**Session Date/Time:** 09 Nov 2023 14:00 # scim ## Summary The SCIM working group meeting covered updates on several drafts including use cases, SCIM events, device model, and delta queries. Discussions focused on clarifying requirements, addressing security considerations, and soliciting feedback for draft improvements. ## Key Discussion Points * **Use Cases Draft:** Discussion on reconciliation challenges, HR application use cases, and SaaS applications as authoritative sources for attributes. Concerns were raised regarding how the server knows who's authoritative for an attribute, and the group acknowledged that authorization is out of scope. Inversion of control via event signaling was discussed as a possible solution, but its applicability across use cases remains unclear. * **SCIM Events Draft:** Update on new sub-registry for events. The main update discussed was around asynchronous event delivery and the handling of bulk requests, including the numbering scheme for individual events within a bulk request. Concerns were raised about potential conflicts with UUIDs containing dashes and how the receiver knows when all transactions have been received. * **Device Model Draft:** Update on the device model draft, including changes related to mobility bits and non-normative corrections to the OpenAPI model. Key outstanding issues include handling non-IOT device provisioning, versioning (per model or per object), security considerations (especially around credentials), and extensibility. The draft is actively being developed with an accompanying implementation, and collaborators are being sought. The potential for a more generic device category was raised. * **Delta Queries Draft:** Presentation on draft to efficiently detect changes within the SCIM server and report these changes to the client. Discussion on getting the initial delta token, behavior of client and server regarding updates and inconsistencies between systems and how to handle large collections. It was suggested that a query for a token "as of now" should be supported without data. ## Decisions and Action Items * **Use Cases Draft:** * Add a line to the spec addressing the authoritative source issue in the context of out-of-band agreements. * Pam will continue to document use cases, targeting an adopted draft eventually. * **SCIM Events Draft:** * Change the separator for transaction IDs within bulk requests (potentially to a hash '#'). * Add text specifying that an equal number of events should be returned for the number of operations submitted. * Mike Kaiser will provide an PR regarding a section on suggesting users not use excessive pagination with delta queries. * Publish draft 4. * **Device Model Draft:** * Elliot to follow up with Danny regarding non-IoT device provisioning. * Working group to discuss best approach for versioning the model. * Security considerations to be further developed, especially regarding credentials and data privacy. * IANA considerations to be filled out. * Address extensibility, potentially testing mechanisms with a less broadly implemented connectivity technology. * Working group to consider potential name change. * The chairs will provide the official repo for the draft. * **Delta Queries Draft:** * Investigate allowing a query for a token "as of now" without requiring the retrieval of data. * Clarify server/client implementation regarding data log creation. * Address suggestions about using filters and search parameters to initially get a token without a full scan of the database. * Angeli and Danny to update the draft and publish it to the data tracker. ## Next Steps * **Use Cases Draft:** Chairs to follow up with reviewers. * **SCIM Events Draft:** Publish draft 4 and the reviewers to provide feedback. * **Device Model Draft:** Continue development, address open issues, and seek collaborators for implementation. The chairs will add the document to the data tracker * **Delta Queries Draft:** Publish draft to data tracker and solicit feedback on the mailing list.