Re: [scim] userids, usernames, and group names
Emmanuel Dreux <edreux@cloudiway.com> Mon, 03 September 2012 20:12 UTC
Return-Path: <edreux@cloudiway.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 207B521F84CD for <scim@ietfa.amsl.com>; Mon, 3 Sep 2012 13:12:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.998
X-Spam-Level:
X-Spam-Status: No, score=-2.998 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_56=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FpOpkNJOCHNy for <scim@ietfa.amsl.com>; Mon, 3 Sep 2012 13:12:41 -0700 (PDT)
Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe001.messaging.microsoft.com [213.199.154.204]) by ietfa.amsl.com (Postfix) with ESMTP id BFC3921F8551 for <scim@ietf.org>; Mon, 3 Sep 2012 13:12:40 -0700 (PDT)
Received: from mail47-am1-R.bigfish.com (10.3.201.229) by AM1EHSOBE009.bigfish.com (10.3.204.29) with Microsoft SMTP Server id 14.1.225.23; Mon, 3 Sep 2012 20:12:39 +0000
Received: from mail47-am1 (localhost [127.0.0.1]) by mail47-am1-R.bigfish.com (Postfix) with ESMTP id 1124644014B; Mon, 3 Sep 2012 20:12:39 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.56.248.213; KIP:(null); UIP:(null); IPV:NLI; H:AMXPRD0610HT004.eurprd06.prod.outlook.com; RD:none; EFVD:NLI
X-SpamScore: -24
X-BigFish: PS-24(zz98dI9371Ic89bh148cIc85dh4015Izz1202hzz1033IL8275bh8275dhz2fh2a8h668h839hd25hf0ah107ah1155h)
Received-SPF: pass (mail47-am1: domain of cloudiway.com designates 157.56.248.213 as permitted sender) client-ip=157.56.248.213; envelope-from=edreux@cloudiway.com; helo=AMXPRD0610HT004.eurprd06.prod.outlook.com ; .outlook.com ;
Received: from mail47-am1 (localhost.localdomain [127.0.0.1]) by mail47-am1 (MessageSwitch) id 1346703156919872_22053; Mon, 3 Sep 2012 20:12:36 +0000 (UTC)
Received: from AM1EHSMHS012.bigfish.com (unknown [10.3.201.226]) by mail47-am1.bigfish.com (Postfix) with ESMTP id D472320047; Mon, 3 Sep 2012 20:12:36 +0000 (UTC)
Received: from AMXPRD0610HT004.eurprd06.prod.outlook.com (157.56.248.213) by AM1EHSMHS012.bigfish.com (10.3.207.112) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 3 Sep 2012 20:12:36 +0000
Received: from AMXPRD0610MB353.eurprd06.prod.outlook.com ([169.254.2.58]) by AMXPRD0610HT004.eurprd06.prod.outlook.com ([10.255.58.39]) with mapi id 14.16.0190.008; Mon, 3 Sep 2012 20:12:35 +0000
From: Emmanuel Dreux <edreux@cloudiway.com>
To: Emmanuel Dreux <edreux@cloudiway.com>, Hasini Gunasinghe <hasini@wso2.com>, Dale Olds <olds@rbcon.com>
Thread-Topic: [scim] userids, usernames, and group names
Thread-Index: AQHNigZ2b5q6U7SDb0+XIqsJt3b0l5d5CTrQgAADWoA=
Date: Mon, 03 Sep 2012 20:12:34 +0000
Message-ID: <DF63ACC82673DB40A7AAC08FFA71DFBD2741B53E@AMXPRD0610MB353.eurprd06.prod.outlook.com>
References: <504133BE.4020704@rbcon.com> <CAOCmpSkwwRLR3_jk1bCxNMKQbeTsm_u3zRfdFTPKDTA75bjJcA@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [90.41.102.231]
Content-Type: multipart/alternative; boundary="_000_DF63ACC82673DB40A7AAC08FFA71DFBD2741B53EAMXPRD0610MB353_"
MIME-Version: 1.0
X-OriginatorOrg: cloudiway.com
Cc: "scim@ietf.org" <scim@ietf.org>
Subject: Re: [scim] userids, usernames, and group names
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/scim>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Sep 2012 20:12:44 -0000
And less problematic, Group Description is missing as well. That's a field that usually our customers are asking to synchronize. -- Regards, Emmanuel Dreux http://www.cloudiway.com Tel: +33 4 26 78 17 58 Mobile: +33 6 47 81 26 70 skype: Emmanuel.Dreux De : Emmanuel Dreux Envoyé : lundi 3 septembre 2012 22:08 À : 'Hasini Gunasinghe'; Dale Olds Cc : scim@ietf.org Objet : RE: [scim] userids, usernames, and group names My understanding of Dale issue is the following: I have a group in Google ( let's talk about Google if Active Directory does not ring bells): DisplayName: Developpers Group