Proposed on the schema-discuss mailing list 28 April 2020

Chair: Peter Gietz

Proposed Charter

SCIM is establishing as an HTTP-based protocol that makes managing identities in multi-domain scenarios easier to support via a standardized service. In RFC 7643 SCIM specifies a platform-neutral schema and extension model for representing users and groups and other resource types in JSON format. The current specification specifies schema only for "User", "Group" and as an extension to User "Enterprise User", and thus covers roughly what in the LDAP world was defined by the object classes "person", "organizationalPerson" and "inetOrgPerson".

In the higher education community the need was felt to define another object class to describe an educational person, the eduPerson object class. The attributes of eduPerson are also used in the frame of the just in time provisioning via the SAML protocol, where attributes are sent from the identity provider to the Service provider, shortly after the user successfully authenticates at the identity provider. For a number of reasons (deprovisioning being a major one), the need exists to also have a just in case provisioning protocol in addition to SAML. SCIM currently seems to be the best alternative for such a provisioning protocol and will get even more important in the frame of the different edu-ID initiatives, where again identity data need to be provisioned from the single higher educational institutions to the providers of such edu-ID services.

Thus there is the need for the representation of educational attributes in such provisioning processes and with that the need for a SCIM-like JSON representation.

The proposed working group wants to fill in this gap by defining a SCIM extension to represent the eduPerson object class and standardise it in the form of an IETF Draft.

As specified in RFC 7643 a new class of resources is specified "by defining a resource type. Each resource type defines the name, endpoint, base schema (the attributes), and any schema extensions registered for use with the resource type. ... The 'ResourceType' schema specifies the metadata about a resource type. ... In order to offer new types of resources, a service provider defines the new resource type ... and defines a schema representation"

Timeline and Milestones


  • No labels