . . . . . . . . . 56 10.2. URN Sub-Namespace for SCIM . . . . . . . . . . . . . . . 59
10.2.1. Specification Template . . . . . . . . . . . . . . . 57 10.2.1. Specification Template . . . . . . . . . . . . . . . 60
10.2.2. Pre-Registered SCIM Schema Identifiers . . . . . . . 59 10.2.2. Pre-Registered SCIM Schema Identifiers . . . . . . . 62
10.3. Registering SCIM Schemas . . . . . . . . . . . . . . . . 59 10.3. Registering SCIM Schemas . . . . . . . . . . . . . . . . 62
10.3.1. Registration Procedure . . . . . . . . . . . . . . . 59 10.3.1. Registration Procedure . . . . . . . . . . . . . . . 62
10.3.2. Schema Registration Template . . . . . . . . . . . . 60 10.3.2. Schema Registration Template . . . . . . . . . . . . 63
10.4. Initial SCIM Schema Registry . . . . . . . . . . . . . . 60 10.4. Initial SCIM Schema Registry . . . . . . . . . . . . . . 63
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 61 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 64
11.1. Normative References . . . . . . . . . . . . . . . . . . 61 11.1. Normative References . . . . . . . . . . . . . . . . . . 64
11.2. Informative References . . . . . . . . . . . . . . . . . 62 11.2. Informative References . . . . . . . . . . . . . . . . . 65
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 63 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 66
Appendix B. Change Log . . . . . . . . . . . . . . . . . . . . . 63 Appendix B. Change Log . . . . . . . . . . . . . . . . . . . . . 66
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 66 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 69
1. Introduction and Overview 1. Introduction and Overview
While there are existing standards for describing and exchanging user While there are existing standards for describing and exchanging user
information, many of these standards can be difficult to implement information, many of these standards can be difficult to implement
and/or use; e.g., their wire protocols do not easily traverse and/or use; e.g., their wire protocols do not easily traverse
firewalls and/or are not easily layered onto existing web protocols. firewalls and/or are not easily layered onto existing web protocols.
As a result, many cloud providers implement non-standardized As a result, many cloud providers implement non-standardized
protocols for managing users within their services. This increases protocols for managing users within their services. This increases
both the cost and complexity associated with organizations adopting both the cost and complexity associated with organizations adopting
skipping to change at page 4, line 18 skipping to change at page 4, line 18
1.1. Requirements Notation and Conventions 1.1. Requirements Notation and Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
Throughout this document, values are quoted to indicate that they are Throughout this document, values are quoted to indicate that they are
to be taken literally. When using these values in protocol messages, to be taken literally. When using these values in protocol messages,
the quotes MUST NOT be used as part of the value. the quotes MUST NOT be used as part of the value.
Throughout this documents all figures MAY contain spaces and extra
line-wrapping for readability and space reasons. Similarly, some
URI's contained within examples, have been shortened for space and
readability reasons.
1.2. Definitions 1.2. Definitions
Service Provider Service Provider
An HTTP web application that provides identity information via the An HTTP web application that provides identity information via the
SCIM protocol. SCIM protocol.
Client Client
A website or application that uses the SCIM protocol to manage A website or application that uses the SCIM protocol to manage
identity data maintained by the service provider. The client identity data maintained by the service provider. The client
initiates SCIM HTTP requests to a target service provider. initiates SCIM HTTP requests to a target service provider.
skipping to change at page 5, line 51 skipping to change at page 6, line 11
nameChar = "-" / "_" / DIGIT / ALPHA nameChar = "-" / "_" / DIGIT / ALPHA
Figure 1: ABNF for Attribute Names Figure 1: ABNF for Attribute Names
2.1. Attribute Data Types 2.1. Attribute Data Types
Attribute data types are derived from JSON [RFC7159] and unless Attribute data types are derived from JSON [RFC7159] and unless
otherwise specified have the following characteristics (see Section 7 otherwise specified have the following characteristics (see Section 7
for attribute characteristic definitions): for attribute characteristic definitions):
o are optional (is not required). o are OPTIONAL (is not required).
o are case insensitive (caseExact=false), o are case insensitive (caseExact=false),
o are modifiable (mutability is readWrite), o are modifiable (mutability is readWrite),
o are returned in response to queries (returned by default), o are returned in response to queries (returned by default),
o are not unique (uniqueness=none), and, o are not unique (uniqueness=none), and,
o of type String (Section 2.1.1). o of type String (Section 2.1.1).
skipping to change at page 7, line 44 skipping to change at page 8, line 9
2.1.8. Complex 2.1.8. Complex
A singular or multi-valued attribute whose value is a composition of A singular or multi-valued attribute whose value is a composition of
one or more simple Attributes. The JSON format is defined in one or more simple Attributes. The JSON format is defined in
Section 4 [RFC7159]. Section 4 [RFC7159].
2.2. Multi-valued Attributes 2.2. Multi-valued Attributes
Multi-valued attributes contain a list of value or may contain sub- Multi-valued attributes contain a list of value or may contain sub-
attributes and MAY also be considered complex attributes. The order attributes and MAY also be considered complex attributes. The order
of values returned by the server MAY NOT be guaranteed. The sub- of values returned by the server SHOULD NOT be guaranteed. The sub-
attributes below are considered normative and when specified SHOULD attributes below are considered normative and when specified SHOULD
be used as defined. be used as defined.
type A label indicating the attribute's function; e.g., "work" or type A label indicating the attribute's function; e.g., "work" or
"home". "home".
primary A Boolean value indicating the 'primary' or preferred primary A Boolean value indicating the 'primary' or preferred
attribute value for this attribute, e.g. the preferred mailing attribute value for this attribute, e.g. the preferred mailing
address or the primary e-mail address. The primary attribute address or the primary e-mail address. The primary attribute
value "true" MUST appear no more than once. value "true" MUST appear no more than once.
skipping to change at page 9, line 12 skipping to change at page 9, line 26
to indicate the namespace of SCIM schema that defines the to indicate the namespace of SCIM schema that defines the
attributes present in the current JSON structure. It may be used attributes present in the current JSON structure. It may be used
by parsers to define the attributes present in the JSON structure by parsers to define the attributes present in the JSON structure
that is the body to an HTTP Request or Response. Each String that is the body to an HTTP Request or Response. Each String
value must be a unique URI. All representations of SCIM schema value must be a unique URI. All representations of SCIM schema
MUST include a non-zero value array with value(s) of the URIs MUST include a non-zero value array with value(s) of the URIs
supported by that representation. The schemas attribute for a supported by that representation. The schemas attribute for a
resource MUST only contain values defined as "schema" and resource MUST only contain values defined as "schema" and
"schemaExtensions" for the resource's "resourceType". Duplicate "schemaExtensions" for the resource's "resourceType". Duplicate
values MUST NOT be included. Value order is not specified and values MUST NOT be included. Value order is not specified and
MUST not impact behavior. MUST NOT impact behavior.
Common Attributes Common Attributes
Are attributes that are part of every SCIM resource regardless of Are attributes that are part of every SCIM resource regardless of
the value of the "schemas" attribute present in a JSON body. the value of the "schemas" attribute present in a JSON body.
These attributes are not defined in any particular schema, but These attributes are not defined in any particular schema, but
SHALL be assumed to be present in every resource regardless of the SHALL be assumed to be present in every resource regardless of the
value of the "schemas" attribute. See Section 3.1. value of the "schemas" attribute. See Section 3.1.
Core Attributes Core Attributes
A resource's core attributes are those attributes that sit at the A resource's core attributes are those attributes that sit at the
skipping to change at page 10, line 13 skipping to change at page 10, line 13
conflicts from separate schema extensions. conflicts from separate schema extensions.
The following example "User" contains the common attributes "id", The following example "User" contains the common attributes "id",
"externalId", and the complex attribute "meta" which contains the "externalId", and the complex attribute "meta" which contains the
sub-attribute "resourceType". The resource also contains core sub-attribute "resourceType". The resource also contains core
attributes "userName", "name", as well as extended enterprise user attributes "userName", "name", as well as extended enterprise user
attributes "employeeNumber" and "costCenter" which are contained in attributes "employeeNumber" and "costCenter" which are contained in
their own JSON sub-structure identified by their schema URI. Some their own JSON sub-structure identified by their schema URI. Some
values have been omitted (...), shortened or spaced out for clarity. values have been omitted (...), shortened or spaced out for clarity.
