SCIM Profile for Security Event Tokens

	draft-ietf-scim-events-07.txt
	Date:	02/12/2024
	Authors:	Phillip Hunt, Nancy Cam-Winget, Mike Kiser, Jen Schreiber
	Working Group:	System for Cross-domain Identity Management (scim)

This specification defines a set of SCIM Security Events using the Security Event Token Specification RFC8417 to enable the asynchronous exchange of messages between SCIM Service Providers and receivers. SCIM Security Events are typically used for: asynchronous request completion, resource replication, and provisioning co-ordination.

Cursor-based Pagination of SCIM Resources

	draft-ietf-scim-cursor-pagination-05.txt
	Date:	08/07/2024
	Authors:	Matt Peterson, Danny Zollner, Anjali Sehgal
	Working Group:	System for Cross-domain Identity Management (scim)

This document defines additional SCIM (System for Cross-Domain Identity Management) query parameters and result attributes to allow use of cursor-based pagination in SCIM implementations that are implemented with existing code bases, databases, or APIs where cursor-based pagination is already well established.

Device Schema Extensions to the SCIM model

	draft-ietf-scim-device-model-10.txt
	Date:	26/11/2024
	Authors:	Muhammad Shahzad, Hassan Iqbal, Eliot Lear
	Working Group:	System for Cross-domain Identity Management (scim)

The initial core schema for SCIM (System for Cross Identity Management) was designed for provisioning users. This memo specifies schema extensions that enables provisioning of devices, using various underlying bootstrapping systems, such as Wi-fi Easy Connect, FIDO device onboarding vouchers, BLE passcodes, and MAC authenticated bypass.

Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

System for Cross-domain Identity Management (scim)

WG	Name	System for Cross-domain Identity Management
	Acronym	scim
	Area	Security Area (sec)
	State	Active
	Charter	charter-ietf-scim-02 Approved
	Document dependencies	Document dependencies Loading... Pan and zoom the dependency graph after the layout settles. Show legend Loading...
	Additional resources	GitHub Website Zulip Chat
Personnel	Chairs	Aaron Parecki, Nancy Cam-Winget
	Area Director	Deb Cooley
Mailing list	Address	scim@ietf.org
	To subscribe	https://www.ietf.org/mailman/listinfo/scim
	Archive	https://mailarchive.ietf.org/arch/browse/scim/
Chat	Room address	https://zulip.ietf.org/#narrow/stream/scim

Charter for Working Group

The System for Cross-domain Identity Management (SCIM) specifications provide an HTTP-based protocol (RFC7643) and schema (RFC7644) that makes managing identities in multi-domain scenarios easier. Since its publication in 2015, SCIM has seen growing adoption.

The first goal of this working group is to incorporate implementation experience; errata and interoperability feedback; and current security and best practices into a revised version of RFC7643 (protocol) and RFC7644 (base schema) suitable for consideration at the Internet Standard level of specification maturity.

Additionally, implementation experience with SCIM has surfaced new use cases and requirements. The WG will document them in a revision of RFC7642. The WG will also consider publishing extensions to SCIM that have found broad adoption. These extensions may include profiles and schemas for interoperability in additional use cases.

The scope of work for the SCIM WG is:

Revision of RFC7642 that will:
- Focus on Use cases and implementation patterns
  - Pull vs. Push based use cases
  - Events and signals use cases
  - Deletion use cases
- New use cases may be added to the revised RFC
Revision of RFC7643 and RFC7644 that will include:
- Profiling SCIM relationships with other identity-centric protocols such as OAuth 2.0, OpenID Connect, Shared Signals, and Fastfed
- Updates to the evolution of the externalid usage
  - Updates to account state for capturing context of the state or change in state of the users account
Multi-Value Query Filtering and Paging (will use draft-hunt-scim-mv-paging as input)
Define a method for coordinating resources between domains:
- Incremental approach to synchronization
- Consider building off of RFC8417 and draft-hunt-idevent-scim
Support for deletion-related goals including:
- Handling Deletes in SCIM Servers that don’t allow Deletes (Soft Deletes) (will use draft-ansari-scim-soft-delete as input)
Support for advanced automation scenarios such as:
- Discovery and negotiation of client credentials
- Attribute mapping
- Per-attribute schema negotiation
Enhance the existing schema to support exchanging of human resources, enterprise group and privileged access management (will use draft-grizzle-scim-pam-ext as input)

Milestones

Date	Milestone	Associated documents
Jun 2023	Progress I-D revising RFC7644 to WGLC
Jun 2023	Progress I-D revising RFC7643 to WGLC
Jun 2023	Progress I-Ds for coordination/synchronization between domains to WGLC
Mar 2023	Progress I-Ds (either new or existing) for privileged access management to WGLC
Dec 2022	Progress I-Ds for Multi-valued paging to WGLC
Dec 2022	Progress I-Ds for Soft Delete to WGLC
Jun 2022	Working group adoption of I-D revising RFC7644
Jun 2022	Working group adoption of I-D revising RFC7643
Jun 2022	Progress I-D revising RFC7642 to WGLC
Mar 2022	Working Group adoption of I-Ds for coordination/synchronization between domains
Mar 2022	Working group adoption of I-Ds for Multi-valued paging
Mar 2022	Working group adoption of I-Ds (either new or existing) for privileged access management
Dec 2021	Working group adoption of I-Ds for Soft Delete
Dec 2021	Working group adoption of I-D for revising RFC7642