draft-ietf-scim-use-cases-00.txt   draft-ietf-scim-use-cases-01.txt 
SCIM WG P. Hunt SCIM WG P. Hunt
Internet-Draft Oracle Internet-Draft Oracle
Intended status: Informational B. Khasnabish Intended status: Informational B. Khasnabish
Expires: March 02, 2014 ZTE USA,Inc. Expires: September 5, 2014 ZTE USA,Inc.
A. Nadalin A. Nadalin
Microsoft Microsoft
K. Li K. Li
Huawei Huawei
Z. Zeltsan Z. Zeltsan
Individual Individual
August 29, 2013 March 4, 2014
SCIM Use Cases SCIM Use Cases
draft-ietf-scim-use-cases-00 draft-ietf-scim-use-cases-01
Abstract Abstract
This document lists the user scenarios and use cases of System for This document lists the user scenarios and use cases of System for
Cross-domain Identity Management (SCIM). Cross-domain Identity Management (SCIM).
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
skipping to change at page 1, line 38 skipping to change at page 1, line 38
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 02, 2014. This Internet-Draft will expire on September 5, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. SCIM User Scenarios . . . . . . . . . . . . . . . . . . . . . 3 2. SCIM User Scenarios . . . . . . . . . . . . . . . . . . . . . 4
2.1. Background & Context . . . . . . . . . . . . . . . . . . 4 2.1. Background & Context . . . . . . . . . . . . . . . . . . 4
2.2. Model Concepts . . . . . . . . . . . . . . . . . . . . . 4 2.2. Model Concepts . . . . . . . . . . . . . . . . . . . . . 4
2.2.1. Triggers . . . . . . . . . . . . . . . . . . . . . . 4 2.2.1. Triggers . . . . . . . . . . . . . . . . . . . . . . 4
2.2.2. Actors . . . . . . . . . . . . . . . . . . . . . . . 5 2.2.2. Actors . . . . . . . . . . . . . . . . . . . . . . . 5
2.2.3. Modes & Flows . . . . . . . . . . . . . . . . . . . . 6 2.2.3. Modes & Flows . . . . . . . . . . . . . . . . . . . . 6
2.2.4. Bulk & Batch Operational Semantics . . . . . . . . . 7 2.2.4. Bulk & Batch Operational Semantics . . . . . . . . . 7
2.3. Cloud Service Provider to Cloud Service Provider Flows 2.3. Cloud Service Provider to Cloud Service Provider Flows
(CSP->CSP) . . . . . . . . . . . . . . . . . . . . . . . 7 (CSP->CSP) . . . . . . . . . . . . . . . . . . . . . . . 7
2.3.1. CSP->CSP - Create Identity (Push) . . . . . . . . . . 7 2.3.1. CSP->CSP - Create Identity (Push) . . . . . . . . . . 7
2.3.2. CSP->CSP - Update Identity (Push) . . . . . . . . . . 7 2.3.2. CSP->CSP - Update Identity (Push) . . . . . . . . . . 7
2.3.3. CSP->CSP - Delete Identity (Push) . . . . . . . . . . 7 2.3.3. CSP->CSP - Delete Identity (Push) . . . . . . . . . . 8
2.3.4. CSP->CSP - SSO Trigger (Push) . . . . . . . . . . . . 8 2.3.4. CSP->CSP - SSO Trigger (Push) . . . . . . . . . . . . 8
2.3.5. CSP->CSP - SSO Trigger (Pull) . . . . . . . . . . . . 8 2.3.5. CSP->CSP - SSO Trigger (Pull) . . . . . . . . . . . . 8
2.3.6. CSP->CSP - Password Reset (Push) . . . . . . . . . . 8 2.3.6. CSP->CSP - Password Reset (Push) . . . . . . . . . . 9
2.4. Enterprise Cloud Subscriber to Cloud Service Provider 2.4. Enterprise Cloud Subscriber to Cloud Service Provider
Flows(ECS->CSP) . . . . . . . . . . . . . . . . . . . . . 9 Flows(ECS->CSP) . . . . . . . . . . . . . . . . . . . . . 9
2.4.1. ECS->CSP - Create Identity (Push) . . . . . . . . . . 9 2.4.1. ECS->CSP - Create Identity (Push) . . . . . . . . . . 9
2.4.2. ECS ->CSP - Update Identity (Push) . . . . . . . . . 9 2.4.2. ECS ->CSP - Update Identity (Push) . . . . . . . . . 9
2.4.3. ECS ->CSP - Delete Identity (Push) . . . . . . . . . 9 2.4.3. ECS ->CSP - Delete Identity (Push) . . . . . . . . . 9
2.4.4. ECS ->CSP - SSO Pull . . . . . . . . . . . . . . . . 9 2.4.4. ECS ->CSP - SSO Pull . . . . . . . . . . . . . . . . 10
3. SCIM use cases . . . . . . . . . . . . . . . . . . . . . . . 10 3. SCIM use cases . . . . . . . . . . . . . . . . . . . . . . . 10
3.1. Change of the ownership of a file . . . . . . . . . . . . 10 3.1. Change of the ownership of a file . . . . . . . . . . . . 10
3.2. Migration of the identities . . . . . . . . . . . . . . . 11 3.2. Migration of the identities . . . . . . . . . . . . . . . 11
3.3. Single Sign-On (SSO) Service . . . . . . . . . . . . . . 12 3.3. Single Sign-On (SSO) Service . . . . . . . . . . . . . . 12
3.4. Provisioning of the user accounts for a Community of 3.4. Provisioning of the user accounts for a Community of
Interest (CoI) . . . . . . . . . . . . . . . . . . . . . 13 Interest (CoI) . . . . . . . . . . . . . . . . . . . . . 13
3.5. Transfer of attributes to a relying party web site . . . 14 3.5. Transfer of attributes to a relying party web site . . . 14
3.6. Change notification . . . . . . . . . . . . . . . . . . . 15 3.6. Change notification . . . . . . . . . . . . . . . . . . . 15
4. Security considerations . . . . . . . . . . . . . . . . . . . 16 4. Security considerations . . . . . . . . . . . . . . . . . . . 16
5. IANA considerations . . . . . . . . . . . . . . . . . . . . . 16 5. IANA considerations . . . . . . . . . . . . . . . . . . . . . 16
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 16 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 16
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 16
7.1. Normative References . . . . . . . . . . . . . . . . . . 16 7.1. Normative References . . . . . . . . . . . . . . . . . . 16
7.2. Informative References . . . . . . . . . . . . . . . . . 16 7.2. Informative References . . . . . . . . . . . . . . . . . 17
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17
1. Introduction 1. Introduction
This document describes the SCIM scenarios and use cases. It also This document describes the SCIM scenarios and use cases. It also
provides a list of the requirements derived from the use cases. The provides a list of the requirements derived from the use cases. The
document's objective is to help with understanding of the design and document's objective is to help with understanding of the design and
applicability of SCIM schema [I-D.ietf-scim-core-schema] and SCIM applicability of SCIM schema [I-D.ietf-scim-core-schema] and SCIM
protocol [I-D.ietf-scim-api]. protocol [I-D.ietf-scim-api].