{ {
"schemas": "schemas":
[ "urn:ietf:params:scim:schemas:core:2.0:User", [ "urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"], "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],
"id": "2819c223-7f76-453a-413861904646",
"externalId": ["701984"],
"userName": "bjensen@example.com", "id": "2819c223-7f76-453a-413861904646",
"name": { "externalId": ["701984"],
"formatted": "Ms. Barbara J Jensen III",
"familyName": "Jensen",
"givenName": "Barbara",
"middleName": "Jane",
"honorificPrefix": "Ms.",
"honorificSuffix": "III"
},
...
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { "userName": "bjensen@example.com",
"employeeNumber": "701984", "name": {
"costCenter": "4130", "formatted": "Ms. Barbara J Jensen III",
"familyName": "Jensen",
"givenName": "Barbara",
"middleName": "Jane",
"honorificPrefix": "Ms.",
"honorificSuffix": "III"
},
... ...
},
"meta": { "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"resourceType": "User", "employeeNumber": "701984",
"created": "2010-01-23T04:56:22Z", "costCenter": "4130",
"lastModified": "2011-05-13T04:42:34Z", ...
"version": "W\/\"3694e05e9dff591\"", },
"location": "https://example.com/v2/Users/2819c223-7f76-453a-413861904646"
} "meta": {
} "resourceType": "User",
"created": "2010-01-23T04:56:22Z",
"lastModified": "2011-05-13T04:42:34Z",
"version": "W\/\"3694e05e9dff591\"",
"location":
"https://example.com/v2/Users/2819c223-7f76-453a-413861904646"
}
}
Figure 2: Example JSON Resource Structure Figure 2: Example JSON Resource Structure
3.1. Common Attributes 3.1. Common Attributes
Each SCIM resource (Users, Groups, etc.) includes the following Each SCIM resource (Users, Groups, etc.) includes the following
common attributes. With the exception of "ServiceProviderConfig" and common attributes. With the exception of "ServiceProviderConfig" and
"ResourceType" server discovery endpoints and their associated "ResourceType" server discovery endpoints and their associated
resources, these attributes MUST be included in all resources, resources, these attributes MUST be included in all resources,
including any extended resource types. Common attributes are including any extended resource types. Common attributes are
considered to be part of every base resource schema and do not use considered to be part of every base resource schema and do not use
their own schemas URI and SHALL not be considered schema extensions. their own schemas URI and SHALL NOT be considered schema extensions.
For backwards compatibility reasons, some existing schema MAY list For backwards compatibility reasons, some existing schema MAY list
common attributes as part of the schema. The attribute common attributes as part of the schema. The attribute
characteristics listed here SHALL take precedence. characteristics listed here SHALL take precedence.
id id
A unique identifier for a SCIM resource as defined by the service A unique identifier for a SCIM resource as defined by the service
provider. Each representation of the resource MUST include a non- provider. Each representation of the resource MUST include a non-
empty "id" value. This identifier MUST be unique across the SCIM empty "id" value. This identifier MUST be unique across the SCIM
service provider's entire set of resources. It MUST be a stable, service provider's entire set of resources. It MUST be a stable,
skipping to change at page 23, line 41 skipping to change at page 23, line 41
schema specification. OPTIONAL. schema specification. OPTIONAL.
The following multi-valued attribute is defined: The following multi-valued attribute is defined:
attributes attributes
A complex type with the following set of sub-attributes that A complex type with the following set of sub-attributes that
defines service provider attributes and their qualities: defines service provider attributes and their qualities:
name The attribute's name. name The attribute's name.
type The attribute's data type; e.g., "String". type The attribute's data type. Valid values are: "string",
"complex", and "boolean". When an attribute is of type
"complex", there SHOULD be a corresponding schema attribute
"subAttributes" defined listing the sub-attribtues of the
attribute.
subAttributes When an attribute is of type "complex",
"subAttributes" defines set of sub-attributes. "subAttributes"
has the same schema sub-attributes as "attributes".
multiValued Boolean value indicating the attribute's plurality. multiValued Boolean value indicating the attribute's plurality.
description The attribute's human readable description. When description The attribute's human readable description. When
applicable service providers MUST specify the description applicable service providers MUST specify the description
specified in the core schema specification. specified in the core schema specification.
required A Boolean value that specifies if the attribute is required A Boolean value that specifies if the attribute is
required. required.
skipping to change at page 25, line 24 skipping to change at page 25, line 32
Response code 400 (Bad Request). A client MAY enforce Response code 400 (Bad Request). A client MAY enforce
uniqueness on the client-side to a greater degree than the uniqueness on the client-side to a greater degree than the
service provider enforces. For example, a client could make a service provider enforces. For example, a client could make a
value unique while the server has uniqueness of "none". Valid value unique while the server has uniqueness of "none". Valid
keywords are: keywords are:
none The values are not intended to be unique in any way. none The values are not intended to be unique in any way.
DEFAULT. DEFAULT.
server The value SHOULD be unique within the context of the server The value SHOULD be unique within the context of the
current SCIM endpoint (or tenancy) but MAY not be globally current SCIM endpoint (or tenancy) and MAY be globally
unique (e.g. a "username", email address, or other server unique (e.g. a "username", email address, or other server
generated key or counter). No two resources on the same generated key or counter). No two resources on the same
server SHOULD possess the same value. server SHOULD possess the same value.
global The value SHOULD be globally unique (e.g. an email global The value SHOULD be globally unique (e.g. an email
address, a GUID, or other value). No two resources on any address, a GUID, or other value). No two resources on any
server SHOULD possess the same value. server SHOULD possess the same value.
referenceTypes The names of the resource types that may be referenceTypes The names of the resource types that may be
referenced; e.g., "User". This is only applicable for referenced; e.g., "User". This is only applicable for
skipping to change at page 26, line 14 skipping to change at page 26, line 14
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"], "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
"id": "2819c223-7f76-453a-919d-413861904646", "id": "2819c223-7f76-453a-919d-413861904646",
"userName": "bjensen@example.com", "userName": "bjensen@example.com",
"meta": { "meta": {
"resourceType": "User", "resourceType": "User",
"created": "2010-01-23T04:56:22Z", "created": "2010-01-23T04:56:22Z",
"lastModified": "2011-05-13T04:42:34Z", "lastModified": "2011-05-13T04:42:34Z",
"version": "W\/\"3694e05e9dff590\"", "version": "W\/\"3694e05e9dff590\"",
"location": "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646" "location":
"https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646"
} }
} }
Figure 3: Example Minimal User JSON Representation Figure 3: Example Minimal User JSON Representation
8.2. Full User Representation 8.2. Full User Representation
The following is a non-normative example of the fully populated SCIM The following is a non-normative example of the fully populated SCIM
representation in JSON format. representation in JSON format.
