**Session Date/Time:** 07 Nov 2022 13:00 # scim ## Summary The SCIM working group met to discuss several drafts and proposals. Key topics included device onboarding using SCIM, roles and entitlements, referential values in schemas, cursor-based pagination, and upcoming work on HR schemas and a security BCP. Discussions focused on use cases, overlapping functionalities between different drafts, and potential solutions for efficiently synchronizing data. ## Key Discussion Points * **SCIM for Devices (Elliot):** * Discussion about provisioning and bootstrapping devices (e.g., IoT devices) using SCIM. * Considered the suitability of SCIM versus other technologies like Netconf/RESTCONF/Yang for device description. * Leif raised concerns from the Adrian community regarding Wi-Fi schemas and deployability challenges. * Potential use cases for FIDO Device Onboarding and Matter were discussed. * **Use Cases Draft (Pam):** * Question raised about the implementation and interpretation of external IDs and provisioning domains. * Pam inquired whether different external IDs are mapped to different provisioning domains in existing implementations. * **SCIM Roles and Entitlements (Danny):** * Draft proposes new roles and entitlements endpoints for clients to discover available values. * Discussion on expanding roles/entitlements resources to include a members attribute. * Clarification needed on the usage of sub-attributes (especially "type") within roles and entitlements. * Consideration of prerequisites or conflicting relationships between roles/entitlements. * **Referential Value and Location (Danny):** * Draft aims to define properties for attributes that accept values from a limited set, enabling discovery and automation. * Dean suggested a need for filtering capabilities on referential values (e.g., only managers with a specific role). * Pam raised security concerns related to callouts to foreign servers for referential values. * Broader discussion on the need for new schema properties, such as cardinality for multi-valued attributes. * **Cursor-Based Pagination (Danny, on behalf of Matt Peterson):** * Status update on the cursor-based pagination draft. * Discussed the coexistence and overlap with the skim events draft and potential future Delta query mechanisms. * Highlighted the benefits of cursor-based pagination for efficient retrieval of data, especially for initial data synchronization. * Daryl suggested combining events with Delta query for improved reliability. * Discussion about the need for synchronization use cases and potential solutions using a Watermark based system. * **Upcoming Work (Danny):** * Human Resources Schema (standardizing worker/employee representation). * Delta Query (efficient synchronization of changes). * Security Best Current Practices (guidance on secure SCIM implementations). * Reference Attribute URL Authorization (addressing authorization issues for reference URLs, like profile pictures). ## Decisions and Action Items * **Action Item:** Elliot to contact Leif to discuss experiences with Wi-Fi schema. * **Action Item:** Pam to post her question regarding external IDs and provisioning domains on the mailing list. * **Action Item:** Danny to work with others on the discussion of referential values offline to determine if those values are able to be filtered. * **Action Item:** Danny and Matt to clarify the use cases for cursor-based pagination in the draft's introduction. * **Action Item:** Authors of the cursor-based pagination draft to prepare for a call for adoption. * **Action Item:** Danny to reach out for assistance on Delta query (Daryl volunteered). ## Next Steps * Continue providing feedback and comments on the drafts under discussion. * Progress work on the upcoming drafts: Human Resources schema, Delta query, Security BCP, and Reference Attribute URL Authorization. * A side meeting is scheduled for Wednesday at 4 PM local time (with Zoom option).