Internet DRAFT - draft-zollner-scim-referential-value-location
draft-zollner-scim-referential-value-location
SCIM D. Zollner
Internet-Draft Microsoft
Intended status: Informational 29 July 2022
Expires: 30 January 2023
SCIM Referential Value Location Extension
draft-zollner-scim-referential-value-location-01
Abstract
The System for Cross-domain Identity Management standard's schema RFC
[RFC7643], as well as custom schemas, may have attribute values that
have a finite set of acceptable values. These acceptable values are
frequently tied to a value on another resource. For instance, an
organization may only allow values in the Enterprise User schema's
costCenter attribute that are valid identifiers of cost centers
defined in another location. This draft aims to provide a way for a
SCIM client to determine if an attribute in a schema is limited to a
specific set of values, and where those values may be located on
another SCIM resource type.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 30 January 2023.
Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
Zollner Expires 30 January 2023 [Page 1]
�
Internet-Draft SCIM Referential Value Location Extensio July 2022
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. ServiceProviderConfig Extension . . . . . . . . . . . . . . . 3
3. Schema Definition Extension . . . . . . . . . . . . . . . . . 3
4. Normative Examples . . . . . . . . . . . . . . . . . . . . . 3
4.1. Manager Example . . . . . . . . . . . . . . . . . . . . . 3
5. Cost Center Example . . . . . . . . . . . . . . . . . . . . . 4
6. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 5
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5
1. Introduction
The System for Cross-domain Identity Management standard's schema RFC
[RFC7643], as well as custom schemas, may have attribute values that
have a finite set of acceptable values. These acceptable values are
frequently tied to a value on another resource. For instance, an
organization may only allow values in the Enterprise User schema's
costCenter attribute that are valid identifiers of existing cost
centers defined in another location. This draft aims to provide a
way for a SCIM client to determine if an attribute in a schema is
limited to a specific set of values, and where those values may be
located on another SCIM resource type.
The mechanism that this draft proposes is an extension to the schema
of [RFC7643]'s "attributes" attribute in the schema definition. This
extension will define three new sub-attributes of the "attributes"
attribute. These attributes will indicate if the attribute is
constrained by a referential relationship, and if it is what resource
type and attribute is the value linked to.
This problem that this aims to solve is a problem of discovery and
efficiency. Without a standardized way to determine when an
attribute is constrained by the existence of and linked to the values
of another resource's attribute, a SCIM client cannot know which
values will be accepted and which will fail. This leads to failed
requests due to invalid values being provided for attributes in
requests, and reduces efficiency and success rate of requests being
made.
Zollner Expires 30 January 2023 [Page 2]
�
Internet-Draft SCIM Referential Value Location Extensio July 2022
2. ServiceProviderConfig Extension
SCIM Service Providers that have implemented this extension must
advertise its availability via the following serviceProviderConfig
attribute:
referentialValueLocation A complex type that specifies configuration
related to referential value location information. REQUIRED.
supported A boolean type that indicates if the referential value
location extension has been implemented. REQUIRED.
3. Schema Definition Extension
This extension implements the following new sub-attributes of the
"attributes" attribute in
urn:ietf:params:scim:schemas:core:2.0:Schema as defined in [RFC7643].
These attributes are:
referentialValue A complex type that indicates if the value of the
attribute is constrained by values present on a SCIM resource
type. REQUIRED.
required A boolean type that indicates if the attribute's allowed
values are constrained by those present on a SCIM resource
type.
referentialValueURI A reference type that contains the URI of the
SCIM schema attribute that the attribute is constrained
against. REQUIRED if required is true.
referentialValueResourceType A reference type that contains the
relative URI of the root resource type that is referenced.
REQUIRED if required is true.
4. Normative Examples
4.1. Manager Example
The following example shows a section of the core user schema adapted
to support the referential value location attributes in this
extension for the user resource's "manager" attribute.
Zollner Expires 30 January 2023 [Page 3]
�
Internet-Draft SCIM Referential Value Location Extensio July 2022
{
"name" : "manager",
"type" : "complex",
"multiValued" : false,
"description" : "The User's manager. A complex type that
optionally allows service providers to represent organizational
hierarchy by referencing the 'id' attribute of another User.",
"required" : false,
"subAttributes" : [
{
"name" : "value",
"type" : "string",
"multiValued" : false,
"description" : "The id of the SCIM resource representing
the User's manager. REQUIRED.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
"referentialValue" : {
"required" : true,
"referentialValueURI" : "urn:ietf:params:scim:
schemas:core:2.0:User:id",
"referentialValueResourceType" : "Users"
}
}
...
In the above example, the extension indicates that the value of the
user resource's "manager" attribute is constrained by the id value of
the core schema's User resource located at <baseUrl>/Users.
A request of GET <baseUrl>/Users would return a list of results
containing all visible cost centers. The id value of any of the
users returned should be valid for the value of the user resource's
"manager" attribute.
5. Cost Center Example
The following example shows a section of the Enterprise User schema
adapted to support the referential value location attributes in this
extension for the user resource's enterprise costCenter attribute.
Zollner Expires 30 January 2023 [Page 4]
�
Internet-Draft SCIM Referential Value Location Extensio July 2022
{
"name" : "costCenter",
"type" : "string",
"multiValued" : false,
"description" : "Identifies the name of a cost center.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none",
"referentialValue" : {
"required" : true,
"referentialValueURI" : "urn:foo:bar:schema:corporate:
costCenter:displayName",
"referentialValueResourceType" : "costCenters"
}
},
...
In the above example, the extension indicates that the value of
urn:ietf:params:scim:schemas:enterprise:2.0:User:costCenter is
constrained by the displayName value of a custom resource located at
<baseUrl>/costCenters.
A request of GET <baseUrl>/costCenters would return a list of results
containing all visible cost centers. The displayName values of any
of the cost centers returned by the request should be valid for the
value of the user resource's
urn:ietf:params:Scim:schemas:enterprise:2.0:User:costCenter
attribute.
6. Change Log
v00 - July 28, 2022: Initial version v00 - July 29, 2022: Fixes of
small errors in initial draft's examples and incorrect title
7. References
TO-DO
Author's Address
Danny Zollner
Microsoft
Email: danny@zollnerd.com
Zollner Expires 30 January 2023 [Page 5]