skipping to change at page 27, line 42 skipping to change at page 27, line 43
} }
], ],
"ims": [ "ims": [
{ {
"value": "someaimhandle", "value": "someaimhandle",
"type": "aim" "type": "aim"
} }
], ],
"photos": [ "photos": [
{ {
"value": "https://photos.example.com/profilephoto/72930000000Ccne/F", "value":
"https://photos.example.com/profilephoto/72930000000Ccne/F",
"type": "photo" "type": "photo"
}, },
{ {
"value": "https://photos.example.com/profilephoto/72930000000Ccne/T", "value":
"https://photos.example.com/profilephoto/72930000000Ccne/T",
"type": "thumbnail" "type": "thumbnail"
} }
], ],
"userType": "Employee", "userType": "Employee",
"title": "Tour Guide", "title": "Tour Guide",
"preferredLanguage":"en-US", "preferredLanguage":"en-US",
"locale": "en-US", "locale": "en-US",
"timezone": "America/Los_Angeles", "timezone": "America/Los_Angeles",
"active":true, "active":true,
"password":"t1meMa$heen", "password":"t1meMa$heen",
"groups": [ "groups": [
{ {
skipping to change at page 28, line 12 skipping to change at page 28, line 16
"userType": "Employee", "userType": "Employee",
"title": "Tour Guide", "title": "Tour Guide",
"preferredLanguage":"en-US", "preferredLanguage":"en-US",
"locale": "en-US", "locale": "en-US",
"timezone": "America/Los_Angeles", "timezone": "America/Los_Angeles",
"active":true, "active":true,
"password":"t1meMa$heen", "password":"t1meMa$heen",
"groups": [ "groups": [
{ {
"value": "e9e30dba-f08f-4109-8486-d5c6a331660a", "value": "e9e30dba-f08f-4109-8486-d5c6a331660a",
"$ref": "https://example.com/v2/Groups/e9e30dba-f08f-4109-8486-d5c6a331660a", "$ref":
"https://example.com/v2/Groups/e9e30dba-f08f-4109-8486-d5c6a331660a",
"display": "Tour Guides" "display": "Tour Guides"
}, },
{ {
"value": "fc348aa8-3835-40eb-a20b-c726e15c55b5", "value": "fc348aa8-3835-40eb-a20b-c726e15c55b5",
"$ref": "https://example.com/v2/Groups/fc348aa8-3835-40eb-a20b-c726e15c55b5", "$ref":
"https://example.com/v2/Groups/fc348aa8-3835-40eb-a20b-c726e15c55b5",
"display": "Employees" "display": "Employees"
}, },
{ {
"value": "71ddacd2-a8e7-49b8-a5db-ae50d0a5bfd7", "value": "71ddacd2-a8e7-49b8-a5db-ae50d0a5bfd7",
"$ref": "https://example.com/v2/Groups/71ddacd2-a8e7-49b8-a5db-ae50d0a5bfd7", "$ref":
"https://example.com/v2/Groups/71ddacd2-a8e7-49b8-a5db-ae50d0a5bfd7",
"display": "US Employees" "display": "US Employees"
} }
], ],
"x509Certificates": [ "x509Certificates": [
{ {
"value": "MIIDQzCCAqygAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMx "value":
EzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAoMC2V4YW1wbGUuY29tMRQwEgYD "MIIDQzCCAqygAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMx
VQQDDAtleGFtcGxlLmNvbTAeFw0xMTEwMjIwNjI0MzFaFw0xMjEwMDQwNjI0MzFa EzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAoMC2V4YW1wbGUuY29tMRQwEgYD
MH8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQKDAtl VQQDDAtleGFtcGxlLmNvbTAeFw0xMTEwMjIwNjI0MzFaFw0xMjEwMDQwNjI0MzFa
eGFtcGxlLmNvbTEhMB8GA1UEAwwYTXMuIEJhcmJhcmEgSiBKZW5zZW4gSUlJMSIw MH8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQKDAtl
IAYJKoZIhvcNAQkBFhNiamVuc2VuQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0B eGFtcGxlLmNvbTEhMB8GA1UEAwwYTXMuIEJhcmJhcmEgSiBKZW5zZW4gSUlJMSIw
AQEFAAOCAQ8AMIIBCgKCAQEA7Kr+Dcds/JQ5GwejJFcBIP682X3xpjis56AK02bc IAYJKoZIhvcNAQkBFhNiamVuc2VuQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0B
1FLgzdLI8auoR+cC9/Vrh5t66HkQIOdA4unHh0AaZ4xL5PhVbXIPMB5vAPKpzz5i AQEFAAOCAQ8AMIIBCgKCAQEA7Kr+Dcds/JQ5GwejJFcBIP682X3xpjis56AK02bc
PSi8xO8SL7I7SDhcBVJhqVqr3HgllEG6UClDdHO7nkLuwXq8HcISKkbT5WFTVfFZ 1FLgzdLI8auoR+cC9/Vrh5t66HkQIOdA4unHh0AaZ4xL5PhVbXIPMB5vAPKpzz5i
zidPl8HZ7DhXkZIRtJwBweq4bvm3hM1Os7UQH05ZS6cVDgweKNwdLLrT51ikSQG3 PSi8xO8SL7I7SDhcBVJhqVqr3HgllEG6UClDdHO7nkLuwXq8HcISKkbT5WFTVfFZ
DYrl+ft781UQRIqxgwqCfXEuDiinPh0kkvIi5jivVu1Z9QiwlYEdRbLJ4zJQBmDr zidPl8HZ7DhXkZIRtJwBweq4bvm3hM1Os7UQH05ZS6cVDgweKNwdLLrT51ikSQG3
SGTMYn4lRc2HgHO4DqB/bnMVorHB0CC6AV1QoFK4GPe1LwIDAQABo3sweTAJBgNV DYrl+ft781UQRIqxgwqCfXEuDiinPh0kkvIi5jivVu1Z9QiwlYEdRbLJ4zJQBmDr
HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp SGTMYn4lRc2HgHO4DqB/bnMVorHB0CC6AV1QoFK4GPe1LwIDAQABo3sweTAJBgNV
Y2F0ZTAdBgNVHQ4EFgQU8pD0U0vsZIsaA16lL8En8bx0F/gwHwYDVR0jBBgwFoAU HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
dGeKitcaF7gnzsNwDx708kqaVt0wDQYJKoZIhvcNAQEFBQADgYEAA81SsFnOdYJt Y2F0ZTAdBgNVHQ4EFgQU8pD0U0vsZIsaA16lL8En8bx0F/gwHwYDVR0jBBgwFoAU
Ng5Tcq+/ByEDrBgnusx0jloUhByPMEVkoMZ3J7j1ZgI8rAbOkNngX8+pKfTiDz1R dGeKitcaF7gnzsNwDx708kqaVt0wDQYJKoZIhvcNAQEFBQADgYEAA81SsFnOdYJt
C4+dx8oU6Za+4NJXUjlL5CvV6BEYb1+QAEJwitTVvxB/A67g42/vzgAtoRUeDov1 Ng5Tcq+/ByEDrBgnusx0jloUhByPMEVkoMZ3J7j1ZgI8rAbOkNngX8+pKfTiDz1R
+GFiBZ+GNF/cAYKcMtGcrs2i97ZkJMo=" C4+dx8oU6Za+4NJXUjlL5CvV6BEYb1+QAEJwitTVvxB/A67g42/vzgAtoRUeDov1
+GFiBZ+GNF/cAYKcMtGcrs2i97ZkJMo="
} }
], ],
"meta": { "meta": {
"resourceType": "User", "resourceType": "User",
"created": "2010-01-23T04:56:22Z", "created": "2010-01-23T04:56:22Z",
"lastModified": "2011-05-13T04:42:34Z", "lastModified": "2011-05-13T04:42:34Z",
"version": "W\/\"a330bc54f0671c9\"", "version": "W\/\"a330bc54f0671c9\"",
"location": "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646" "location":
"https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646"
} }
} }
Figure 4: Example Full User JSON Representation Figure 4: Example Full User JSON Representation
8.3. Enterprise User Extension Representation 8.3. Enterprise User Extension Representation
The following is a non-normative example of the fully populated User The following is a non-normative example of the fully populated User
using the enterprise User extension in JSON format. using the enterprise User extension in JSON format.
