On Jun 21, 2016, at 9:32 AM, Phil Hunt <phil...@oracle.com> wrote:Thanks Erik, found it (for some reason Facebook never notified me).Using the “/Me” follows the pattern used by Connect for the UserInfo endpoint. “/Me” is just the SCIM equivalent.However, in the broader use, we had some discussion that clients may want to know the actual id and location for the authenticated user for other reasons. That said, we might argue that the client must actually do a scim get to the “/Me” endpoint to actually obtain the authenticated user’s id and resource location.On Jun 21, 2016, at 9:19 AM, Erik Wahlström <er...@wahlstromstekniska.se> wrote:Hi Phil,Did you get my 2 minute review? I sent it over facebook (that´s right :)) to make sure that the review was my me acting as an individual, not from my company./ ErikOn Tue, Jun 21, 2016 at 6:13 PM, Phil Hunt <phil...@oracle.com> wrote:Any comments or feedback? I know a number indicated they plan to read the draft.
On Jun 15, 2016, at 1:10 PM, Phil Hunt <phil...@oracle.com> wrote:<Draft: OpenID Connect Profile for SCIM Services.html>Please find attached, a draft proposal from Chuck Mortimore and myself on using SCIM as an alternate endpoint for profile services in the context of Connect.This specification defines:a. Discovery metadata (scim_endpoint) indicating availability of a SCIM Protocol base endpointb. Dynamic registration metadata (scim_profile) used to indicate a client intends to use SCIM in addition to or instead of UserInfoc. An additional ID Token claim (scim_id and scim_location) which specifies the SCIM resource endpoint and identifier associated with the authenticated subject.By doing this, clients can avoid having to do an external authorization and another round of exchanges to access User profile information with full CRUD features.Clients can also access SCIM’s more sophisticated query system to ask questions if the authenticated user has particular conditions (e.g. querying a sub-attribute such as “country” in the “addresses” attribute).As an example use case: A cloud provider wants to build a user-profile self-service portal. OIDC does the authentication of the user and allows the web service to access the CRUD features of SCIM for the updates.<openid-connect-scim-profile-1_0.txt>_______________________________________________
Openid-specs-ab mailing list
Openid-...@lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-ab
_______________________________________________
Openid-specs-ab mailing list
Openid-...@lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-ab
I plan to read but it has to wait till next week.
_______________________________________________
general mailing list
gen...@lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-general