email address (= Id) : devs@company.com<mailto:devs@company.com> How do you represent it in SCIM? According to the spec here ( http://tools.ietf.org/html/draft-ietf-scim-core-schema-00#section-11.4), a "groupID" (or call it GroupUsername) is missing. -- Regards, Emmanuel Dreux http://www.cloudiway.com Tel: +33 4 26 78 17 58 Mobile: +33 6 47 81 26 70 skype: Emmanuel.Dreux De : Hasini Gunasinghe [mailto:hasini@wso2.com] Envoyé : lundi 3 septembre 2012 11:16 À : Dale Olds Cc : scim@ietf.org<mailto:scim@ietf.org> Objet : Re: [scim] userids, usernames, and group names Hi Dale, On Sat, Sep 1, 2012 at 3:29 AM, Dale Olds <olds@rbcon.com<mailto:olds@rbcon.com>> wrote: In our scim implementation we assign the following meanings to these user attributes: * id: unique, immutable, required, not intended to be typed by humans. The only identifier safe to store in external systems. * userName: unique, mutable, required, though rarely changed in practice, not localized -- more like a keyword. It's what humans can use when they need to type in a reference to a user. * displayName: not unique, mutable, optional, used as input to some display context but might not be literally displayed. Access control for the id and userName fields is identical -- they are both essentially treated as identifiers, displayName is different. These meanings work for us. All 3 attributes are used for specific purposes, and I believe our use does not violate the current spec. BTW, thanks for changing userName to be mutable in 1.1. We are now implementing groups. IIRC, the only choice the spec gives for human readable group names is displayName, but we have tools (e.g. CLIs) that need to accept a reference to a group typed in by a user. We could use displayName for that purpose, but then we lose the displayName capability that we have for users. I do not see a reason why you can not use displayName of groups here. IIUC, displayName for user and group are two separate attributes and you can use them independently. I've checked for this issue in the list archives but did not see any discussion. Has the group discussed a naming attribute for groups that would be more like userName than displayName? Another option would be externalId - which is defined in the common schema. Thanks, Hasini. A related issue is compound attributes such as Users.groups and Groups.members. If Groups had groupName attribute similar to userName for users, it would be most useful if these attributes could have sub-attributes like this: User: { id: 111111 userName: 'joe' groups: [{display: 'Hiking Tour Guides', name: 'guides', value: 22222}] } Group: { id: 22222 groupName: 'guides' members: [{display: 'Joey', name: 'joe', value: 11111}] } I suppose we could add this capability as an extension, but would like to see if others would find this useful as well. --Dale _______________________________________________ scim mailing list scim@ietf.org<mailto:scim@ietf.org> https://www.ietf.org/mailman/listinfo/scim
- [scim] userids, usernames, and group names Dale Olds
- [scim] 11RE: userids, usernames, and group names Emmanuel Dreux
- Re: [scim] userids, usernames, and group names Hasini Gunasinghe
- Re: [scim] userids, usernames, and group names Emmanuel Dreux
- Re: [scim] userids, usernames, and group names Emmanuel Dreux
- Re: [scim] userids, usernames, and group names Kelly Grizzle
- Re: [scim] userids, usernames, and group names Dale Olds
- Re: [scim] userids, usernames, and group names Dale Olds
- Re: [scim] userids, usernames, and group names Anthony Nadalin
- Re: [scim] userids, usernames, and group names Kelly Grizzle
- Re: [scim] userids, usernames, and group names Anthony Nadalin
- Re: [scim] userids, usernames, and group names Trey Drake
- Re: [scim] userids, usernames, and group names Dale Olds
- Re: [scim] userids, usernames, and group names Igor Faynberg