skipping to change at page 30, line 36 skipping to change at page 30, line 45
} }
], ],
"ims": [ "ims": [
{ {
"value": "someaimhandle", "value": "someaimhandle",
"type": "aim" "type": "aim"
} }
], ],
"photos": [ "photos": [
{ {
"value": "https://photos.example.com/profilephoto/72930000000Ccne/F", "value":
"https://photos.example.com/profilephoto/72930000000Ccne/F",
"type": "photo" "type": "photo"
}, },
{ {
"value": "https://photos.example.com/profilephoto/72930000000Ccne/T", "value":
"https://photos.example.com/profilephoto/72930000000Ccne/T",
"type": "thumbnail" "type": "thumbnail"
} }
], ],
"userType": "Employee", "userType": "Employee",
"title": "Tour Guide", "title": "Tour Guide",
"preferredLanguage":"en-US", "preferredLanguage":"en-US",
"locale": "en-US", "locale": "en-US",
"timezone": "America/Los_Angeles", "timezone": "America/Los_Angeles",
"active":true, "active":true,
"password":"t1meMa$heen", "password":"t1meMa$heen",
"groups": [ "groups": [
skipping to change at page 31, line 22 skipping to change at page 31, line 33
"display": "Employees" "display": "Employees"
}, },
{ {
"value": "71ddacd2-a8e7-49b8-a5db-ae50d0a5bfd7", "value": "71ddacd2-a8e7-49b8-a5db-ae50d0a5bfd7",
"$ref": "/Groups/71ddacd2-a8e7-49b8-a5db-ae50d0a5bfd7", "$ref": "/Groups/71ddacd2-a8e7-49b8-a5db-ae50d0a5bfd7",
"display": "US Employees" "display": "US Employees"
} }
], ],
"x509Certificates": [ "x509Certificates": [
{ {
"value": "MIIDQzCCAqygAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMx "value":
EzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAoMC2V4YW1wbGUuY29tMRQwEgYD "MIIDQzCCAqygAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMx
VQQDDAtleGFtcGxlLmNvbTAeFw0xMTEwMjIwNjI0MzFaFw0xMjEwMDQwNjI0MzFa EzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAoMC2V4YW1wbGUuY29tMRQwEgYD
MH8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQKDAtl VQQDDAtleGFtcGxlLmNvbTAeFw0xMTEwMjIwNjI0MzFaFw0xMjEwMDQwNjI0MzFa
eGFtcGxlLmNvbTEhMB8GA1UEAwwYTXMuIEJhcmJhcmEgSiBKZW5zZW4gSUlJMSIw MH8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQKDAtl
IAYJKoZIhvcNAQkBFhNiamVuc2VuQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0B eGFtcGxlLmNvbTEhMB8GA1UEAwwYTXMuIEJhcmJhcmEgSiBKZW5zZW4gSUlJMSIw
AQEFAAOCAQ8AMIIBCgKCAQEA7Kr+Dcds/JQ5GwejJFcBIP682X3xpjis56AK02bc IAYJKoZIhvcNAQkBFhNiamVuc2VuQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0B
1FLgzdLI8auoR+cC9/Vrh5t66HkQIOdA4unHh0AaZ4xL5PhVbXIPMB5vAPKpzz5i AQEFAAOCAQ8AMIIBCgKCAQEA7Kr+Dcds/JQ5GwejJFcBIP682X3xpjis56AK02bc
PSi8xO8SL7I7SDhcBVJhqVqr3HgllEG6UClDdHO7nkLuwXq8HcISKkbT5WFTVfFZ 1FLgzdLI8auoR+cC9/Vrh5t66HkQIOdA4unHh0AaZ4xL5PhVbXIPMB5vAPKpzz5i
zidPl8HZ7DhXkZIRtJwBweq4bvm3hM1Os7UQH05ZS6cVDgweKNwdLLrT51ikSQG3 PSi8xO8SL7I7SDhcBVJhqVqr3HgllEG6UClDdHO7nkLuwXq8HcISKkbT5WFTVfFZ
DYrl+ft781UQRIqxgwqCfXEuDiinPh0kkvIi5jivVu1Z9QiwlYEdRbLJ4zJQBmDr zidPl8HZ7DhXkZIRtJwBweq4bvm3hM1Os7UQH05ZS6cVDgweKNwdLLrT51ikSQG3
SGTMYn4lRc2HgHO4DqB/bnMVorHB0CC6AV1QoFK4GPe1LwIDAQABo3sweTAJBgNV DYrl+ft781UQRIqxgwqCfXEuDiinPh0kkvIi5jivVu1Z9QiwlYEdRbLJ4zJQBmDr
HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp SGTMYn4lRc2HgHO4DqB/bnMVorHB0CC6AV1QoFK4GPe1LwIDAQABo3sweTAJBgNV
Y2F0ZTAdBgNVHQ4EFgQU8pD0U0vsZIsaA16lL8En8bx0F/gwHwYDVR0jBBgwFoAU HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
dGeKitcaF7gnzsNwDx708kqaVt0wDQYJKoZIhvcNAQEFBQADgYEAA81SsFnOdYJt Y2F0ZTAdBgNVHQ4EFgQU8pD0U0vsZIsaA16lL8En8bx0F/gwHwYDVR0jBBgwFoAU
Ng5Tcq+/ByEDrBgnusx0jloUhByPMEVkoMZ3J7j1ZgI8rAbOkNngX8+pKfTiDz1R dGeKitcaF7gnzsNwDx708kqaVt0wDQYJKoZIhvcNAQEFBQADgYEAA81SsFnOdYJt
C4+dx8oU6Za+4NJXUjlL5CvV6BEYb1+QAEJwitTVvxB/A67g42/vzgAtoRUeDov1 Ng5Tcq+/ByEDrBgnusx0jloUhByPMEVkoMZ3J7j1ZgI8rAbOkNngX8+pKfTiDz1R
+GFiBZ+GNF/cAYKcMtGcrs2i97ZkJMo=" C4+dx8oU6Za+4NJXUjlL5CvV6BEYb1+QAEJwitTVvxB/A67g42/vzgAtoRUeDov1
+GFiBZ+GNF/cAYKcMtGcrs2i97ZkJMo="
} }
], ],
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"employeeNumber": "701984", "employeeNumber": "701984",
"costCenter": "4130", "costCenter": "4130",
"organization": "Universal Studios", "organization": "Universal Studios",
"division": "Theme Park", "division": "Theme Park",
"department": "Tour Operations", "department": "Tour Operations",
"manager": { "manager": [{
"managerId": "26118915-6090-4610-87e4-49d8ca9f808d", "value": "26118915-6090-4610-87e4-49d8ca9f808d",
"$ref": "/Users/26118915-6090-4610-87e4-49d8ca9f808d", "$ref": "/Users/26118915-6090-4610-87e4-49d8ca9f808d",
"displayName": "John Smith" "displayName": "John Smith"
}]
}
}, },
"meta": { "meta": {
"resourceType": "User", "resourceType": "User",
"created": "2010-01-23T04:56:22Z", "created": "2010-01-23T04:56:22Z",
"lastModified": "2011-05-13T04:42:34Z", "lastModified": "2011-05-13T04:42:34Z",
"version": "W\/\"3694e05e9dff591\"", "version": "W\/\"3694e05e9dff591\"",
"location": "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646" "location":
"https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646"
} }
} }
Figure 5: Example Enterprise User JSON Representation Figure 5: Example Enterprise User JSON Representation
8.4. Group Representation 8.4. Group Representation
The following is a non-normative example of SCIM Group representation The following is a non-normative example of SCIM Group representation
in JSON format. in JSON format.
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"], "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
"id": "e9e30dba-f08f-4109-8486-d5c6a331660a", "id": "e9e30dba-f08f-4109-8486-d5c6a331660a",
"displayName": "Tour Guides", "displayName": "Tour Guides",
"members": [ "members": [
{ {
"value": "2819c223-7f76-453a-919d-413861904646", "value": "2819c223-7f76-453a-919d-413861904646",
"$ref": "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646", "$ref":
"display": "Babs Jensen" "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646",
}, "display": "Babs Jensen"
{ },
"value": "902c246b-6245-4190-8e05-00816be7344a", {
"$ref": "https://example.com/v2/Users/902c246b-6245-4190-8e05-00816be7344a", "value": "902c246b-6245-4190-8e05-00816be7344a",
"display": "Mandy Pepperidge" "$ref":
} "https://example.com/v2/Users/902c246b-6245-4190-8e05-00816be7344a",
], "display": "Mandy Pepperidge"
"meta": { }
"resourceType": "Group", ],
"created": "2010-01-23T04:56:22Z", "meta": {
"lastModified": "2011-05-13T04:42:34Z", "resourceType": "Group",
"version": "W\/\"3694e05e9dff592\"", "created": "2010-01-23T04:56:22Z",
"location": "https://example.com/v2/Groups/e9e30dba-f08f-4109-8486-d5c6a331660a" "lastModified": "2011-05-13T04:42:34Z",
} "version": "W\/\"3694e05e9dff592\"",
} "location":
"https://example.com/v2/Groups/e9e30dba-f08f-4109-8486-d5c6a331660a"
}
}
Figure 6: Example Group JSON Representation Figure 6: Example Group JSON Representation
8.5. Service Provider Configuration Representation 8.5. Service Provider Configuration Representation
The following is a non-normative example of the SCIM service provider The following is a non-normative example of the SCIM service provider
configuration representation in JSON format. configuration representation in JSON format.
