draft-ietf-scim-api-14.txt   draft-ietf-scim-api-15.txt 
Network Working Group P. Hunt, Ed. Network Working Group P. Hunt, Ed.
Internet-Draft Oracle Internet-Draft Oracle
Intended status: Standards Track K. Grizzle Intended status: Standards Track K. Grizzle
Expires: June 20, 2015 SailPoint Expires: August 14, 2015 SailPoint
M. Ansari M. Ansari
Cisco Cisco
E. Wahlstroem E. Wahlstroem
Nexus Technology Nexus Technology
C. Mortimore C. Mortimore
Salesforce Salesforce
December 17, 2014 February 10, 2015
System for Cross-Domain Identity Management: Protocol System for Cross-Domain Identity Management: Protocol
draft-ietf-scim-api-14 draft-ietf-scim-api-15
Abstract Abstract
The System for Cross-Domain Identity Management (SCIM) specification The System for Cross-Domain Identity Management (SCIM) specification
is an HTTP based protocol that makes managing identities in multi- is an HTTP based protocol that makes managing identities in multi-
domain scenarios easier to support through a standardized services. domain scenarios easier to support through a standardized services.
Examples include but are not limited to enterprise to cloud service Examples include but are not limited to enterprise to cloud service
providers, and inter-cloud based scenarios. The specification suite providers, and inter-cloud based scenarios. The specification suite
seeks to build upon experience with existing schemas and deployments, seeks to build upon experience with existing schemas and deployments,
placing specific emphasis on simplicity of development and placing specific emphasis on simplicity of development and
skipping to change at page 1, line 48 skipping to change at page 1, line 48
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 20, 2015. This Internet-Draft will expire on August 14, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 37, line 8 skipping to change at page 37, line 8
o If the "path" parameter is omitted, the target is assumed to be o If the "path" parameter is omitted, the target is assumed to be
the resource itself. In this case, the "value" attribute SHALL the resource itself. In this case, the "value" attribute SHALL
contain a list of one or more attributes that are to be replaced. contain a list of one or more attributes that are to be replaced.
o If the target location is a single-value attribute, the attributes o If the target location is a single-value attribute, the attributes
value is replaced. value is replaced.
o If the target location is a multi-valued attribute and no filter o If the target location is a multi-valued attribute and no filter
is specified, the attribute and all values are replaced. is specified, the attribute and all values are replaced.
o If the target location path specifies an attribute that does not
exist, the service provider SHALL treat the operation as an "add".
o If the target location specifies a complex attribute, a set of o If the target location specifies a complex attribute, a set of
sub-attributes SHALL be specified in the "value" parameter which sub-attributes SHALL be specified in the "value" parameter which
replaces any existing values or adds where an attribute did not replaces any existing values or adds where an attribute did not
previously exist. Sub-attributes that are not specified in the previously exist. Sub-attributes that are not specified in the
"value" parameter are left unchanged. "value" parameter are left unchanged.
o If the target location is a multi-valued attribute and a complex o If the target location is a multi-valued attribute and a value
filter is specified comparing a "value", the values matched by the selction ("valuePath") filter is specified that matches one or
filter are replaced. more values of the mulit-valued attribute, then all matching
record values SHALL be replaced.
o If the target location is a complex-multi-valued attribute and a
complex filter is specified based on the attribute's sub-
attributes, the matching records are replaced.
o If the target location is a complex-multi-valued attribute with a o If the target location is a complex-multi-valued attribute with a
complex filter and a specific sub-attribute (e.g. "addresses[type value selection filter ("valuePath") and a specific sub-attribute
eq "work"].streetAddress" ), the matching sub-attribute of the (e.g. "addresses[type eq "work"].streetAddress" ), the matching
matching record is replaced. sub-attribute of all matching records is replaced.
o If the target location is a mulit-valued attribute for which a
value selection filter ("valuePath") has been supplied and no
record match was made, the service provider SHALL fail by
returning HTTP status "400", and a "scimType" of "noTarget".
