Meeting Notes - 7 April 2021

# Meeting Notes - 7 April 2021 > Recording: https://www.youtube.com/watch?v=GyI8gl4MeHM&feature=youtu.be # Attendees: * Pamela Dingle (Microsoft Identity) * Tim Cappalli (Microsoft Identity * Kevin Kampman (Gartner) * Leanne Chen (IBM) * Audrei (Slack) * Matt Domsch (Sailpoint) * Wes Dunnington (Ping) * Erik Gustavson (Google Cloud) * Darin McAdams (AWS) * Phil Hunt (IndependentId) * Ryan Bradley (Okta) * Matt Peterson (OneIdentity) * Paul Lanzi (Remediant) # Agenda * Paul/Matt P go through SCIM-PAM draft * Matt D to go through the actions from previous group surveys (a spreadsheet we are calling the SCIM IG Interest List) # SCIM PAM ietf draft Summary * Paul/Matt note that they are not original authors and hope they do justice to the original draft spec, with apologies and thanks to Kelly Grizzle, et al * Spec link: https://tools.ietf.org/html/draft-grizzle-scim-pam-ext-01 * Spec Github page: https://github.com/kelly-grizzle-sp/scim-pam * Presentation link: https://docs.google.com/presentation/d/1qd6pewmf_DXVydtg9siHeQvC5xhnJ4OmqEQcJzoyf9E/edit#slide=id.gc83ee66d31_0_265 * Usage: SCIM PAM is in active use in the SCIM PAM Sailpoint connector * Lots of SailPoint customers are using it already * Purpose: The draft helps IGA+PAM solutions to do two things together: * use SCIM to read Privileged Data * Use SCIM to read and modify the access rights to Privileged Data (ACLs) * Paper Cuts * The draft needs a statement of purpose. The draft does 2 things but nobody ever summarizes those things * Reading/writing ACLs is done in a very specific way - opportunity for us as a group is to make this a more generalized standardized SCIM-esque standard * Because there is no authorization in SCIM the draft had to build that functionality * We have the opportunity to build that into SCIM core which would make this draft much more concise * There is no SCIM concept of linking objects. * We have the opportunity to make that pattern more standardized * Linked objects is a generically useful concept that we could make easy * A way to canonically address the authority * Need some kind of way to designate who the canonical authority is for an attribute * Difficult to determine when something has changed in SCIM * Notifications are a problem * Matt D would love to see a webhook-style change mechanism ## SCIM 2021 Interest List * Matt overviewed the items in the list - a combination of existing drafts (including the SCIM-PAM draft we just reviewed today) and also additional ideas * The tentative plan is * Matt to get the list into a format that we can collectively iterate on * We will make topics out of all the items in this meeting ## Persistent Questions for Future Meetings (or to go to the group) * Is multi-value pagination a special case for groups only or a more generic concern? * Do we need to address only object pagination or is cursor pagination as important? ## Next Meeting: * April 21, 3pm PT * Pam to ask Mark Wahl if he will summarize his draft * More work on the Interest List * Pam to get the plan for sorting videos figured out