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"], "schemas": [
"documentationUrl":"http://example.com/help/scim.html", "urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"
"patch": { ],
"supported":true "documentationUrl":"http://example.com/help/scim.html",
}, "patch": {
"bulk": { "supported":true
"supported":true,
"maxOperations":1000,
"maxPayloadSize":1048576
},
"filter": {
"supported":true,
"maxResults": 200
},
"changePassword" : {
"supported":true
},
"sort": {
"supported":true
},
"etag": {
"supported":true
},
"authenticationSchemes": [
{
"name": "OAuth Bearer Token",
"description": "Authentication Scheme using the OAuth Bearer Token Standard",
"specUrl":"http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-01",
"documentationUrl":"http://example.com/help/oauth.html",
"type":"oauthbearertoken",
"primary": true
}, },
{ "bulk": {
"name": "HTTP Basic", "supported":true,
"description": "Authentication Scheme using the Http Basic Standard", "maxOperations":1000,
"specUrl":"http://www.ietf.org/rfc/rfc2617.txt", "maxPayloadSize":1048576
"documentationUrl":"http://example.com/help/httpBasic.html", },
"type":"httpbasic" "filter": {
} "supported":true,
], "maxResults": 200
"meta": { },
"location":"https://example.com/v2/ServiceProviderConfig", "changePassword" : {
"resourceType": "ServiceProviderConfig", "supported":true
"created": "2010-01-23T04:56:22Z", },
"lastModified": "2011-05-13T04:42:34Z", "sort": {
"version": "W\/\"3694e05e9dff594\"" "supported":true
},
"etag": {
"supported":true
},
"authenticationSchemes": [
{
"name": "OAuth Bearer Token",
"description":
"Authentication Scheme using the OAuth Bearer Token Standard",
"specUrl":
"http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-01",
"documentationUrl":"http://example.com/help/oauth.html",
"type":"oauthbearertoken",
"primary": true
},
{
"name": "HTTP Basic",
"description":
"Authentication Scheme using the Http Basic Standard",
"specUrl":"http://www.ietf.org/rfc/rfc2617.txt",
"documentationUrl":"http://example.com/help/httpBasic.html",
"type":"httpbasic"
}
],
"meta": {
"location":"https://example.com/v2/ServiceProviderConfig",
"resourceType": "ServiceProviderConfig",
"created": "2010-01-23T04:56:22Z",
"lastModified": "2011-05-13T04:42:34Z",
"version": "W\/\"3694e05e9dff594\""
}
} }
}
Figure 7: Example Service Provider Config JSON Representation Figure 7: Example Service Provider Config JSON Representation
8.6. Resource Type Representation 8.6. Resource Type Representation
The following is a non-normative example of the SCIM resource type The following is a non-normative example of the SCIM resource type
representation in JSON format. representation in JSON format.
{ {
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:ResourceType"], "schemas": ["urn:ietf:params:scim:schemas:core:2.0:ResourceType"],
"id":"User", "id":"User",
"name":"User", "name":"User",
"endpoint": "/Users", "endpoint": "/Users",
"description": "User Account", "description": "User Account",
"schema": "urn:ietf:params:scim:schemas:core:2.0:User", "schema": "urn:ietf:params:scim:schemas:core:2.0:User",
"schemaExtensions": [ "schemaExtensions": [
{ {
"schema": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", "schema":
"required": true "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
} "required": true
], }
"meta": { ],
"location":"https://example.com/v2/ResourceTypes/User", "meta": {
"resourceType": "ResourceType", "location":"https://example.com/v2/ResourceTypes/User",
"created": "2010-01-23T04:56:22Z", "resourceType": "ResourceType",
"lastModified": "2011-05-13T04:42:34Z", "created": "2010-01-23T04:56:22Z",
"version": "W\/\"3694e05e9dff595\"" "lastModified": "2011-05-13T04:42:34Z",
} "version": "W\/\"3694e05e9dff595\""
} }
}
Figure 8: Example Resource Type JSON Representation Figure 8: Example Resource Type JSON Representation
8.7. Schema Representation 8.7. Schema Representation
The following is intended as normative example of the SCIM Schema The following is intended as normative example of the SCIM Schema
representation in JSON format. Where permitted individual values and representation in JSON format. Where permitted individual values and
schema MAY change. Included but not limited to, are schemas for schema MAY change. Included but not limited to, are schemas for
User, Group, and enterprise user. User, Group, and enterprise user.
{[ {[
{ {
"id" : "urn:ietf:params:scim:schemas:core:2.0:User", "id" : "urn:ietf:params:scim:schemas:core:2.0:User",
"name" : "User", "name" : "User",
"description" : "User Account", "description" : "User Account",
"attributes" : [ "attributes" : [
{ {
"name" : "userName", "name" : "userName",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "Unique identifier for the User typically used by the user to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the Service Consumer's entire set of Users. REQUIRED", "description" : "Unique identifier for the User typically used
by the user to directly authenticate to the service provider. Each User
MUST include a non-empty userName value. This identifier MUST be unique
across the Service Consumer's entire set of Users. REQUIRED",
"required" : true, "required" : true,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "server" "uniqueness" : "server"
}, },
{ {
"name" : "name", "name" : "name",
"type" : "complex", "type" : "complex",
"multiValued" : false, "multiValued" : false,
"description" : "The components of the user's real name. Providers MAY return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.", "description" : "The components of the user's real name.
Providers MAY return just the full name as a single string in the
formatted sub-attribute, or they MAY return just the individual
component attributes using the other sub-attributes, or they MAY return
both. If both variants are returned, they SHOULD be describing the same
name, with the formatted name indicating how the component attributes
should be combined.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"subAttributes" : [ "subAttributes" : [
{ {
"name" : "formatted", "name" : "formatted",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "The full name, including all middle names, titles, and suffixes as appropriate, formatted for display (e.g. Ms. Barbara J Jensen, III.).", "description" : "The full name, including all middle names,
titles, and suffixes as appropriate, formatted for display (e.g. Ms.
Barbara J Jensen, III.).",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "familyName", "name" : "familyName",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "The family name of the User, or Last Name in most Western languages (e.g. Jensen given the full name Ms. Barbara J Jensen, III.).", "description" : "The family name of the User, or Last Name
in most Western languages (e.g. Jensen given the full name Ms. Barbara J
Jensen, III.).",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "givenName", "name" : "givenName",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "The given name of the User, or First Name in most Western languages (e.g. Barbara given the full name Ms. Barbara J Jensen, III.).", "description" : "The given name of the User, or First Name
in most Western languages (e.g. Barbara given the full name Ms. Barbara
J Jensen, III.).",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "middleName", "name" : "middleName",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "The middle name(s) of the User (e.g. Robert given the full name Ms. Barbara J Jensen, III.).", "description" : "The middle name(s) of the User (e.g. Robert
given the full name Ms. Barbara J Jensen, III.).",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "honorificPrefix", "name" : "honorificPrefix",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "The honorific prefix(es) of the User, or Title in most Western languages (e.g. Ms. given the full name Ms. Barbara J Jensen, III.).", "description" : "The honorific prefix(es) of the User, or
Title in most Western languages (e.g. Ms. given the full name Ms.
Barbara J Jensen, III.).",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "honorificSuffix", "name" : "honorificSuffix",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "The honorific suffix(es) of the User, or Suffix in most Western languages (e.g. III. given the full name Ms. Barbara J Jensen, III.).", "description" : "The honorific suffix(es) of the User, or
Suffix in most Western languages (e.g. III. given the full name Ms.