The following example shows how to replace all the members of a group The following example shows how to replace all the members of a group
with a different members list in a single replace operation. Some with a different members list in a single replace operation. Some
text removed for readability ("..."): text removed for readability ("..."):
PATCH /Groups/acbf3ae7-8463-4692-b4fd-9b4da3f908ce PATCH /Groups/acbf3ae7-8463-4692-b4fd-9b4da3f908ce
Host: example.com Host: example.com
Accept: application/scim+json Accept: application/scim+json
Content-Type: application/scim+json Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8 Authorization: Bearer h480djs93hd8
skipping to change at page 76, line 32 skipping to change at page 76, line 32
Table 9: SCIM Schema URIs for Data Resources Table 9: SCIM Schema URIs for Data Resources
9. References 9. References
9.1. Normative References 9.1. Normative References
[I-D.ietf-precis-saslprepbis] [I-D.ietf-precis-saslprepbis]
Saint-Andre, P. and A. Melnikov, "Preparation, Saint-Andre, P. and A. Melnikov, "Preparation,
Enforcement, and Comparison of Internationalized Strings Enforcement, and Comparison of Internationalized Strings
Representing Usernames and Passwords", draft-ietf-precis- Representing Usernames and Passwords", draft-ietf-precis-
saslprepbis-12 (work in progress), December 2014. saslprepbis-13 (work in progress), December 2014.
[I-D.ietf-scim-core-schema] [I-D.ietf-scim-core-schema]
Hunt, P., Grizzle, K., Wahlstroem, E., and C. Mortimore, Hunt, P., Grizzle, K., Wahlstroem, E., and C. Mortimore,
"System for Cross-Domain Identity Management: Core "System for Cross-Domain Identity Management: Core
Schema", draft-ietf-scim-core-schema-14 (work in Schema", draft-ietf-scim-core-schema-16 (work in
progress), December 2014. progress), February 2015.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, November 2003. 10646", STD 63, RFC 3629, November 2003.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, RFC Resource Identifier (URI): Generic Syntax", STD 66, RFC
3986, January 2005. 3986, January 2005.
skipping to change at page 77, line 34 skipping to change at page 77, line 34
[RFC7235] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol [RFC7235] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol
(HTTP/1.1): Authentication", RFC 7235, June 2014. (HTTP/1.1): Authentication", RFC 7235, June 2014.
9.2. Informative References 9.2. Informative References
[I-D.ietf-precis-framework] [I-D.ietf-precis-framework]
Saint-Andre, P. and M. Blanchet, "PRECIS Framework: Saint-Andre, P. and M. Blanchet, "PRECIS Framework:
Preparation, Enforcement, and Comparison of Preparation, Enforcement, and Comparison of
Internationalized Strings in Application Protocols", Internationalized Strings in Application Protocols",
draft-ietf-precis-framework-21 (work in progress), draft-ietf-precis-framework-22 (work in progress),
December 2014. February 2015.
[OpenSearch] [OpenSearch]
Clinton, D., "OpenSearch Protocol 1.1, Draft 5", . Clinton, D., "OpenSearch Protocol 1.1, Draft 5", .
[Order-Operations] [Order-Operations]
Wikipedia, "Order of Operations: Programming Languages", . Wikipedia, "Order of Operations: Programming Languages", .
[RFC6749] Hardt, D., "The OAuth 2.0 Authorization Framework", RFC [RFC6749] Hardt, D., "The OAuth 2.0 Authorization Framework", RFC
6749, October 2012. 6749, October 2012.
skipping to change at page 82, line 26 skipping to change at page 82, line 26
Corrected JSON example in sec 3.3.2.1 (removed extraneous " ) Corrected JSON example in sec 3.3.2.1 (removed extraneous " )
Corrected filter in Figure 3 so that multiple resoruce types can Corrected filter in Figure 3 so that multiple resoruce types can
be returned per the response example in figure 4. be returned per the response example in figure 4.
Clarifications and improvements to examples in PATCH replace Clarifications and improvements to examples in PATCH replace
operations operations
Updated references to saslprep and precis frameworks Updated references to saslprep and precis frameworks
Draft 15 - PH - Clarifications on returning "path" handling during
PATCH "replace" operations. Updated references.
Authors' Addresses Authors' Addresses
Phil Hunt (editor) Phil Hunt (editor)
Oracle Corporation Oracle Corporation
Email: phil.hunt@yahoo.com Email: phil.hunt@yahoo.com
Kelly Grizzle Kelly Grizzle
SailPoint SailPoint
 End of changes. 12 change blocks. 
20 lines changed or deleted 28 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/