The following section provides the abbreviated descriptions of the The following section provides the abbreviated descriptions of the
scenarios and use cases. scenarios and use cases.
1.1. Terminology 1.1. Terminology
skipping to change at page 6, line 8 skipping to change at page 6, line 12
resources are grouped together and administers as part of some resources are grouped together and administers as part of some
broader agreement or operational exchange. broader agreement or operational exchange.
o Cloud Service User (CSU): A CSU represents the real cloud service o Cloud Service User (CSU): A CSU represents the real cloud service
end-end user - the "person logging into and using the cloud end-end user - the "person logging into and using the cloud
service". As described above, and ECS will typically own or service". As described above, and ECS will typically own or
manage multiple CSU identities where as the CSU represents the manage multiple CSU identities where as the CSU represents the
FooBar.Inc. employee using the cloud service to manage their CRM FooBar.Inc. employee using the cloud service to manage their CRM
process. process.
+---------------------+ +---------------------+
| Cloud Service | | Cloud Service |
| Provider (CSP) | | Provider (CSP) |
+---------------------+ +---------------------+
| |
+--------------------------------+ +--------------------------------+
| | | |
v v v v
+----------------+ +----------------+ +----------------+ +----------------+
|Enterprise Cloud| |Enterprise Cloud| |Enterprise Cloud| |Enterprise Cloud|
|Subscriber (ECS)| |Subscriber (ECS | |Subscriber (ECS)| |Subscriber (ECS |
+----------------+ +----------------+ +----------------+ +----------------+
| | | |
+----------------+ +----------------+ +----------------+ +----------------+
| | | | | | | |
v v v v v v v v
+-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+
|Cloud Service| |Cloud Service| |Cloud Service| |Cloud Service| |Cloud Service| |Cloud Service| |Cloud Service| |Cloud Service|
| User (CSU) | | User (CSU) | | User (CSU) | | User (CSU) | | User (CSU) | | User (CSU) | | User (CSU) | | User (CSU) |
+-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+
Figure 1: SCIM Actors Figure 1: SCIM Actors
2.2.3. Modes & Flows 2.2.3. Modes & Flows
Modes identify the functional intent of a data-flow initiated in a Modes identify the functional intent of a data-flow initiated in a
SCIM scenario. The modes identified so far are 'push' and 'pull' SCIM scenario. The modes identified so far are 'push' and 'pull'
referring to the fact of pushing data to, or pulling data from an referring to the fact of pushing data to, or pulling data from an
authoritative identity data store. authoritative identity data store.
skipping to change at page 16, line 48 skipping to change at page 17, line 8
7. References 7. References
7.1. Normative References 7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
7.2. Informative References 7.2. Informative References
[I-D.ietf-scim-api] [I-D.ietf-scim-api]
Drake, T., Mortimore, C., Ansari, M., Grizzle, K., and E. Grizzle, K., Hunt, P., Ansari, M., Wahlstroem, E., and C.
Wahlstroem, "System for Cross-Domain Identity Mortimore, "System for Cross-Domain Identity
Management:Protocol", draft-ietf-scim-api-01 (work in Management:Protocol", draft-ietf-scim-api-03 (work in
progress), April 2013. progress), February 2014.
[I-D.ietf-scim-core-schema] [I-D.ietf-scim-core-schema]
Mortimore, C., Harding, P., Madsen, P., and T. Drake, Grizzle, K., Hunt, P., Wahlstroem, E., and C. Mortimore,
"System for Cross-Domain Identity Management: Core "System for Cross-Domain Identity Management: Core
Schema", draft-ietf-scim-core-schema-01 (work in Schema", draft-ietf-scim-core-schema-03 (work in
progress), April 2013. progress), February 2014.
Authors' Addresses Authors' Addresses
Phil Hunt Phil Hunt
Oracle Oracle
Email: phil.hunt@oracle.com Email: phil.hunt@oracle.com
Bhumip Khasnabish Bhumip Khasnabish
ZTE USA,Inc. ZTE USA,Inc.
 End of changes. 16 change blocks. 
38 lines changed or deleted 39 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/