Barbara J Jensen, III.).",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
} }
], ],
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "displayName", "name" : "displayName",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "The name of the User, suitable for display to end-users. The name SHOULD be the full name of the User being described if known", "description" : "The name of the User, suitable for display to
end-users. The name SHOULD be the full name of the User being described
if known",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "nickName", "name" : "nickName",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "The casual way to address the user in real life, e.g. \"Bob\" or \"Bobby\" instead of \"Robert\". This attribute SHOULD NOT be used to represent a User's username (e.g. bjensen or mpepperidge)", "description" : "The casual way to address the user in real
life, e.g. "Bob" or "Bobby" instead of "Robert". This attribute
SHOULD NOT be used to represent a User's username (e.g. bjensen or
mpepperidge)",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "profileUrl", "name" : "profileUrl",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "A fully qualified URL to a page representing the User's online profile", "description" : "A fully qualified URL to a page representing
the User's online profile",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "title", "name" : "title",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
skipping to change at page 37, line 49 skipping to change at page 39, line 19
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "userType", "name" : "userType",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "Used to identify the organization to user relationship. Typical values used might be \"Contractor\", \"Employee\", \"Intern\", \"Temp\", \"External\", and \"Unknown\" but any value may be used ", "description" : "Used to identify the organization to user
relationship. Typical values used might be "Contractor", "Employee",
"Intern", "Temp", "External", and "Unknown" but any value may be
used ",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "preferredLanguage", "name" : "preferredLanguage",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "Indicates the User's preferred written or spoken language. Generally used for selecting a localized User interface. e.g., 'en_US' specifies the language English and country US.", "description" : "Indicates the User's preferred written or
spoken language. Generally used for selecting a localized User
interface. e.g., 'en_US' specifies the language English and country
US.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "locale", "name" : "locale",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "Used to indicate the User's default location for purposes of localizing items such as currency, date time format, numerical representations, etc.", "description" : "Used to indicate the User's default location
for purposes of localizing items such as currency, date time format,
numerical representations, etc.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "timezone", "name" : "timezone",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "The User's time zone in the \"Olson\" timezone database format [19]; e.g.,'America/Los_Angeles'", "description" : "The User's time zone in the "Olson" timezone
database format; e.g.,'America/Los_Angeles'",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "active", "name" : "active",
"type" : "boolean", "type" : "boolean",
"multiValued" : false, "multiValued" : false,
"description" : "A Boolean value indicating the User's administrative status.", "description" : "A Boolean value indicating the User's
administrative status.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "password", "name" : "password",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "The User's clear text password. This attribute is intended to be used as a means to specify an initial password when creating a new User or to reset an existing User's password.", "description" : "The User's clear text password. This attribute
is intended to be used as a means to specify an initial password when
creating a new User or to reset an existing User's password.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "writeOnly", "mutability" : "writeOnly",
"returned" : "never", "returned" : "never",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "emails", "name" : "emails",
"type" : "complex", "type" : "complex",
"multiValued" : true, "multiValued" : true,
"description" : "E-mail addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g. bjensen@example.com instead of bjensen@EXAMPLE.COM. Canonical Type values of work, home, and other.", "description" : "E-mail addresses for the user. The value SHOULD
be canonicalized by the Service Provider, e.g. bjensen@example.com
instead of bjensen@EXAMPLE.COM. Canonical Type values of work, home, and
other.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"subAttributes" : [ "subAttributes" : [
{ {
"name" : "value", "name" : "value",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "E-mail addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g. bjensen@example.com instead of bjensen@EXAMPLE.COM. Canonical Type values of work, home, and other.", "description" : "E-mail addresses for the user. The value
SHOULD be canonicalized by the Service Provider, e.g.
bjensen@example.com instead of bjensen@EXAMPLE.COM. Canonical Type
values of work, home, and other.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "display", "name" : "display",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "A human readable name, primarily used for display purposes. READ-ONLY.", "description" : "A human readable name, primarily used for
display purposes. READ-ONLY.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "type", "name" : "type",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "A label indicating the attribute's function; e.g., 'work' or 'home'.", "description" : "A label indicating the attribute's
function; e.g., 'work' or 'home'.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"canonicalValues" : [ "canonicalValues" : [
"work", "work",
"home", "home",
"other" "other"
], ],
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "primary", "name" : "primary",
"type" : "boolean", "type" : "boolean",
"multiValued" : false, "multiValued" : false,
"description" : "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g. the preferred mailing address or primary e-mail address. The primary attribute value 'true' MUST appear no more than once.", "description" : "A Boolean value indicating the 'primary' or
preferred attribute value for this attribute, e.g. the preferred mailing
address or primary e-mail address. The primary attribute value 'true'
MUST appear no more than once.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
} }
], ],
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "phoneNumbers", "name" : "phoneNumbers",
"type" : "complex", "type" : "complex",
"multiValued" : true, "multiValued" : true,
"description" : "Phone numbers for the User. The value SHOULD be canonicalized by the Service Provider according to format in RFC3966 [20] e.g. 'tel:+1-201-555-0123'. Canonical Type values of work, home, mobile, fax, pager and other.", "description" : "Phone numbers for the User. The value SHOULD
be canonicalized by the Service Provider according to format in RFC3966
e.g. 'tel:+1-201-555-0123'. Canonical Type values of work, home,
mobile, fax, pager and other.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"subAttributes" : [ "subAttributes" : [
{ {
"name" : "value", "name" : "value",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "Phone number of the User", "description" : "Phone number of the User",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "display", "name" : "display",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "A human readable name, primarily used for display purposes. READ-ONLY.", "description" : "A human readable name, primarily used for
display purposes. READ-ONLY.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "type", "name" : "type",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "A label indicating the attribute's function; e.g., 'work' or 'home' or 'mobile' etc.", "description" : "A label indicating the attribute's
function; e.g., 'work' or 'home' or 'mobile' etc.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"canonicalValues" : [ "canonicalValues" : [
"work", "work",
"home", "home",
"mobile", "mobile",
"fax", "fax",
"pager", "pager",
"other" "other"
], ],
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "primary", "name" : "primary",
"type" : "boolean", "type" : "boolean",
"multiValued" : false, "multiValued" : false,
"description" : "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g. the preferred phone number or primary phone number. The primary attribute value 'true' MUST appear no more than once.", "description" : "A Boolean value indicating the 'primary' or
preferred attribute value for this attribute, e.g. the preferred phone
number or primary phone number. The primary attribute value 'true' MUST
appear no more than once.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
} }
], ],
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
skipping to change at page 42, line 21 skipping to change at page 44, line 22
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "display", "name" : "display",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "A human readable name, primarily used for display purposes. READ-ONLY.", "description" : "A human readable name, primarily used for
display purposes. READ-ONLY.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "type", "name" : "type",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "A label indicating the attribute's function; e.g., 'aim', 'gtalk', 'mobile' etc.", "description" : "A label indicating the attribute's
function; e.g., 'aim', 'gtalk', 'mobile' etc.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"canonicalValues" : [ "canonicalValues" : [
"aim", "aim",
"gtalk", "gtalk",
"icq", "icq",
"xmpp", "xmpp",
"msn", "msn",
"skype", "skype",
"qq", "qq",
"yahoo" "yahoo"
], ],
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "primary", "name" : "primary",
"type" : "boolean", "type" : "boolean",
"multiValued" : false, "multiValued" : false,
"description" : "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g. the preferred messenger or primary messenger. The primary attribute value 'true' MUST appear no more than once.", "description" : "A Boolean value indicating the 'primary' or
preferred attribute value for this attribute, e.g. the preferred
messenger or primary messenger. The primary attribute value 'true' MUST
appear no more than once.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
} }
], ],
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
skipping to change at page 43, line 40 skipping to change at page 45, line 46
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "display", "name" : "display",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "A human readable name, primarily used for display purposes. READ-ONLY.", "description" : "A human readable name, primarily used for
display purposes. READ-ONLY.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "type", "name" : "type",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "A label indicating the attribute's function; e.g., 'photo' or 'thumbnail'.", "description" : "A label indicating the attribute's
function; e.g., 'photo' or 'thumbnail'.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"canonicalValues" : [ "canonicalValues" : [
"photo", "photo",
"thumbnail" "thumbnail"
], ],
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "primary", "name" : "primary",
"type" : "boolean", "type" : "boolean",
"multiValued" : false, "multiValued" : false,
"description" : "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g. the preferred photo or thumbnail. The primary attribute value 'true' MUST appear no more than once.", "description" : "A Boolean value indicating the 'primary' or
preferred attribute value for this attribute, e.g. the preferred photo
or thumbnail. The primary attribute value 'true' MUST appear no more
than once.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
} }
], ],
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "addresses", "name" : "addresses",
"type" : "complex", "type" : "complex",
"multiValued" : true, "multiValued" : true,
"description" : "A physical mailing address for this User, as described in (address Element). Canonical Type Values of work, home, and other. The value attribute is a complex type with the following sub-attributes.", "description" : "A physical mailing address for this User, as
described in (address Element). Canonical Type Values of work, home, and
other. The value attribute is a complex type with the following
sub-attributes.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"subAttributes" : [ "subAttributes" : [
{ {
"name" : "formatted", "name" : "formatted",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "The full mailing address, formatted for display or use with a mailing label. This attribute MAY contain newlines.", "description" : "The full mailing address, formatted for
display or use with a mailing label. This attribute MAY contain
newlines.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "streetAddress", "name" : "streetAddress",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "The full street address component, which may include house number, street name, PO BOX, and multi-line extended street address information. This attribute MAY contain newlines.", "description" : "The full street address component, which
may include house number, street name, PO BOX, and multi-line extended
street address information. This attribute MAY contain newlines.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "locality", "name" : "locality",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
skipping to change at page 46, line 12 skipping to change at page 48, line 30
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "type", "name" : "type",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "A label indicating the attribute's function; e.g., 'work' or 'home'.", "description" : "A label indicating the attribute's
function; e.g., 'work' or 'home'.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"canonicalValues" : [ "canonicalValues" : [
"work", "work",
"home", "home",
"other" "other"
], ],
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
} }
], ],
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "groups", "name" : "groups",
"type" : "complex", "type" : "complex",
"multiValued" : true, "multiValued" : true,
"description" : "A list of groups that the user belongs to, either thorough direct membership, nested groups, or dynamically calculated", "description" : "A list of groups that the user belongs to,
either thorough direct membership, nested groups, or dynamically
calculated",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"subAttributes" : [ "subAttributes" : [
{ {
"name" : "value", "name" : "value",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "The identifier of the User's group.", "description" : "The identifier of the User's group.",
"readOnly" : false, "readOnly" : false,
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readOnly", "mutability" : "readOnly",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "$ref", "name" : "$ref",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "The URI of the corresponding Group resource to which the user belongs", "description" : "The URI of the corresponding Group
resource to which the user belongs",
"readOnly" : false, "readOnly" : false,
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readOnly", "mutability" : "readOnly",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "display", "name" : "display",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "A human readable name, primarily used for display purposes. READ-ONLY.", "description" : "A human readable name, primarily used
for display purposes. READ-ONLY.",
"readOnly" : true, "readOnly" : true,
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readOnly", "mutability" : "readOnly",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "type", "name" : "type",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "A label indicating the attribute's function; e.g., 'direct' or 'indirect'.", "description" : "A label indicating the attribute's
function; e.g., 'direct' or 'indirect'.",
"readOnly" : false, "readOnly" : false,
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"canonicalValues" : [ "canonicalValues" : [
"direct", "direct",
"indirect" "indirect"
], ],
"mutability" : "readOnly", "mutability" : "readOnly",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
} }
], ],
"mutability" : "readOnly", "mutability" : "readOnly",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "entitlements", "name" : "entitlements",
"type" : "complex", "type" : "complex",
"multiValued" : true, "multiValued" : true,
"description" : "A list of entitlements for the User that represent a thing the User has.", "description" : "A list of entitlements for the User that
represent a thing the User has.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"subAttributes" : [ "subAttributes" : [
{ {
"name" : "value", "name" : "value",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "The value of an entitlement.", "description" : "The value of an entitlement.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "display", "name" : "display",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "A human readable name, primarily used for display purposes. READ-ONLY.", "description" : "A human readable name, primarily used
for display purposes. READ-ONLY.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "type", "name" : "type",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "A label indicating the attribute's function.", "description" : "A label indicating the attribute's
function.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"canonicalValues" : [], "canonicalValues" : [],
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "primary", "name" : "primary",
"type" : "boolean", "type" : "boolean",
"multiValued" : false, "multiValued" : false,
"description" : "A Boolean value indicating the 'primary' or preferred attribute value for this attribute. The primary attribute value 'true' MUST appear no more than once.", "description" : "A Boolean value indicating the 'primary' or
preferred attribute value for this attribute. The primary attribute
value 'true' MUST appear no more than once.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
} }
], ],
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "roles", "name" : "roles",
"type" : "complex", "type" : "complex",
"multiValued" : true, "multiValued" : true,
"description" : "A list of roles for the User that collectively represent who the User is; e.g., 'Student', 'Faculty'.", "description" : "A list of roles for the User that collectively
represent who the User is; e.g., 'Student', 'Faculty'.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"subAttributes" : [ "subAttributes" : [
{ {
"name" : "value", "name" : "value",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "The value of a role.", "description" : "The value of a role.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "display", "name" : "display",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "A human readable name, primarily used for display purposes. READ-ONLY.", "description" : "A human readable name, primarily used for
display purposes. READ-ONLY.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "type", "name" : "type",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "A label indicating the attribute's function.", "description" : "A label indicating the attribute's
function.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"canonicalValues" : [], "canonicalValues" : [],
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "primary", "name" : "primary",
"type" : "boolean", "type" : "boolean",
"multiValued" : false, "multiValued" : false,
"description" : "A Boolean value indicating the 'primary' or preferred attribute value for this attribute. The primary attribute value 'true' MUST appear no more than once.", "description" : "A Boolean value indicating the 'primary' or
preferred attribute value for this attribute. The primary attribute
value 'true' MUST appear no more than once.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
} }
], ],
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
skipping to change at page 50, line 41 skipping to change at page 53, line 27
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "display", "name" : "display",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "A human readable name, primarily used for display purposes. READ-ONLY.", "description" : "A human readable name, primarily used
for display purposes. READ-ONLY.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "type", "name" : "type",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "A label indicating the attribute's function.", "description" : "A label indicating the attribute's
function.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"canonicalValues" : [], "canonicalValues" : [],
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "primary", "name" : "primary",
"type" : "boolean", "type" : "boolean",
"multiValued" : false, "multiValued" : false,
"description" : "A Boolean value indicating the 'primary' or preferred attribute value for this attribute. The primary attribute value 'true' MUST appear no more than once.", "description" : "A Boolean value indicating the 'primary' or
preferred attribute value for this attribute. The primary attribute
value 'true' MUST appear no more than once.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
} }
], ],
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
} }
], ],
"meta" : { "meta" : {
"resourceType" : "Schema", "resourceType" : "Schema",
"created" : "2010-01-23T04:56:22Z", "created" : "2010-01-23T04:56:22Z",
"lastModified" : "2014-02-04T00:00:00Z", "lastModified" : "2014-02-04T00:00:00Z",
"version" : "W/\"3694e05e9dff596\"", "version" : "W/\"3694e05e9dff596\"",
"location" : "https://example.com/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:User" "location" :
"/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:User"
} }
}, },
{ {
"id" : "urn:ietf:params:scim:schemas:core:2.0:Group", "id" : "urn:ietf:params:scim:schemas:core:2.0:Group",
"name" : "Group", "name" : "Group",
"description" : "Group", "description" : "Group",
"attributes" : [ "attributes" : [
{ {
"name" : "displayName", "name" : "displayName",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "A human readable name for the Group. REQUIRED.", "description" : "Human readable name for the Group. REQUIRED.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "members", "name" : "members",
"type" : "complex", "type" : "complex",
"multiValued" : false, "multiValued" : true,
"description" : "A list of members of the Group.", "description" : "A list of members of the Group.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"subAttributes" : [ "subAttributes" : [
{ {
"name" : "value", "name" : "value",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "The identifier of the member of this Group.", "description" : "Identifier of the member of this Group.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "immutable", "mutability" : "immutable",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "$ref", "name" : "$ref",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "The URI of the corresponding to the member resource of this Group.", "description" : "The URI of the corresponding to the member
resource of this Group.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "immutable", "mutability" : "immutable",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "type", "name" : "type",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "A label indicating the type of resource; e.g., 'User' or 'Group'.", "description" : "A label indicating the type of resource;
e.g., 'User' or 'Group'.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"canonicalValues" : [ "canonicalValues" : [
"User", "User",
"Group" "Group"
], ],
"mutability" : "immutable", "mutability" : "immutable",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
} }
skipping to change at page 53, line 13 skipping to change at page 56, line 6
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
} }
], ],
"meta" : { "meta" : {
"resourceType" : "Schema", "resourceType" : "Schema",
"created" : "2010-01-23T04:56:22Z", "created" : "2010-01-23T04:56:22Z",
"lastModified" : "2014-02-04T00:00:00Z", "lastModified" : "2014-02-04T00:00:00Z",
"version" : "W/\"3694e05e9dff596\"", "version" : "W/\"3694e05e9dff596\"",
"location" : "https://example.com/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:Group" "location" :
"/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:Group"
} }
}, },
{ {
"id" : "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", "id" : "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
"name" : "EnterpriseUser", "name" : "EnterpriseUser",
"description" : "Enterprise User", "description" : "Enterprise User",
"attributes" : [ "attributes" : [
{ {
"name" : "employeeNumber", "name" : "employeeNumber",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "Numeric or alphanumeric identifier assigned to a person, typically based on order of hire or association with an organization.", "description" : "Numeric or alphanumeric identifier assigned to
a person, typically based on order of hire or association with an
organization.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "costCenter", "name" : "costCenter",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
skipping to change at page 54, line 31 skipping to change at page 57, line 27
"description" : "Identifies the name of a department.", "description" : "Identifies the name of a department.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "manager", "name" : "manager",
"type" : "complex", "type" : "complex",
"multiValued" : false, "multiValued" : true,
"description" : "The User's manager. A complex type that optionally allows Service Providers to represent organizational hierarchy by referencing the \"id\" attribute of another User.", "description" : "The User's manager. A complex type that
optionally allows Service Providers to represent organizational
hierarchy by referencing the "id" attribute of another User.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"subAttributes" : [ "subAttributes" : [
{ {
"name" : "managerId", "name" : "value",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "The id of the SCIM resource representing the User's manager. REQUIRED.", "description" : "The id of the SCIM resource representing
the User's manager. REQUIRED.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "$ref", "name" : "$ref",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "The URI of the SCIM resource representing the User's manager. REQUIRED.", "description" : "The URI of the SCIM resource representing
the User's manager. REQUIRED.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
}, },
{ {
"name" : "displayName", "name" : "displayName",
"type" : "string", "type" : "string",
"multiValued" : false, "multiValued" : false,
"description" : "The displayName of the User's manager. OPTIONAL and READ-ONLY.", "description" : "The displayName of the User's manager.
OPTIONAL and READ-ONLY.",
"required" : false, "required" : false,
"caseExact" : false, "caseExact" : false,
"mutability" : "readOnly", "mutability" : "readOnly",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
} }
], ],
"mutability" : "readWrite", "mutability" : "readWrite",
"returned" : "default", "returned" : "default",
"uniqueness" : "none" "uniqueness" : "none"
} }
], ],
"meta" : { "meta" : {
"resourceType" : "Schema", "resourceType" : "Schema",
"created" : "2010-01-23T04:56:22Z", "created" : "2010-01-23T04:56:22Z",
"lastModified" : "2014-02-04T00:00:00Z", "lastModified" : "2014-02-04T00:00:00Z",
"version" : "W/\"3694e05e9dff596\"", "version" : "W/\"3694e05e9dff596\"",
"location" : "https://example.com/v2/Schemas/urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" "location" :
"/v2/Schemas/urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
} }
} }
]} ]}
Figure 9: Eample Schema JSON Representation Figure 9: Eample Schema JSON Representation
9. Security Considerations 9. Security Considerations
The SCIM Core schema defines attributes that MAY contain personally The SCIM Core schema defines attributes that MAY contain personally
identifiable information as well as other sensitive data. Aside from identifiable information as well as other sensitive data. Aside from
skipping to change at page 56, line 9 skipping to change at page 59, line 9
In particular, attributes such as "id" and "externalId" are of In particular, attributes such as "id" and "externalId" are of
particular concern as personally identifiable information that particular concern as personally identifiable information that
uniquely map to Users (because they are URIs). Where possible, it is uniquely map to Users (because they are URIs). Where possible, it is
suggested that service providers take the following remediations: suggested that service providers take the following remediations:
o Assign and bind identifiers to specific tenants and/or clients. o Assign and bind identifiers to specific tenants and/or clients.
When mulitple tenants are able to reference the same resource, When mulitple tenants are able to reference the same resource,
they should do so via separate identifiers (id or externalId). they should do so via separate identifiers (id or externalId).
This ensures that separate domains linked to the same information This ensures that separate domains linked to the same information
may not perform identifier correlation. can not perform identifier correlation.
o In the case of "externalId", if multiple values are supported, use o In the case of "externalId", if multiple values are supported, use
access control to restrict access to the client domain that access control to restrict access to the client domain that
assigned the "externalId" value. assigned the "externalId" value.
o Ensure that access to data is appropriately restricted to o Ensure that access to data is appropriately restricted to
authorized parties with a need-to-know. authorized parties with a need-to-know.
o When persisted, the appropriate protection mechanisms are in place o When persisted, the appropriate protection mechanisms are in place
to restrict access by unauthorized parties including to restrict access by unauthorized parties including
skipping to change at page 62, line 27 skipping to change at page 65, line 27
[RFC6557] Lear, E. and P. Eggert, "Procedures for Maintaining the [RFC6557] Lear, E. and P. Eggert, "Procedures for Maintaining the
Time Zone Database", BCP 175, RFC 6557, February 2012. Time Zone Database", BCP 175, RFC 6557, February 2012.
[RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data
Interchange Format", RFC 7159, March 2014. Interchange Format", RFC 7159, March 2014.
[RFC7231] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol [RFC7231] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol
(HTTP/1.1): Semantics and Content", RFC 7231, June 2014. (HTTP/1.1): Semantics and Content", RFC 7231, June 2014.
[XML-Schema]
Biron, P. and A. Malhotra, "XML Schema Part 2: Datatypes
Second Edition", October 2004.
11.2. Informative References 11.2. Informative References
[ISO3166] "ISO 3166:1988 (E/F) - Codes for the representation of [ISO3166] "ISO 3166:1988 (E/F) - Codes for the representation of
names of countries - The International Organization for names of countries - The International Organization for
Standardization, 3rd edition", 08 1988. Standardization, 3rd edition", 08 1988.
[ISO639-2]
ISO 639.2 Registration Authority, "ISO639-2: Codes for the
Representation of Names of Languages", July 2013.
[Olson-TZ] [Olson-TZ]
"Sources for Time Zone and Daylight Saving Time Data", . "Sources for Time Zone and Daylight Saving Time Data", .
[PortableContacts] [PortableContacts]
Smarr, J., "Portable Contacts 1.0 Draft C - Schema Only", Smarr, J., "Portable Contacts 1.0 Draft C - Schema Only",
August 2008. August 2008.
[RFC2277] Alvestrand, H., "IETF Policy on Character Sets and [RFC2277] Alvestrand, H., "IETF Policy on Character Sets and
Languages", BCP 18, RFC 2277, January 1998. Languages", BCP 18, RFC 2277, January 1998.
[RFC4512] Zeilenga, K., "Lightweight Directory Access Protocol [RFC4512] Zeilenga, K., "Lightweight Directory Access Protocol
(LDAP): Directory Information Models", RFC 4512, June (LDAP): Directory Information Models", RFC 4512, June
2006. 2006.
[RFC6749] Hardt, D., "The OAuth 2.0 Authorization Framework", RFC [RFC6749] Hardt, D., "The OAuth 2.0 Authorization Framework", RFC
6749, October 2012. 6749, October 2012.
[XML-Schema]
Biron, P. and A. Malhotra, "XML Schema Part 2: Datatypes
Second Edition", October 2004.
Appendix A. Acknowledgements Appendix A. Acknowledgements
The editors would like to acknowledge the contribution and work of The editors would like to acknowledge the contribution and work of
the past draft editors: the past draft editors:
Chuck Mortimore, Salesforce Chuck Mortimore, Salesforce
Patrick Harding, Ping Patrick Harding, Ping
Paul Madsen, Ping Paul Madsen, Ping
skipping to change at page 66, line 4 skipping to change at page 68, line 45
Simplified namespace definition for urn:ietf:params:scim Simplified namespace definition for urn:ietf:params:scim
Clarified "schemas" attribute as representing the JSON body schema Clarified "schemas" attribute as representing the JSON body schema
in an HTTP Req/Resp in an HTTP Req/Resp
Reduced use of confusing term "core" in "Core User" and "Core Reduced use of confusing term "core" in "Core User" and "Core
Group" Group"
Added clarifications and security considerations for externalId Added clarifications and security considerations for externalId
Re-worded descriptions SCIM schema extension model (sec 3) and Re-worded descriptions SCIM schema extension model (sec 3) and
core schema (sec 4) for improved clarity core schema (sec 4) for improved clarity
Draft 11 - PH - Clarification to definition of externalId Draft 11 - PH - Clarification to definition of externalId
Draft 12 - PH - Nits / Corrections
Corrected use of RFC2119 words (e.g. MUST not to MUST NOT)
Corrected JSON examples to be 72 characters or less per line
Corrected enterprise User manager attribute to use sub-attribute
value and make multi-valued
Corrected sec 8.7, make members multi-valued in JSON
Added missing definition for subattributes in sec 7, Schema
Definition
Authors' Addresses Authors' Addresses
Phil Hunt (editor) Phil Hunt (editor)
Oracle Corporation Oracle Corporation
Email: phil.hunt@yahoo.com Email: phil.hunt@yahoo.com
Kelly Grizzle Kelly Grizzle
SailPoint SailPoint
 End of changes. 115 change blocks. 
278 lines changed or deleted 432 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/